Module: check_mk
Branch: master
Commit: 8c8d530347c112505ca33c747a71e74bbf2f2275
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8c8d530347c112…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Fri Feb 1 15:00:29 2019 +0100
aws_ec2_security_groups: New check which monitors AWS/EC2 security groups
Change-Id: I4587c6634086ec9dee164196b3b6ea675f4ba3ad
---
agents/special/agent_aws | 31 +++++++++++++++++++++++
checkman/aws_ec2_security_groups | 16 ++++++++++++
checks/aws_ec2_security_groups | 54 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 101 insertions(+)
diff --git a/agents/special/agent_aws b/agents/special/agent_aws
index 0bc1ccf..a1fedff 100755
--- a/agents/special/agent_aws
+++ b/agents/special/agent_aws
@@ -442,6 +442,34 @@ class EC2Summary(AWSSectionGeneric):
return [AWSSectionResult("", [computed_content.content])]
+class EC2SecurityGroups(AWSSectionGeneric):
+ @property
+ def name(self):
+ return "ec2_security_groups"
+
+ @property
+ def interval(self):
+ return 300
+
+ def _get_colleague_contents(self):
+ colleague = self._received_results.get('ec2_summary')
+ if colleague and colleague.content:
+ return AWSColleagueContents(colleague.content, colleague.cache_timestamp)
+ return AWSColleagueContents({}, 0)
+
+ def _fetch_raw_content(self, colleague_contents):
+ return colleague_contents.content
+
+ def _compute_content(self, raw_content, colleague_contents):
+ return AWSComputedContent(raw_content.content, raw_content.cache_timestamp)
+
+ def _create_results(self, computed_content):
+ return [
+ AWSSectionResult(piggyback_hostname, rows.get('SecurityGroups', []))
+ for piggyback_hostname, rows in computed_content.content.iteritems()
+ ]
+
+
class EC2(AWSSectionCloudwatch):
@property
def name(self):
@@ -1179,12 +1207,14 @@ class AWSSectionsGeneric(AWSSections):
#---sections--------------------------------------------------------
elb_health = ELBHealth(elb_client, hostname, region)
+ ec2_security_groups = EC2SecurityGroups(None, hostname, region)
ec2 = EC2(cloudwatch_client, hostname, region)
ebs = EBS(cloudwatch_client, hostname, region)
elb = ELB(cloudwatch_client, hostname, region)
s3 = S3(cloudwatch_client, hostname, region)
#---register sections to distributors-------------------------------
+ ec2_summary_distributor.add(ec2_security_groups)
ec2_summary_distributor.add(ec2)
ec2_summary_distributor.add(ebs_summary)
ec2_summary_distributor.add(ebs)
@@ -1212,6 +1242,7 @@ class AWSSectionsGeneric(AWSSections):
# |-- elb
if 'ec2' in services:
self._sections.append(ec2_summary)
+ self._sections.append(ec2_security_groups)
self._sections.append(ec2)
if 'ebs' in services:
diff --git a/checkman/aws_ec2_security_groups b/checkman/aws_ec2_security_groups
new file mode 100644
index 0000000..0c4f757
--- /dev/null
+++ b/checkman/aws_ec2_security_groups
@@ -0,0 +1,16 @@
+title: AWS EC2 Security Groups
+agents: aws
+catalog: cloud/aws
+license: GPL
+distribution: check_mk
+description:
+ This check monitors the security groups attached to AWS EC2
+ instances.
+ To make this check work you have to configure the related
+ special agent {Amazon Web Services (AWS)}.
+
+ During discovery the security groups are remembered and if
+ one changes the check state will be CRIT.
+
+inventory:
+ One service is created.
diff --git a/checks/aws_ec2_security_groups b/checks/aws_ec2_security_groups
new file mode 100644
index 0000000..81d4519
--- /dev/null
+++ b/checks/aws_ec2_security_groups
@@ -0,0 +1,54 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2018 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at
http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+def inventory_aws_ec2_security_groups(parsed):
+ if parsed:
+ return [(None, "%r" % [group['GroupId'] for group in parsed])]
+
+
+def check_aws_ec2_security_groups(item, params, parsed):
+ for group in parsed:
+ state = 0
+ descr = group.get('Description')
+ if descr:
+ prefix = "[%s] " % descr
+ else:
+ prefix = ""
+ infotext = "%s%s: %s" % (prefix, group['GroupName'],
group['GroupId'])
+ if group['GroupId'] not in params:
+ infotext += " (has changed)"
+ state = 2
+ yield state, infotext
+
+
+check_info['aws_ec2_security_groups'] = {
+ 'parse_function': parse_aws,
+ 'inventory_function': inventory_aws_ec2_security_groups,
+ 'check_function': check_aws_ec2_security_groups,
+ 'service_description': 'AWS/EC2 Security Groups',
+ 'includes': ['aws.include'],
+}