-
Notifications
You must be signed in to change notification settings - Fork 0
/
check_conntrackd.rb
181 lines (146 loc) · 5.22 KB
/
check_conntrackd.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#!/usr/bin/env ruby
#
# check_conntrackd.rb
#
# A Nagios NRPE check that monitors health of the conntrackd daemon ...
#
# The conntrackd daemon uses Netlink socket to communicate with the
# user-space side of the connection tracking solution and sometimes
# said daemon will for whatever reason stop responding. This renders
# any interaction with it virtually impossible and upsets many things
# including statistical data gathering, log rotation, etc ...
#
# When that happens it has to be put to sleep with kill -9, sadly ...
#
require 'getoptlong'
# Location of the conntrackd user-space utility ...
CONNTRACKD_BINARY = '/usr/sbin/conntrackd'
# Default exit codes ...
EXIT_SUCCESS = 0
EXIT_FAILURE = 1
# Default exit codes as per Nagios NRPE protocol ...
STATUS_OK = 0
STATUS_WARNING = 1
STATUS_CRITIAL = 2
STATUS_UNKNOWN = 3
def print_usage
puts <<-EOS
Check whether the conntrackd daemon is running and processing events correctly.
Usage:
#{$0} [--conntrackd-binary <BINARY>] [--help]
Options:
--conntrackd-binary -b Optional. Specify the location of the conntrackd user-space binary to use.
Defaults to #{CONNTRACKD_BINARY}.
--help -h This help screen.
Note: You have to be a super-user in order to run this script ...
EOS
exit EXIT_SUCCESS
end
if $0 == __FILE__
# Make sure that we flush buffers as soon as possible ...
STDOUT.sync = true
STDERR.sync = true
conntrackd_binary = CONNTRACKD_BINARY
# An attempt to pass an argument was made ...
print_usage if ARGV.first == '-'
# Take care about command line switches ...
begin
GetoptLong.new(
['--conntrackd-binary', '-b', GetoptLong::OPTIONAL_ARGUMENT],
['--help', '-?', GetoptLong::NO_ARGUMENT ]
).each do |option, argument|
case option
when /^(?:--conntrackd-binary|-b)$/
conntrackd_binary = argument.strip
when /^(?:--help|-h)$/
print_usage
end
end
rescue GetoptLong::InvalidOption, GetoptLong::MissingArgument
print_usage
end
# Only root is allowed to access content of Kernel space conntrack tables ...
unless Process.uid == 0 or Process.euid == 0
puts 'WARNING: You have to be a super-user to run this script ...'
exit STATUS_WARNING
end
# Check whether the conntrackd user-space utility is there ...
unless File.exists?(conntrackd_binary)
puts 'UNKNOWN: Unable to locate conntrackd user-space binary ...'
exit STATUS_UNKNOWN
end
# We will store size of the internal and external cache here ...
cache_internal = 0
cache_external = 0
# We will store state of parsing here ...
seen_internal = false
seen_external = false
#
# We will use this to mark that there was output of some sort ...
#
# This is to determine that there was some output but we have
# nothing that can handle it during parsing stage below and
# therefore it would be safe to assume that even if conntrackd
# is running an unknown error may have still occurred ...
#
seen_output = false
# We request and process content of the conntrack cache ...
%x{ #{conntrackd_binary} -s cache 2>&1 }.each_line do |line|
# Remove bloat ...
line.strip!
# Got both? Break out ...
break if seen_internal and seen_external
# Skip lines that do not interest us at all ...
next if line.match(/^\s+/)
# Process output ...
case line
when /^can\'t open config.+/
# To catch potential misconfiguration of the conntrackd ...
puts 'CRITICAL: Unable to process conntrackd output. ' +
'The conntrackd daemon cannot open its configuration file.'
exit STATUS_CRITIAL
when /^can\'t connect:.+/
#
# When we have a line starting with "can't connect (...)" it is
# probably an error and therefore we terminate immediately ...
#
puts 'CRITICAL: Unable to process conntrackd output. ' +
'The conntrackd daemon might be in a broken state.'
exit STATUS_CRITIAL
when /cache:internal.+objects:\s+/
# Not that we have details of internal cache ...
seen_internal = true
# Take the value only ...
value = line.split(':').last.strip
cache_internal += value.to_i
when /cache:external.+objects:\s+/
# Note that we have details of external cache ...
seen_external = true
# Take the value only ...
value = line.split(':').last.strip
cache_external += value.to_i
else
# Some sort of output was given ...
seen_output = true
# Skip irrelevant entries ...
next
end
end
if seen_output and (seen_internal and seen_external)
# At this point in time everything should be up and running ...
puts "OK: conntrackd is processing. Active objects: (internal: " +
"#{cache_internal}) (external: #{cache_external})."
exit STATUS_OK
elsif seen_output and not (seen_internal and seen_external)
#
# We have seen an output of some some but not the one we sought for
# which could indicate that an unknown output and/or error may have
# occurred ...
#
puts 'UNKNOWN: Unable to process conntrackd output. ' +
'Unknown or erroneous output was given.'
exit STATUS_UNKNOWN
end
end
# vim: set ts=2 sw=2 et :
# encoding: utf-8