[2361] | 1 | #!/usr/bin/perl -w |
---|
| 2 | # -*- perl -*- |
---|
| 3 | # vim: ft=perl |
---|
| 4 | |
---|
| 5 | # Copyright Quentin Smith <quentin@mit.edu> |
---|
| 6 | # and Bjorn Ruberg <bjorn@ruberg.no> |
---|
| 7 | # Licenced under GPL v2 |
---|
| 8 | # |
---|
| 9 | |
---|
| 10 | # We use one script for all monitoring. |
---|
| 11 | # This script may be symlinked with several names, all |
---|
| 12 | # performing different functions: |
---|
| 13 | # 389ds_statistics_bytes |
---|
| 14 | # 389ds_statistics_pdu |
---|
| 15 | # 389ds_statistics_referrals |
---|
| 16 | # 389ds_statistics_entries |
---|
| 17 | # 389ds_connections |
---|
| 18 | # 389ds_waiters |
---|
| 19 | # 389ds_operations |
---|
| 20 | # 389ds_operations_diff |
---|
| 21 | |
---|
| 22 | # Magic markers |
---|
| 23 | #%# family=auto |
---|
| 24 | #%# capabilities=autoconf suggest |
---|
| 25 | |
---|
| 26 | use strict; |
---|
| 27 | |
---|
| 28 | my $ret = ''; |
---|
| 29 | |
---|
| 30 | if (! eval "require Net::LDAP;") { |
---|
| 31 | $ret = "Net::LDAP not found"; |
---|
| 32 | } |
---|
| 33 | |
---|
| 34 | use vars qw ( $config $param $act $scope $descr $cn $vlabel |
---|
| 35 | $info $title $label); |
---|
| 36 | |
---|
| 37 | # Change these to reflect your LDAP ACL. The given DN must have |
---|
| 38 | # read access to the Monitor branch. |
---|
| 39 | my $basedn = "cn=Monitor"; |
---|
| 40 | my $server = ($ENV{'server'} || 'localhost'); |
---|
| 41 | my $userdn = ($ENV{'binddn'} || ''); |
---|
| 42 | my $userpw = ($ENV{'bindpw'} || ''); |
---|
| 43 | |
---|
| 44 | # Remember: connections, bytes, pdu needs scope=base |
---|
| 45 | |
---|
| 46 | # http://www.icir.org/fenner/mibs/extracted/DIRECTORY-SERVER-MIB-rfc2605.txt |
---|
| 47 | |
---|
| 48 | # The possible measurements |
---|
| 49 | my %ops = |
---|
| 50 | ( |
---|
| 51 | # Only read Total |
---|
| 52 | 'connections' |
---|
| 53 | => { |
---|
| 54 | 'search' => 'cn=monitor', |
---|
| 55 | 'searchattr' => 'totalconnections', |
---|
| 56 | 'desc' => 'The number of connections', |
---|
| 57 | 'label' => 'connections', |
---|
| 58 | 'vlabel' => 'connections/${graph_period}', |
---|
| 59 | 'title' => 'Connection rate', |
---|
| 60 | 'info' => 'Rate of connections to the LDAP server', |
---|
| 61 | 'scope' => "base" |
---|
| 62 | }, |
---|
| 63 | 'connections_active' |
---|
| 64 | => { |
---|
| 65 | 'search' => 'cn=monitor', |
---|
| 66 | 'searchattr' => 'currentconnections', |
---|
| 67 | 'desc' => 'The number of connections', |
---|
| 68 | 'label' => 'connections', |
---|
| 69 | 'vlabel' => 'connections', |
---|
| 70 | 'type' => 'GAUGE', |
---|
| 71 | 'title' => 'Active connections', |
---|
| 72 | 'info' => 'Number of connections to the LDAP server', |
---|
| 73 | 'scope' => "base" |
---|
| 74 | }, |
---|
| 75 | 'binds' |
---|
| 76 | => { |
---|
| 77 | 'search' => 'cn=snmp,cn=monitor', |
---|
| 78 | 'label2' => { |
---|
| 79 | 'anonymousbinds' => 'Anonymous', |
---|
| 80 | 'unauthbinds' => 'Unauthenticated', |
---|
| 81 | 'simpleauthbinds' => 'Simple authentication', |
---|
| 82 | 'strongauthbinds' => 'Strong authentication', |
---|
| 83 | 'bindsecurityerrors' => 'Errors', |
---|
| 84 | }, |
---|
| 85 | 'desc' => 'The number of binds', |
---|
| 86 | 'vlabel' => 'binds/${graph_period}', |
---|
| 87 | 'type' => 'DERIVE', |
---|
| 88 | 'title' => 'Binds', |
---|
| 89 | 'info' => 'Number of binds to the LDAP server', |
---|
| 90 | 'scope' => "base" |
---|
| 91 | }, |
---|
| 92 | 'statistics_bytes' |
---|
| 93 | => { |
---|
| 94 | 'search' => "cn=monitor", |
---|
| 95 | 'searchattr' => 'bytessent', |
---|
| 96 | 'desc' => "The number of bytes sent by the LDAP server.", |
---|
| 97 | 'vlabel' => 'bytes/${graph_period}', |
---|
| 98 | 'label' => 'bytes', |
---|
| 99 | 'title' => "Number of bytes sent", |
---|
| 100 | 'info' => "The graph shows the number of bytes sent", |
---|
| 101 | 'scope' => "base" |
---|
| 102 | }, |
---|
| 103 | # Entries |
---|
| 104 | 'statistics_entries' |
---|
| 105 | => { |
---|
| 106 | 'search' => "cn=monitor", |
---|
| 107 | 'searchattr' => 'entriessent', |
---|
| 108 | 'desc' => "The number of entries sent by the LDAP server.", |
---|
| 109 | 'vlabel' => 'entries/${graph_period}', |
---|
| 110 | 'label' => 'entries', |
---|
| 111 | 'title' => "Number of LDAP Entries", |
---|
| 112 | 'info' => "The graph shows the number of entries sent", |
---|
| 113 | 'scope' => "base" |
---|
| 114 | }, |
---|
| 115 | 'operations' |
---|
| 116 | => { |
---|
| 117 | 'search' => 'cn=snmp,cn=monitor', |
---|
| 118 | 'label2' => { |
---|
| 119 | readops => 'Read', |
---|
| 120 | compareops => 'Compare', |
---|
| 121 | addentryops => 'Add entry', |
---|
| 122 | removeentryops => 'Remove entry', |
---|
| 123 | modifyentryops => 'Modify entry', |
---|
| 124 | modifyrdnops => 'Modify RDN', |
---|
| 125 | listops => 'List', |
---|
| 126 | searchops => 'Search', |
---|
| 127 | onelevelsearchops => 'One-level search', |
---|
| 128 | wholesubtreesearchops => 'Subtree search', |
---|
| 129 | errors => 'Error', |
---|
| 130 | securityerrors => 'Security error', |
---|
| 131 | }, |
---|
| 132 | 'desc' => 'The number of operations', |
---|
| 133 | 'vlabel' => 'ops/${graph_period}', |
---|
| 134 | 'type' => 'DERIVE', |
---|
| 135 | 'title' => 'Operations', |
---|
| 136 | 'info' => 'Number of completed LDAP operations', |
---|
| 137 | 'scope' => "base" |
---|
| 138 | }, |
---|
| 139 | ); |
---|
| 140 | |
---|
| 141 | # Config subroutine |
---|
| 142 | sub config { |
---|
| 143 | my $action = shift; |
---|
| 144 | if(!exists $ops{$action}) { |
---|
| 145 | die "Unknown action specified: $action"; |
---|
| 146 | } |
---|
| 147 | print <<EOF; |
---|
| 148 | graph_args --base 1000 -l 0 |
---|
| 149 | graph_vlabel $ops{$action}->{'vlabel'} |
---|
| 150 | graph_title $ops{$action}->{'title'} |
---|
| 151 | graph_category 389-ds |
---|
| 152 | graph_info $ops{$action}->{'info'} |
---|
| 153 | EOF |
---|
| 154 | |
---|
| 155 | if ($ops{$action}->{'label2'}) { |
---|
| 156 | while (my ($key, $val) = each (%{$ops{$action}->{'label2'}})) { |
---|
| 157 | my $name = $action . "_" . $key; |
---|
| 158 | print "$name.label $val\n"; |
---|
| 159 | print "$name.type ",$ops{$action}->{'type'}||"DERIVE","\n"; |
---|
| 160 | } |
---|
| 161 | } else { |
---|
| 162 | print "$action.label $ops{$action}->{'label'}\n"; |
---|
| 163 | print "$action.type ",$ops{$action}->{'type'}||"DERIVE","\n"; |
---|
| 164 | print "$action.min 0\n"; |
---|
| 165 | } |
---|
| 166 | } |
---|
| 167 | |
---|
| 168 | sub autoconf { |
---|
| 169 | # Check for Net::LDAP |
---|
| 170 | if ($ret) { |
---|
| 171 | print "no ($ret)\n"; |
---|
| 172 | exit 0; |
---|
| 173 | } |
---|
| 174 | |
---|
| 175 | # Check for LDAP version 3 |
---|
| 176 | my $ldap = Net::LDAP->new ($server, version => 3) |
---|
| 177 | or do { print "no ($@)\n"; exit 0; }; |
---|
| 178 | |
---|
| 179 | my $mesg; |
---|
| 180 | if ($userdn ne '') { |
---|
| 181 | $mesg = $ldap->bind ($userdn, password => $userpw) |
---|
| 182 | or do { print "no ($@)\n"; exit 0; }; |
---|
| 183 | } else { |
---|
| 184 | $mesg = $ldap->bind |
---|
| 185 | or do { print "no ($@)\n"; exit 0; }; |
---|
| 186 | } |
---|
| 187 | if ($mesg->code) { |
---|
| 188 | print "no (" . $mesg->error . ")\n"; |
---|
| 189 | exit 0; |
---|
| 190 | } |
---|
| 191 | |
---|
| 192 | $mesg = |
---|
| 193 | $ldap->search ( |
---|
| 194 | base => $basedn, |
---|
| 195 | scope => 'one', |
---|
| 196 | filter => '(objectClass=monitorServer)', |
---|
| 197 | attrs => 'cn', |
---|
| 198 | ); |
---|
| 199 | if ($mesg->code) { |
---|
| 200 | print "no (" . $mesg->error . ")\n"; |
---|
| 201 | exit 0; |
---|
| 202 | } |
---|
| 203 | print "yes\n"; |
---|
| 204 | exit 0; |
---|
| 205 | } |
---|
| 206 | |
---|
| 207 | # Determine action based on filename first |
---|
| 208 | |
---|
| 209 | if ($ARGV[0]) { |
---|
| 210 | if ($ARGV[0] eq 'autoconf') { |
---|
| 211 | autoconf(); |
---|
| 212 | } elsif ($ARGV[0] eq "suggest") { |
---|
| 213 | print "$0\n"; |
---|
| 214 | } elsif ($ARGV[0] eq "config") { |
---|
| 215 | foreach my $action (keys %ops) { |
---|
| 216 | print "multigraph 389ds_", $action, "\n"; |
---|
| 217 | &config ($action); |
---|
| 218 | } |
---|
| 219 | } |
---|
| 220 | exit 0; |
---|
| 221 | } |
---|
| 222 | |
---|
| 223 | # Net::LDAP variant |
---|
| 224 | my $ldap = Net::LDAP->new ($server, version => 3) |
---|
| 225 | or die "Failed to connect to server $server: $@"; |
---|
| 226 | my $mesg; |
---|
| 227 | if ($userdn ne '') { |
---|
| 228 | $mesg = $ldap->bind ($userdn, password => $userpw) |
---|
| 229 | or die "Failed to bind with $userdn: $@"; |
---|
| 230 | } else { |
---|
| 231 | $mesg = $ldap->bind |
---|
| 232 | or die "Failed to bind anonymously: $@"; |
---|
| 233 | } |
---|
| 234 | if ($mesg->code) { |
---|
| 235 | die "Failed to bind: " . $mesg->error; |
---|
| 236 | } |
---|
| 237 | |
---|
| 238 | foreach my $action (keys %ops) { |
---|
| 239 | print "multigraph 389ds_", $action, "\n"; |
---|
| 240 | |
---|
| 241 | # Default scope for LDAP searches. We'll change to other scopes if |
---|
| 242 | # necessary. |
---|
| 243 | $scope = "one"; |
---|
| 244 | |
---|
| 245 | my $searchdn = $ops{$action}->{'search'}; |
---|
| 246 | my $searchattrs; |
---|
| 247 | |
---|
| 248 | if ($ops{$action}->{'label2'}) { |
---|
| 249 | $searchattrs = [keys %{$ops{$action}->{'label2'}}]; |
---|
| 250 | } else { |
---|
| 251 | $searchattrs = [$ops{$action}->{'searchattr'} || 'monitorCounter', 'cn']; |
---|
| 252 | } |
---|
| 253 | |
---|
| 254 | my $filter; |
---|
| 255 | if ($ops{$action}->{'filter'}) { |
---|
| 256 | $filter = "(&(objectclass=*)" . $ops{$action}->{'filter'} . ")"; |
---|
| 257 | } else { |
---|
| 258 | $filter = "(objectClass=*)"; |
---|
| 259 | } |
---|
| 260 | |
---|
| 261 | if ($ops{$action}->{'scope'}) { |
---|
| 262 | $scope = $ops{$action}->{'scope'}; |
---|
| 263 | } |
---|
| 264 | |
---|
| 265 | my @search = ( |
---|
| 266 | base => $searchdn, |
---|
| 267 | scope => $scope, |
---|
| 268 | filter => $filter, |
---|
| 269 | attrs => $searchattrs, |
---|
| 270 | ); |
---|
| 271 | |
---|
| 272 | #use Data::Dumper; print Dumper({@search}); |
---|
| 273 | |
---|
| 274 | $mesg = |
---|
| 275 | $ldap->search (@search); |
---|
| 276 | |
---|
| 277 | $mesg->code && die $mesg->error; |
---|
| 278 | |
---|
| 279 | my $max = $mesg->count; |
---|
| 280 | |
---|
| 281 | for (my $i = 0 ; $i < $max ; $i++) { |
---|
| 282 | my $entry = $mesg->entry ($i); |
---|
| 283 | my $cn = $entry->get_value('cn'); |
---|
| 284 | if ($ops{$action}->{'label2'}) { |
---|
| 285 | foreach my $attr (keys %{$ops{$action}->{'label2'}}) { |
---|
| 286 | print lc ("${action}_${attr}.value "); |
---|
| 287 | print $entry->get_value($attr), "\n"; |
---|
| 288 | } |
---|
| 289 | } else { |
---|
| 290 | print lc ("${action}.value "); |
---|
| 291 | print $entry->get_value($ops{$action}->{'searchattr'} || 'monitorCounter'), "\n"; |
---|
| 292 | } |
---|
| 293 | } |
---|
| 294 | } |
---|
| 295 | $ldap->unbind; |
---|