ssh_firewall_session.sh--Log into the firewall and execute the DIS session statistics
FIREWALL_CHECK_SESSIONS.C--invokes the above script to filter out Sessioin values
Execution:./firewall_check_sessions ssh_firewall_session.sh 192.168.0.1
VI ssh_firewall_session.sh
#!/usr/bin/expect-f#set Port 22set User Xxxxxxset host [lindex $argv 0 0]set password xxxxxxset timeout 30expect "*asswor d:* "Send" $password \ r "expect" *fw* "send" display session statistics\r "expect" *fw* "send" Quit "
VI FIREWALL_CHECK_SESSIONS.C
#include <stdio.h> #include <stdlib.h> #include <string.h> #define OK 0#define WARNING 1#define crit ICAL 2#define UNKNOWN 3#define LEN 1000l#define min_len 32l//#define TCL_CMD "/home/weihu/tcl/" #define TCL_CMD "/usr/loca l/nagios/libexec/"int Exitstatus=ok;char *exit_status[4]={" OK "," WARNING "," CRITICAL "," UNKNOWN "};char status_ Information[len];char performance_data[len];//save Sessionchar Cur_session[min_len]={0};char tcp_session[MIN_LEN]= {0};char Half_open[min_len]={0};char Half_close[min_len]={0};char Udp_session[min_len]={0};char icmp_session[MIN_ Len]={0};char rawip_session[min_len]={0};int parse_status (char *sh_cmd,char *active_status,char *active_ip_addr) { int ret; FILE *FP; Char Readbuf[len]; Char *p,*str;int line=0;int mark1=0;int mark2=0; Char Tmp1[len]; Char Tmp2[len]; Char Tmp3[len]; Char Tmp4[len];//fp=popen ("/home/neo/check_log/tcl/auto_ssh.sh", "R"); Fp=popen (Sh_cmd, "R"); if (fp==null) { fprintf (stderr, "Popen () error. "); exitstatus=critical; printf ("%s:-%s | %s\n ", exit_status[exitstatus],status_information,performance_data); Exit (Exitstatus); } while (Fgets (READBUF,LEN,FP)!=null) {line++;//printf ("line=%d,readbuf=%s", Line,readbuf), if (Strstr (Readbuf, " Current session ') {sscanf (Readbuf, "current session (s):%s", cur_session);//printf ("cur_session=%s\n", cur_session);} if (Strstr (READBUF, "TCP Session")) {sscanf (readbuf, "current TCP session (s):%s", tcp_session);//printf ("tcp_session=% S\n ", tcp_session);} if (Strstr (Readbuf, "Half-open")) {sscanf (Readbuf, "Half-open:%s half-close:%s", half_open,half_close);//printf (" Half_open=%s,half_close=%s\n ", half_open,half_close);} if (Strstr (READBUF, "UDP session")) {sscanf (readbuf, "current UDP session (s):%s", udp_session);//printf ("udp_session=% S\n ", udp_session);} if (Strstr (READBUF, "ICMP session")) {sscanf (readbuf, "current ICMP session (s):%s", icmp_session);//printf ("icmp_session=%s\n", icmp_session);} if (Strstr (Readbuf, "Rawip session")) {sscanf (readbuf, "current RAWIP session (s):%s", rawip_session);//printf ("Rawip_ Session=%s\n ", rawip_session); /*if (line==3) {for (P=strtok (Readbuf, "");p; P=strtok (NULL, "")) {//Str=p;//sunmark1++;if (mark1==2) {//printf ("p=%s\n ", p); strcpy (active_status,p);//printf (" active_status=%s\n ", Active_status);}} if (line==4) {for (P=strtok (Readbuf, "");p; P=strtok (NULL, "/") {mark2++;if (mark2==2) {//printf ("p=%s\n", p); strcpy ( ACTIVE_IP_ADDR,P);//printf ("active_ip_addr=%s\n", Active_ip_addr);}} break;} */}//printf ("line=%d\n", line); Ret=pclose (FP); if (ret==-1) {fprintf (stderr, "Popen () error.\n"); return-1; }return 0;} int main (int argc, char *argv[]) {int Ret;char sh_cmd[len];char Active_status[len];char active_ip_addr[len];if (arg C<=1) {printf ("%s%s\n", argv[0], "auto_ssh_firewall_dis_session.sh + IP"); exit (-1);} sprintf (Sh_cmd, "%s%s%s", TCL_CMD,ARGV[1],ARGV[2]);//printf ("sh_cmd=%s\n", Sh_cmd); Ret=parse_status (SH_CMD,ACTIVE_STATUS,ACTIVE_IP_ADDR); if (ret!=0) {fprintf (stderr, "Parse_status () error.\n"), sprintf (Status_information, "cur_session=%s, tcp_session=%s, half_open=%s, half_close=%s udp_session=%s icmp_session=%s, rawip_session=%s ", Cur_session, Tcp_session, Half_open, Half_close, Udp_session, Icmp_session, rawip_session); sprintf (Performance_data, "cur_session=%s;;;; tcp_session=%s;;;; half_open=%s;;;; half_close=%s;;;; udp_session=%s;;;; icmp_session=%s;;;; rawip_session=%s;;;; ", Cur_session, Tcp_session, Half_open, Half_close, Udp_session, Icmp_session, rawip_session); exitstatus=critical;printf ("%s-%s | %s\n ", Exit_status[exitstatus], status_information, performance_data); return exitstatus;} /*//printf ("active_status=%s\n", Active_status);//printf ("active_ip_addr=%s\n", active_ip_addr);//if (Atoi (ping_ AVG) <200 && atoi (loss_packet) ==0) {if (Atoi (ping_avg) <200 && atoi (loss_packet_int) ==0) { ExitstatuS=ok;} else if (atoi (ping_avg) >=200 && atoi (ping_avg) <500 | | atoi (loss_packet) >=10 && atoi (loss_ Packet) <=50) {Else if (atoi (ping_avg) >=200 && atoi (ping_avg) <500 | | atoi (loss_packet_int) >=10 && atoi (loss_packet_int) <=50) {exitstatus=warning;} else if (atoi (ping_avg) >=500 | | atoi (loss_packet) >50) {Else if (atoi (ping_avg) >=500 | | atoi (LOSS_PACKET_INT) >50) {exitstatus=critical;} else{exitstatus=critical;} sprintf (status_information, "RTA%s%s, Loss%s", ping_avg,ping_unit,loss_packet); sprintf (status_information, "RTA% s%s, Loss%s%% ", ping_avg,ping_unit,loss_packet_int);//sprintf (Performance_data," rta=%s%s;200.000;500.000;0; pl=%s ; 40;80;; rtmax=%s%s;;;; rtmin=%s%s;;;; ", Ping_avg,ping_unit,loss_packet,ping_max,ping_unit,ping_min,ping_unit); sprintf (Performance_data, "rta=%s%s;200.000;500.000;0; pl=%s%%;40;80;; rtmax=%s%s;;;; rtmin=%s%s;;;;", Ping_avg, Ping_unit,loss_packet_int,ping_max,ping_unit,ping_min,ping_unit); |rta=0.056ms;200.000;500.000;0; pl=0%;40;80;; rtmax=0.084ms;;;; rtmin=0.029ms;;;; if (Strstr (argv[1], "80_49")) {printf ("%s-192.20.198.121:%s | %s\n ", exit_status[exitstatus],status_information,performance_data);} if (Strstr (argv[1], "80_50")) {printf ("%s-192.20.198.181:%s | %s\n ", exit_status[exitstatus],status_information,performance_data);} Return exitstatus;*/sprintf (Status_information, "cur_all_session=%s, tcp_all_session=%s, tcp_half_open=%s, tcp_half _close=%s udp_session=%s icmp_session=%s, rawip_session=%s ", Cur_session, Tcp_session, Half_open, Half_close, UDP_ Session, Icmp_session, Rawip_session), sprintf (Performance_data, "cur_all_session=%s;;;; tcp_all_session=%s;;;; tcp_ half_open=%s;;;; tcp_half_close=%s;;;; udp_session=%s;;;; icmp_session=%s;;;; rawip_session=%s;;;; ", Cur_session, Tcp_session, Half_open, Half_close, Udp_session, Icmp_session, rawip_session); printf ("%s-%s | %s\n ", Exit_status[exitstatus], status_information, performance_data); return Exitstatus;}
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Nagios Plugin's login firewall for session monitoring