mirror of
https://github.com/bashclub/check-opnsense.git
synced 2024-12-25 16:20:12 +01:00
Update opnsense_checkmk_agent.py
This commit is contained in:
parent
8b56dec2c4
commit
2eb6ac70c8
@ -22,7 +22,7 @@
|
|||||||
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
||||||
##
|
##
|
||||||
|
|
||||||
__VERSION__ = "0.63"
|
__VERSION__ = "0.64"
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
@ -338,7 +338,6 @@ class checkmk_checker(object):
|
|||||||
_traffic_in = _traffic_out = 0
|
_traffic_in = _traffic_out = 0
|
||||||
if _hist_data:
|
if _hist_data:
|
||||||
_hist_slot,_hist_bytesin, _hist_bytesout = _hist_data
|
_hist_slot,_hist_bytesin, _hist_bytesout = _hist_data
|
||||||
pprint(_hist_data)
|
|
||||||
_traffic_in = int(totalbytesin -_hist_bytesin) / max(1,_slot - _hist_slot)
|
_traffic_in = int(totalbytesin -_hist_bytesin) / max(1,_slot - _hist_slot)
|
||||||
_traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot)
|
_traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot)
|
||||||
if _hist_slot != _slot:
|
if _hist_slot != _slot:
|
||||||
@ -402,38 +401,59 @@ class checkmk_checker(object):
|
|||||||
_monitored_clients = dict(map(lambda x: (x.get("common_name").upper(),dict(x,current=[])),_cso))
|
_monitored_clients = dict(map(lambda x: (x.get("common_name").upper(),dict(x,current=[])),_cso))
|
||||||
|
|
||||||
_now = time.time()
|
_now = time.time()
|
||||||
|
_vpnclient = _cfr.get("openvpn-client",[])
|
||||||
_vpnserver = _cfr.get("openvpn-server",[])
|
_vpnserver = _cfr.get("openvpn-server",[])
|
||||||
if type(_vpnserver) == None:
|
if type(_vpnserver) != list:
|
||||||
return _ret
|
_vpnserver = [_vpnserver] if _vpnserver else []
|
||||||
if type(_vpnserver) == dict:
|
if type(_vpnclient) != list:
|
||||||
_vpnserver = [_vpnserver]
|
_vpnclient = [_vpnclient] if _vpnclient else []
|
||||||
for _server in _vpnserver:
|
for _server in _vpnserver + _vpnclient:
|
||||||
|
## server_tls, p2p_shared_key p2p_tls
|
||||||
_server["name"] = _server.get("description") if _server.get("description").strip() else "OpenVPN_{protocoll}_{local_port}".format(**_server)
|
_server["name"] = _server.get("description") if _server.get("description").strip() else "OpenVPN_{protocoll}_{local_port}".format(**_server)
|
||||||
|
|
||||||
_caref = _server.get("caref")
|
_caref = _server.get("caref")
|
||||||
if not _server.get("maxclients"):
|
|
||||||
_max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2
|
|
||||||
if _server.get("topology_subnet") != "yes":
|
|
||||||
_max_clients = max(1,int(_max_clients/4)) ## p2p
|
|
||||||
_server["maxclients"] = _max_clients
|
|
||||||
|
|
||||||
_server_cert = self._get_certificate(_server.get("certref"))
|
_server_cert = self._get_certificate(_server.get("certref"))
|
||||||
|
_server["status"] = 3
|
||||||
_server["expiredays"] = 0
|
_server["expiredays"] = 0
|
||||||
_server["expiredate"] = "no certificate found"
|
_server["expiredate"] = "no certificate found"
|
||||||
if _server_cert:
|
if _server_cert:
|
||||||
_notvalidafter = _server_cert.get("not_valid_after")
|
_notvalidafter = _server_cert.get("not_valid_after")
|
||||||
_server["expiredays"] = int((_notvalidafter - _now) / 86400)
|
_server["expiredays"] = int((_notvalidafter - _now) / 86400)
|
||||||
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
||||||
|
if _server["expiredays"] < 61:
|
||||||
|
_server["status"] = 2 if _server["expiredays"] < 31 else 1
|
||||||
|
else:
|
||||||
|
_server["expiredate"] = "\\n" + _server["expiredate"]
|
||||||
|
|
||||||
try:
|
_server["type"] = "server" if _server.get("local_port") else "client"
|
||||||
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
|
if _server.get("mode") in ("p2p_shared_key","p2p_tls"):
|
||||||
|
_unix = "/var/etc/openvpn/{type}{vpnid}.sock".format(**_server)
|
||||||
try:
|
try:
|
||||||
|
|
||||||
_server["bytesin"], _server["bytesout"] = self._get_openvpn_traffic(
|
_server["bytesin"], _server["bytesout"] = self._get_openvpn_traffic(
|
||||||
"SRV_{name}".format(**_server),
|
"SRV_{name}".format(**_server),
|
||||||
*(map(lambda x: int(x),re.findall("bytes\w+=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))))
|
*(map(lambda x: int(x),re.findall("bytes\w+=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))))
|
||||||
)
|
)
|
||||||
_server["status"] = 0
|
_server["status"] = 0 if _server["status"] == 3 else _server["status"]
|
||||||
|
_ret.append('{status} "OpenVPN Connection: {name}" connections_ssl_vpn=1;;|if_in_octets={bytesin}|if_out_octets={bytesout}|expiredays={expiredays} Connection Port:/{protocol} {expiredate}'.format(**_server))
|
||||||
|
except:
|
||||||
|
_ret.append('2 "OpenVPN Connection: {name}" connections_ssl_vpn=0;;|expiredays={expiredays}|if_in_octets=0|if_out_octets=0 Server down Port:/{protocol} {expiredate}'.format(**_server))
|
||||||
|
raise
|
||||||
|
else:
|
||||||
|
if not _server.get("maxclients"):
|
||||||
|
_max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2
|
||||||
|
if _server.get("topology_subnet") != "yes":
|
||||||
|
_max_clients = max(1,int(_max_clients/4)) ## p2p
|
||||||
|
_server["maxclients"] = _max_clients
|
||||||
|
try:
|
||||||
|
_unix = "/var/etc/openvpn/{type}{vpnid}.sock".format(**_server)
|
||||||
|
try:
|
||||||
|
|
||||||
|
_server["bytesin"], _server["bytesout"] = self._get_openvpn_traffic(
|
||||||
|
"SRV_{name}".format(**_server),
|
||||||
|
*(map(lambda x: int(x),re.findall("bytes\w+=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))))
|
||||||
|
)
|
||||||
|
_server["status"] = 0 if _server["status"] == 3 else _server["status"]
|
||||||
except:
|
except:
|
||||||
_server["bytesin"], _server["bytesout"] = 0,0
|
_server["bytesin"], _server["bytesout"] = 0,0
|
||||||
raise
|
raise
|
||||||
@ -443,7 +463,7 @@ class checkmk_checker(object):
|
|||||||
_response = self._read_from_openvpnsocket(_unix,"status 2")
|
_response = self._read_from_openvpnsocket(_unix,"status 2")
|
||||||
for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_response,re.M):
|
for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_response,re.M):
|
||||||
_number_of_clients += 1
|
_number_of_clients += 1
|
||||||
_client_raw = _client_match.group(1).split(",")
|
_client_raw = list(map(lambda x: x.strip(),_client_match.group(1).split(",")))
|
||||||
_client = {
|
_client = {
|
||||||
"server" : _server.get("name"),
|
"server" : _server.get("name"),
|
||||||
"common_name" : _client_raw[0],
|
"common_name" : _client_raw[0],
|
||||||
@ -457,20 +477,13 @@ class checkmk_checker(object):
|
|||||||
"clientid" : int(_client_raw[9]),
|
"clientid" : int(_client_raw[9]),
|
||||||
"cipher" : _client_raw[11].strip("\r\n")
|
"cipher" : _client_raw[11].strip("\r\n")
|
||||||
}
|
}
|
||||||
if _client_raw[0].upper() in _monitored_clients:
|
if _client["username"].upper() in _monitored_clients:
|
||||||
_monitored_clients[_client_raw[0].upper()]["current"].append(_client)
|
_monitored_clients[_client["username"].upper()]["current"].append(_client)
|
||||||
|
|
||||||
|
|
||||||
if _server["expiredays"] < 61:
|
|
||||||
_server["status"] = 2 if _server["expiredays"] < 31 else 1
|
|
||||||
else:
|
|
||||||
_server["expiredate"] = "\\n" + _server["expiredate"]
|
|
||||||
|
|
||||||
_server["clientcount"] = _number_of_clients
|
_server["clientcount"] = _number_of_clients
|
||||||
_ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|if_in_octets={bytesin}|if_out_octets={bytesout}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
_ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|if_in_octets={bytesin}|if_out_octets={bytesout}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
||||||
except:
|
except:
|
||||||
_server["status"] = 2
|
_ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays}|if_in_octets=0|if_out_octets=0| Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
||||||
_ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays} Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
|
||||||
|
|
||||||
for _client in _monitored_clients.values():
|
for _client in _monitored_clients.values():
|
||||||
_current_conn = _client.get("current",[])
|
_current_conn = _client.get("current",[])
|
||||||
@ -501,7 +514,7 @@ class checkmk_checker(object):
|
|||||||
|
|
||||||
_client["longdescr"] = ""
|
_client["longdescr"] = ""
|
||||||
for _conn in _current_conn:
|
for _conn in _current_conn:
|
||||||
_client["longdescr"] += "Server:{server} {remote_ip}->{vpn_ip} {cipher} ".format(**_conn)
|
_client["longdescr"] += "Server:{server} {remote_ip}:{vpn_ip} {cipher} ".format(**_conn)
|
||||||
_ret.append('{status} "OpenVPN Client: {description}" connectiontime={uptime}|connections_ssl_vpn={count}|if_in_octets={bytes_received}|if_out_octets={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
|
_ret.append('{status} "OpenVPN Client: {description}" connectiontime={uptime}|connections_ssl_vpn={count}|if_in_octets={bytes_received}|if_out_octets={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
|
||||||
else:
|
else:
|
||||||
_ret.append('2 "OpenVPN Client: {description}" connectiontime=0|connections_ssl_vpn=0|if_in_octets=0|if_out_octets=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client))
|
_ret.append('2 "OpenVPN Client: {description}" connectiontime=0|connections_ssl_vpn=0|if_in_octets=0|if_out_octets=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client))
|
||||||
|
Loading…
Reference in New Issue
Block a user