Forum Discussion

Skeer's avatar
Icon for Neophyte rankNeophyte
4 years ago

Monitoring a CRL (certificate revocation list)

Morning!  I am super new to Logic Monitor having never used it before and now I do at this new job that I started back in December.  I'm here today because I've got a ticket to monitor our internal root CA CRL expiration. I see that LM can monitor SSL certs but can it do anything with a CRL specifically?


3 Replies

  • Anonymous's avatar

    Hi @Skeer! Welcome to the community and LogicMonitor!

    I'll start by giving the standard answers I give to questions like this. These aren't accusations, just meant to help guide your thinking around what to do in this case and other cases like it:

    1. Have you searched through the installed DataSources in your portal to find out if any DataSources apply but aren't yet monitoring data because of missing credentials or some other reason? 
    2. Have you searched the exchange to find any DataSources that might cover what you're looking for?
    3. If existing DataSource(s) don't exist, you may need to build it. The question then becomes, how do you know about the CRL outside of LM? Do you manually pull up a list? What metrics are you looking for? If you can "monitor" it manually, the task merely becomes figuring out how to automate that manual process.

    I don't have enough deep knowledge about SSL/TLS to really understand the goal, but feel free to educate me. I know several power users out here have built various different certificate centric DataSources, and one of them may fit the bill.

  • Thanks Stuart. No I did not look anywhere yet. I mean I know we currently don't monitor or have any CRL's in play in our LM instance. I believe we have some SSL certs so there might be something there.. I did find a generic looking SSL/Cert module/plugin in the community Datasources.  I think this is kind of a special thing, can't pull up anything via Google on LM and CRLs.

    Thanks for the pointers though!

  • Anonymous's avatar

    Ok, sounds like #3 is your best bet then. So not only thinking about how you monitor this through a system today, but also think about what you would do if you were the monitoring system and responsible for gathering the data. Identify the data you would gather and what steps you would go through to obtain the data. Then think about how you would automatically complete those steps. If that looks like a PowerShell script or a simple SNMP poll to some OIDs, figure out what they are. Then it's just a relatively simple task of building a LogicModule to complete those steps.