root / plugins / heimdal / heimdal_kdc_requests @ 31412baa
Historique | Voir | Annoter | Télécharger (3,98 ko)
| 1 | 8c72f7aa | Jan R?korajski | #!/usr/bin/perl |
|---|---|---|---|
| 2 | # |
||
| 3 | # Plugin to monitor KDC server requests. |
||
| 4 | # Based on kdc-log-analyze.pl script from heimdal. |
||
| 5 | # |
||
| 6 | # Contributed by Jan Rękorajski <baggins@pld-linux.org> |
||
| 7 | # |
||
| 8 | # Example configuration: |
||
| 9 | # |
||
| 10 | # [heimdal_kdc_*] |
||
| 11 | # env.logdir /var/log |
||
| 12 | # env.logfile secure |
||
| 13 | # env.realms REALM1.COM REALM2.COM |
||
| 14 | # |
||
| 15 | use strict; |
||
| 16 | use Munin::Plugin; |
||
| 17 | |||
| 18 | my $LOGDIR = $ENV{'logdir'} || '/var/log';
|
||
| 19 | my $LOGFILE = $ENV{'logfile'} || 'secure';
|
||
| 20 | my @REALMS = $ENV{'realms'} ? split(' ', $ENV{'realms'}) : ();
|
||
| 21 | |||
| 22 | my $pos = undef; |
||
| 23 | |||
| 24 | my $as_req = 0; |
||
| 25 | my $no_such_princ = 0; |
||
| 26 | my $tgs_req = 0; |
||
| 27 | my $tgs_xrealm_out = 0; |
||
| 28 | my $tgs_xrealm_in = 0; |
||
| 29 | my $referrals = 0; |
||
| 30 | my $pa_failed = 0; |
||
| 31 | my %ip; |
||
| 32 | |||
| 33 | $ip{'4'} = $ip{'6'} = 0;
|
||
| 34 | |||
| 35 | sub islocalrealm {
|
||
| 36 | my ($princ) = @_; |
||
| 37 | my $realm; |
||
| 38 | |||
| 39 | foreach $realm (@REALMS) {
|
||
| 40 | return 1 if ($princ eq $realm); |
||
| 41 | return 1 if ($princ =~ /[^@]+\@${realm}/);
|
||
| 42 | } |
||
| 43 | return 0; |
||
| 44 | } |
||
| 45 | |||
| 46 | sub parseLogfile {
|
||
| 47 | my ($fname, $start) = @_; |
||
| 48 | |||
| 49 | my ($LOGFILE,$rotated) = tail_open($fname,$start); |
||
| 50 | |||
| 51 | my $line; |
||
| 52 | |||
| 53 | while (<$LOGFILE>) {
|
||
| 54 | chomp ($_); |
||
| 55 | |||
| 56 | if (/AS-REQ (.*) from IPv([46]):([0-9\.:a-fA-F]+) for (.*)$/) {
|
||
| 57 | $as_req++; |
||
| 58 | $ip{$2}++;
|
||
| 59 | } elsif (/TGS-REQ (.+) from IPv([46]):([0-9\.:a-fA-F]+) for (.*?)( \[.*\]){0,1}$/) {
|
||
| 60 | $tgs_req++; |
||
| 61 | $ip{$2}++;
|
||
| 62 | |||
| 63 | my $source = $1; |
||
| 64 | my $dest = $4; |
||
| 65 | |||
| 66 | if (!islocalrealm($source)) {
|
||
| 67 | $tgs_xrealm_in++; |
||
| 68 | } |
||
| 69 | if ($dest =~ /krbtgt\/([^@]+)@[^@]+/) {
|
||
| 70 | if (!islocalrealm($1)) {
|
||
| 71 | $tgs_xrealm_out++; |
||
| 72 | } |
||
| 73 | } |
||
| 74 | } elsif (/: No such entry in the database/) {
|
||
| 75 | $no_such_princ++; |
||
| 76 | } elsif (/Lookup .* succeeded$/) {
|
||
| 77 | # Nothing |
||
| 78 | } elsif (/returning a referral to realm (.*) for server (.*) that was not found/) {
|
||
| 79 | $referrals++; |
||
| 80 | } elsif (/Failed to decrypt PA-DATA -- (.+)$/) {
|
||
| 81 | $pa_failed++; |
||
| 82 | } |
||
| 83 | } |
||
| 84 | return tail_close($LOGFILE); |
||
| 85 | } |
||
| 86 | |||
| 87 | if ( $ARGV[0] and $ARGV[0] eq "autoconf" ) {
|
||
| 88 | print "no\n"; |
||
| 89 | exit 0; |
||
| 90 | } |
||
| 91 | |||
| 92 | if ( $ARGV[0] and $ARGV[0] eq "config" ) {
|
||
| 93 | print "graph_title Heimdal KDC requests\n"; |
||
| 94 | print "graph_args --base 1000\n"; |
||
| 95 | print "graph_vlabel requests / \${graph_period}\n";
|
||
| 96 | print "graph_scale yes\n"; |
||
| 97 | print "graph_category Heimdal\n"; |
||
| 98 | print "ipv4.label IPv4 requests\n"; |
||
| 99 | print "ipv4.type ABSOLUTE\n"; |
||
| 100 | print "ipv4.min 0\n"; |
||
| 101 | print "ipv6.label IPv6 requests\n"; |
||
| 102 | print "ipv6.type ABSOLUTE\n"; |
||
| 103 | print "ipv6.min 0\n"; |
||
| 104 | print "lookupfail.label Failed lookups\n"; |
||
| 105 | print "lookupfail.type ABSOLUTE\n"; |
||
| 106 | print "lookupfail.min 0\n"; |
||
| 107 | print "asreq.label AS-REQ requests\n"; |
||
| 108 | print "asreq.type ABSOLUTE\n"; |
||
| 109 | print "asreq.min 0\n"; |
||
| 110 | print "tgsreq.label TGS-REQ requests\n"; |
||
| 111 | print "tgsreq.type ABSOLUTE\n"; |
||
| 112 | print "tgsreq.min 0\n"; |
||
| 113 | print "pafail.label Preauth failed requests\n"; |
||
| 114 | print "pafail.type ABSOLUTE\n"; |
||
| 115 | print "pafail.min 0\n"; |
||
| 116 | print "xrout.label Cross-realm tgs out\n"; |
||
| 117 | print "xrout.type ABSOLUTE\n"; |
||
| 118 | print "xrout.min 0\n"; |
||
| 119 | print "xrin.label Cross-realm tgs in\n"; |
||
| 120 | print "xrin.type ABSOLUTE\n"; |
||
| 121 | print "xrin.min 0\n"; |
||
| 122 | print "referrals.label Referrals\n"; |
||
| 123 | print "referrals.type ABSOLUTE\n"; |
||
| 124 | print "referrals.min 0\n"; |
||
| 125 | exit 0; |
||
| 126 | } |
||
| 127 | |||
| 128 | my $logfile = "$LOGDIR/$LOGFILE"; |
||
| 129 | |||
| 130 | if (! -f $logfile) {
|
||
| 131 | print "ipv4.value U\n"; |
||
| 132 | print "ipv6.value U\n"; |
||
| 133 | print "lookupfail.value U\n"; |
||
| 134 | print "asreq.value U\n"; |
||
| 135 | print "tgsreq.value U\n"; |
||
| 136 | print "pafail.value U\n"; |
||
| 137 | print "xrout.value U\n"; |
||
| 138 | print "xrin.value U\n"; |
||
| 139 | print "referrals.value U\n"; |
||
| 140 | exit 1; |
||
| 141 | } |
||
| 142 | |||
| 143 | ($pos) = restore_state(); |
||
| 144 | |||
| 145 | if (!defined($pos)) {
|
||
| 146 | |||
| 147 | # No state file present. Avoid startup spike: Do not read log |
||
| 148 | # file up to now, but remember how large it is now, and next |
||
| 149 | # time read from there. |
||
| 150 | |||
| 151 | $pos = (stat $logfile)[7]; # File size |
||
| 152 | } else {
|
||
| 153 | $pos = parseLogfile ($logfile, $pos); |
||
| 154 | } |
||
| 155 | |||
| 156 | print "ipv4.value $ip{'4'}\n";
|
||
| 157 | print "ipv6.value $ip{'6'}\n";
|
||
| 158 | print "lookupfail.value $no_such_princ\n"; |
||
| 159 | print "asreq.value $as_req\n"; |
||
| 160 | print "tgsreq.value $tgs_req\n"; |
||
| 161 | print "pafail.value $pa_failed\n"; |
||
| 162 | print "xrout.value $tgs_xrealm_out\n"; |
||
| 163 | print "xrin.value $tgs_xrealm_in\n"; |
||
| 164 | print "referrals.value $referrals\n"; |
||
| 165 | |||
| 166 | save_state($pos); |
||
| 167 | |||
| 168 | # vim:syntax=perl |