ssh_firewall_session.sh -- 登陆防火墙并执行dis session statistics
firewall_check_sessions.c -- 调用上面脚本,过滤出sessioin的数值
执行:./firewall_check_sessions ssh_firewall_session.sh 192.168.0.1
vi ssh_firewall_session.sh
#!/usr/bin/expect -f #set port 22 set user xxxxxx set host [lindex $argv 0 0] set password xxxxxx set timeout 30 expect "*assword:*" send "$password\r" expect "*FW*" send "display session statistics\r" expect "*FW*" send "quit"
vi firewall_check_sessions.c
#include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <regex.h> #include <string.h> #define OK 0 #define WARNING 1 #define CRITICAL 2 #define UNKNOWN 3 #define LEN 1000L #define MIN_LEN 32L //#define TCL_CMD "/home/weihu/tcl/" #define TCL_CMD "/usr/local/nagios/libexec/" int exitstatus=OK; char *exit_status[4]={"OK","WARNING","CRITICAL","UNKNOWN"}; char status_information[LEN]; char performance_data[LEN]; //current session char cur_session[MIN_LEN]={0}; char tcp_session[MIN_LEN]={0}; char half_open[MIN_LEN]={0}; char half_close[MIN_LEN]={0}; char udp_session[MIN_LEN]={0}; char icmp_session[MIN_LEN]={0}; char rawip_session[MIN_LEN]={0}; //new create session per second char cur_new_session[MIN_LEN]={0}; char tcp_new_session[MIN_LEN]={0}; char udp_new_session[MIN_LEN]={0}; char icmp_new_session[MIN_LEN]={0}; char rawip_new_session[MIN_LEN]={0}; int parse_status(char *sh_cmd,char *active_status,char *active_ip_addr) { int ret; FILE *fp; char readbuf[LEN]; char *p,*str; int line=0; int mark1=0; int mark2=0; /* char tmp1[LEN]; char tmp2[LEN]; char tmp3[LEN]; char tmp4[LEN]; */ int mark=0; char tmp1[MIN_LEN]; char tmp2[MIN_LEN]; regex_t reg; int cflags=REG_EXTENDED; const char *pattern="^Session establishment rate"; regmatch_t pmatch[1]; int nmatch=1; ret=regcomp(®,pattern,cflags); if(ret!=0) { fprintf(stderr,"regcomp() error.\n"); } // fp=popen("/home/neo/check_log/tcl/auto_ssh.sh","r"); fp=popen(sh_cmd,"r"); if(fp==NULL) { fprintf(stderr,"popen() error. "); exitstatus=CRITICAL; printf("%s: - %s | %s\n",exit_status[exitstatus],status_information,performance_data); exit(exitstatus); } while(fgets(readbuf,LEN,fp)!=NULL) { line++; // printf("line=%d,readbuf=%s",line,readbuf); if(strstr(readbuf,"Current session")) { sscanf(readbuf,"Current session(s):%s",cur_session); // printf("cur_session=%s\n",cur_session); } if(strstr(readbuf,"TCP session")) { sscanf(readbuf," Current TCP session(s): %s",tcp_session); // printf("tcp_session=%s\n",tcp_session); } if(strstr(readbuf,"Half-Open")) { sscanf(readbuf," Half-Open: %s Half-Close: %s",half_open,half_close); // printf("half_open=%s,half_close=%s\n",half_open,half_close); } if(strstr(readbuf,"UDP session")) { sscanf(readbuf," Current UDP session(s): %s",udp_session); // printf("udp_session=%s\n",udp_session); } if(strstr(readbuf,"ICMP session")) { sscanf(readbuf," Current ICMP session(s): %s",icmp_session); // printf("icmp_session=%s\n",icmp_session); } if(strstr(readbuf,"RAWIP session")) { sscanf(readbuf," Current RAWIP session(s): %s",rawip_session); // printf("rawip_session=%s\n",rawip_session); // break; } if(strstr(readbuf,"Session establishment rate")) { mark++; } if(mark==1) { ret=regexec(®,readbuf,nmatch,pmatch,0); if(ret==0) { // printf("-----------readbuf=%s",readbuf); sscanf(readbuf,"Session establishment rate: %[^/s]",cur_new_session); // printf("cur_new_session=%s\n",cur_new_session); } } if(strstr(readbuf,"TCP Session establishment rate")) { sscanf(readbuf," TCP Session establishment rate: %[^/s]",tcp_new_session); // printf("tcp_new_session=%s\n",tcp_new_session); } if(strstr(readbuf,"UDP Session establishment rate")) { sscanf(readbuf," UDP Session establishment rate: %[^/s]",udp_new_session); // printf("udp_new_session=%s\n",udp_new_session); } if(strstr(readbuf,"ICMP Session establishment rate")) { sscanf(readbuf," ICMP Session establishment rate: %[^/s]",icmp_new_session); // printf("icmp_new_session=%s\n",icmp_new_session); } if(strstr(readbuf,"RAWIP Session establishment rate")) { sscanf(readbuf," RAWIP Session establishment rate: %[^/s]",rawip_new_session); // printf("rawip_new_session=%s\n",rawip_new_session); } /* if(line==3) { for(p=strtok(readbuf," ");p;p=strtok(NULL," ")) { // str=p; //Sun mark1++; if(mark1==2) { // printf("p=%s\n",p); strcpy(active_status,p); // printf("active_status=%s\n",active_status); } } } if(line==4) { for(p=strtok(readbuf," ");p;p=strtok(NULL," /")) { mark2++; if(mark2==2) { // printf("p=%s\n",p); strcpy(active_ip_addr,p); // printf("active_ip_addr=%s\n",active_ip_addr); } } break; } */ } // printf("line=%d\n",line); ret=pclose(fp); if(ret==-1) { fprintf(stderr,"popen() error.\n"); return -1; } return 0; } int main(int argc, char *argv[]) { int ret; char sh_cmd[LEN]; char active_status[LEN]; char active_ip_addr[LEN]; if(argc<=1) { printf("%s %s\n",argv[0],"auto_ssh_firewall_dis_session.sh + ip"); exit(-1); } sprintf(sh_cmd,"%s%s %s",TCL_CMD,argv[1],argv[2]); // printf("sh_cmd=%s\n",sh_cmd); ret=parse_status(sh_cmd,active_status,active_ip_addr); if(ret!=0) { fprintf(stderr,"parse_status() error.\n"); sprintf(status_information,"cur_all_session=%s, cur_all_session_new=%s, tcp_all_session=%s, tcp_all_session_new=%s, tcp_half_open=%s, tcp_half_close=%s, udp_session=%s, udp_session_new=%s, icmp_session=%s, icmp_session_new=%s, rawip_session=%s, rawip_session_new=%s", cur_session, cur_new_session, tcp_session, tcp_new_session, half_open, half_close, udp_session, udp_new_session, icmp_session, icmp_new_session, rawip_session, rawip_new_session); sprintf(performance_data,"cur_all_session=%s;;;; cur_all_session_new=%s;;;; tcp_all_session=%s;;;; tcp_all_session_new=%s;;;; tcp_half_open=%s;;;; tcp_half_close=%s;;;; udp_session=%s;;;; udp_session_new=%s;;;; icmp_session=%s;;;; icmp_session_new=%s;;;; rawip_session=%s;;;; rawip_session_new=%s;;;;", cur_session, cur_new_session, tcp_session, tcp_new_session, half_open, half_close, udp_session, udp_new_session, icmp_session, icmp_new_session, rawip_session, rawip_new_session); exitstatus=CRITICAL; printf("%s - %s | %s\n", exit_status[exitstatus], status_information, performance_data); return exitstatus; } /* // printf("active_status=%s\n",active_status); // printf("active_ip_addr=%s\n",active_ip_addr); // if(atoi(ping_avg)<200 && atoi(loss_packet)==0) { if(atoi(ping_avg)<200 && atoi(loss_packet_int)==0) { exitstatus=OK; } // else if(atoi(ping_avg)>=200 && atoi(ping_avg)<500 || atoi(loss_packet)>=10 && atoi(loss_packet)<=50) { else if(atoi(ping_avg)>=200 && atoi(ping_avg)<500 || atoi(loss_packet_int)>=10 && atoi(loss_packet_int)<=50) { exitstatus=WARNING; } // else if(atoi(ping_avg)>=500 || atoi(loss_packet)>50) { else if(atoi(ping_avg)>=500 || atoi(loss_packet_int)>50) { exitstatus=CRITICAL; } else { exitstatus=CRITICAL; } // sprintf(status_information,"rta %s%s, loss %s",ping_avg,ping_unit,loss_packet); sprintf(status_information,"rta %s%s, loss %s%%",ping_avg,ping_unit,loss_packet_int); // sprintf(performance_data,"rta=%s%s;200.000;500.000;0; pl=%s;40;80;; rtmax=%s%s;;;; rtmin=%s%s;;;;",ping_avg,ping_unit,loss_packet,ping_max,ping_unit,ping_min,ping_unit); sprintf(performance_data,"rta=%s%s;200.000;500.000;0; pl=%s%%;40;80;; rtmax=%s%s;;;; rtmin=%s%s;;;;",ping_avg,ping_unit,loss_packet_int,ping_max,ping_unit,ping_min,ping_unit); //|rta=0.056ms;200.000;500.000;0; pl=0%;40;80;; rtmax=0.084ms;;;; rtmin=0.029ms;;;; if(strstr(argv[1],"80_49")) { printf("%s - 192.20.198.121: %s | %s\n",exit_status[exitstatus],status_information,performance_data); } if(strstr(argv[1],"80_50")) { printf("%s - 192.20.198.181: %s | %s\n",exit_status[exitstatus],status_information,performance_data); } return exitstatus; */ sprintf(status_information,"cur_all_session=%s, cur_all_session_new=%s, tcp_all_session=%s, tcp_all_session_new=%s, tcp_half_open=%s, tcp_half_close=%s, udp_session=%s, udp_session_new=%s, icmp_session=%s, icmp_session_new=%s, rawip_session=%s, rawip_session_new=%s", cur_session, cur_new_session, tcp_session, tcp_new_session, half_open, half_close, udp_session, udp_new_session, icmp_session, icmp_new_session, rawip_session, rawip_new_session); sprintf(performance_data,"cur_all_session=%s;;;; cur_all_session_new=%s;;;; tcp_all_session=%s;;;; tcp_all_session_new=%s;;;; tcp_half_open=%s;;;; tcp_half_close=%s;;;; udp_session=%s;;;; udp_session_new=%s;;;; icmp_session=%s;;;; icmp_session_new=%s;;;; rawip_session=%s;;;; rawip_session_new=%s;;;;", cur_session, cur_new_session, tcp_session, tcp_new_session, half_open, half_close, udp_session, udp_new_session, icmp_session, icmp_new_session, rawip_session, rawip_new_session); printf("%s - %s | %s\n", exit_status[exitstatus], status_information, performance_data); return exitstatus; }