sensu-plugins-network-checks 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/README.md +1 -0
- data/bin/check-netfilter-conntrack.rb +70 -3
- data/lib/sensu-plugins-network-checks/version.rb +1 -1
- metadata +1 -2
- data/bin/check-netfilter-conntrack.sh +0 -54
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d45fea7e87a7fd0b77422c1a62942711f58840a1c15b73de68801904cd12d687
|
|
4
|
+
data.tar.gz: 024755f7eef5cf48b75831ba1d106f5b703f8541d588041eb0e0371281aa9691
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3e2fab411354ea8eb666ce798c2aa3d1f4c6df7f01342e2ddd34ac83b0413c344919ec80ea66ea01255b4cc7b73abc3e9c7f71b8415e63b2d284638afcfd93fc
|
|
7
|
+
data.tar.gz: 4133ad29aa21bb4ea96a001359ea6828c79eda462ff543e4b90ec38c0a8873fd5e5b165db0e9e496b94a8298a284002f4f781e32f86894d7280fb78c211b55a5
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
4
4
|
This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md)
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
|
+
### Changed
|
|
8
|
+
- check-netfilter-conntrack.rb: ditch the associated shellscript and turned into pure Ruby.
|
|
7
9
|
|
|
8
10
|
## [3.0.0] - 2018-03-17
|
|
9
11
|
### Security
|
|
@@ -212,7 +214,8 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugin
|
|
|
212
214
|
|
|
213
215
|
* initial release, same as community repo
|
|
214
216
|
|
|
215
|
-
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/
|
|
217
|
+
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/3.1.0...HEAD
|
|
218
|
+
[3.1.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/3.0.0...3.1.0
|
|
216
219
|
[3.0.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.3.0...3.0.0
|
|
217
220
|
[2.3.1]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.3.0...2.3.1
|
|
218
221
|
[2.3.0]: https://github.com/sensu-plugins/sensu-plugins-network-checks/compare/2.2.0...2.3.0
|
data/README.md
CHANGED
|
@@ -1,7 +1,74 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
#
|
|
5
|
+
# check-netfilter-conntrack
|
|
6
|
+
#
|
|
7
|
+
# DESCRIPTION:
|
|
8
|
+
# Check netfilter connection tracking table condition
|
|
9
|
+
#
|
|
10
|
+
# OUTPUT:
|
|
11
|
+
# plain text
|
|
12
|
+
#
|
|
13
|
+
# PLATFORMS:
|
|
14
|
+
# Linux
|
|
15
|
+
#
|
|
16
|
+
# DEPENDENCIES:
|
|
17
|
+
# gem: sensu-plugin
|
|
18
|
+
#
|
|
19
|
+
# USAGE:
|
|
20
|
+
# $ ./check-netfilter-conntrack.rb --warning 60 --critical 90
|
|
21
|
+
#
|
|
22
|
+
# NOTES:
|
|
23
|
+
# - If you need to check the conntrack table of a specific linux
|
|
24
|
+
# network namespace (e.g in a docker context), run this check as
|
|
25
|
+
# `nsenter --net=<file> check-netfilter-conntrack.rb` to use the
|
|
26
|
+
# network namespace which `<file>`'s descriptor indicates.
|
|
27
|
+
#
|
|
28
|
+
# LICENSE:
|
|
29
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
|
30
|
+
# for details.
|
|
31
|
+
#
|
|
6
32
|
|
|
7
|
-
|
|
33
|
+
require 'sensu-plugin/check/cli'
|
|
34
|
+
|
|
35
|
+
#
|
|
36
|
+
# Check Netfilter connection tracking table condition
|
|
37
|
+
#
|
|
38
|
+
class CheckNetfilterConntrack < Sensu::Plugin::Check::CLI
|
|
39
|
+
option :warning,
|
|
40
|
+
description: 'Warn if conntrack table is filled more than PERC%',
|
|
41
|
+
short: '-w PERC',
|
|
42
|
+
long: '--warning PERC',
|
|
43
|
+
default: 80,
|
|
44
|
+
proc: proc(&:to_i)
|
|
45
|
+
|
|
46
|
+
option :critical,
|
|
47
|
+
description: 'Critical if conntrack table is filled more than PERC%',
|
|
48
|
+
short: '-c PERC',
|
|
49
|
+
long: '--critical PERC',
|
|
50
|
+
default: 90,
|
|
51
|
+
proc: proc(&:to_i)
|
|
52
|
+
|
|
53
|
+
def nf_conntrack_max
|
|
54
|
+
File.read('/proc/sys/net/netfilter/nf_conntrack_max').to_i
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def nf_conntrack_count
|
|
58
|
+
File.read('/proc/sys/net/netfilter/nf_conntrack_count').to_i
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def run
|
|
62
|
+
max = nf_conntrack_max
|
|
63
|
+
count = nf_conntrack_count
|
|
64
|
+
percentage = (count.to_f / max.to_f) * 100
|
|
65
|
+
|
|
66
|
+
message "Table is at #{percentage.round(1)}% (#{count}/#{max})"
|
|
67
|
+
|
|
68
|
+
critical if percentage >= config[:critical]
|
|
69
|
+
warning if percentage >= config[:warning]
|
|
70
|
+
ok
|
|
71
|
+
rescue StandardError
|
|
72
|
+
warning "Can't read conntrack information."
|
|
73
|
+
end
|
|
74
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sensu-plugins-network-checks
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sensu-Plugins and contributors
|
|
@@ -271,7 +271,6 @@ files:
|
|
|
271
271
|
- bin/check-mtu.rb
|
|
272
272
|
- bin/check-multicast-groups.rb
|
|
273
273
|
- bin/check-netfilter-conntrack.rb
|
|
274
|
-
- bin/check-netfilter-conntrack.sh
|
|
275
274
|
- bin/check-netstat-tcp.rb
|
|
276
275
|
- bin/check-ping.rb
|
|
277
276
|
- bin/check-ports-bind.rb
|
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
#!/bin/bash
|
|
2
|
-
#
|
|
3
|
-
# Check Net Filter Connection Track Table Usage
|
|
4
|
-
# ===
|
|
5
|
-
#
|
|
6
|
-
# DESCRIPTION:
|
|
7
|
-
# This plugin provides a method for monitoring the percentage used of the nf_conntrack hash
|
|
8
|
-
#
|
|
9
|
-
# OUTPUT:
|
|
10
|
-
# plain-text
|
|
11
|
-
#
|
|
12
|
-
# PLATFORMS:
|
|
13
|
-
# Linux
|
|
14
|
-
#
|
|
15
|
-
# DEPENDENCIES:
|
|
16
|
-
#
|
|
17
|
-
# Copyright 2014 Yieldbot, Inc <devops@yieldbot.com>
|
|
18
|
-
#
|
|
19
|
-
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
|
20
|
-
# for details.
|
|
21
|
-
|
|
22
|
-
# CLI Options
|
|
23
|
-
while getopts ':w:c:' OPT; do
|
|
24
|
-
case $OPT in
|
|
25
|
-
w) WARN=$OPTARG;;
|
|
26
|
-
c) CRIT=$OPTARG;;
|
|
27
|
-
esac
|
|
28
|
-
done
|
|
29
|
-
|
|
30
|
-
WARN=${WARN:=100}
|
|
31
|
-
CRIT=${CRIT:=100}
|
|
32
|
-
|
|
33
|
-
# Get the max connections
|
|
34
|
-
MAX=$(sysctl net.netfilter.nf_conntrack_max | awk '{ print $3 }')
|
|
35
|
-
|
|
36
|
-
# Get the current connections
|
|
37
|
-
CURR=$(sysctl net.netfilter.nf_conntrack_count | awk '{ print $3 }')
|
|
38
|
-
|
|
39
|
-
# Percent usage of conncetions
|
|
40
|
-
PERCENT=$(echo "scale=3; $CURR / $MAX *100" | bc -l | cut -d "." -f1)
|
|
41
|
-
|
|
42
|
-
# If percent isnt defined set it to 0
|
|
43
|
-
PERCENT=${PERCENT:=0}
|
|
44
|
-
|
|
45
|
-
if [[ $PERCENT -ge $CRIT ]] ; then
|
|
46
|
-
echo "NETFILTER CONNTRACK CRITICAL - $PERCENT"
|
|
47
|
-
exit 2
|
|
48
|
-
elif [[ $PERCENT -ge $WARN ]] ; then
|
|
49
|
-
echo "NETFILTER CONNTRACK WARNING - $PERCENT"
|
|
50
|
-
exit 1
|
|
51
|
-
else
|
|
52
|
-
echo "NETFILTER CONNTRACK OK - $PERCENT"
|
|
53
|
-
exit 0
|
|
54
|
-
fi
|