rpms
/
zabbix-agent-addons
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Small fixes in check_samba_dc (skip unparsable logs, and handle message with NT_STATUS_NO_SUCH_USER

This commit is contained in:
Daniel Berteaud 2021-01-12 19:23:28 +01:00
parent 67a3da6404
commit 33c03ebe45
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
zabbix_scripts/check_samba_dc_sudo
View File

@ -147,6 +147,8 @@ if (defined $ou){
open (my $auth_log, '<', $audit_auth_log) or die "Couldn't open $audit_auth_log : $!\n";
foreach my $line (<$auth_log>){
my $event = from_json($line);
# Skip the log entry if we can't parse JSON
next if (not defined $event);
my $type = $event->{type};
# We're only interested in Authentication and Authorization messages
next if ($type ne 'Authentication' and $type ne 'Authorization');
@ -159,7 +161,7 @@ if (defined $ou){
my $subject;
if ($type eq 'Authentication'){
# Accounts ending with $ are for computers
$subject = ($event->{$type}->{mappedAccount} =~ m/\$$/) ? 'computers' : 'users';
$subject = (($event->{$type}->{mappedAccount} || $event->{$type}->{clientAccount} || '')=~ m/\$$/) ? 'computers' : 'users';
if ($event->{Authentication}->{status} eq 'NT_STATUS_OK'){
$json->{activity}->{authentications}->{$subject}->{success}++;
} else {