Monitor ProxySG health check status from an external service
Article ID: 248315
Updated On:
Products
Issue/Introduction
SGOS 7.3.10.1 introduces the ability to associate a system-defined, user-defined, or composite health check with an external monitoring service. You can enable this feature on the ProxySG appliance and specify the health check target status URL in an external service. Then, you can take corrective actions as needed, based on the HTTP response associated with the health check target status URL (a ProxySG Advanced URL) status.
Resolution
To configure health check monitoring, complete the following steps:
- Configure a health check.
- Enable the health check target.
- Verify the status of the health check target configuration.
- Provide the health check status URL to the external monitoring service.
- (When needed) Disable the health check target.
1 - Configure a health check
Configure a health check using the ProxySG command line interface (CLI), the Admin Console, or the Management Console. Creating a composite health check is useful in most cases. For instructions, refer to the documentation:
2 - Enable the health check target
Specify a user-defined composite health check on the appliance as the target for the external monitoring service.
In the CLI, type the following command:
#(config health-check) status-check-target <alias>
where <alias> is the name of a configured user-defined composite health check. Enter the name in the format user.<alias>. To specify the health check in Example: Create a composite health check, type:
#(config health-check) status-check-target user.monitor-health
3 - Verify the status of the health check target configuration
You can verify the status of the health check target configuration in the CLI output and on an Advanced URL page.
Check the CLI output
In the CLI, type the following command:
#(config health-check) view
In the output, look for the status in the Status check target line. See the following example:
#(config health-check) view
Health Check Configuration
Health Check Status
Status check target: user.monitor-health(UP)
<health check configuration>
See CLI and Advanced URL Statuses for more information on health check target statuses.
Check the Advanced URL
In a browser, go to the following URL:
https://<IP_address>:<port>/healthcheck/status
The healthcheck/status page shows the current health check target status. In version 7.3.11.1, the health check URL can report when a target is partially healthy. The following example shows that the user.monitor-health health check target is partially healthy because two out of three services are healthy:
ProxySG is healthy, please see the details below:
Status check target: user.monitor-health
Enabled OK for some IPs UP
icap.icapserver
Enabled OK UP
Last status: Success.
Successes (total): 378 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 378
Failures (total): 0 (last): Never (consecutive): 0 (external): 0
Last response time: 28 ms Average response time: 28 ms
Minimum response time: 21 ms Maximum response time: 44 ms
user.httpserver1
Domain name: 10.29.136.104
IP address: 10.29.136.104 Enabled OK UP
Last status: Success.
Successes (total): 386 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 386
Failures (total): 0 (last): Never (consecutive): 0 (external): 0
Last response time: 3 ms Average response time: 3 ms
Minimum response time: 2 ms Maximum response time: 16 ms
user.httpserver2
Domain name: 10.29.136.104
IP address: 10.29.136.104 Enabled Check failed DOWN
Last status: Socket connect error
Successes (total): 378 (last): Thu, 22 Sep 2022 20:06:03 GMT (consecutive): 0
Failures (total): 4 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 4 (external): 0
Last response time: 1064 ms Average response time: 1077 ms
Minimum response time: 1064 ms Maximum response time: 1084 ms
See the following table for more information on health check target statuses.
CLI and Advanced URL Statuses
|
Target Configuration |
CLI Status |
Advanced URL Status |
|---|---|---|
|
The target is Enabled and the health check is fully or partially healthy. |
<alias>(UP) |
ProxySG is fully configured and in service HTTP response: 200 OK |
|
The target is set to Disabled: Healthy. |
<alias>(Disabled: Healthy) |
|
|
No health check target is configured. |
None |
ProxySG health check status is not configured HTTP response: 500 Server Error |
|
The specified health check is misconfigured (For example, the composite health check has been renamed.) |
<alias>(Unknown) |
ProxySG is not in service (HealthCheck configuration error found) HTTP response: 500 Server Error |
|
The target is set to Disabled: Unhealthy. |
<alias>(Disabled: Unhealthy) |
ProxySG is fully configured and in service HTTP response: 503 Service Unavailable |
|
The target is Enabled and the health check is unhealthy. |
<alias>(DOWN) |
Configured and unhealthy: ProxySG is not healthy, please see the details below: … HTTP response: 503 Service Unavailable |
Note: If the ProxySG appliance license is invalid, the status check fails.
4 - Provide the health check status URL to the external monitoring service
In your external monitoring service, specify the health check target status Advanced URL:
https://<IP_address>:<port>/healthcheck/status
When the external monitoring service queries the Advanced URL, the ProxySG appliance returns a specific HTTP response depending on the status of the health check target. If the response is 500 or 503, the appliance is unhealthy and not ready to receive traffic.
If the HTTP response is not 200 OK, you might have to take corrective action on the ProxySG appliance. For example, the ProxySG appliance returns 503 Service Unavailable for the output in Check the Advanced URL. In this case, troubleshoot the issues with the authentication realm and the ICAP server.
5 - (When needed) Disable the health check target
If the health check target is no longer needed, disable it. Type the following CLI command:
#(config health-check) no status-check-target
ok
Remember to remove the ProxySG Advanced URL from the external service configuration.
Feedback
