This check monitors TLS protocol versions, certificate expiration & validity, etc.
Note: Currently, only TCP is supported.
The TLS check is included in the Datadog Agent package. No additional installation is needed on your server.
tls.d/conf.yaml file, in the
conf.d/ folder at the root of your Agent’s configuration directory to start collecting your TLS data. See the sample tls.d/conf.yaml for all available configuration options.
Run the Agent’s status subcommand and look for
tls under the Checks section.
|Days until X.509 certificate expiration|
shown as day
|Seconds until X.509 certificate expiration|
shown as second
CRITICALif the Agent is unable to connect to the monitored endpoint, otherwise returns
CRITICALif a connection is made with a protocol version that is not allowed, otherwise returns
CRITICALif the certificate is malformed or does not match the server hostname, otherwise returns
CRITICALif the certificate has expired or expires in less than
WARNINGif the certificate expires in less than
seconds_warning, otherwise returns
TLS does not include any events.
Need help? Contact Datadog support.
Mistake in the docs? Feel free to contribute!