sensu-plugins-network-checks 3.0.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/README.md +1 -0
- data/bin/check-netfilter-conntrack.rb +70 -3
- data/lib/sensu-plugins-network-checks/version.rb +1 -1
- metadata +1 -2
- data/bin/check-netfilter-conntrack.sh +0 -54
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d45fea7e87a7fd0b77422c1a62942711f58840a1c15b73de68801904cd12d687
|
|
4
|
+
data.tar.gz: 024755f7eef5cf48b75831ba1d106f5b703f8541d588041eb0e0371281aa9691
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3e2fab411354ea8eb666ce798c2aa3d1f4c6df7f01342e2ddd34ac83b0413c344919ec80ea66ea01255b4cc7b73abc3e9c7f71b8415e63b2d284638afcfd93fc
|
|
7
|
+
data.tar.gz: 4133ad29aa21bb4ea96a001359ea6828c79eda462ff543e4b90ec38c0a8873fd5e5b165db0e9e496b94a8298a284002f4f781e32f86894d7280fb78c211b55a5
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
4
4
|
This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md)
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
|
+
### Changed
|
|
8
|
+
- check-netfilter-conntrack.rb: ditch the associated shellscript and turned into pure Ruby.
|
|
7
9
|
|
|
8
10
|
## [3.0.0] - 2018-03-17
|
|
9
11
|
### Security
|
|
@@ -212,7 +214,8 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugin
|
|
|
212
214
|
|
|
213
215
|
* initial release, same as community repo
|
|
214
216
|
|
|
215
|
-
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/
|
|
217
|
+
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/3.1.0...HEAD
|
|
218
|
+
[3.1.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/3.0.0...3.1.0
|
|
216
219
|
[3.0.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.3.0...3.0.0
|
|
217
220
|
[2.3.1]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.3.0...2.3.1
|
|
218
221
|
[2.3.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.2.0...2.3.0
|
data/README.md
CHANGED
|
@@ -1,7 +1,74 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
#
|
|
5
|
+
# check-netfilter-conntrack
|
|
6
|
+
#
|
|
7
|
+
# DESCRIPTION:
|
|
8
|
+
# Check netfilter connection tracking table condition
|
|
9
|
+
#
|
|
10
|
+
# OUTPUT:
|
|
11
|
+
# plain text
|
|
12
|
+
#
|
|
13
|
+
# PLATFORMS:
|
|
14
|
+
# Linux
|
|
15
|
+
#
|
|
16
|
+
# DEPENDENCIES:
|
|
17
|
+
# gem: sensu-plugin
|
|
18
|
+
#
|
|
19
|
+
# USAGE:
|
|
20
|
+
# $ ./check-netfilter-conntrack.rb --warning 60 --critical 90
|
|
21
|
+
#
|
|
22
|
+
# NOTES:
|
|
23
|
+
# - If you need to check the conntrack table of a specific linux
|
|
24
|
+
# network namespace (e.g in a docker context), run this check as
|
|
25
|
+
# `nsenter --net=<file> check-netfilter-conntrack.rb` to use the
|
|
26
|
+
# network namespace which `<file>`'s descriptor indicates.
|
|
27
|
+
#
|
|
28
|
+
# LICENSE:
|
|
29
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
|
30
|
+
# for details.
|
|
31
|
+
#
|
|
6
32
|
|
|
7
|
-
|
|
33
|
+
require 'sensu-plugin/check/cli'
|
|
34
|
+
|
|
35
|
+
#
|
|
36
|
+
# Check Netfilter connection tracking table condition
|
|
37
|
+
#
|
|
38
|
+
class CheckNetfilterConntrack < Sensu::Plugin::Check::CLI
|
|
39
|
+
option :warning,
|
|
40
|
+
description: 'Warn if conntrack table is filled more than PERC%',
|
|
41
|
+
short: '-w PERC',
|
|
42
|
+
long: '--warning PERC',
|
|
43
|
+
default: 80,
|
|
44
|
+
proc: proc(&:to_i)
|
|
45
|
+
|
|
46
|
+
option :critical,
|
|
47
|
+
description: 'Critical if conntrack table is filled more than PERC%',
|
|
48
|
+
short: '-c PERC',
|
|
49
|
+
long: '--critical PERC',
|
|
50
|
+
default: 90,
|
|
51
|
+
proc: proc(&:to_i)
|
|
52
|
+
|
|
53
|
+
def nf_conntrack_max
|
|
54
|
+
File.read('/proc/sys/net/netfilter/nf_conntrack_max').to_i
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def nf_conntrack_count
|
|
58
|
+
File.read('/proc/sys/net/netfilter/nf_conntrack_count').to_i
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def run
|
|
62
|
+
max = nf_conntrack_max
|
|
63
|
+
count = nf_conntrack_count
|
|
64
|
+
percentage = (count.to_f / max.to_f) * 100
|
|
65
|
+
|
|
66
|
+
message "Table is at #{percentage.round(1)}% (#{count}/#{max})"
|
|
67
|
+
|
|
68
|
+
critical if percentage >= config[:critical]
|
|
69
|
+
warning if percentage >= config[:warning]
|
|
70
|
+
ok
|
|
71
|
+
rescue StandardError
|
|
72
|
+
warning "Can't read conntrack information."
|
|
73
|
+
end
|
|
74
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sensu-plugins-network-checks
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sensu-Plugins and contributors
|
|
@@ -271,7 +271,6 @@ files:
|
|
|
271
271
|
- bin/check-mtu.rb
|
|
272
272
|
- bin/check-multicast-groups.rb
|
|
273
273
|
- bin/check-netfilter-conntrack.rb
|
|
274
|
-
- bin/check-netfilter-conntrack.sh
|
|
275
274
|
- bin/check-netstat-tcp.rb
|
|
276
275
|
- bin/check-ping.rb
|
|
277
276
|
- bin/check-ports-bind.rb
|
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
#!/bin/bash
|
|
2
|
-
#
|
|
3
|
-
# Check Net Filter Connection Track Table Usage
|
|
4
|
-
# ===
|
|
5
|
-
#
|
|
6
|
-
# DESCRIPTION:
|
|
7
|
-
# This plugin provides a method for monitoring the percentage used of the nf_conntrack hash
|
|
8
|
-
#
|
|
9
|
-
# OUTPUT:
|
|
10
|
-
# plain-text
|
|
11
|
-
#
|
|
12
|
-
# PLATFORMS:
|
|
13
|
-
# Linux
|
|
14
|
-
#
|
|
15
|
-
# DEPENDENCIES:
|
|
16
|
-
#
|
|
17
|
-
# Copyright 2014 Yieldbot, Inc <devops@yieldbot.com>
|
|
18
|
-
#
|
|
19
|
-
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
|
20
|
-
# for details.
|
|
21
|
-
|
|
22
|
-
# CLI Options
|
|
23
|
-
while getopts ':w:c:' OPT; do
|
|
24
|
-
case $OPT in
|
|
25
|
-
w) WARN=$OPTARG;;
|
|
26
|
-
c) CRIT=$OPTARG;;
|
|
27
|
-
esac
|
|
28
|
-
done
|
|
29
|
-
|
|
30
|
-
WARN=${WARN:=100}
|
|
31
|
-
CRIT=${CRIT:=100}
|
|
32
|
-
|
|
33
|
-
# Get the max connections
|
|
34
|
-
MAX=$(sysctl net.netfilter.nf_conntrack_max | awk '{ print $3 }')
|
|
35
|
-
|
|
36
|
-
# Get the current connections
|
|
37
|
-
CURR=$(sysctl net.netfilter.nf_conntrack_count | awk '{ print $3 }')
|
|
38
|
-
|
|
39
|
-
# Percent usage of conncetions
|
|
40
|
-
PERCENT=$(echo "scale=3; $CURR / $MAX *100" | bc -l | cut -d "." -f1)
|
|
41
|
-
|
|
42
|
-
# If percent isnt defined set it to 0
|
|
43
|
-
PERCENT=${PERCENT:=0}
|
|
44
|
-
|
|
45
|
-
if [[ $PERCENT -ge $CRIT ]] ; then
|
|
46
|
-
echo "NETFILTER CONNTRACK CRITICAL - $PERCENT"
|
|
47
|
-
exit 2
|
|
48
|
-
elif [[ $PERCENT -ge $WARN ]] ; then
|
|
49
|
-
echo "NETFILTER CONNTRACK WARNING - $PERCENT"
|
|
50
|
-
exit 1
|
|
51
|
-
else
|
|
52
|
-
echo "NETFILTER CONNTRACK OK - $PERCENT"
|
|
53
|
-
exit 0
|
|
54
|
-
fi
|