Where is command_line specified now...?

It’s been a (very) long time since I needed to build a new monitoring system from scratch. Way back then I would define command with a command_name and a command_line that would look something like

Define command

definte command {
command_name check_ssl
command_line $USER1$/check_http --sni -H $HOSTADDRESS$ -C $ARG1$

I could see and specify the switches the check would use.

After reading many docs and guide I have built a new icinga2 environment on debian bullseye. I have created a new rule outlined like this:

SSL Cert check service definition

apply Service "SSL Cert " for (site in vars.sites) {
import “generic-service”

check_command = “http”
check_interval = 2m
vars.http_vhost = site
#vars.http_address = site
vars.http_sni = true
vars.http_certificate = “16,9”

assign where host.name == “the internet” && vars.sites

Looking at the source tab, this creates a check with the following syntax:

‘/usr/lib/nagios/plugins/check_http’ ‘–sni’ ‘-C’ ‘16,8’ ‘-H’ ‘icinga.com’ ‘-I’ ‘’

I did play around with things like vars.http_address to no avail…

This leads me to ask:

  • How is this command syntax created?

  • Is there a simple (I am old!!) reference I can review to better understand what exactly all these vars do…? It was great being able to see the command line that the check would run, and I can extrapolate if needs must, but I need to see what they do in order to make that extrapolation. I honestly don’t know where vars.http_sni lives, for example…

  • Can someone please explain why the dummy host address is being referenced and how I can stop it? Obviously, that’s what’s breaking this check.

  • Can I go old school and create specific command definitions like above to use in rules? If so, is this considered not best practise anymore, and should I only do it as a last resort?

Thanks so much for your help!


Hello there and welcome to the community forum! We always love to see posts formatted according to the formatting guidelines which can help you make your posts more readable, which in turn will make it easier for others to answer. :slight_smile:

I figured out that a way around this was to remove the address from the dummy host, and replace the ‘hostalive’ check with a ‘dummy’ check.

With no IP address, it wasn’t generating the -I switch in the check syntax.

I also understand that this behaviour is provided by the included templates. I will do more reading there. I would still love to understand exactly how these check syntaxes are created.

Thanks for your time.