Created
June 7, 2012 00:46
-
-
Save emsearcy/2885777 to your computer and use it in GitHub Desktop.
Nagios conntrack table monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| # | |
| # Script to check netfilter conntrack usage | |
| # https://gist.github.com/gists/2885777 | |
| # emsearcy@osuosl.org | |
| # | |
| # Usage: check_conntrack -w WARN_USED% -c CRIT_USED% | |
| # | |
| # Returns: | |
| # UNKNOWN if no conntrack support found | |
| # CRITICAL if > CRIT_USED% table use | |
| # WARNING if > WARN_USED% table use | |
| # OK otherwise | |
| # | |
| use vars qw($conntrack_count, $conntrack_max); | |
| my $conntrack_count = ''; | |
| my $conntrack_max = ''; | |
| # Some distros put this in different places. Deal with it in a sane manner | |
| if (-e '/proc/sys/net/netfilter/nf_conntrack_count') { | |
| $conntrack_count = '/proc/sys/net/netfilter/nf_conntrack_count'; | |
| } elsif (-e '/proc/sys/net/ipv4/netfilter/ip_conntrack_count') { | |
| $conntrack_count = '/proc/sys/net/ipv4/netfilter/ip_conntrack_count'; | |
| } | |
| if (-e '/proc/sys/net/netfilter/nf_conntrack_max') { | |
| $conntrack_max = '/proc/sys/net/netfilter/nf_conntrack_max'; | |
| } elsif (-e '/proc/sys/net/ipv4/netfilter/ip_conntrack_max') { | |
| $conntrack_max = '/proc/sys/net/ipv4/netfilter/ip_conntrack_max'; | |
| } | |
| use Getopt::Std; | |
| $Getopt::Std::STANDARD_HELP_VERSION = true; | |
| sub VERSION_MESSAGE | |
| { | |
| print ""; | |
| } | |
| sub HELP_MESSAGE | |
| { | |
| print "Usage: check_conntrack -w WARN_USED\% -c CRIT_USED\%\n"; | |
| } | |
| my %options=(); | |
| getopts("hw:c:", \%options); | |
| if (!(defined $options{w} && defined $options{c})) { | |
| HELP_MESSAGE(); | |
| exit 1; | |
| } | |
| my $crit_thresh = int($options{c}); | |
| my $warn_thresh = int($options{w}); | |
| if ($warn_thresh > $crit_thresh) { | |
| print "CONNTRACK WARNING: " . | |
| "Critical threshold must be higher than warning threshold!\n"; | |
| exit 1; | |
| } | |
| open(COUNT, "< $conntrack_count") or print "CONNTRACK UNKNOWN: $! (count)\n" and exit 3; | |
| open(MAX, "< $conntrack_max") or print "CONNTRACK UNKNOWN: $! (max)\n" and exit 3; | |
| my $count = int(<COUNT>); | |
| my $max = int(<MAX>); | |
| my $used = 0; | |
| if ($count && $max) { | |
| $used = int($count / ($max / 100)); | |
| } else { | |
| $used = -1; | |
| } | |
| if ($used == -1) { | |
| print "CONNTRACK UNKNOWN: unexpected contents in proc counters?\n"; | |
| exit 3 | |
| } elsif ($used > $crit_thresh) { | |
| print "CONNTRACK CRITICAL: $used% used ($count of $max)\n"; | |
| exit 2 | |
| } elsif ($used > $warn_thresh) { | |
| print "CONNTRACK WARNING: $used% used ($count of $max)\n"; | |
| exit 1 | |
| } else { | |
| print "CONNTRACK OK: $used% used ($count of $max)\n"; | |
| exit 0 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment