-
-
Save jarckn/c213e09e388d679a0c13a5665036ed99 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from .agent_based_api.v1 import register, Result, State, Service | |
import re | |
# const | |
PLUGIN_NAME='zeek_remote_connections' | |
SERVICE_NAME='Zeek remote-to-remote connections' | |
THRESHOLD_CRIT=5.0 | |
THRESHOLD_WARN=3.0 | |
REGEX='(?P<percentage>\d{1,3}\.\d{1,2})%,\s+(?P<bad_conn_count>\d+) out of (?P<total_conn_count>\d+)' | |
def strip_ansi(source): | |
COLOUR_CODE=r'\033\[(\d|;)+?m' | |
return re.sub(COLOUR_CODE, '', source) | |
def parse_remote_connections(string_table): | |
for string in string_table: | |
clean_string = strip_ansi(str(' '.join(string))) | |
match = re.compile(REGEX).match(clean_string) | |
if match: | |
return_dict = {} | |
return_dict['percentage'] = float(match.group('percentage')) | |
return_dict['bad_conn_count'] = match.group('bad_conn_count') | |
return_dict['total_conn_count'] = match.group('total_conn_count') | |
return return_dict | |
def discover_remote_connections(section): | |
yield Service() | |
def check_remote_connections(section): | |
summary = f"{section['percentage']}% remote-to-remote ({section['bad_conn_count']} out of {section['total_conn_count']})" | |
if section['percentage'] >= THRESHOLD_CRIT: yield Result(state=State.CRIT, summary=summary); return | |
if section['percentage'] >= THRESHOLD_WARN: yield Result(state=State.WARN, summary=summary); return | |
yield Result(state=State.OK, summary=summary); return | |
register.agent_section( | |
name=PLUGIN_NAME, | |
parse_function=parse_remote_connections | |
) | |
register.check_plugin( | |
name=PLUGIN_NAME, | |
service_name=SERVICE_NAME, | |
discovery_function=discover_remote_connections, | |
check_function=check_remote_connections | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment