Forum Discussion

Dominique's avatar
Dominique
Icon for Advisor rankAdvisor
5 years ago

GET https://ServerName:443/ HTTP/1.0?

Hello,

What does the command "GET https://servername:443/ HTTP/1.0" do in Logic Monitor?

I have several errors :

LMD20115590 warn - servername HTTPS-443 503_error

ID: LMD20115590
The SSL page on servername is now returning Error Code 5xx.
This started at 2020-08-25 18:24:40 PDT - or 0h 6m ago.

the site on the server is:

https://hrsystems.xxxxxx.xxxx.xxx/s/login.asp

So nothing common with the error...

It seems a firewall issue but I wanted to confirm first the purpose of the GET...

Thanks,

Dominique

  • Anonymous's avatar
    Anonymous

    This is a raw HTTP 1.0 GET request to a server on port 443 with a resolvable name of "servername". It's similar to what your browser does when you put "https://servername:443/" into your address bar.

    The first error is because "servername" doesn't resolve to anything in your environment.  You would want to change that bit to "hrsystems.xxxxx.xxx.xxx".

  • Hello Stuart,

    Thank you for this information.

    The GET is it a Logic Monitor task? Is it to collect information from the server? Is it something else? I don't see anything on the server itself making this GET request???

    Who is using this URL/GET? Logic Monitor? The User web site?

    "hrsystems.xxxxxx.xxxx.xxx" is the end-user URL , but I don't understand what you mean by changing (what?) to "hrsystems.xxxxxx.xxxx.xxx"(where?)

    As I have the same error on multiple servers I am trying to understand where the error is coming from as I have no complain from the users about their web sites...

    As the web sites on those servers work as users are using them daily without issues, so I am confuse about this error...

    Thanks,
    Dominique

  • Anonymous's avatar
    Anonymous

    Let's back up a little. Where did you see this command? You probably saw it in a DataSource. In that case, the DataSource is not complete. The DataSource should be modified in a way that it's sending the right request to each device, instead of sending the same request to each one. By sending the same request to each device, the request is failing (because it's malformed). That failure is causing an alert to be opened by that DataSource.

  • Anonymous's avatar
    Anonymous

    What's likely supposed to be happening is that the DataSource should be reaching out via HTTP to each device to verify that the web service is up and running. The DS appears to be configured to make a request that each device doesn't like. The request comes from the collector to the device. The server is responding and the response gets back to the collector. The response is HTTP 503 - which means service unavailable.

  • 56 minutes ago, Stuart Weenig said:

    Let's back up a little. Where did you see this command? You probably saw it in a DataSource. In that case, the DataSource is not complete. The DataSource should be modified in a way that it's sending the right request to each device, instead of sending the same request to each one. By sending the same request to each device, the request is failing (because it's malformed). That failure is causing an alert to be opened by that DataSource.

    Hello Stuart,

    Yes you are correct the GET command line is in the Datasource, But why only 5 machines are sending the alerts? 

    Thanks,

    Dominique

  • Anonymous's avatar
    Anonymous

    Ah, ok, this is a bit different. So, this GET request is requesting "/" from the server, which means that the hostname isn't defined in the request, meaning that the request goes to the current device. Cool, this isn't a problem with the command/DataSource then.

    So, what's happening is that for all the devices that don't have alerts, requesting "/" results in a 200. Meaning that you can go to that device like this in your browser and it works: "https://devicenameoripaddress/".

    However, for these 5 servers with alerts, when someone/something requests "https://devicenameoripaddress/", the server responds with a 503 - service unavailable. Likely it's configured to respond to "https://devicenameoripaddress/s/login.asp", but not "https://devicenameoripaddress/". This is bad practice on the application developer who developed the websites running on those 5 servers. They should at least redirect from the root to /s/login.asp.

    As for fixing it, this isn't technically a false positive. LM is trying to pull up https://devicenameoripaddress/ and it's failing. Since that's not really a problem, there are several options for changing the behavior:

    • You can exclude these 5 servers by modifying the appliesto.
    • You can exclude these 5 servers by modifying the appliesto and instead include them in a clone of this DS with a modified path so that the request goes to "/s/login.asp". 
    • You can change the alert thresholds on the group level or the instance level.
    • You can disable alerting or monitoring on these 5 servers on the group or instance level.

    There are probably a couple more options depending on the outcome you want.