Home Explore Help
Sign In
franciliens.net
/
fcn-toolbox
3
0
Fork 0
Files Pull Requests 0
Tree: a627f1b9da
Branches Tags
fcn-toolbox
/
nagios
/
check_netstat_connectioncount.sh

check_netstat_connectioncount.sh 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. #!/bin/sh
    2. 

  2. 

  3. # Petit script custom pour vérifier le nombre de connexions sur netstat
    4. 

  4. # GPL v3+ (copyright chl-dev@bugness.org)
    5. 

  5. 

  6. # Default values
    7. 

  7. RANGE_WARNING="1:50"
    8. 

  8. RANGE_CRITICAL="1:100"
    9. 

  9. 

  10. # Output
    11. 

  11. OUTPUT_EXIT_STATUS=0
    12. 

  12. OUTPUT_DETAIL_WARNING=""
    13. 

  13. OUTPUT_DETAIL_CRITICAL=""
    14. 

  14. OUTPUT_PERFDATA=""
    15. 

  15. 

  16. PROGPATH=$( echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,' )
    17. 

  17. REVISION="0.1"
    18. 

  18. 

  19. # Stop at the first non-catched error
    20. 

  20. set -e
    21. 

  21. 

  22. # Include check_range()
    23. 

  23. . $PROGPATH/utils.sh
    24. 

  24. 

  25. #
    26. 

  26. # Fonction d'aide
    27. 

  27. #
    28. 

  28. usage() {
    29. 

  29. 	cat <<EOF
    30. 

  30. Usage :
    31. 

  31.   $0 [-w warning_range] [-c critical_range] -p port [[-w...] -p port] ...
    32. 

  32. 

  33. Example :
    34. 

  34.   ./check_netstat_connectioncount.sh -w 50 -c 100 -p 80
    35. 

  35. 

  36. Note: Since the port is checked against the lastest ranges given, order
    37. 

  37.       of the arguments is important. Ex:
    38. 

  38.       ./check_netstat_connectioncount.sh -w 1:5 -c 1:10 -p 22 -p listen-unix:X11 -w 1:50 -c 1:100 -p 80 -p 443
    39. 

  39. 

  40. Special values for 'port' :
    41. 

  41. 	all
    42. 

  42. 	all-ipv4
    43. 

  43. 	all-ipv6
    44. 

  44. 	listen
    45. 

  45. 	listen-ipv4
    46. 

  46. 	listen-ipv6
    47. 

  47. 	listen-unix
    48. 

  48. 	listen-unix:PATTERN
    49. 

  49. 

  50. Default values:
    51. 

  51. 	warning_range:	$RANGE_WARNING
    52. 

  52. 	critical_range:	$RANGE_CRITICAL
    53. 

  53. EOF
    54. 

  54. }
    55. 

  55. 

  56. check_range_syntax() {
    57. 

  57. 	check_range 0 "$1" >/dev/null 2>&1
    58. 

  58. 	if [ "$?" -eq "2" ]; then
    59. 

  59. 		return 1
    60. 

  60. 	fi
    61. 

  61. 	return 0
    62. 

  62. }
    63. 

  63. 

  64. # Some early checks
    65. 

  65. for i in netstat ss; do
    66. 

  66. 	if which "$i" >/dev/null 2>&1 ; then
    67. 

  67. 		COMMAND_SYS="$i"
    68. 

  68. 		break
    69. 

  69. 	fi
    70. 

  70. done
    71. 

  71. if [ -z "$COMMAND_SYS" ]; then
    72. 

  72. 	echo "UNKNOWN 'netstat' and 'ss' not found."
    73. 

  73. 	exit 1
    74. 

  74. fi
    75. 

  75. 

  76. #
    77. 

  77. # Gestion des paramètres
    78. 

  78. #
    79. 

  79. while getopts hw:c:p: f; do
    80. 

  80. 	case "$f" in
    81. 

  81. 		'h')
    82. 

  82. 			usage
    83. 

  83. 			exit
    84. 

  84. 			;;
    85. 

  85. 

  86. 		'w')
    87. 

  87. 			if check_range_syntax "$OPTARG" >/dev/null; then
    88. 

  88. 				RANGE_WARNING="$OPTARG"
    89. 

  89. 			else
    90. 

  90. 				echo "UNKNOWN: invalid range."
    91. 

  91. 				exit 3
    92. 

  92. 			fi
    93. 

  93. 			;;
    94. 

  94. 

  95. 		'c')
    96. 

  96. 			if check_range_syntax "$OPTARG" >/dev/null; then
    97. 

  97. 				RANGE_CRITICAL="$OPTARG"
    98. 

  98. 			else
    99. 

  99. 				echo "UNKNOWN: invalid range."
    100. 

  100. 				exit 3
    101. 

  101. 			fi
    102. 

  102. 			;;
    103. 

  103. 

  104. 		'p')
    105. 

  105. 			# Ce n'est pas très propre, mais on gère tout ici plutôt que de remplir
    106. 

  106. 			# un buffer et de le traiter ensuite
    107. 

  107. 			# Note : grep renvoie un code d'erreur 1 s'il n'y a pas de résultat,
    108. 

  108. 			#        d'où l'ajout d'un || true sur lui uniquement.
    109. 

  109. 			LABEL="$OPTARG"
    110. 

  110. 			case "$OPTARG" in
    111. 

  111. 				'all')
    112. 

  112. 					CPT="$( $COMMAND_SYS -taun  | tail -n +2 | wc -l )"
    113. 

  113. 					PORT_NUMBER='all'
    114. 

  114. 					;;
    115. 

  115. 				'all-ipv4')
    116. 

  116. 					CPT="$( $COMMAND_SYS -taun4 | tail -n +2 | wc -l )"
    117. 

  117. 					PORT_NUMBER='all-ipv4'
    118. 

  118. 					;;
    119. 

  119. 				'all-ipv6')
    120. 

  120. 					CPT="$( $COMMAND_SYS -taun6 | tail -n +2 | wc -l )"
    121. 

  121. 					PORT_NUMBER='all-ipv6'
    122. 

  122. 					;;
    123. 

  123. 				'listen')
    124. 

  124. 					CPT="$( $COMMAND_SYS -tlun  | tail -n +2 | wc -l )"
    125. 

  125. 					PORT_NUMBER='listen'
    126. 

  126. 					;;
    127. 

  127. 				'listen-ipv4')
    128. 

  128. 					CPT="$( $COMMAND_SYS -tlun4 | tail -n +2 | wc -l )"
    129. 

  129. 					PORT_NUMBER='listen-ipv4'
    130. 

  130. 					;;
    131. 

  131. 				'listen-ipv6')
    132. 

  132. 					CPT="$( $COMMAND_SYS -tlun6 | tail -n +2 | wc -l )"
    133. 

  133. 					PORT_NUMBER='listen-ipv6'
    134. 

  134. 					;;
    135. 

  135. 				'listen-unix')
    136. 

  136. 					CPT="$( $COMMAND_SYS -xl | tail -n +2 | wc -l )"
    137. 

  137. 					PORT_NUMBER='listen-unix'
    138. 

  138. 					;;
    139. 

  139. 				'listen-unix:'*)
    140. 

  140. 					CPT="$( $COMMAND_SYS -xl | tail -n +2 | grep "$( echo "$OPTARG" | sed 's/^listen-unix://' )" | wc -l )"
    141. 

  141. 					PORT_NUMBER=$OPTARG  # risque de bug côté superviseur ?
    142. 

  142. 					;;
    143. 

  143. 				*)
    144. 

  144. 					PORT_NUMBER=$( printf "%d" "$OPTARG" )
    145. 

  145. 					LABEL="port$PORT_NUMBER"
    146. 

  146. 					CPT="$( $COMMAND_SYS -tauen | sed 's/[[:space:]]\+/\t/g' | cut -f 4 | ( grep -c ":$PORT_NUMBER$" || true ) )"
    147. 

  147. 					;;
    148. 

  148. 			esac
    149. 

  149. 

  150. 			# mémo : 'label'=value[UOM];[warn];[crit];[min];[max]
    151. 

  151. 			OUTPUT_PERFDATA=$( printf "%s'%s'=%d;%s;%s;0;" \
    152. 

  152. 					"$( test -n "$OUTPUT_PERFDATA" && echo "$OUTPUT_PERFDATA " )" \
    153. 

  153. 					"$LABEL" \
    154. 

  154. 					"$CPT" \
    155. 

  155. 					"$RANGE_WARNING" \
    156. 

  156. 					"$RANGE_CRITICAL" )
    157. 

  157. 

  158. 			if check_range "$CPT" "$RANGE_CRITICAL"; then
    159. 

  159. 				OUTPUT_EXIT_STATUS=2
    160. 

  160. 				OUTPUT_DETAIL_CRITICAL="$OUTPUT_DETAIL_CRITICAL Port:$PORT_NUMBER($CPT conn.)"
    161. 

  161. 			elif check_range "$CPT" "$RANGE_WARNING"; then
    162. 

  162. 				if [ "$OUTPUT_EXIT_STATUS" -eq 0 ]; then
    163. 

  163. 					OUTPUT_EXIT_STATUS=1
    164. 

  164. 				fi
    165. 

  165. 				OUTPUT_DETAIL_WARNING="$OUTPUT_DETAIL_WARNING Port:$PORT_NUMBER($CPT conn.)"
    166. 

  166. 			fi
    167. 

  167. 			;;
    168. 

  168. 

  169. 		\?)
    170. 

  170. 			usage
    171. 

  171. 			exit 1
    172. 

  172. 			;;
    173. 

  173. 	esac
    174. 

  174. done
    175. 

  175. 

  176. case "$OUTPUT_EXIT_STATUS" in
    177. 

  177. 	'0')
    178. 

  178. 		printf "OK ($COMMAND_SYS)"
    179. 

  179. 		;;
    180. 

  180. 	'1')
    181. 

  181. 		printf "WARNING ($COMMAND_SYS) %s" "$OUTPUT_DETAIL_WARNING"
    182. 

  182. 		;;
    183. 

  183. 	'2')
    184. 

  184. 		printf "CRITICAL ($COMMAND_SYS) %s" "$OUTPUT_DETAIL_CRITICAL"
    185. 

  185. 		;;
    186. 

  186. 	*)
    187. 

  187. 		printf "UNKNOWN"
    188. 

  188. 		;;
    189. 

  189. esac
    190. 

  190. 

  191. printf "|%s\n" "$OUTPUT_PERFDATA"
    192. 

  192. # on supprime les retours à la ligne
    193. 

  193. exit $OUTPUT_EXIT_STATUS
    194.