Monitor Joomla frontend login with Zabbix

As said before, I love Zabbix. And I use it to keep everything under control.

I also use Joomla very much. We manage some customers’ site, some on dedicated hosting some on shared, so I thought Why not checking if the website is up and running?, other than just checking port 80? Zabbix does that, and it’s called web monitoring.

I couldn’t find an example for dynamic CMSes, so I wrote my own tutorial.

First of all create a test user on your Joomla installation, which will be used by Zabbix to test login. Enter the backend, create a new user (without any special privilege) and a complex password.

Then go to your Zabbix install, create a new host or use an existing one. In the host list click Web and then Create scenario button. In the first screen you can leave everything as is, just give a Name to your scenario and adjust the update interval to your needs. Click then on the Steps tab and Add a new one.

The first step will just load your homepage (or another page at your choice) and check there’s a text we expect. I generally pick something in the footer, so I’m sure the whole HTML gets loaded correctly. Another very important function of this step is to pick the CSRF cookie of your login page, so make sure you choose an URL which contains the login form. So let’s fill the fields this way:

  • Name: Loading homepage
  • URL: http://www.yoursite.com
  • Variables:
    {return}=regex:name="return" value="([0-9a-zA-Z=]+)"
    {variable}=regex:input type="hidden" name="([0-9A-Za-z]{32})" value="1"
    
  • Required string: a text always appearing in the footer of your page
  • Required status codes: 200

Ok, so to resume Zabbix will visit http://www.yoursite.com, check that the text appears in the page, check the server returned status code is 200, and collect from the page the variables return and variable, which will be used in the next step.

zabbix-monitoring-joomla-step01

 

Press Add again, let’s create the second step.

The second step will be the real login. Zabbix will simulate the post to the login controller using CSRF token from above and the username we created at the beginning. You must change YOUR_JOOMLA_USERNAME and YOUR_JOOMLA_PASSWORD in the Post section below. Also, the Required string must me something which appears only for the logged in user, so we can check the user is properly logged. I usually check for Joomla’s greeting text, which in english should sound like Welcome user name. Manually login to the website and pick the string yourself. Click Add and fill the form this way:

  • Name: Login
  • URL: http://www.yoursite.com/index.php?option=com_users&task=user.login&lang=en
  • Post:
    username=YOUR_JOOMLA_USERNAME&password=YOUR_JOOMLA_PASSWORD&return={return}&{variable}=1
  • Variables:
    {return_logout}=regex:name="return" value="([0-9A-Za-z=]+)"
    {variable_logout}=regex:input type="hidden" name="([0-9A-Za-z]{32})" value="1"
  • Required string: joomla welcome text with user name
  • Required status codes: 200

zabbix-monitoring-joomla-step02

Ok, so at this point Zabbix should be logged in. What’s next? Logout. It’s pretty straightforward, just one note: use a text which appears only to logged out users for Required string. I use the Forgot password link text. Click Add and here there are the values:

  • Name: Logout
  • URL: http://www.yoursite.com/index.php?option=com_users&task=user.logout
  • Post:
    return={return_logout}&{variable_logout}=1
  • Required string: Forgot password?
  • Required status codes: 200

zabbix-monitoring-joomla-step03

And here it is!

Web scenarios are considered normal checks, so you can add triggers to it. For example you can add a trigger if the homepage loading takes more than 1s. The condition should look something like this:

{www.yoursite.com:web.test.time[Scenario name,Login,resp].last()}>1000

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Solve : *
26 + 7 =


Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.