SGOS 7.3.10.1 introduces the ability to associate a system-defined, user-defined, or composite health check with an external monitoring service. You can enable this feature on the ProxySG appliance and specify the health check target status URL in an external service. Then, you can take corrective actions as needed, based on the HTTP response associated with the health check target status URL (a ProxySG Advanced URL) status.
To configure health check monitoring, complete the following steps:
Configure a health check using the ProxySG command line interface (CLI), the Admin Console, or the Management Console. Creating a composite health check is useful in most cases. For instructions, refer to the documentation:
Specify a user-defined composite health check on the appliance as the target for the external monitoring service.
In the CLI, type the following command:
#(config health-check) status-check-target <alias>
where <alias> is the name of a configured user-defined composite health check. Enter the name in the format user.<alias>. To specify the health check in Example: Create a composite health check, type:
#(config health-check) status-check-target user.monitor-health
You can verify the status of the health check target configuration in the CLI output and on an Advanced URL page.
In the CLI, type the following command:
#(config health-check) view
In the output, look for the status in the Status check target line. See the following example:
#(config health-check) view
Health Check Configuration
Health Check Status
Status check target: user.monitor-health(UP)
<health check configuration>
See CLI and Advanced URL Statuses for more information on health check target statuses.
In a browser, go to the following URL:
https://<IP_address>:<port>/healthcheck/status
The healthcheck/status page shows the current health check target status. In version 7.3.11.1, the health check URL can report when a target is partially healthy. The following example shows that the user.monitor-health health check target is partially healthy because two out of three services are healthy:
ProxySG is healthy, please see the details below: Status check target: user.monitor-health Enabled OK for some IPs UP icap.icapserver Enabled OK UP Last status: Success. Successes (total): 378 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 378 Failures (total): 0 (last): Never (consecutive): 0 (external): 0 Last response time: 28 ms Average response time: 28 ms Minimum response time: 21 ms Maximum response time: 44 ms user.httpserver1 Domain name: 10.29.136.104 IP address: 10.29.136.104 Enabled OK UP Last status: Success. Successes (total): 386 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 386 Failures (total): 0 (last): Never (consecutive): 0 (external): 0 Last response time: 3 ms Average response time: 3 ms Minimum response time: 2 ms Maximum response time: 16 ms user.httpserver2 Domain name: 10.29.136.104 IP address: 10.29.136.104 Enabled Check failed DOWN Last status: Socket connect error Successes (total): 378 (last): Thu, 22 Sep 2022 20:06:03 GMT (consecutive): 0 Failures (total): 4 (last): Thu, 22 Sep 2022 20:06:11 GMT (consecutive): 4 (external): 0 Last response time: 1064 ms Average response time: 1077 ms Minimum response time: 1064 ms Maximum response time: 1084 ms
See the following table for more information on health check target statuses.
Target Configuration |
CLI Status |
Advanced URL Status |
---|---|---|
The target is Enabled and the health check is fully or partially healthy. |
<alias>(UP) |
ProxySG is fully configured and in service HTTP response: 200 OK |
The target is set to Disabled: Healthy. |
<alias>(Disabled: Healthy) |
|
No health check target is configured. |
None |
ProxySG health check status is not configured HTTP response: 500 Server Error |
The specified health check is misconfigured (For example, the composite health check has been renamed.) |
<alias>(Unknown) |
ProxySG is not in service (HealthCheck configuration error found) HTTP response: 500 Server Error |
The target is set to Disabled: Unhealthy. |
<alias>(Disabled: Unhealthy) |
ProxySG is fully configured and in service HTTP response: 503 Service Unavailable |
The target is Enabled and the health check is unhealthy. |
<alias>(DOWN) |
Configured and unhealthy: ProxySG is not healthy, please see the details below: … HTTP response: 503 Service Unavailable |
Note: If the ProxySG appliance license is invalid, the status check fails.
In your external monitoring service, specify the health check target status Advanced URL:
https://<IP_address>:<port>/healthcheck/status
When the external monitoring service queries the Advanced URL, the ProxySG appliance returns a specific HTTP response depending on the status of the health check target. If the response is 500 or 503, the appliance is unhealthy and not ready to receive traffic.
If the HTTP response is not 200 OK, you might have to take corrective action on the ProxySG appliance. For example, the ProxySG appliance returns 503 Service Unavailable for the output in Check the Advanced URL. In this case, troubleshoot the issues with the authentication realm and the ICAP server.
If the health check target is no longer needed, disable it. Type the following CLI command:
#(config health-check) no status-check-target
ok
Remember to remove the ProxySG Advanced URL from the external service configuration.