mirror of
https://github.com/bashclub/check-opnsense.git
synced 2025-01-12 15:20:12 +01:00
Update opnsense_checkmk_agent.py
This commit is contained in:
parent
6d6d9f23ca
commit
dd3a92d5a7
@ -22,7 +22,7 @@
|
|||||||
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
||||||
##
|
##
|
||||||
|
|
||||||
__VERSION__ = "0.62"
|
__VERSION__ = "0.63"
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
@ -186,6 +186,15 @@ class checkmk_checker(object):
|
|||||||
except StopIteration:
|
except StopIteration:
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
def get_opnsense_ipaddr(self):
|
||||||
|
try:
|
||||||
|
_ret = {}
|
||||||
|
for _if,_ip,_mask in re.findall("^([\w_]+):\sflags=(?:8943|8051|8043).*?inet\s([\d.]+)\snetmask\s0x([a-f0-9]+)",subprocess.check_output("ifconfig",encoding="utf-8"),re.DOTALL | re.M):
|
||||||
|
_ret[_if] = "{0}/{1}".format(_ip,str(bin(int(_mask,16))).count("1"))
|
||||||
|
return _ret
|
||||||
|
except:
|
||||||
|
return {}
|
||||||
|
|
||||||
def get_opnsense_interfaces(self):
|
def get_opnsense_interfaces(self):
|
||||||
_ifs = {}
|
_ifs = {}
|
||||||
#pprint(self._config_reader().get("interfaces"))
|
#pprint(self._config_reader().get("interfaces"))
|
||||||
@ -325,8 +334,49 @@ class checkmk_checker(object):
|
|||||||
self._set_storedata("openvpn",interface,(_slot,totalbytesin,totalbytesout))
|
self._set_storedata("openvpn",interface,(_slot,totalbytesin,totalbytesout))
|
||||||
return _traffic_in,_traffic_out
|
return _traffic_in,_traffic_out
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _get_dpinger_gateway(gateway):
|
||||||
|
_path = "/var/run/dpinger_{0}.sock".format(gateway)
|
||||||
|
if os.path.exists(_path):
|
||||||
|
_sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
|
||||||
|
try:
|
||||||
|
_sock.connect(_path)
|
||||||
|
_data = _sock.recv(1024).decode("utf-8").strip()
|
||||||
|
_name, _rtt, _rttsd, _loss = re.findall("(\w+)\s(\d+)\s(\d+)\s(\d+)$",_data)[0]
|
||||||
|
assert _name.strip() == gateway
|
||||||
|
return int(_rtt)/1000.0,int(_rttsd)/1000.0, int(_loss)
|
||||||
|
except:
|
||||||
|
raise
|
||||||
|
return -1,-1,-1
|
||||||
|
|
||||||
|
def checklocal_gateway(self):
|
||||||
|
_ret = []
|
||||||
|
_gateway_items = self._config_reader().get("gateways").get("gateway_item",[])
|
||||||
|
_interfaces = self._config_reader().get("interfaces",{})
|
||||||
|
_ipaddresses = self.get_opnsense_ipaddr()
|
||||||
|
for _gateway in _gateway_items:
|
||||||
|
if type(_gateway.get("descr")) != str:
|
||||||
|
_gateway["descr"] = _gateway.get("name")
|
||||||
|
if _gateway.get("monitor_disable") == "1" or _gateway.get("disabled") == "1":
|
||||||
|
continue
|
||||||
|
_interface = _interfaces.get(_gateway.get("interface"),{})
|
||||||
|
_gateway["realinterface"] = _interface.get("if")
|
||||||
|
if _gateway.get("ipprotocol") == "inet":
|
||||||
|
_gateway["ipaddr"] = _ipaddresses.get(_interface.get("if"))
|
||||||
|
else:
|
||||||
|
_gateway["ipaddr"] = ""
|
||||||
|
_gateway["rtt"], _gateway["rttsd"], _gateway["loss"] = self._get_dpinger_gateway(_gateway.get("name"))
|
||||||
|
_gateway["status"] = 0
|
||||||
|
if _gateway.get("loss") > 0 or _gateway.get("rtt") > 100:
|
||||||
|
_gateway["status"] = 1
|
||||||
|
if _gateway.get("loss") > 90 or _gateway.get("loss") == -1:
|
||||||
|
_gateway["status"] = 2
|
||||||
|
|
||||||
|
_ret.append("{status} \"Gateway {descr}\" rtt={rtt}|rttsd={rttsd}|loss={loss} Gateway on Interface: {realinterface} {ipaddr}".format(**_gateway))
|
||||||
|
return _ret
|
||||||
|
|
||||||
def checklocal_openvpn(self):
|
def checklocal_openvpn(self):
|
||||||
_ret = [""]
|
_ret = []
|
||||||
_cfr = self._config_reader().get("openvpn")
|
_cfr = self._config_reader().get("openvpn")
|
||||||
if type(_cfr) != dict:
|
if type(_cfr) != dict:
|
||||||
return _ret
|
return _ret
|
||||||
@ -352,13 +402,14 @@ class checkmk_checker(object):
|
|||||||
_server["maxclients"] = _max_clients
|
_server["maxclients"] = _max_clients
|
||||||
|
|
||||||
_server_cert = self._get_certificate(_server.get("certref"))
|
_server_cert = self._get_certificate(_server.get("certref"))
|
||||||
_server["bytesin"], _server["bytesout"] = 0,0
|
|
||||||
_server["expiredays"] = 0
|
_server["expiredays"] = 0
|
||||||
_server["expiredate"] = "no certificate found"
|
_server["expiredate"] = "no certificate found"
|
||||||
if _server_cert:
|
if _server_cert:
|
||||||
_notvalidafter = _server_cert.get("not_valid_after")
|
_notvalidafter = _server_cert.get("not_valid_after")
|
||||||
_server["expiredays"] = int((_notvalidafter - _now) / 86400)
|
_server["expiredays"] = int((_notvalidafter - _now) / 86400)
|
||||||
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
|
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
|
||||||
try:
|
try:
|
||||||
@ -368,7 +419,7 @@ class checkmk_checker(object):
|
|||||||
*(map(lambda x: int(x),re.findall("bytes\w+=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))))
|
*(map(lambda x: int(x),re.findall("bytes\w+=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))))
|
||||||
)
|
)
|
||||||
except:
|
except:
|
||||||
pass
|
_server["bytesin"], _server["bytesout"] = 0,0
|
||||||
|
|
||||||
_number_of_clients = 0
|
_number_of_clients = 0
|
||||||
_now = int(time.time())
|
_now = int(time.time())
|
||||||
|
Loading…
Reference in New Issue
Block a user