bashclub/check-opnsense
1
0
Fork 0
mirror of https://github.com/bashclub/check-opnsense.git synced 2025-11-04 05:02:28 +01:00
Code Issues Projects Releases Wiki Activity

Update opnsense_checkmk_agent.py

Browse Source 
v1.0.7
This commit is contained in:
Thorsten Spille
2024-02-02 16:51:52 +01:00
committed by GitHub
parent 50cf4b1128
commit f1a9f1b729
1 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
opnsense_checkmk_agent.py
View File

@@ -1,3 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: set fileencoding=utf-8:noet # vim: set fileencoding=utf-8:noet
@@ -27,7 +29,7 @@
## * smartdisk - install the mkp from https://github.com/bashclub/checkmk-smart plugins os-smart ## * smartdisk - install the mkp from https://github.com/bashclub/checkmk-smart plugins os-smart
## * squid - install the mkp from https://exchange.checkmk.com/p/squid and forwarder -> listen on loopback active ## * squid - install the mkp from https://exchange.checkmk.com/p/squid and forwarder -> listen on loopback active
__VERSION__ = "1.0.6" __VERSION__ = "1.0.7"
import sys import sys
import os import os
@@ -47,6 +49,7 @@ import base64
import traceback import traceback
import syslog import syslog
import requests import requests
import hashlib
from urllib3.connection import HTTPConnection from urllib3.connection import HTTPConnection
from urllib3.connectionpool import HTTPConnectionPool from urllib3.connectionpool import HTTPConnectionPool
from requests.adapters import HTTPAdapter from requests.adapters import HTTPAdapter
@@ -258,10 +261,10 @@ class checkmk_checker(object):
if os.path.isdir(SPOOLDIR): if os.path.isdir(SPOOLDIR):
_now = time.time() _now = time.time()
for _filename in glob.glob(f"{SPOOLDIR}/*"): for _filename in glob.glob(f"{SPOOLDIR}/*"):
_maxage = re.search("^\d+",_filename) _maxage = re.search("^(\d+)_",_filename)
if _maxage: if _maxage:
_maxage = int(_maxage.group()) _maxage = int(_maxage.group(1))
_mtime = os.stat(_filename).st_mtime _mtime = os.stat(_filename).st_mtime
if _now - _mtime > _maxage: if _now - _mtime > _maxage:
continue continue
@@ -710,7 +713,7 @@ class checkmk_checker(object):
_traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot) _traffic_out = int(totalbytesout - _hist_bytesout) / max(1,_slot - _hist_slot)
if _hist_slot != _slot: if _hist_slot != _slot:
self._set_storedata(modul,interface,(_slot,totalbytesin,totalbytesout)) self._set_storedata(modul,interface,(_slot,totalbytesin,totalbytesout))
return _traffic_in,_traffic_out return max(0,_traffic_in),max(0,_traffic_out)
@staticmethod @staticmethod
def _get_dpinger_gateway(gateway): def _get_dpinger_gateway(gateway):
@@ -729,6 +732,8 @@ class checkmk_checker(object):
def checklocal_gateway(self): def checklocal_gateway(self):
_ret = [] _ret = []
_gateways = self._config_reader().get("OPNsense",{}).get("Gateways")
if not _gateways:
_gateways = self._config_reader().get("gateways") _gateways = self._config_reader().get("gateways")
if not _gateways: if not _gateways:
return [] return []
@@ -761,10 +766,14 @@ class checkmk_checker(object):
def checklocal_openvpn(self): def checklocal_openvpn(self):
_ret = [] _ret = []
_cfr = self._config_reader().get("openvpn") _cfr = self._config_reader().get("openvpn")
_cfn = self._config_reader().get("OPNsense").get("OpenVPN") ##TODO new Connections
if type(_cfr) != dict: if type(_cfr) != dict:
return _ret return _ret
_cso = _cfr.get("openvpn-csc") if "openvpn-csc" in _cfr.keys():
_cso = _cfr.get("openvpn-csc") ## pre v23.7
else:
_cso = _cfn.get("Overwrites").get("Overwrite")
_monitored_clients = {} _monitored_clients = {}
if type(_cso) == dict: if type(_cso) == dict:
_cso = [_cso] _cso = [_cso]
@@ -779,6 +788,8 @@ class checkmk_checker(object):
if type(_vpnclient) != list: if type(_vpnclient) != list:
_vpnclient = [_vpnclient] if _vpnclient else [] _vpnclient = [_vpnclient] if _vpnclient else []
for _server in _vpnserver + _vpnclient: for _server in _vpnserver + _vpnclient:
if _server.get("disable") == '1':
continue ## FIXME OK/WARN/SKIP
## server_tls, p2p_shared_key p2p_tls ## server_tls, p2p_shared_key p2p_tls
_server["name"] = _server.get("description").strip() if _server.get("description") else "OpenVPN_{protocoll}_{local_port}".format(**_server) _server["name"] = _server.get("description").strip() if _server.get("description") else "OpenVPN_{protocoll}_{local_port}".format(**_server)
@@ -927,6 +938,8 @@ class checkmk_checker(object):
else: else:
_json_data = {} _json_data = {}
for _phase1 in _phase1config: for _phase1 in _phase1config:
if _phase1 == None:
continue
_ikeid = _phase1.get("ikeid") _ikeid = _phase1.get("ikeid")
_name = _phase1.get("descr") _name = _phase1.get("descr")
if len(_name.strip()) < 1: if len(_name.strip()) < 1:
@@ -975,7 +988,7 @@ class checkmk_checker(object):
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets=0|if_out_octets=0|lifetime=0 not running".format(**_con)) _ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets=0|if_out_octets=0|lifetime=0 not running".format(**_con))
else: else:
_con["status"] = max(_con["status"],1) _con["status"] = max(_con["status"],1)
_con["phase2"] = f"{_phase2_up}/{_required_phase2}" _con["phase2"] = f"{_phase2_up}"
_ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets={bytes-received}|if_out_octets={bytes-sent}|lifetime={life-time} {phase2} {state} {local-id} - {remote-id}({remote-host})".format(**_con)) _ret.append("{status} \"IPsec Tunnel: {remote-name}\" if_in_octets={bytes-received}|if_out_octets={bytes-sent}|lifetime={life-time} {phase2} {state} {local-id} - {remote-id}({remote-host})".format(**_con))
return _ret return _ret
@@ -1009,7 +1022,7 @@ class checkmk_checker(object):
_client["interface"] = _values[0].strip() _client["interface"] = _values[0].strip()
_client["endpoint"] = _values[3].strip().rsplit(":",1)[0] _client["endpoint"] = _values[3].strip().rsplit(":",1)[0]
_client["last_handshake"] = int(_values[5].strip()) _client["last_handshake"] = int(_values[5].strip())
_client["bytes_received"], _client["bytes_sent"] = self._get_traffic("wireguard","",int(_values[6].strip()),int(_values[7].strip())) _client["bytes_received"], _client["bytes_sent"] = self._get_traffic("wireguard",_values[0].strip(),int(_values[6].strip()),int(_values[7].strip()))
_client["status"] = 2 if _now - _client["last_handshake"] > 300 else 0 ## 5min timeout _client["status"] = 2 if _now - _client["last_handshake"] > 300 else 0 ## 5min timeout
for _client in _clients.values(): for _client in _clients.values():