BGP.guru

BGP.guru

Nerd blog.

29 Nov 2015

Monitoring Onions

One of the first questions I had when Facebook launched their onion was “I wonder how stable it is?”. Tonight with some help from torsocks I am now monitoring availability of several onions, and trending all Nagios perfdata outputs from check_http, check_ssh, and check_tcp.

I’ve written a set of instructions and sample configurations for monitoring Tor hidden services (onions) using Nagios and put them in a public Github repository. check_commands for everything you need to monitor http, ssh, and other more generic tcp services on your onions is in the repo.

The process I went through to get working monitoring of onions was fairly simple, initially I was going to use proxychains, however torsocks turned out to be simpler. Basically I ran torsocks check_http -H onion; echo $? to check that torsocks passed the exit codes through, confirmed that it did, and then wrote out a set of check_commands and put them in my nagios configuration by simply copying the regular check and prepending it with /usr/bin/torsocks.

onion perfdata

The load performance of Facebook’s https onion site after about an hour.


Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.