Checkmk git commits March 2014

checkmk-commits@lists.checkmk.com

6 participants
183 discussions

Check_MK Git: check_mk: cisco_wlc: Now supports clustered services. Thanks to Marcel Schulte and Udo Woehler

by Bastian Kuhn

Module: check_mk Branch: master Commit: 8f552251ad3741d38909f47703051721be3eb3b5 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8f552251ad3741… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Mon Mar 31 20:45:55 2014 +0200 cisco_wlc: Now supports clustered services. Thanks to Marcel Schulte and Udo Woehler --- checks/cisco_wlc | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/checks/cisco_wlc b/checks/cisco_wlc index 00b6c0f..6d0300c 100644 --- a/checks/cisco_wlc +++ b/checks/cisco_wlc @@ -29,8 +29,12 @@ def cisco_wlc_convert(info): data = [] - for i in range(0, len(info[0])): - data.append((info[0][i][1], info[1][i][1], info[2][i][1], info[3][i][1] )) + + for j in range(0, len(info), 4): + for i in range(1, len(info[j])): + if len(info[j][i][1]) > 0: + data.append((info[j][i][1], info[j+1][i][1], info[j+2][i][1], info[j+3][i][1], info[j][0] )) + return data def inventory_cisco_wlc(info): @@ -39,15 +43,22 @@ def inventory_cisco_wlc(info): def check_cisco_wlc(item, params, info): data = cisco_wlc_convert(info) - for name, mac, state, model in data: + for name, mac, state, model, node in data: if name == item: + if node == None: + node = '' + else: + node = ' (connected to %s)' % node + state = saveint(state) + if state == 1: - return 0, "Accesspoint online" + return 0, "Accesspoint online" + node if state == 3: - return 1, "Accesspoint state Warning" + return 1, "Accesspoint state Warning" + node if state == 2: - return 2, "State Critical" + return 2, "State Critical" + node + return 3, "Unknown state (%s) " % state # Special treatment if this device is missing if params: @@ -62,8 +73,8 @@ check_info["cisco_wlc"] = { "inventory_function" : inventory_cisco_wlc, "group" : "cisco_wlc", "service_description" : "AP %s", - "has_perfdata" : False, - "snmp_scan_function" : lambda oid: oid('.1.3.6.1.2.1.1.2.0') in [".1.3.6.1.4.1.9.1.1069"], + "node_info" : True, + "snmp_scan_function" : lambda oid: oid('.1.3.6.1.2.1.1.2.0') in [".1.3.6.1.4.1.9.1.1069", ".1.3.6.1.4.1.14179.1.1.4.3"], "snmp_info" : [( ".1.3.6.1.4.1.14179.2.2.1.1.3", [ OID_END, '' ]), ( ".1.3.6.1.4.1.14179.2.2.1.1.1", [ OID_END, '' ]), ( ".1.3.6.1.4.1.14179.2.2.1.1.6", [ OID_END, '' ]),

10 years, 2 months

Check_MK Git: check_mk: fix in nagvis_icon.mk

by Bastian Kuhn

Module: check_mk Branch: master Commit: 96aa316f0984b2c412e7558b6fc07209c0ce4250 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=96aa316f0984b2… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Mon Mar 31 17:18:03 2014 +0200 fix in nagvis_icon.mk --- doc/treasures/nagvis_icon/nagvis_icon.mk | 3 ++- doc/treasures/nagvis_icon/nagvis_icon.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/treasures/nagvis_icon/nagvis_icon.mk b/doc/treasures/nagvis_icon/nagvis_icon.mk index 9ac6056..3d3dddd 100644 --- a/doc/treasures/nagvis_icon/nagvis_icon.mk +++ b/doc/treasures/nagvis_icon/nagvis_icon.mk @@ -10,7 +10,8 @@ for _nm in glob.glob(_path): for _nhost in [ _l for _l in file(_nm).readlines() if _l.startswith('host_name')]: _nhost = _nhost.split('=')[-1].strip() _hosts.setdefault(_nhost, []) - _hosts[_nhost].append(_mapname) + if _mapname not in _hosts[_nhost]: + _hosts[_nhost].append(_mapname) extra_host_conf['_nagvismaps'] = [] for _nhost, _maps in _hosts.items(): diff --git a/doc/treasures/nagvis_icon/nagvis_icon.py b/doc/treasures/nagvis_icon/nagvis_icon.py index 2d7dff2..bcc6356 100644 --- a/doc/treasures/nagvis_icon/nagvis_icon.py +++ b/doc/treasures/nagvis_icon/nagvis_icon.py @@ -1,6 +1,8 @@ #!/usr/bin/python # Please refer to nagvis_icon.mk to see a way how to add the nagvismaps custom macro +# copy me to ~/local/share/check_mk/web/pluins/icon and restart the site apache + def paint_nagvis_image(what, row, tags, custom_vars): if what != 'host' or not custom_vars.get('NAGVISMAPS'): return

10 years, 2 months

Check_MK Git: check_mk: Added a simple icon to show links to navis maps. ( located in treasures/nagvis_icon)

by Bastian Kuhn

Module: check_mk Branch: master Commit: 913ca325c0c286aedad1e08e0172c7a7841b82d1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=913ca325c0c286… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Mon Mar 31 16:53:53 2014 +0200 Added a simple icon to show links to navis maps. (located in treasures/nagvis_icon) --- doc/treasures/nagvis_icon/nagvis_icon.mk | 18 ++++++++++++++++++ doc/treasures/nagvis_icon/nagvis_icon.py | 16 ++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/doc/treasures/nagvis_icon/nagvis_icon.mk b/doc/treasures/nagvis_icon/nagvis_icon.mk new file mode 100644 index 0000000..9ac6056 --- /dev/null +++ b/doc/treasures/nagvis_icon/nagvis_icon.mk @@ -0,0 +1,18 @@ +#This config file adds the name of each nagvis map contaning a host as custom macro. +#The information is used for the nagvis_icon.py to show a nagvis icon in the gui + +# Just place this file to check_mk/conf.d + +_path = '/omd/sites/%s/etc/nagvis/maps/*.cfg' % omd_site +_hosts = {} +for _nm in glob.glob(_path): + _mapname = _nm.split("/")[-1].split('.')[0] + for _nhost in [ _l for _l in file(_nm).readlines() if _l.startswith('host_name')]: + _nhost = _nhost.split('=')[-1].strip() + _hosts.setdefault(_nhost, []) + _hosts[_nhost].append(_mapname) + +extra_host_conf['_nagvismaps'] = [] +for _nhost, _maps in _hosts.items(): + extra_host_conf['_nagvismaps'].append( ( ",".join(_maps), [_nhost] ) ) + diff --git a/doc/treasures/nagvis_icon/nagvis_icon.py b/doc/treasures/nagvis_icon/nagvis_icon.py new file mode 100644 index 0000000..2d7dff2 --- /dev/null +++ b/doc/treasures/nagvis_icon/nagvis_icon.py @@ -0,0 +1,16 @@ +#!/usr/bin/python +# Please refer to nagvis_icon.mk to see a way how to add the nagvismaps custom macro + +def paint_nagvis_image(what, row, tags, custom_vars): + if what != 'host' or not custom_vars.get('NAGVISMAPS'): + return + h = "" + for nagvis_map in custom_vars['NAGVISMAPS'].split(','): + h += '<a href="../nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%s" title="%s"><img class=icon src="images/icon_nagvis.png"/></a>' \ + % ( nagvis_map, nagvis_map ) + + return h + +multisite_icons.append({ + 'paint': paint_nagvis_image, +})

10 years, 2 months

Check_MK Git: check_mk: Code Cleanup of Scan and Inventory Functions

by Götz Golla

Module: check_mk Branch: master Commit: 01c51c466e00663d9ad712ed5269061ded025d7e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=01c51c466e0066… Author: Götz Golla <gg(a)mathias-kettner.de> Date: Mon Mar 31 15:52:22 2014 +0200 Code Cleanup of Scan and Inventory Functions --- checks/dell_chassis_fans | 12 ++++------- checks/dell_chassis_io | 12 ++++------- checks/dell_chassis_kvm | 13 +++++------- checks/dell_chassis_power | 19 +++++++---------- checks/dell_chassis_powersupplies | 18 +++++++--------- checks/dell_chassis_slots | 21 +++++++------------ checks/dell_chassis_status | 14 +++++++++---- checks/dell_chassis_temp | 16 ++++++-------- checks/dell_poweredge_amperage | 42 +++++++++++++++++-------------------- checks/dell_poweredge_cpu | 37 ++++++++++++++------------------ checks/dell_poweredge_mem | 40 ++++++++++++++++------------------- checks/dell_poweredge_netdev | 40 ++++++++++++++++------------------- checks/dell_poweredge_pci | 28 +++++++++++-------------- checks/dell_poweredge_status | 22 ++++++++----------- checks/dell_poweredge_temp | 40 ++++++++++++++++------------------- 15 files changed, 162 insertions(+), 212 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=01c51c466e…

10 years, 2 months

Check_MK Git: check_mk: nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems

by Götz Golla

Module: check_mk Branch: master Commit: 3268a2ee4e447229d743d821274e9e09717bb607 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3268a2ee4e4472… Author: Götz Golla <gg(a)mathias-kettner.de> Date: Mon Mar 31 15:02:12 2014 +0200 nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems This agent plugin delivers information about nfs exports on Solaris systems in stand-alone as well as clustered environments. --- .werks/600 | 9 ++++++ ChangeLog | 1 + agents/solaris/nfsexports.solaris | 57 +++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) diff --git a/.werks/600 b/.werks/600 new file mode 100644 index 0000000..89d8d4b --- /dev/null +++ b/.werks/600 @@ -0,0 +1,9 @@ +Title: nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems +Level: 1 +Component: checks +Version: 1.2.5i2 +Date: 1396270818 +Class: feature + +This agent plugin delivers information about nfs exports on Solaris systems in stand-alone +as well as clustered environments. diff --git a/ChangeLog b/ChangeLog index a32df95..a0cf1b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ * 0775 ibm_svc_systemstats.diskio: new check for disk throughput in IBM SVC / V7000 devices in total * 0764 lnx_quota: Added new check to monitor Linux File System Quota... * 0776 ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices + * 0600 nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems... * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit... Multisite: diff --git a/agents/solaris/nfsexports.solaris b/agents/solaris/nfsexports.solaris new file mode 100644 index 0000000..39c6443 --- /dev/null +++ b/agents/solaris/nfsexports.solaris @@ -0,0 +1,57 @@ +#!/usr/bin/bash +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2010 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# ails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +# Check_MK agent plugin for monitoring nfsexports on Solaris. This plugin +# has been tested with solaris 10 in a standalone and cluster setting. + +clusterconfigdir="/etc/cluster/ccr/global/directory" +if [ -r $clusterconfigdir ]; then + # is a clustered nfs server + nfsconfig=/etc/cluster/ccr/global/`grep rgm $clusterconfigdir | grep nfs | grep rg_` + if [ -r $nsconfig ]; then + Pathprefix=`grep Path $nfsconfig | awk {'print $2'}`/SUNW.nfs + dfstabfile=$Pathprefix/dfstab.`grep -v FilesystemMountPoints $nfsconfig | grep SUNW.nfs | \ + awk {'print $1'} | sed -e 's/RS_//'` + if [ -r $dfstabfile ]; then + EXPORTS=`grep -v ^# $dfstabfile | grep -v ^$` + ps -aef | grep nfsd | grep $Pathprefix >/dev/null && DAEMONS="ok" + fi + fi +else + # is a standalone nfs server + dfstabfile="/etc/dfs/dfstab" + if [ -r $dfstabfile ]; then + EXPORTS=`grep -v ^# $dfstabfile | grep -v ^$` + svcs -a | grep nfs/server | grep ^online >/dev/null && DAEMONS="ok" + fi +fi + +# any exports or have running daemons? then look for registered exports +if [ "$EXPORTS" ]; then + echo "<<<nfsexports>>>" + if [ "$DAEMONS" ]; then + showmount -e | grep ^/ + fi +fi

10 years, 2 months

Check_MK Git: check_mk: ibm_svc_mdisk: mode array is now also considered to be ok

by Bernd Stroessenreuther

Module: check_mk Branch: master Commit: afbee9905e18dd96e1bbb5a49bd85ba298a37b4e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=afbee9905e18dd… Author: Bernd Stroessenreuther <bs(a)mathias-kettner.de> Date: Mon Mar 31 14:51:36 2014 +0200 ibm_svc_mdisk: mode array is now also considered to be ok --- checkman/ibm_svc_mdisk | 2 +- checks/ibm_svc_mdisk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checkman/ibm_svc_mdisk b/checkman/ibm_svc_mdisk index 3226a22..39cc756 100644 --- a/checkman/ibm_svc_mdisk +++ b/checkman/ibm_svc_mdisk @@ -9,7 +9,7 @@ description: Status {online} is {OK}, status {offline} and {excluded} are {CRIT} and every other status is {WARN}. - Mode {managed} is {OK} and every other mode is {WARN}. + Modes {managed} and {array} are {OK} and every other mode is {WARN}. The worst of both is returned as check result. diff --git a/checks/ibm_svc_mdisk b/checks/ibm_svc_mdisk index 2422ae6..a88a6eb 100644 --- a/checks/ibm_svc_mdisk +++ b/checks/ibm_svc_mdisk @@ -62,7 +62,7 @@ def check_ibm_svc_mdisk(item, _no_params, info): # check mdisk_mode message += ", Mode %s" % mdisk_mode - if mdisk_mode != "managed": + if mdisk_mode not in ( "managed", "array" ): status = max(status, 1) message += "(!)"

10 years, 2 months

Check_MK Git: check_mk: ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices

by Bernd Stroessenreuther

Module: check_mk Branch: master Commit: 97cb0b56e696ba6fe47720874201f6803491965a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=97cb0b56e696ba… Author: Bernd Stroessenreuther <bs(a)mathias-kettner.de> Date: Mon Mar 31 14:44:55 2014 +0200 ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices --- .werks/776 | 8 +++ ChangeLog | 1 + checkman/ibm_svc_nodestats.cpu_util | 41 ++++++++++++ checks/ibm_svc_nodestats | 45 +++++++++++++ .../check_mk-ibm_svc_nodestats.cpu_util.php | 70 ++++++++++++++++++++ web/plugins/perfometer/check_mk.py | 1 + 6 files changed, 166 insertions(+) diff --git a/.werks/776 b/.werks/776 new file mode 100644 index 0000000..8800222 --- /dev/null +++ b/.werks/776 @@ -0,0 +1,8 @@ +Title: ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices +Level: 1 +Component: checks +Version: 1.2.5i2 +Date: 1396269855 +Class: feature + + diff --git a/ChangeLog b/ChangeLog index 9305a36..a32df95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ * 0774 ibm_svc_nodestats.diskio: new check for disk troughput per node on IBM SVC / V7000 devices * 0775 ibm_svc_systemstats.diskio: new check for disk throughput in IBM SVC / V7000 devices in total * 0764 lnx_quota: Added new check to monitor Linux File System Quota... + * 0776 ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit... Multisite: diff --git a/checkman/ibm_svc_nodestats.cpu_util b/checkman/ibm_svc_nodestats.cpu_util new file mode 100644 index 0000000..8f87447 --- /dev/null +++ b/checkman/ibm_svc_nodestats.cpu_util @@ -0,0 +1,41 @@ +title: IBM SVC / V7000: CPU Utilization per Node +agents: ibm_svc +catalog: hw/storagehw/ibm +license: GPL +distribution: check_mk +description: + Reports the CPU Utilization for each node of an IBM SVC / V7000 device. + + The check returns {WARN} or {CRIT} if the utilization in percent is higher + then given levels and {OK} otherwise. + +item: + The name of the node. + +inventory: + Creates one check per node. + +perfdata: + One value: The utilization in percent, together with it's levels for + warn and crit. + +examples: + # set default levels to 70 and 80 percent: + ibm_svc_cpu_default_levels = (70.0, 80.0) + + # Check CPU Utilization of Node SVC01 on a IBM SVC called my-svc with default levels + checks += [ + ("my-svc", "ibm_svc_nodestats.cpu_util", 'SVC01', ibm_svc_cpu_default_levels) + ] + + # or use individual levels for warn and crit + checks += [ + ("my-svc", "ibm_svc_nodestats.cpu_util", 'SVC01', (75.0, 85.0)) + ] + +[parameters] +parameters (float, float): levels of CPU utilization for {WARN} and {CRIT} in percent + +[configuration] +ibm_svc_cpu_default_levels (float, float): The standard levels for {WARN} and + {CRIT}, preset to (80.0, 90.0) diff --git a/checks/ibm_svc_nodestats b/checks/ibm_svc_nodestats index 7dff6b6..cbf5f02 100644 --- a/checks/ibm_svc_nodestats +++ b/checks/ibm_svc_nodestats @@ -71,6 +71,15 @@ # 5:BLUBBSVC02:sas_io:0:0:140325134930 # [...] +# .--disk IO-------------------------------------------------------------. +# | _ _ _ ___ ___ | +# | __| (_)___| | __ |_ _/ _ \ | +# | / _` | / __| |/ / | | | | | | +# | | (_| | \__ \ < | | |_| | | +# | \__,_|_|___/_|\_\ |___\___/ | +# | | +# '----------------------------------------------------------------------' + # parses agent output into a structure like: # {'Drives BLUBBSVC01': {'r_mb': 0, 'w_mb': 0}, # 'Drives BLUBBSVC02': {'r_mb': 0, 'w_mb': 0}, @@ -133,3 +142,39 @@ check_info["ibm_svc_nodestats.diskio"] = { "has_perfdata" : True, } +#. +# .--cpu-----------------------------------------------------------------. +# | | +# | ___ _ __ _ _ | +# | / __| '_ \| | | | | +# | | (__| |_) | |_| | | +# | \___| .__/ \__,_| | +# | |_| | +# | | +# '----------------------------------------------------------------------' + +ibm_svc_cpu_default_levels = ( 90.0, 95.0 ) + +def inventory_ibm_svc_cpu(info): + inventory = [] + for node_id, node_name, stat_name, stat_current, stat_peak, stat_peak_time in info: + if stat_name == "cpu_pc": + inventory.append( (node_name, "ibm_svc_cpu_default_levels") ) + return inventory + +def check_ibm_svc_cpu(item, params, info): + for node_id, node_name, stat_name, stat_current, stat_peak, stat_peak_time in info: + if node_name == item and stat_name == "cpu_pc": + return check_cpu_util(int(stat_current), params) + + return 3, "value cpu_pc not found in agent output for node %s" % item + +check_info["ibm_svc_nodestats.cpu_util"] = { + "check_function" : check_ibm_svc_cpu, + "inventory_function" : inventory_ibm_svc_cpu, + "service_description" : "CPU utilization %s", + "has_perfdata" : True, + "group" : "cpu_utilization_multiitem", + "includes" : [ "cpu_util.include" ], +} +#. diff --git a/pnp-templates/check_mk-ibm_svc_nodestats.cpu_util.php b/pnp-templates/check_mk-ibm_svc_nodestats.cpu_util.php new file mode 100644 index 0000000..a1a651f --- /dev/null +++ b/pnp-templates/check_mk-ibm_svc_nodestats.cpu_util.php @@ -0,0 +1,70 @@ +<?php +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2013 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# ails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +# Do not depend on numbers, use names +$RRD = array(); +foreach ($NAME as $i => $n) { + $RRD[$n] = "$RRDFILE[$i]:$DS[$i]:MAX"; + $WARN[$n] = $WARN[$i]; + $CRIT[$n] = $CRIT[$i]; + $MIN[$n] = $MIN[$i]; + $MAX[$n] = $MAX[$i]; +} + +$num_threads = $MAX[1]; + +$opt[1] = "--vertical-label 'Utilization %' -l0 -u 100 --title \"$hostname / $servicedesc\" "; + +$def[1] = "DEF:perc=$RRD[util] " + . "CDEF:util=perc,$num_threads,*,100,/ " + ; + +$def[1] .= "AREA:util#60f020:\"Utilization\:\" " + . "LINE:util#50b01a " + . "GPRINT:perc:LAST:\"%.1lf%%\" " + . "GPRINT:perc:MIN:\"min\: %.1lf%%\" " + . "GPRINT:perc:MAX:\"max\: %.1lf%%\\n\" " + ; + + +if (isset($RRD["avg"])) { + $def[1] .= "DEF:aperc=$RRD[avg] ". + "CDEF:avg=aperc,$num_threads,*,100,/ ". + "LINE:avg#004000:\"Averaged\: \" ". + "GPRINT:aperc:LAST:\"%.1lf%%,\" ". + "GPRINT:aperc:MIN:\"min\: %.1lf%%,\" ". + "GPRINT:aperc:MAX:\"max\: %.1lf%%\\n\" ". + ""; +} + +if ($WARN['util']) { + $def[1] .= "HRULE:$WARN[1]#fff000:\"Warn at $WARN[util]% \" " + . "HRULE:$CRIT[1]#ff0000:\"Critical at $CRIT[util]%\\n\" "; +} +else { + $def[1] .= "COMMENT:\"\\n\" "; +} + +?> diff --git a/web/plugins/perfometer/check_mk.py b/web/plugins/perfometer/check_mk.py index fb7a1e9..34f643a 100644 --- a/web/plugins/perfometer/check_mk.py +++ b/web/plugins/perfometer/check_mk.py @@ -475,6 +475,7 @@ perfometers["check_mk-hr_cpu"] = perfometer_cpu_utilization perfometers["check_mk-innovaphone_cpu"] = perfometer_cpu_utilization perfometers["check_mk-enterasys_cpu_util"] = perfometer_cpu_utilization perfometers["check_mk-juniper_trpz_cpu_util"] = perfometer_cpu_utilization +perfometers["check_mk-ibm_svc_nodestats.cpu_util"] = perfometer_cpu_utilization def perfometer_ps_perf(row, check_command, perf_data): perf_dict = dict([(p[0], float(p[1])) for p in perf_data])

10 years, 2 months

Check_MK Git: check_mk: FIX table statehist: now able to cancel a running query if limit is reached

by Andreas Boesl

Module: check_mk Branch: master Commit: d16580c6600da2215f45e31473cfde0f0ec9f6e0 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d16580c6600da2… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Mon Mar 31 13:55:36 2014 +0200 FIX table statehist: now able to cancel a running query if limit is reached The livestatus table statehist was unable to end a query when the <tt>Timelimit:</tt> or <tt>Limit:</tt> options were reached. --- .werks/742 | 11 +++++++ ChangeLog | 3 ++ livestatus/src/TableStateHistory.cc | 55 ++++++++++++++++++++--------------- livestatus/src/TableStateHistory.h | 1 + 4 files changed, 47 insertions(+), 23 deletions(-) diff --git a/.werks/742 b/.werks/742 new file mode 100644 index 0000000..1f1b183 --- /dev/null +++ b/.werks/742 @@ -0,0 +1,11 @@ +Title: table statehist: now able to cancel a running query if limit is reached +Level: 1 +Component: livestatus +Class: fix +State: unknown +Version: 1.2.5i2 +Date: 1396266716 + +The livestatus table statehist was unable to end a query when +the <tt>Timelimit:</tt> or <tt>Limit:</tt> options were reached. + diff --git a/ChangeLog b/ChangeLog index 6707853..9305a36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ BI: * 0741 FIX: BI editor: fixed display bug in "Create nodes based on a service search"... + Livestatus: + * 0742 FIX: table statehist: now able to cancel a running query if limit is reached... + 1.2.5i1: Core & Setup: diff --git a/livestatus/src/TableStateHistory.cc b/livestatus/src/TableStateHistory.cc index ee1f8c6..9705336 100644 --- a/livestatus/src/TableStateHistory.cc +++ b/livestatus/src/TableStateHistory.cc @@ -317,6 +317,9 @@ void TableStateHistory::answerQuery(Query *query) g_store->logCache()->lockLogCache(); g_store->logCache()->logCachePreChecks(); + // This flag might be set to true by the return value of processDataset(...) + _abort_query = false; + // Keep track of the historic state of services/hosts here typedef map<HostServiceKey, HostServiceState*> state_info_t; state_info_t state_info; @@ -389,6 +392,9 @@ void TableStateHistory::answerQuery(Query *query) while (0 != (entry = getNextLogentry())) { + if (_abort_query) + break; + if (entry->_time >= _until) { getPreviousLogentry(); break; @@ -637,31 +643,33 @@ void TableStateHistory::answerQuery(Query *query) // Create final reports state_info_t::iterator it_hst = state_info.begin(); - while (it_hst != state_info.end()) - { - HostServiceState* hst = it_hst->second; - - // No trace since the last two nagios startup -> host/service has vanished - if (hst->_may_no_longer_exist) { - // Log last known state up to nagios restart - hst->_time = hst->_last_known_time; - hst->_until = hst->_last_known_time; - process(query, hst); + if (!_abort_query) { + while (it_hst != state_info.end()) + { + HostServiceState* hst = it_hst->second; + + // No trace since the last two nagios startup -> host/service has vanished + if (hst->_may_no_longer_exist) { + // Log last known state up to nagios restart + hst->_time = hst->_last_known_time; + hst->_until = hst->_last_known_time; + process(query, hst); + + // Set absent state + hst->_state = -1; + hst->_until = hst->_time; + hst->_debug_info = "UNMONITORED"; + if (hst->_log_output) + free(hst->_log_output); + hst->_log_output = 0; + } - // Set absent state - hst->_state = -1; + hst->_time = _until - 1; hst->_until = hst->_time; - hst->_debug_info = "UNMONITORED"; - if (hst->_log_output) - free(hst->_log_output); - hst->_log_output = 0; - } - hst->_time = _until - 1; - hst->_until = hst->_time; - - process(query, hst); - it_hst++; + process(query, hst); + it_hst++; + } } // Cleanup ! @@ -889,7 +897,8 @@ inline void TableStateHistory::process(Query *query, HostServiceState *hs_state) } // if (hs_state->_duration > 0) - query->processDataset(hs_state); + _abort_query = !query->processDataset(hs_state); + hs_state->_from = hs_state->_until; }; diff --git a/livestatus/src/TableStateHistory.h b/livestatus/src/TableStateHistory.h index 465e0c1..99423d1 100644 --- a/livestatus/src/TableStateHistory.h +++ b/livestatus/src/TableStateHistory.h @@ -43,6 +43,7 @@ class TableStateHistory : public Table Query *_query; int _since; int _until; + bool _abort_query; // Notification periods information, name: active(1)/inactive(0) typedef map<string, int> _notification_periods_t;

10 years, 2 months

Check_MK Git: check_mk: FIX Changed transid implemtation to work as CSRF protection ( Fixes CVE-2014-2330)

by Lars Michelsen

Module: check_mk Branch: master Commit: 50bb17166b31a46a53716f9d238d9b009906827f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=50bb17166b31a4… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Mar 31 12:09:30 2014 +0200 FIX Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330) This change fixes possible attacks against Check_MK Multisite users. In previous versions a possible attacker could try to make the browsers of authenticated users open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without knowledge of the attacked user. To make such an attack possible, there are several things needed: The user must be authenticated with multisite and have enough permission within multisite to execute the actions the attacker wants to use, the attacker needs to know the exact URL to the Multisite GUI. Then the attacker needs to make the user either click on a manipulated link or open a manipulated webpage which makes the browser of the user, where the user is authenticated with multisite, open the URL the attacker wants to make it open. The multisite GUI makes use of transids (transaction ids) when processing form submissions or actions. The transids were mainly used to prevent double execution of actions when reloading the page which performed the action in the browser. Now we changed internal handling of the transid to make it also prevent CSRF attacks. The transid is now some kind of shared secret between the webserver and the browser of the user. This ensures a form submission is intended by a previously requested page. This change impicates an incompatible change: In case you use a script which opens multisite pages to perform an action, e.g. set a downtime and use this with a regular user account which authenticates by username/password, the script won't work anymore after this change. The way to go is to adapt the script and change the user to authenticate with an automation secret instead of a password. For this kind of authentication, you will need to user other URL parameters (_username=... and _secret=...). --- .werks/766 | 33 +++++++++++++++++++++++ ChangeLog | 1 + web/htdocs/htmllib.py | 69 +++++++++++++++++++++++++++++++++++-------------- web/htdocs/login.py | 2 ++ 4 files changed, 86 insertions(+), 19 deletions(-) diff --git a/.werks/766 b/.werks/766 new file mode 100644 index 0000000..21d8748 --- /dev/null +++ b/.werks/766 @@ -0,0 +1,33 @@ +Title: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330) +Level: 3 +Component: multisite +Version: 1.2.5i2 +Date: 1396259365 +Class: fix + +This change fixes possible attacks against Check_MK Multisite users. In previous +versions a possible attacker could try to make the browsers of authenticated users +open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without +knowledge of the attacked user. + +To make such an attack possible, there are several things needed: The user must be +authenticated with multisite and have enough permission within multisite to execute +the actions the attacker wants to use, the attacker needs to know the exact URL to the +Multisite GUI. Then the attacker needs to make the user either click on a manipulated +link or open a manipulated webpage which makes the browser of the user, where the user +is authenticated with multisite, open the URL the attacker wants to make it open. + +The multisite GUI makes use of transids (transaction ids) when processing form +submissions or actions. The transids were mainly used to prevent double execution +of actions when reloading the page which performed the action in the browser. +Now we changed internal handling of the transid to make it also prevent CSRF attacks. +The transid is now some kind of shared secret between the webserver and the browser +of the user. This ensures a form submission is intended by a previously requested page. + +This change impicates an incompatible change: In case you use a script which opens +multisite pages to perform an action, e.g. set a downtime and use this with a regular +user account which authenticates by username/password, the script won't work anymore +after this change. +The way to go is to adapt the script and change the user to authenticate with an +automation secret instead of a password. For this kind of authentication, you will +need to user other URL parameters (_username=... and _secret=...). diff --git a/ChangeLog b/ChangeLog index 5c95b6f..4c9d690 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Multisite: * 0765 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps... + * 0766 FIX: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330)... 1.2.5i1: diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index 8c31d42..6a9c84c 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -74,6 +74,8 @@ class html: self.treestates = {} self.treestates_for_id = None self.caches = {} + self.new_transids = [] + self.ignore_transids = False RETURN = 13 SHIFT = 16 @@ -801,6 +803,9 @@ class html: self.bottom_footer() self.body_end() + # Hopefully this is the correct place to performe some "finalization" tasks. + self.store_new_transids() + def add_status_icon(self, img, tooltip, url = None): if url: self.status_icons[img] = tooltip, url @@ -938,35 +943,61 @@ class html: if not self.has_var("_ajaxid"): self.javascript("if(parent && parent.frames[0]) parent.frames[0].location.reload();"); - # Compute a (hopefully) unique transaction id + def set_ignore_transids(self): + self.ignore_transids = True + + # Compute a (hopefully) unique transaction id. This is generated during rendering + # of a form or an action link, stored in a user specific file for later validation, + # sent to the users browser via HTML code, then submitted by the user together + # with the action (link / form) and then validated if it is a known transid. When + # it is a known transid, it will be used and invalidated. If the id is not known, + # the action will not be processed. def fresh_transid(self): - return "%d/%d" % (int(time.time()), random.getrandbits(32)) + transid = "%d/%d" % (int(time.time()), random.getrandbits(32)) + self.new_transids.append(transid) + return transid # Marks a transaction ID as used. This is done by saving # it in a user specific settings file "transids.mk". At this # time we remove all entries from that list that are older - # then one week. - def invalidate_transid(self, id): - used_ids = self.load_transids() - new_ids = [] + # than one week. + def store_new_transids(self): + valid_ids = self.load_transids() + + cleared_ids = [] now = time.time() - for used_id in used_ids: - timestamp, rand = used_id.split("/") + for valid_id in valid_ids: + timestamp, rand = valid_id.split("/") if now - int(timestamp) < 604800: # 7 * 24 hours - new_ids.append(used_id) - used_ids.append(id) - self.save_transids(used_ids) - - # Checks, if the current transaction is valid, i.e. now - # browser reload. The HTML variable _transid must be present. - # If it is empty or -1, then it's always valid (this is used - # for webservice calls). + cleared_ids.append(valid_id) + + self.save_transids(cleared_ids + self.new_transids) + + # Remove the used transid from the list of valid ones + def invalidate_transid(self, used_id): + valid_ids = self.load_transids() + try: + valid_ids.remove(used_id) + except ValueError: + return + self.save_transids(valid_ids) + + # Checks, if the current transaction is valid, i.e. in case of + # browser reload a browser reload, the form submit should not + # be handled a second time.. The HTML variable _transid must be present. + # + # In case of automation users (authed by _secret in URL): If it is empty + # or -1, then it's always valid (this is used for webservice calls). + # This was also possible for normal users, but has been removed to preven + # security related issues. def transaction_valid(self): if not self.has_var("_transid"): return False id = self.var("_transid") - if not id or id == "-1": + if not id or self.ignore_transids: return True # automation + + # Normal user/password auth user handling timestamp, rand = id.split("/") # If age is too old (one week), it is always @@ -975,8 +1006,8 @@ class html: if now - int(timestamp) >= 604800: # 7 * 24 hours return False - # Now check, if this id is not yet invalidated - return id not in self.load_transids() + # Now check, if this id is a valid one + return id in self.load_transids() # Checks, if the current page is a transation, i.e. something # that is secured by a transid (such as a submitted form) diff --git a/web/htdocs/login.py b/web/htdocs/login.py index c3a06e0..55452c0 100644 --- a/web/htdocs/login.py +++ b/web/htdocs/login.py @@ -128,6 +128,8 @@ def check_auth_automation(): if secret and user and "/" not in user: path = defaults.var_dir + "/web/" + user + "/automation.secret" if os.path.isfile(path) and file(path).read().strip() == secret: + # Auth with automation secret succeeded - mark transid as unneeded in this case + html.set_ignore_transids() return user raise MKAuthException(_("Invalid automation secret for user %s") % user)

10 years, 2 months

Check_MK Git: check_mk: NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps

by Lars Michelsen

Module: check_mk Branch: master Commit: d43dc093a23c641d03a15b05aa4d555d20a010f6 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d43dc093a23c64… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Mar 31 08:51:44 2014 +0200 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps The NagVis-Maps sidebar snapin now shows a green box with yellow or red borders when maps have a problematic summary state, but have been acknowledged or set into downtime. --- .werks/765 | 9 +++++++++ ChangeLog | 3 +++ web/plugins/sidebar/nagvis_maps.py | 21 ++++++++++++++++++++- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/.werks/765 b/.werks/765 new file mode 100644 index 0000000..62b9129 --- /dev/null +++ b/.werks/765 @@ -0,0 +1,9 @@ +Title: NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps +Level: 1 +Component: multisite +Version: 1.2.5i2 +Date: 1396248631 +Class: feature + +The NagVis-Maps sidebar snapin now shows a green box with yellow or red borders when +maps have a problematic summary state, but have been acknowledged or set into downtime. diff --git a/ChangeLog b/ChangeLog index 59ec71b..5c95b6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ * 0764 lnx_quota: Added new check to monitor Linux File System Quota... * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit... + Multisite: + * 0765 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps... + 1.2.5i1: Core & Setup: diff --git a/web/plugins/sidebar/nagvis_maps.py b/web/plugins/sidebar/nagvis_maps.py index cbb4f29..89b5d23 100644 --- a/web/plugins/sidebar/nagvis_maps.py +++ b/web/plugins/sidebar/nagvis_maps.py @@ -44,5 +44,24 @@ sidebar_snapins["nagvis_maps"] = { "render": render_nagvis_maps, "allowed": [ "user", "admin", "guest" ], "refresh": True, - "styles": "" + "styles": """ +div.state1.statea { + border-color: #ff0; +} +div.state2.statea { + border-color: #f00; +} +div.statea { + background-color: #0b3; +} +div.state1.stated { + border-color: #ff0; +} +div.state2.stated { + border-color: #f00; +} +div.stated { + background-color: #0b3; +} +""" }

10 years, 2 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits March 2014