rpms
/
zabbix-agent-addons
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add scripts and template to monitor Samba 4 DC 

GLPI #47603
This commit is contained in:
Daniel Berteaud 2021-01-09 17:20:43 +01:00
parent 174f9a5cf5
commit 7563ab8655
3 changed files with 946 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
zabbix_conf/samba_dc.conf Normal file
View File

@ -0,0 +1,3 @@
# Create a text item with key samba_dc.info[300] and a check interval of 300
# Then use dependent item to get individual counters
UserParameter=samba_dc.info[*],sudo /var/lib/zabbix/bin/check_samba_dc_sudo --since=$1

152
zabbix_scripts/check_samba_dc_sudo Normal file
View File

@ -0,0 +1,152 @@
#!/usr/bin/perl -w
use strict;
use warnings;
use JSON;
use Getopt::Long;
use File::Which;
use Date::Parse;
use Data::Dumper;
my $samba_tool = which('samba-tool');
my $pdbedit = which('pdbedit');
# Number of seconds in the past to count authentications
my $since = 300;
my $pretty = 0;
# This log is expected to be in JSON format. For example, in smb.conf :
# log level = 1 auth_audit:3 auth_json_audit:4@/var/log/samba/audit_auth.log
my $audit_auth_log = '/var/log/samba/audit_auth.log';
if (not defined $samba_tool or not defined $pdbedit){
print 'ZBX_NOTSUPPORTED';
exit 1;
}
GetOptions(
'pretty' => \$pretty,
'since=i' => \$since,
'audit-auth-log=s' => \$audit_auth_log
);
my $json = {
accounts => {
users => 0,
inactive_users => 0,
active_users => 0,
groups => 0,
computers => 0
},
replication => 'UNKNWON',
processes => {
cldap_server => 0,
kccsrv => 0,
dreplsrv => 0,
ldap_server => 0,
kdc_server => 0,
dnsupdate => 0,
'notify-daemon' => 0,
rpc_server => 0,
winbind_server => 0,
nbt_server => 0,
dnssrv => 0,
samba => 0,
},
gpo => 0,
ou => 0,
activity => {
authentications => {
users => {
success => 0,
failure => 0
},
computers => {
success => 0,
failure => 0
}
},
authorizations => {
users => 0,
computers => 0
},
since => $since
}
};
# Get the numbers of users. pdbedit is prefered here because we can
# differentiate active and inactive users, which samba-tool can't do
# While at it, also get the computers
foreach (qx($pdbedit -L -v)){
next unless (m/^Account Flags:\s+\[(.*)\]/);
my $flags = $1;
if ($flags =~ m/U/){
$json->{accounts}->{users}++;
if ($flags =~ m/D/){
$json->{accounts}->{inactive_users}++;
} else {
$json->{accounts}->{active_users}++;
}
} elsif ($flags =~ m/W/){
$json->{accounts}->{computers}++;
}
}
# Now count groups
foreach (qx($samba_tool group list)){
$json->{accounts}->{groups}++;
}
# Get replication status
# We want just a quick summary, so only output the first line
# manual checks will be needed to get the details, but if this field doesn't contains [ALL GOOD],
# then something is probably wrong
$json->{replication} = (split(/\n/, qx($samba_tool drs showrepl --summary)))[0];
# Get the list of workers
foreach (qx($samba_tool processes)){
if (/^([^\(\s]+).+\d+$/){
$json->{processes}->{$1}++;
}
}
# Get the number of GPO
foreach (qx($samba_tool gpo listall)){
next unless (/^GPO/);
$json->{gpo}++;
}
# Get the number of OU
foreach (qx($samba_tool ou list)){
$json->{ou}++;
}
if (-e $audit_auth_log){
open (my $auth_log, '<', $audit_auth_log) or die "Couldn't open $audit_auth_log : $!\n";
foreach my $line (<$auth_log>){
my $event = from_json($line);
my $type = $event->{type};
# We're only interested in Authentication and Authorization messages
next if ($type ne 'Authentication' and $type ne 'Authorization');
# Parse the date in the timstamp field
my $timestamp = str2time($event->{timestamp});
# Only look at lines from the last $since seconds. Skip if date couldn't be parsed
next if (not defined $timestamp or time() - $timestamp > $since);
my $subject;
if ($type eq 'Authentication'){
# Accounts ending with $ are for computers
$subject = ($event->{$type}->{mappedAccount} =~ m/\$$/) ? 'computers' : 'users';
if ($event->{Authentication}->{status} eq 'NT_STATUS_OK'){
$json->{activity}->{authentications}->{$subject}->{success}++;
} else {
$json->{activity}->{authentications}->{$subject}->{failure}++;
}
} else {
$subject = ($event->{$type}->{account} =~ m/\$$/) ? 'computers' : 'users';
$json->{activity}->{authorizations}->{$subject}++;
}
}
close $auth_log;
}
print to_json($json, { pretty => $pretty });

791
zabbix_templates/Template_App_Samba_DC.xml Normal file
View File

@ -0,0 +1,791 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2021-01-09T16:18:21Z</date>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<templates>
<template>
<template>Template_App_Samba_DC</template>
<name>Template_App_Samba_DC</name>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<applications>
<application>
<name>Memory</name>
</application>
<application>
<name>Samba</name>
</application>
<application>
<name>Services</name>
</application>
</applications>
<items>
<item>
<name>Samba: DNS service</name>
<key>net.dns[127.0.0.1,{HOST.DNS},A,,,]</key>
<delay>2m</delay>
<history>60d</history>
<trends>1825d</trends>
<applications>
<application>
<name>Services</name>
</application>
</applications>
<preprocessing>
<step>
<type>DISCARD_UNCHANGED_HEARTBEAT</type>
<params>1h</params>
</step>
</preprocessing>
<triggers>
<trigger>
<expression>{last()}=0</expression>
<name>DNS is not responding</name>
<priority>WARNING</priority>
</trigger>
</triggers>
</item>
<item>
<name>Samba: LDAP Catalog service</name>
<key>net.tcp.service.perf[ldap,,3268]</key>
<delay>3m</delay>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>s</units>
<applications>
<application>
<name>Services</name>
</application>
</applications>
</item>
<item>
<name>Samba: LDAP service</name>
<key>net.tcp.service.perf[ldap,,]</key>
<delay>3m</delay>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>s</units>
<applications>
<application>
<name>Services</name>
</application>
</applications>
</item>
<item>
<name>Samba: Kerberos service</name>
<key>net.tcp.service.perf[tcp,,88]</key>
<delay>3m</delay>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>s</units>
<applications>
<application>
<name>Services</name>
</application>
</applications>
</item>
<item>
<name>Samba: NTP service</name>
<key>net.udp.service.perf[ntp,,]</key>
<delay>3m</delay>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>s</units>
<applications>
<application>
<name>Services</name>
</application>
</applications>
</item>
<item>
<name>Samba: CPU used: $1</name>
<key>proc.cpu.util[samba]</key>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>%</units>
<applications>
<application>
<name>Memory</name>
</application>
</applications>
</item>
<item>
<name>Samba: CPU used: $1</name>
<key>proc.cpu.util[smbd]</key>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>%</units>
<applications>
<application>
<name>Memory</name>
</application>
</applications>
</item>
<item>
<name>Samba: CPU used: $1</name>
<key>proc.cpu.util[winbindd]</key>
<history>60d</history>
<trends>1825d</trends>
<value_type>FLOAT</value_type>
<units>%</units>
<applications>
<application>
<name>Memory</name>
</application>
</applications>
</item>
<item>
<name>Samba: DC Info</name>
<key>samba_dc.info[300]</key>
<delay>5m</delay>
<history>0</history>
<trends>0</trends>
<value_type>TEXT</value_type>
<applications>
<application>
<name>Samba</name>
</application>
<application>
<name>Services</name>
</application>
</applications>
</item>
<item>
<name>Samba: Number of active users</name>
<type>DEPENDENT</type>
<key>samba_dc.info[active_users]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!user(s)</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.accounts.active_users</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{delta(30m)}&lt;&gt;0</expression>
<name>Number of active users changed</name>
<priority>INFO</priority>
<manual_close>YES</manual_close>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of failed computers authentications</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authentications.computers.failure]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authentications.computers.failure</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of successful computers authentications</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authentications.computers.success]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authentications.computers.success</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of failed users authentications</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authentications.users.failure]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authentications.users.failure</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of successful users authentications</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authentications.users.success]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authentications.users.success</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of computers authorization requests</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authorizations.computers]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authorizations.computers</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of users authorization requests</name>
<type>DEPENDENT</type>
<key>samba_dc.info[activity.authorizations.users]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!auth</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.activity.authorizations.users</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of Computers</name>
<type>DEPENDENT</type>
<key>samba_dc.info[computers]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!computer(s)</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.accounts.computers</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
</item>
<item>
<name>Samba: Number of GPO</name>
<type>DEPENDENT</type>
<key>samba_dc.info[gpo]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!gpo</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.gpo</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{delta(30m)}&lt;&gt;0</expression>
<name>Number of GPO changed</name>
<priority>INFO</priority>
<manual_close>YES</manual_close>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of Groups</name>
<type>DEPENDENT</type>
<key>samba_dc.info[groups]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!group(s)</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.accounts.groups</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{delta(30m)}&lt;&gt;0</expression>
<name>Number of groups changed</name>
<priority>INFO</priority>
<manual_close>YES</manual_close>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of inactive users</name>
<type>DEPENDENT</type>
<key>samba_dc.info[inactive_users]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!user(s)</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.accounts.inactive_users</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{delta(30m)}&lt;&gt;0</expression>
<name>Number of inactive users changed</name>
<priority>INFO</priority>
<manual_close>YES</manual_close>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of KDC server processes</name>
<type>DEPENDENT</type>
<key>samba_dc.info[kdc_server]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!process</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.processes.kdc_server</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{last()}&lt;1</expression>
<name>Samba KDC Services are not running</name>
<priority>WARNING</priority>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of LDAP server processes</name>
<type>DEPENDENT</type>
<key>samba_dc.info[ldap_server]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!process</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.processes.ldap_server</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{last()}&lt;1</expression>
<name>Samba LDAP Services are not running</name>
<priority>WARNING</priority>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of OU</name>
<type>DEPENDENT</type>
<key>samba_dc.info[ou]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!ou</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.ou</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{delta(30m)}&lt;&gt;0</expression>
<name>Number of OU changed</name>
<priority>INFO</priority>
<manual_close>YES</manual_close>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Replication status</name>
<type>DEPENDENT</type>
<key>samba_dc.info[replication]</key>
<delay>0</delay>
<history>60d</history>
<trends>0</trends>
<value_type>CHAR</value_type>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.replication</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{str([ALL GOOD])}=0</expression>
<name>Samba DC replication issue</name>
<priority>WARNING</priority>
</trigger>
<trigger>
<expression>{nodata(15m)}=1</expression>
<name>Samba monitoring failed</name>
<priority>WARNING</priority>
</trigger>
</triggers>
</item>
<item>
<name>Samba: Number of RPC server processes</name>
<type>DEPENDENT</type>
<key>samba_dc.info[rpc_server]</key>
<delay>0</delay>
<history>60d</history>
<trends>1825d</trends>
<units>!process</units>
<applications>
<application>
<name>Samba</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.processes.rpc_server</params>
</step>
</preprocessing>
<master_item>
<key>samba_dc.info[300]</key>
</master_item>
<triggers>
<trigger>
<expression>{last()}&lt;1</expression>
<name>Samba RPC Services are not running</name>
<priority>WARNING</priority>
</trigger>
</triggers>
</item>
</items>
</template>
</templates>
<graphs>
<graph>
<name>Samba: Authentications &amp; Authorizations</name>
<show_work_period>NO</show_work_period>
<show_triggers>NO</show_triggers>
<type>STACKED</type>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<color>EF9A9A</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authorizations.computers]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>CE93D8</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authentications.computers.success]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>9FA8DA</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authentications.computers.failure]</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<color>81D4FA</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authorizations.users]</key>
</item>
</graph_item>
<graph_item>
<sortorder>5</sortorder>
<color>B2DFDB</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authentications.users.success]</key>
</item>
</graph_item>
<graph_item>
<sortorder>6</sortorder>
<color>FFF59D</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[activity.authentications.users.failure]</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>Samba: CPU</name>
<type>STACKED</type>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<color>FFAB91</color>
<item>
<host>Template_App_Samba_DC</host>
<key>proc.cpu.util[samba]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>FFE082</color>
<item>
<host>Template_App_Samba_DC</host>
<key>proc.cpu.util[smbd]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>E6EE9C</color>
<item>
<host>Template_App_Samba_DC</host>
<key>proc.cpu.util[winbindd]</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>Samba: Directory entries</name>
<type>STACKED</type>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<color>F48FB1</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[computers]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>B39DDB</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[groups]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>BBDEFB</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[active_users]</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<color>C8E6C9</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[inactive_users]</key>
</item>
</graph_item>
<graph_item>
<sortorder>5</sortorder>
<color>FFECB3</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[gpo]</key>
</item>
</graph_item>
<graph_item>
<sortorder>6</sortorder>
<color>FF8A65</color>
<item>
<host>Template_App_Samba_DC</host>
<key>samba_dc.info[ou]</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>Samba: Services performance</name>
<type>STACKED</type>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<color>EF9A9A</color>
<item>
<host>Template_App_Samba_DC</host>
<key>net.udp.service.perf[ntp,,]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>CE93D8</color>
<item>
<host>Template_App_Samba_DC</host>
<key>net.tcp.service.perf[ldap,,]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>C5CAE9</color>
<item>
<host>Template_App_Samba_DC</host>
<key>net.tcp.service.perf[ldap,,3268]</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<color>B3E5FC</color>
<item>
<host>Template_App_Samba_DC</host>
<key>net.tcp.service.perf[tcp,,88]</key>
</item>
</graph_item>
</graph_items>
</graph>
</graphs>
</zabbix_export>