8 Feb
2018
8 Feb
'18
11 a.m.
Module: check_mk
Branch: master
Commit: 8132871a5895c69a6aa3bf157304ae3d2cf43538
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8132871a5895c6…
Author: Marcel Schulte <ms(a)mathias-kettner.de>
Date: Wed Dec 13 12:00:29 2017 +0100
4865 Citrix Netscaler: added new check to monitor age validity of ssl certificates
Change-Id: I71b3e46a71382b48f58db6e844f16899999ac22e
---
.werks/4865 | 10 +++++
checkman/netscaler_sslcertificates | 19 +++++++++
checks/netscaler_sslcertificates | 80 ++++++++++++++++++++++++++++++++++++
web/plugins/wato/check_parameters.py | 23 +++++++++++
4 files changed, 132 insertions(+)
diff --git a/.werks/4865 b/.werks/4865
new file mode 100644
index 0000000..3c6094c
--- /dev/null
+++ b/.werks/4865
@@ -0,0 +1,10 @@
+Title: Citrix Netscaler: added new check to monitor age validity of ssl certificates
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i2
+Date: 1513162782
+Class: feature
+
+
diff --git a/checkman/netscaler_sslcertificates b/checkman/netscaler_sslcertificates
new file mode 100644
index 0000000..2c8fdd2
--- /dev/null
+++ b/checkman/netscaler_sslcertificates
@@ -0,0 +1,19 @@
+title: Citrix Netscaler SSL certificates: age validation
+agents: snmp
+catalog: app/netscaler
+license: GPL
+distribution: check_mk
+description:
+ This check validates found SSL certificates against {WARN} and {CRIT} levels.
+
+ Levels default to {(30, 10)} days but can be customized by the WATO rule
+ {Citrix Netscaler SSL certificates}.
+
+item:
+ The name reported as {sslCertKeyName} (OID: .1.3.6.1.4.1.5951.4.1.1.56.1.1.1).
+
+inventory:
+ Per default one service is discovered for each found SSL certificate.
+
+ Use {ignored_services} if you need a host-specific configuration of the
+ inventory.
diff --git a/checks/netscaler_sslcertificates b/checks/netscaler_sslcertificates
new file mode 100644
index 0000000..afe0196
--- /dev/null
+++ b/checks/netscaler_sslcertificates
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+#
+
+# example SNMP output:
+#
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.1.20.67.79.77.79.68.79.95.82.83.65.95.67.101.114.116.95.65.117.116.104
COMODO_RSA_Cert_Auth
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.1.21.110.115.45.115.101.114.118.101.114.45.99.101.114.116.105.102.105.99.97.116.101
ns-server-certificate
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.1.25.67.79.77.79.68.79.95.82.83.65.95.67.101.114.116.95.65.117.116.104.95.82.111.111.116
COMODO_RSA_Cert_Auth_Root
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.5.20.67.79.77.79.68.79.95.82.83.65.95.67.101.114.116.95.65.117.116.104
4286
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.5.21.110.115.45.115.101.114.118.101.114.45.99.101.114.116.105.102.105.99.97.116.101
3655
+#
.1.3.6.1.4.1.5951.4.1.1.56.1.1.5.25.67.79.77.79.68.79.95.82.83.65.95.67.101.114.116.95.65.117.116.104.95.82.111.111.116
1106
+
+
+factory_settings["netscaler_sslcerts_default_levels"] = {
+ "age_levels" : (30, 10),
+}
+
+
+def inventory_netscaler_sslcerts(info):
+ for line in info:
+ if line[0]:
+ yield line[0], {}
+
+
+def check_netscaler_sslcerts(item, params, info):
+ for certname, daysleft in info:
+ if certname == item:
+ state, daysleft = 0, int(daysleft)
+ warn, crit = params["age_levels"]
+
+ if daysleft <= crit:
+ state = 2
+ elif daysleft <= warn:
+ state = 1
+
+ infotext = "Certificate valid for %d days" % daysleft
+
+ if state > 0:
+ infotext += " (warn/crit below %s/%s)" % (warn, crit)
+
+ yield state, infotext, [("daysleft", daysleft, warn, crit)]
+
+
+check_info["netscaler_sslcertificates"] = {
+ "check_function" : check_netscaler_sslcerts,
+ "inventory_function" : inventory_netscaler_sslcerts,
+ "service_description" : "SSL Certificate %s",
+ "snmp_info" : (".1.3.6.1.4.1.5951.4.1.1.56.1.1", [
+ 1, # sslCertKeyName
+ 5, # sslDaysToExpire
+ ]),
+ "has_perfdata" : True,
+ "snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.5951.1"),
+ "group" : "netscaler_sslcerts",
+ "default_levels_variable" : "netscaler_sslcerts_default_levels",
+}
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index ab333ed..5e12d3e 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -15438,6 +15438,29 @@ register_check_parameters(
)
register_check_parameters(
+ subgroup_applications,
+ "netscaler_sslcerts",
+ _("Citrix Netscaler SSL certificates"),
+ Dictionary(
+ elements = [
+ ('age_levels',
+ Tuple(
+ title = _("Remaining days of validity"),
+ elements = [
+ Integer(title = _("Warning below"), default_value = 30,
min_value = 0 ),
+ Integer(title = _("Critical below"), default_value = 10,
min_value = 0 ),
+ ],
+ ),
+ ),
+ ],
+ ),
+ TextAscii(
+ title = _("Name of Certificate"),
+ ),
+ match_type = "dict"
+)
+
+register_check_parameters(
subgroup_environment,
"siemens_plc_flag",
_("State of Siemens PLC Flags"),