The performance and availability of your network services are crucial in today’s digital world. Monitoring TCP endpoints is essential whether you’re running vital applications or controlling infrastructure. The Blackbox Exporter is a powerful tool that effortlessly interacts with Prometheus for robust monitoring and alerting. In this article, we’ll walk you through the process of setting up TCP endpoint monitoring using this tool.
Prerequisites
Make sure you have the following prerequisites in place:
- A Running Prometheus: It’s likely that you’ve already installed and set up Prometheus. If not, the installation instructions can be found in the official Prometheus.
- A Running Blackbox Exporter: If you already have a Blackbox Exporter set up, that’s awesome 😎. If not, go check out our blog for this.
- Access to the TCP endpoints you want to monitor.
Define “probe” in Blackbox Configuration
There are different modules available in Blackbox Exporter for monitoring different endpoints like HTTP, HTTPS, TCP, ICMP, etc.
Blackbox Exporter operates a little differently from the majority of exporters, which accept static configurations and expose metrics accordingly.
You specify modules in the Blackbox Exporter configuration. Prometheus may then run a query against each of those modules for a set of defined targets. Blackbox Exporter generates metrics for the defined endpoint in response to that request.
To monitor a TCP Endpoint, we will gonna use tcp_tls module for this. Add the below configuration in the blackbox.yml file.
Let’s go through each line one by one:
tcp_tls | This is the name of the module. You can think of it as a label for this particular monitoring module. |
prober: tcp | This line specifies that you want to use the TCP prober to monitor TCP endpoints. It indicates that the Blackbox Exporter will use the TCP protocol for probing. |
timeout: 5s | This line sets the timeout for the probe to 5 seconds. If a response isn’t received within this time frame, the probe will be considered failed. |
tcp: | This section specifies the configuration for the TCP probe. |
tls: true: | This line indicates that TLS (Transport Layer Security) should be used when connecting to the TCP endpoint. TLS is a cryptographic protocol used to secure communication over a network. Setting this to true means that the Blackbox Exporter will attempt to establish a secure TLS connection when probing the endpoint. |
tls_config | This subsection provides configuration options related to TLS. |
insecure_skip_verify: false | Setting this to false means that the exporter will not skip TLS certificate verification. In other words, it will verify the authenticity of the TLS certificate presented by the endpoint. This is the more secure option, as it ensures that the endpoint’s certificate is valid and trusted. |
After this, to scrape metrics and tell Prometheus to expose metrics for these targets, add this configuration in prometheus.yml file.
- job_name: 'TCP Connect Monitoring'
metrics_path: /probe
params:
module: [tcp_tls]
file_sd_configs:
- files:
- '<TARGETS_FILE>.yml'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115
scrape_interval: 60s Replace the <TARGETS_FILE>.yml with the path of the file where the targets are defined for which we monitor the TCP Endpoint.
Test Probes by making a cURL Request to the TCP Endpoint:
You can test your endpoint and check if you getting any metrics from the exporter or not by making the below cURL request.
To check whether we are getting the metrics from the defined configuration, we can use this endpoint and check the metrics.
Replace the PORT with the port on which Blackbox Exporter is running.
Adding a debug=true parameter will return debug information for that probe.
# TYPE probe_dns_lookup_time_seconds gauge
probe_dns_lookup_time_seconds 0.002822673
# HELP probe_duration_seconds Returns how long the probe took to complete in seconds
# TYPE probe_duration_seconds gauge
probe_duration_seconds 0.006828551
# HELP probe_failed_due_to_regex Indicates if probe failed due to regex
# TYPE probe_failed_due_to_regex gauge
probe_failed_due_to_regex 0
# HELP probe_ip_addr_hash Specifies the hash of IP address. It's useful to detect if the IP address changes.
# TYPE probe_ip_addr_hash gauge
probe_ip_addr_hash 3.03380654e+09
# HELP probe_ip_protocol Specifies whether probe ip protocol is IP4 or IP6
# TYPE probe_ip_protocol gauge
probe_ip_protocol 4
# HELP probe_ssl_earliest_cert_expiry Returns earliest SSL cert expiry date
# TYPE probe_ssl_earliest_cert_expiry gauge
probe_ssl_earliest_cert_expiry 1.700024359e+09
# HELP probe_ssl_last_chain_expiry_timestamp_seconds Returns last SSL chain expiry in unixtime
# TYPE probe_ssl_last_chain_expiry_timestamp_seconds gauge
probe_ssl_last_chain_expiry_timestamp_seconds 1.700024359e+09
# HELP probe_ssl_last_chain_info Contains SSL leaf certificate information
# TYPE probe_ssl_last_chain_info gauge
probe_ssl_last_chain_info{fingerprint_sha256="sdkjfndskfjewirji9483243dmcdwkekwr38r3dn3289rdwni32iwdj0923weiorf"} 1
# HELP probe_success Displays whether or not the probe was a success
# TYPE probe_success gauge
probe_success 1
# HELP probe_tls_version_info Returns the TLS version used, or NaN when unknown
# TYPE probe_tls_version_info gauge
probe_tls_version_info{version="TLS 1.3"} 1Restart the Prometheus
Restart the Prometheus for the following changes to get reflected.
With these examples, you should now understand how Blackbox Exporter works and how you can configure Prometheus to scrape TCP metrics from your endpoint.
This was my small attempt to explain how you can configure Prometheus to scrape TCP metrics from your endpoint with the help of Blackbox Exporter to you all.
👍 Please share this article if you found it helpful.
Please feel free to share your ideas for improvement with us in the Comment Section.
🤞 Stay tuned for future posts.
Feel free to contact us for any more conversations regarding Cloud Computing, DevOps, etc.
Our Recent Posts
- How to configure AlertManager? Improve observability of your system easily – Beginners guide
- What is Observability, Monitoring and alerting? How to avoid downtime of the System?
- How to mute the alerts for a particular time in Alert Manager?
- How to Monitor your Kubernetes Cluster using Prometheus Easily – Beginners Guide
- How to setup and monitor Endpoints using Blackbox Exporter in Prometheus using simple Steps?
I’m a DevOps Engineer with 3 years of experience, passionate about building scalable and automated infrastructure. I write about Kubernetes, cloud automation, cost optimization, and DevOps tooling, aiming to simplify complex concepts with real-world insights. Outside of work, I enjoy exploring new DevOps tools, reading tech blogs, and play badminton.
