mirror of
https://github.com/bashclub/check-opnsense.git
synced 2024-11-07 16:31:58 +01:00
Thorsten Spille
GitHub
commit
9befea2b61
@ -27,7 +27,7 @@
|
|||||||
## * smartdisk - install the mkp from https://github.com/bashclub/checkmk-smart plugins os-smart
|
## * smartdisk - install the mkp from https://github.com/bashclub/checkmk-smart plugins os-smart
|
||||||
## * squid - install the mkp from https://exchange.checkmk.com/p/squid and forwarder -> listen on loopback active
|
## * squid - install the mkp from https://exchange.checkmk.com/p/squid and forwarder -> listen on loopback active
|
||||||
|
|
||||||
__VERSION__ = "1.0.6"
|
__VERSION__ = "1.0.7"
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
@ -47,6 +47,7 @@ import base64
|
|||||||
import traceback
|
import traceback
|
||||||
import syslog
|
import syslog
|
||||||
import requests
|
import requests
|
||||||
|
import hashlib
|
||||||
from urllib3.connection import HTTPConnection
|
from urllib3.connection import HTTPConnection
|
||||||
from urllib3.connectionpool import HTTPConnectionPool
|
from urllib3.connectionpool import HTTPConnectionPool
|
||||||
from requests.adapters import HTTPAdapter
|
from requests.adapters import HTTPAdapter
|
||||||
@ -258,10 +259,10 @@ class checkmk_checker(object):
|
|||||||
if os.path.isdir(SPOOLDIR):
|
if os.path.isdir(SPOOLDIR):
|
||||||
_now = time.time()
|
_now = time.time()
|
||||||
for _filename in glob.glob(f"{SPOOLDIR}/*"):
|
for _filename in glob.glob(f"{SPOOLDIR}/*"):
|
||||||
_maxage = re.search("^\d+",_filename)
|
_maxage = re.search("^(\d+)_",_filename)
|
||||||
|
|
||||||
if _maxage:
|
if _maxage:
|
||||||
_maxage = int(_maxage.group())
|
_maxage = int(_maxage.group(1))
|
||||||
_mtime = os.stat(_filename).st_mtime
|
_mtime = os.stat(_filename).st_mtime
|
||||||
if _now - _mtime > _maxage:
|
if _now - _mtime > _maxage:
|
||||||
continue
|
continue
|
||||||
@ -710,7 +711,7 @@ class checkmk_checker(object):
|
|||||||
_traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot)
|
_traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot)
|
||||||
if _hist_slot != _slot:
|
if _hist_slot != _slot:
|
||||||
self._set_storedata(modul,interface,(_slot,totalbytesin,totalbytesout))
|
self._set_storedata(modul,interface,(_slot,totalbytesin,totalbytesout))
|
||||||
return _traffic_in,_traffic_out
|
return max(0,_traffic_in),max(0,_traffic_out)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_dpinger_gateway(gateway):
|
def _get_dpinger_gateway(gateway):
|
||||||
@ -729,9 +730,11 @@ class checkmk_checker(object):
|
|||||||
|
|
||||||
def checklocal_gateway(self):
|
def checklocal_gateway(self):
|
||||||
_ret = []
|
_ret = []
|
||||||
_gateways = self._config_reader().get("gateways")
|
_gateways = self._config_reader().get("OPNsense",{}).get("Gateways")
|
||||||
if not _gateways:
|
if not _gateways:
|
||||||
return []
|
_gateways = self._config_reader().get("gateways")
|
||||||
|
if not _gateways:
|
||||||
|
return []
|
||||||
_gateway_items = _gateways.get("gateway_item",[])
|
_gateway_items = _gateways.get("gateway_item",[])
|
||||||
if type(_gateway_items) != list:
|
if type(_gateway_items) != list:
|
||||||
_gateway_items = [_gateway_items] if _gateway_items else []
|
_gateway_items = [_gateway_items] if _gateway_items else []
|
||||||
@ -761,10 +764,16 @@ class checkmk_checker(object):
|
|||||||
def checklocal_openvpn(self):
|
def checklocal_openvpn(self):
|
||||||
_ret = []
|
_ret = []
|
||||||
_cfr = self._config_reader().get("openvpn")
|
_cfr = self._config_reader().get("openvpn")
|
||||||
|
_cfn = self._config_reader().get("OPNsense").get("OpenVPN") ##TODO new Connections
|
||||||
if type(_cfr) != dict:
|
if type(_cfr) != dict:
|
||||||
return _ret
|
return _ret
|
||||||
|
|
||||||
_cso = _cfr.get("openvpn-csc")
|
if "openvpn-csc" in _cfr.keys():
|
||||||
|
_cso = _cfr.get("openvpn-csc") ## pre v23.7
|
||||||
|
else:
|
||||||
|
_cso = _cfn.get("Overwrites")
|
||||||
|
if type(_cso) == dict:
|
||||||
|
_cso = _cso.get("Overwrite")
|
||||||
_monitored_clients = {}
|
_monitored_clients = {}
|
||||||
if type(_cso) == dict:
|
if type(_cso) == dict:
|
||||||
_cso = [_cso]
|
_cso = [_cso]
|
||||||
@ -779,6 +788,8 @@ class checkmk_checker(object):
|
|||||||
if type(_vpnclient) != list:
|
if type(_vpnclient) != list:
|
||||||
_vpnclient = [_vpnclient] if _vpnclient else []
|
_vpnclient = [_vpnclient] if _vpnclient else []
|
||||||
for _server in _vpnserver + _vpnclient:
|
for _server in _vpnserver + _vpnclient:
|
||||||
|
if _server.get("disable") == '1':
|
||||||
|
continue ## FIXME OK/WARN/SKIP
|
||||||
## server_tls, p2p_shared_key p2p_tls
|
## server_tls, p2p_shared_key p2p_tls
|
||||||
_server["name"] = _server.get("description").strip() if _server.get("description") else "OpenVPN_{protocoll}_{local_port}".format(**_server)
|
_server["name"] = _server.get("description").strip() if _server.get("description") else "OpenVPN_{protocoll}_{local_port}".format(**_server)
|
||||||
|
|
||||||
@ -927,6 +938,8 @@ class checkmk_checker(object):
|
|||||||
else:
|
else:
|
||||||
_json_data = {}
|
_json_data = {}
|
||||||
for _phase1 in _phase1config:
|
for _phase1 in _phase1config:
|
||||||
|
if _phase1 == None:
|
||||||
|
continue
|
||||||
_ikeid = _phase1.get("ikeid")
|
_ikeid = _phase1.get("ikeid")
|
||||||
_name = _phase1.get("descr")
|
_name = _phase1.get("descr")
|
||||||
if len(_name.strip()) < 1:
|
if len(_name.strip()) < 1:
|
||||||
@ -975,7 +988,7 @@ class checkmk_checker(object):
|
|||||||
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets=0|if_out_octets=0|lifetime=0 not running".format(**_con))
|
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets=0|if_out_octets=0|lifetime=0 not running".format(**_con))
|
||||||
else:
|
else:
|
||||||
_con["status"] = max(_con["status"],1)
|
_con["status"] = max(_con["status"],1)
|
||||||
_con["phase2"] = f"{_phase2_up}/{_required_phase2}"
|
_con["phase2"] = f"{_phase2_up}"
|
||||||
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets={bytes-received}|if_out_octets={bytes-sent}|lifetime={life-time} {phase2} {state} {local-id} - {remote-id}({remote-host})".format(**_con))
|
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets={bytes-received}|if_out_octets={bytes-sent}|lifetime={life-time} {phase2} {state} {local-id} - {remote-id}({remote-host})".format(**_con))
|
||||||
return _ret
|
return _ret
|
||||||
|
|
||||||
@ -1009,7 +1022,7 @@ class checkmk_checker(object):
|
|||||||
_client["interface"] = _values[0].strip()
|
_client["interface"] = _values[0].strip()
|
||||||
_client["endpoint"] = _values[3].strip().rsplit(":",1)[0]
|
_client["endpoint"] = _values[3].strip().rsplit(":",1)[0]
|
||||||
_client["last_handshake"] = int(_values[5].strip())
|
_client["last_handshake"] = int(_values[5].strip())
|
||||||
_client["bytes_received"], _client["bytes_sent"] = self._get_traffic("wireguard","",int(_values[6].strip()),int(_values[7].strip()))
|
_client["bytes_received"], _client["bytes_sent"] = self._get_traffic("wireguard",_values[0].strip(),int(_values[6].strip()),int(_values[7].strip()))
|
||||||
_client["status"] = 2 if _now - _client["last_handshake"] > 300 else 0 ## 5min timeout
|
_client["status"] = 2 if _now - _client["last_handshake"] > 300 else 0 ## 5min timeout
|
||||||
|
|
||||||
for _client in _clients.values():
|
for _client in _clients.values():
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user