Commit a1d48145 authored by glucas's avatar glucas

Add monitoring-related stuff.

parent ae209dbb
These monitoring plugins are designed for schedulers (monitoring softwares) that support regex to match plugins's output, like Zabbix.
#!/bin/bash
# Copyright (C) 2015-2016 Alsace Réseau Neutre
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ntpstat=/usr/bin/ntpstat
# Clock diff threshold in ms
warnDiff=1000
# Internal vars
warn=false
# is ntpstats installed?
if [ ! -x $ntpstat ]; then
echo "ntpstat not installed or not executable!"
exit 3 # Unknown
fi
# query ntpd with ntpstat
outputNtpstat=$(ntpstat 2>&1)
ntpstatReturn=$?
# Is NTPd up?
if [ $ntpstatReturn -eq 2 ]; then
echo "CRITICAL: NTP server not running!"
exit 2 # Critical
elif [ $ntpstatReturn -eq 1 ]; then
echo "CRITICAL: NTP server unsynchronized!"
exit 2 # Critical
fi
# NOTE: the next alarms are cumulative
# NTPd flap? To really see that, we need to keep and compare last check status but I'm lazy...
if grep -qE "polling server every (64|128)" <<< "$outputNtpstat"; then
echo "WARNING: NTP server has flapped recently?!"
warn=true
fi
# Is clock synced?
clockDiff=$(grep -Po "(?<=time correct to within )[0-9]+" <<< "$outputNtpstat")
if [ $clockDiff -gt $warnDiff ]; then
echo "WARNING: Clock not sync with NTP server (diff > $warnDiff ms)!"
warn=true
fi
# Define correct return code
if $warn; then
exit 1 # Warning
elif [ $ntpstatReturn -ne 0 ]; then
echo "WARNING: Unknown ntpstat error!"
exit 1
else
echo "NTPd seems OK"
exit 0 # OK
fi
#!/bin/bash
# Copyright (C) 2015-2016 Alsace Réseau Neutre
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# User can customize
certDirectory=/etc/openvpn/easy-rsa/keys
warnDelayInDays=7
errorDelayInDays=3
debug=true
# Internal vars
warnDelayInSecs=$(($warnDelayInDays * 24 * 60 * 60))
errorDelayInSecs=$(($errorDelayInDays * 24 * 60 * 60))
now=$(date +"%s")
warn=false
error=false
if [ ! -r "$certDirectory" ]; then
echo "We haven't read permission on directory $certDirectory"
exit 3 # Unknown
fi
for cert in $certDirectory/*.crt
do
timestampExpCert=$(date --date "`openssl x509 -in $cert -enddate -noout 2>/dev/null | cut -d '=' -f 2`" +"%s")
# If no date, we don't have a certificate or we lack read permission on it
if [ -n "$timestampExpCert" ]; then
difftime=$(($timestampExpCert - $now))
if [ $difftime -le 0 ]; then
echo -e "\nPURPLE ALERT: $cert has expired! What are you doing?!\n"
error=true
elif [ $difftime -le $errorDelayInSecs ]; then
echo -e "\nRED ALERT: $cert will expire in less than $errorDelayInDays days!\n"
error=true
elif [ $difftime -le $warnDelayInSecs ]; then
echo -e "\nWARNING: $cert will expire in less than $warnDelayInDays days!\n"
warn=true
else
if $debug; then
echo "OK: $cert will expire in : $(($difftime/60/60/24)) days"
fi
fi
fi
done
# Set correct return code
if $error; then
exit 2 # Critical
elif $warn; then
exit 1 # Warning
else
echo "All certs are OK (or there are no valid cert to be checked in this directory ;) )"
exit 0 # OK
fi
#!/bin/bash
# Copyright (C) 2016 Alsace Réseau Neutre
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
pidofbin=/bin/pidof
loggerbin=/usr/bin/logger
killbin=/bin/kill
tailbin=/usr/bin/tail
grepbin=/bin/grep
logfile=/var/log/syslog
# Need root. Better than sudo + wildcards in sudoers
if [ $UID -ne 0 ]; then
echo "You aren't root! Check aborted."
exit 3 # Unknown
fi
PIDucarp=$($pidofbin ucarp)
# is uCARP alive?
if [ -z "$PIDucarp" ]; then
echo "uCARP is dead!"
exit 2 # Critical
fi
# Really dirty hack to know if uCARP is really alive.
# Sometimes, ucarp exists in process list but doesn't actually work...
toBeLogged="check_ucarp $(( ( RANDOM % 1000 ) + 1 ))"
$loggerbin "$toBeLogged"
$killbin -USR1 $PIDucarp
sleep 1
# Our monitoring tool use a regex to match "MASTER" or "BACKUP"
# in what we grep in ucarp log below.
toSearch="(?s)"$toBeLogged".*?ucarp.*?\n"
$grepbin -Pzo "$toSearch" $logfile
exit 0 # OK
#
# SNMP agent service file for systemd
# From: https://github.com/haad/net-snmp/blob/master/dist/snmpd.service
#
#
# The service should be enabled, i.e. snmpd should start during machine boot.
# Socket activation shall not be used. See README.systemd for details.
# Debian GNU/Linux: store this in /etc/systemd/system/
[Unit]
Description=Simple Network Management Protocol (SNMP) daemon.
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/usr/sbin/snmpd -f -LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf
[Install]
WantedBy=multi-user.target
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment