2 # -*- encoding: utf-8; py-indent-offset: 4 -*-
3 # +------------------------------------------------------------------+
4 # | ____ _ _ __ __ _ __ |
5 # | / ___| |__ ___ ___| | __ | \/ | |/ / |
6 # | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
7 # | | |___| | | | __/ (__| < | | | | . \ |
8 # | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
10 # | Copyright Mathias Kettner 2016 mk@mathias-kettner.de |
11 # +------------------------------------------------------------------+
13 # This file is part of Check_MK.
14 # The official homepage is at http://mathias-kettner.de/check_mk.
16 # check_mk is free software; you can redistribute it and/or modify it
17 # under the terms of the GNU General Public License as published by
18 # the Free Software Foundation in version 2. check_mk is distributed
19 # in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
20 # out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
21 # PARTICULAR PURPOSE. See the GNU General Public License for more de-
22 # ails. You should have received a copy of the GNU General Public
23 # License along with GNU Make; see the file COPYING. If not, write
24 # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
25 # Boston, MA 02110-1301 USA.
28 def fireeye_counter_generic(value
, what
, average
):
29 this_time
= time
.time()
30 # 'what' is the readable description of the checked counter
31 # (e.g. 'Infected URL')
32 # For the counter variable name, we remove all spaces
33 # (e.g. 'fireeye.infected.url')
34 counter
= 'fireeye.%s' % what
.replace(' ', '.').lower()
35 rate
= get_rate(counter
, this_time
, value
)
37 if what
== 'Bypass' and rate
> 0:
39 # The perf-variable also uses the counter description as name
40 # (e.g. 'infected_rate')
41 perfdata
= [('%s_rate' % what
.split(' ')[0].lower(), rate
)]
43 avg
= get_average(' %s avg' % counter
, this_time
, rate
, average
)
44 return (state
, '%s rate: %.2f mails per %d second' % \
45 (what
, avg
* average
, average
), perfdata
)
46 return (state
, '%s rate: %.2f mails per second' % (what
, rate
), perfdata
)
49 # .--mail----------------------------------------------------------------.
53 # | | \ / | __ _ _| | |
54 # | | |\/| |/ _` | | | |
55 # | | | | | (_| | | | |
56 # | |_| |_|\__,_|_|_| |
58 # '----------------------------------------------------------------------'
60 #.1.3.6.1.4.1.25597.13.1.1.0 2560224
61 #.1.3.6.1.4.1.25597.13.1.2.0 0
62 #.1.3.6.1.4.1.25597.13.1.3.0 2560224
63 #.1.3.6.1.4.1.25597.13.1.4.0 2864
64 #.1.3.6.1.4.1.25597.13.1.5.0 0
65 #.1.3.6.1.4.1.25597.13.1.6.0 2864
66 #.1.3.6.1.4.1.25597.13.1.7.0 2134871
67 #.1.3.6.1.4.1.25597.13.1.8.0 0
68 #.1.3.6.1.4.1.25597.13.1.9.0 2134871
71 def check_fireeye_mail(_no_item
, params
, info
):
72 mail_info
= info
[0][0:3]
73 average
= params
.get('interval', 0)
74 for index
, mail_type
in enumerate(['Total Email', 'Infected Email', 'Analyzed Email']):
75 yield fireeye_counter_generic(int(mail_info
[index
]) * 60, mail_type
, average
)
78 check_info
['fireeye_mail'] = {
79 'inventory_function': lambda info
: inventory_fireeye_generic(info
, False, True),
80 'check_function': check_fireeye_mail
,
81 'service_description': 'Received Mail Rates',
82 'group': 'fireeye_mail',
84 '.1.3.6.1.4.1.25597.13.1',
86 '1', # 0 FE-FIREEYE-MIB::feTotalEmailCount
87 '4', # 1 FE-FIREEYE-MIB::feInfectedEmailCount
88 '7', # 2 FE-FIREEYE-MIB::feAnalyzedEmailCount
89 '10', # 3 FE-FIREEYE-MIB::feTotalUrlCount
90 '13', # 4 FE-FIREEYE-MIB::feInfectedUrlCount
91 '16', # 5 FE-FIREEYE-MIB::feAnalyzedUrlCount
92 '19', # 6 FE-FIREEYE-MIB::feTotalAttachmentCount
93 '22', # 7 FE-FIREEYE-MIB::feInfectedAttachmentCount
94 '25', # 8 FE-FIREEYE-MIB::feAnalyzedAttachmentCount
95 '28', # 9 FE-FIREEYE-MIB::feTotalEmailHasAttachment
96 '31', # 10 FE-FIREEYE-MIB::feTotalEmailHasUrl
97 '34', # 11 FE-FIREEYE-MIB::feTotalEmailHasBadAttachment
98 '37', # 12 FE-FIREEYE-MIB::feTotalEmailHasBadUrl
99 '50', # 13 FE-FIREEYE-MIB::feSamplingEmailStartTime
100 '51', # 14 FE-FIREEYE-MIB::feSamplingEmailEndTime
101 '52', # 15 FE-FIREEYE-MIB::feSamplingEmailReceivedRate
103 'snmp_scan_function': scan_fireeye
,
104 'has_perfdata': True,
105 'includes': ['fireeye.include']
108 # .--attachment----------------------------------------------------------.
111 # | /\ | | | | | | | | |
112 # | / \ | |_| |_ __ _ ___| |__ _ __ ___ ___ _ __ | |_ |
113 # | / /\ \| __| __/ _` |/ __| '_ \| '_ ` _ \ / _ \ '_ \| __| |
114 # | / ____ \ |_| || (_| | (__| | | | | | | | | __/ | | | |_ |
115 # | /_/ \_\__|\__\__,_|\___|_| |_|_| |_| |_|\___|_| |_|\__| |
117 # '----------------------------------------------------------------------'
119 #.1.3.6.1.4.1.25597.13.1.19.0 3415541
120 #.1.3.6.1.4.1.25597.13.1.20.0 0
121 #.1.3.6.1.4.1.25597.13.1.21.0 3415541
122 #.1.3.6.1.4.1.25597.13.1.22.0 896
123 #.1.3.6.1.4.1.25597.13.1.23.0 0
124 #.1.3.6.1.4.1.25597.13.1.24.0 896
125 #.1.3.6.1.4.1.25597.13.1.25.0 1942580
126 #.1.3.6.1.4.1.25597.13.1.26.0 0
127 #.1.3.6.1.4.1.25597.13.1.27.0 1942580
130 def check_fireeye_attachment(_no_item
, params
, info
):
131 mail_info
= info
[0][6:9]
132 average
= params
.get('interval', 0)
133 for index
, attachment_type
in enumerate(['Total Attachment', 'Infected Attachment', \
134 'Analyzed Attachment']):
135 yield fireeye_counter_generic(int(mail_info
[index
]), attachment_type
, average
)
138 check_info
['fireeye_mail.attachment'] = {
139 'inventory_function': lambda info
: inventory_fireeye_generic(info
, False, True),
140 'check_function': check_fireeye_attachment
,
141 'service_description': 'Mails Containing Attachment',
142 'group': 'fireeye_mail',
143 'has_perfdata': True,
146 # .--url-----------------------------------------------------------------.
149 # | | | | | __ \| | |
150 # | | | | | |__) | | |
152 # | | |__| | | \ \| |____ |
153 # | \____/|_| \_\______| |
155 # '----------------------------------------------------------------------'
156 #.1.3.6.1.4.1.25597.13.1.10.0 34996161
157 #.1.3.6.1.4.1.25597.13.1.11.0 0
158 #.1.3.6.1.4.1.25597.13.1.12.0 34996161
159 #.1.3.6.1.4.1.25597.13.1.13.0 2011
160 #.1.3.6.1.4.1.25597.13.1.14.0 0
161 #.1.3.6.1.4.1.25597.13.1.15.0 2011
162 #.1.3.6.1.4.1.25597.13.1.16.0 5619681
163 #.1.3.6.1.4.1.25597.13.1.17.0 0
164 #.1.3.6.1.4.1.25597.13.1.18.0 5619681
167 def check_fireeye_url(_no_item
, params
, info
):
168 mail_info
= info
[0][3:6]
169 average
= params
.get('interval', 0)
170 for index
, url_type
in enumerate(['Total URL', 'Infected URL', 'Analyzed URL']):
171 yield fireeye_counter_generic(int(mail_info
[index
]), url_type
, average
)
174 check_info
['fireeye_mail.url'] = {
175 'inventory_function': lambda info
: inventory_fireeye_generic(info
, False, True),
176 'check_function': check_fireeye_url
,
177 'service_description': 'Mails Containing URL',
178 'group': 'fireeye_mail',
179 'has_perfdata': True,
182 # .--statistics----------------------------------------------------------.
184 # | _____ _ _ _ _ _ |
185 # | / ____| | | | (_) | | (_) |
186 # | | (___ | |_ __ _| |_ _ ___| |_ _ ___ ___ |
187 # | \___ \| __/ _` | __| / __| __| |/ __/ __| |
188 # | ____) | || (_| | |_| \__ \ |_| | (__\__ \ |
189 # | |_____/ \__\__,_|\__|_|___/\__|_|\___|___/ |
191 # '----------------------------------------------------------------------'
192 #.1.3.6.1.4.1.25597.13.1.28.0 1133119
193 #.1.3.6.1.4.1.25597.13.1.29.0 0
194 #.1.3.6.1.4.1.25597.13.1.30.0 1133119
195 #.1.3.6.1.4.1.25597.13.1.31.0 1738052
196 #.1.3.6.1.4.1.25597.13.1.32.0 0
197 #.1.3.6.1.4.1.25597.13.1.33.0 1738053
198 #.1.3.6.1.4.1.25597.13.1.34.0 841
199 #.1.3.6.1.4.1.25597.13.1.35.0 0
200 #.1.3.6.1.4.1.25597.13.1.36.0 841
201 #.1.3.6.1.4.1.25597.13.1.37.0 2007
202 #.1.3.6.1.4.1.25597.13.1.38.0 0
203 #.1.3.6.1.4.1.25597.13.1.39.0 2007
206 def check_fireeye_mail_statistics(_no_item
, params
, info
):
207 statistics_info
= info
[0][9:13]
208 average
= params
.get('interval', 0)
209 for index
, mail_containing
in enumerate(['Emails containing Attachment', \
210 'Emails containing URL', 'Emails containing malicious Attachment', \
211 'Emails containing malicious URL']):
212 this_time
= time
.time()
213 counter
= 'fireeye.stat.%s' % ''.join(mail_containing
.split(' ')[2:]).lower()
214 rate
= get_rate(counter
, this_time
, int(statistics_info
[index
]))
215 perfdata
= [(counter
.replace('.', '_'), rate
* 60)]
217 avg
= get_average('%s.avg' % counter
, this_time
, rate
, average
)
218 yield 0, '%s: %.2f per %d minutes' % \
219 (mail_containing
, avg
* 60 * average
, average
), perfdata
221 yield 0, '%s: %.2f per minute' % (mail_containing
, rate
* 60), perfdata
224 check_info
['fireeye_mail.statistics'] = {
225 'inventory_function': lambda info
: inventory_fireeye_generic(info
, False, True),
226 'check_function': check_fireeye_mail_statistics
,
227 'service_description': 'Mail Processing Statistics',
228 'group': 'fireeye_mail',
229 'has_perfdata': True,
232 # .--received------------------------------------------------------------.
236 # | | |__) |___ ___ ___ ___ _____ __| | |
237 # | | _ // _ \/ __/ _ \ \ \ / / _ \/ _` | |
238 # | | | \ \ __/ (_| __/ |\ V / __/ (_| | |
239 # | |_| \_\___|\___\___|_| \_/ \___|\__,_| |
241 # '----------------------------------------------------------------------'
242 #.1.3.6.1.4.1.25597.13.1.50.0 04/06/17 12:01:04
243 #.1.3.6.1.4.1.25597.13.1.51.0 04/06/17 12:16:03
244 #.1.3.6.1.4.1.25597.13.1.52.0 4282
246 factory_settings
['received_levels'] = {'rate': (6000, 7000)}
249 def check_fireeye_mail_received(no_item
, params
, info
):
250 start
, end
, received
= info
[0][13:16]
251 warn
, crit
= params
.get('rate')
252 infotext
= 'Mails received between %s and %s: %s' % \
253 (start
.split(' ')[1], end
.split(' ')[1], received
)
254 perf_counter
= 'mail_received_rate'
255 received
= int(received
) * 60
256 return fireeye_check_generic(infotext
, perf_counter
, received
, warn
, crit
)
259 check_info
['fireeye_mail.received'] = {
260 'inventory_function': lambda info
: inventory_fireeye_generic(info
, False, True),
261 'check_function': check_fireeye_mail_received
,
262 'service_description': 'Mails Received',
263 'default_levels_variable': 'received_levels',
264 'group': 'fireeye_mail_received',
265 'has_perfdata': True,