New announcements for Serverless, Network, RUM, and more from Dash! New announcements from Dash!

TLS

Agent Check Agent Check

Supported OS: Linux Mac OS Windows

Overview

This check monitors TLS protocol versions, certificate expiration & validity, etc.

Note: Currently, only TCP is supported.

Setup

Installation

The TLS check is included in the Datadog Agent package. No additional installation is needed on your server.

Configuration

  1. Edit the tls.d/conf.yaml file, in the conf.d/ folder at the root of your Agent’s configuration directory to start collecting your TLS data. See the sample tls.d/conf.yaml for all available configuration options.

  2. Restart the Agent.

Validation

Run the Agent’s status subcommand and look for tls under the Checks section.

Data Collected

Metrics

tls.days_left
(gauge)
Days until X.509 certificate expiration
shown as day
tls.seconds_left
(gauge)
Seconds until X.509 certificate expiration
shown as second
  • tls.can_connect - Returns CRITICAL if the Agent is unable to connect to the monitored endpoint, otherwise returns OK.
  • tls.version - Returns CRITICAL if a connection is made with a protocol version that is not allowed, otherwise returns OK.
  • tls.cert_validation - Returns CRITICAL if the certificate is malformed or does not match the server hostname, otherwise returns OK.
  • tls.cert_expiration - Returns CRITICAL if the certificate has expired or expires in less than days_critical/seconds_critical, returns WARNING if the certificate expires in less than days_warning/seconds_warning, otherwise returns OK.

Events

TLS does not include any events.

Troubleshooting

Need help? Contact Datadog support.


Mistake in the docs? Feel free to contribute!