def check_license_expiration(self):
# For now I'm going to reuse -L but this might change in the future.
# This means we refer to the license hash as "license_pool" internally in a few places.
# Boo. Let's fix that later.
expire_ts = self.splunk.license_expiration_time
now_ts = int(time.time())
if expire_ts <= now_ts:
# Exit now, its expired
return pynagios.Response(
pynagios.CRITICAL,
"License %s is expired" % self.options.license_pool)
diff_secs = expire_ts - now_ts
diff_days = int(diff_secs / 86400)
if diff_days < self.options.crit:
return pynagios.Response(
pynagios.CRITICAL, "License %s expires in %d days" %
(self.options.license_pool, diff_days))
elif diff_days < self.options.warn:
return pynagios.Response(
pynagios.WARNING, "License %s expires in %d days" %
(self.options.license_pool, diff_days))
else:
return pynagios.Response(
pynagios.OK, "License %s expires in %d days" %
(self.options.license_pool, diff_days))
def check_distributed_search_peers(self, splunkd):
failedPeers = list()
for peer in splunkd.distributed_search_peers:
if peer["replicationStatus"] != "Successful":
failedPeers.append(peer["guid"])
if len(failedPeers) == 0:
return pynagios.Response(pynagios.OK,
"All peers replicating successfully")
else:
return pynagios.Response(
pynagios.CRITICAL,
"Peers failed replication: %s" % ",".join(failedPeers))
def check(self):
splunkd = SplunkServer(self.options.hostname, self.options.username,
self.options.password, self.options.port,
self.options.use_ssl)
try:
root = splunkd._get_url(
"/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_log_status/{0}"
.format(self.options.entity))
except ApiError as e:
return pynagios.Response(pynagios.CRITICAL, str(e))
sdict = root.find(
"./{http://www.w3.org/2005/Atom}entry/{http://www.w3.org/2005/Atom}content/{http://dev.splunk.com/ns/rest}dict"
)
skey = sdict.find(
"./{http://dev.splunk.com/ns/rest}key[@name='last_log_update_timestamp']"
)
last_updated_at = datetime.datetime.strptime(skey.text,
"%Y-%m-%dT%H:%M:%SZ")
now = datetime.datetime.utcnow()
delta = now - last_updated_at
return self.response_for_value(
delta.seconds,
"Last updated {0} seconds ago".format(delta.seconds))
def check_index(self):
USED_PERCENT = int(self.splunk.current_db_size * 100 /
self.splunk.max_db_size)
output_string = "%d%% of MaxTotalDBSize is used" % USED_PERCENT
if USED_PERCENT > self.options.crit:
result = pynagios.Response(pynagios.CRITICAL, output_string)
elif USED_PERCENT > self.options.warn:
result = pynagios.Response(pynagios.WARNING, output_string)
else:
result = pynagios.Response(pynagios.OK, output_string)
result.set_perf_data("currentDBSizeMB", self.splunk.current_db_size,
"")
result.set_perf_data("maxTotalDataSizeMB", self.splunk.max_db_size, "")
return result
def check(self):
check = self.args[1]
if hasattr(self, "check_%s" % check):
return getattr(self, "check_%s" % check)()
else:
return pynagios.Response(pynagios.UNKNOWN,
"Invalid check requested")
def check_index(self, splunkd):
try:
(used, capacity, pct) = splunkd.get_index_usage(self.options.index)
except AttributeError:
return pynagios.Response(
pynagios.CRITICAL,
"{0} index not found".format(self.options.index))
output = "{0}% of MaxTotalDBSize ({1}) is used".format(pct, capacity)
result = self.response_for_value(pct, output)
result.set_perf_data("currentDBSizeMB", used * 1048576, "B")
result.set_perf_data("maxTotalDataSizeMB", capacity * 1048576, "B")
return result
def check(self):
#try:
splunkd = SplunkServer(self.options.hostname, self.options.username,
self.options.password, self.options.port,
self.options.use_ssl)
#except:
# return pynagios.Response(pynagios.UNKNOWN, "Failed to login to splunkd")
check = getattr(self, "check_{0}".format(self.args[1]), None)
if check is None:
check = getattr(self, self.args[1], None)
if callable(check):
try:
return check(splunkd)
except ConnectionError:
return pynagios.Response(pynagios.CRITICAL,
"Unable to connect to splunkd")
except ApiError as e:
return pynagios.Response(pynagios.CRITICAL, str(e))
else:
return pynagios.Response(pynagios.UNKNOWN,
"Invalid check requested")
def check_deployment_client(self, splunkd):
try:
phoneHomeTime = splunkd.get_deployment_client_info(
self.options.deployment_client)["phoneHomeTime"]
except StopIteration:
return pynagios.Response(
pynagios.CRITICAL,
"Unable to get phone home time for {0}".format(
self.options.deployment_client))
import datetime
dt = datetime.datetime.strptime(phoneHomeTime, "%a %b %d %H:%M:%S %Y")
diff = (datetime.datetime.now() - dt).seconds
output = "Client checked in {0} seconds ago".format(diff)
return self.response_for_value(diff,
output,
zabbix_ok="1",
zabbix_critical="0")
def response_for_value(self,
value,
message=None,
ok_value=None,
critical_value=None,
zabbix_ok=None,
zabbix_critical=None):
if critical_value is None and ok_value is None:
if value >= self.options.critical:
ret = pynagios.CRITICAL
elif value >= self.options.warning:
ret = pynagios.WARNING
else:
ret = pynagios.OK
else:
if ok_value is not None and critical_value is not None:
if value == critical_value:
ret = pynagios.CRITICAL
elif value == ok_value:
ret = pynagios.OK
else:
ret = pynagios.UNKNOWN
elif ok_value is None:
if value == critical_value:
ret = pynagios.CRITICAL
else:
ret = pynagios.OK
elif critical_value is None:
if value == ok_value:
ret = pynagios.OK
else:
ret = pynagios.CRITICAL
else:
ret = pynagios.UNKNOWN
if self.options.zabbix or message is None:
if ret == pynagios.OK and zabbix_ok:
return ZabbixResponse(ret, zabbix_ok)
elif ret == pynagios.CRITICAL and zabbix_critical:
return ZabbixResponse(ret, zabbix_critical)
return ZabbixResponse(ret, value)
else:
return pynagios.Response(ret, message)
def check_license(self):
if self.splunk.isFree:
return pynagios.Response(pynagios.OK, "Splunk Community Edition")
if self.splunk.isTrial:
return pynagios.Response(pynagios.OK, "Splunk Download Trial")
# Request list of licenses
licenses = self.splunk.licenses
valid_licenses = filter(lambda l: licenses[l]['status'] == 'VALID',
licenses.keys())
valid_licenses = filter(lambda l: licenses[l]['type'] == 'enterprise',
valid_licenses)
try:
quota = sum(
map(lambda l: int(licenses[l]['quota']), valid_licenses))
except:
quota = 0
if quota == 0:
return pynagios.Response(pynagios.CRITICAL,
"No valid licenses available")
# Get the pool's current usedBytes value
used_bytes = sum(map(lambda p: int(p['used_bytes']),
self.splunk.pools))
WARN_QUOTA = self.options.warn * quota / 100
CRIT_QUOTA = self.options.crit * quota / 100
USED_PERCENT = int(used_bytes * 100 / quota)
output_string = "%d%% of license capacity is used" % USED_PERCENT
if used_bytes > CRIT_QUOTA:
result = pynagios.Response(pynagios.CRITICAL, output_string)
elif used_bytes > WARN_QUOTA:
result = pynagios.Response(pynagios.WARNING, output_string)
else:
result = pynagios.Response(pynagios.OK, output_string)
result.set_perf_data("used", used_bytes, "")
result.set_perf_data("quota", quota, "")
return result