python - nagiosplugin: how to show different fmt_metric based on the value? -


i'm writing nagios plugin use xml output sslyze calculate ssl score based on qualys server rating guide.

here're code:

            if certificatematchesserverhostname == 'true' , expire_in.days > 0 , validationresult == 'ok':                 ...                 final_score = protocol_score * 0.3 + key_score * 0.3 + cipher_score * 0.4                 return [nap.metric('sslscore', final_score, min=0, max=100)]             elif certificatematchesserverhostname != 'true':                 return [nap.metric('serverhostname', hostnamevalidation[0].attrib['serverhostname'])]             elif expire_in.days <= 0:                 return [nap.metric('expireindays', expire_in.days)]             elif validationresult != 'ok':                 return [nap.metric('validationresult', validationresult)]   @nap.guarded def main():     check = nap.check(         sslconfiguration(),         nap.scalarcontext('sslscore', nap.range('@65:80'), nap.range('@0:65')),         nap.scalarcontext('serverhostname', fmt_metric='the certificate not match host name {value}'),         nap.scalarcontext('expireindays', nap.range('@:0'), fmt_metric='the certificate expired {value} days ago'),         nap.scalarcontext('validationresult', fmt_metric='this server\'s certificate not trusted: {value}'))     check.main(timeout=60)

the reason have use multiple scalarcontext show different fmt_metric if there problem ssl certificate: not match, expired, not trust, ...

with above code, output looks this:

sslconfiguration critical - certificate not match host name a.b.c.d (outside range 0:) critical: certificate not match host name a.b.c.d (outside range 0:) | serverhostname=a.b.c.d

what want display is:

sslconfiguration critical - final_score 0 (the certificate not match host name a.b.c.d) | sslscore=0;@65:80;@65;0;100

so, have questions:

  1. how can display different fmt_metric based on sslscore value, in 1 context sslscore?

  2. how remove redundant line (2nd)?

    critical: certificate not match host name a.b.c.d (outside range 0:)

  3. how move metric (3rd line) @ end of first line?

with friend, solved problem.

about first question, can use nagiosplugin.summary module change status line, this:

class sslconfiguration(nap.resource):     def __init__(self, host, port):         self.host = host         self.port = port      def check(self):             ...         if hostname_validation.startswith('ok') , expire_in.days > 0 , is_trusted == 'ok':             final_score = protocol_score * 0.3 + key_score * 0.3 + cipher_score * 0.4         else:             final_score = 0         return (hostname_validation, is_trusted, expire_in.days, final_score)      def probe(self):         if self.check()[3] > 0:             return [nap.metric('sslscore', self.check()[3])]         elif not self.check()[0].startswith('ok'):             return [nap.metric('sslscore', 0, context='serverhostname')]         elif self.check()[1] != 'ok':             return [nap.metric('sslscore', 0, context='validationresult')]         elif self.check()[2] <= 0:             return [nap.metric('sslscore', 0, context='expireindays')]   class sslsummary(nap.summary):     def __init__(self, host, port):         self.host = host         self.port = port      def status_line(self, results):         ssl_configuration = sslconfiguration(self.host, self.port)         if results['sslscore'].context.name == 'serverhostname':             return "sslscore 0 ({0})".format(ssl_configuration.check()[0])         elif results['sslscore'].context.name == 'validationresult':             return "sslscore 0 ({0})".format(ssl_configuration.check()[1])         elif results['sslscore'].context.name == 'expireindays':             return "sslscore 0 (the certificate expired {0} days ago)".format(ssl_configuration.check()[2])      def problem(self, results):         return self.status_line(results)

the second , third question can solved setting verbose parameter of main() zero:

@nap.guarded def main():     parser = argparse.argumentparser()     parser.add_argument('-h', '--host', type=str, required=true)     parser.add_argument('-p', '--port', type=int, default=443)     parser.add_argument('-v', '--verbose', action='count', default=0, help="increase output verbosity (use 3 times)")     parser.add_argument('-t', '--timeout', type=int, default=60)     args = parser.parse_args()      check = nap.check(         sslconfiguration(args.host, args.port),         nap.scalarcontext('sslscore', nap.range('@65:80'), nap.range('@0:65')),         nap.scalarcontext('serverhostname', nap.range('@65:80'), nap.range('@0:65')),         nap.scalarcontext('validationresult', nap.range('@65:80'), nap.range('@0:65')),         nap.scalarcontext('expireindays', nap.range('@65:80'), nap.range('@0:65')),         sslsummary(args.host, args.port))     check.main(args.verbose, args.timeout)

now output can sysadmin know going on:

check_ssl_configuration.py -h google.com sslconfiguration ok - sslscore 87 | sslscore=87.0;@65:80;@65  check_ssl_configuration.py -h 173.194.127.169 sslconfiguration critical - sslscore 0 (failed - certificate not match 173.194.127.169) | sslscore=0;@65:80;@65

Comments

Post a Comment

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

consider, toml node module can use: // toml.d.ts declare module toml { export function parse(value:string):any; } declare module "toml" { export = toml; } then: /// <reference path="../../../../../defs/toml/toml.d.ts"/> import toml = require('toml'); toml.parse(...); however, node module export single function, such 'glob' ( https://github.com/isaacs/node-glob ). the node usage of module be: var glob = require("glob") glob("*.js", {}, callback(err, files) { ... }); you'd naively expect this: // glob.d.ts declare function globs(paths:string, options:any, callback:{(err:any, files:string[]):void; ...but because typescripts 'import' semantics bit strange, seems can use 'import .. = require()' statement alias modules . trying call: /// <reference path="../../../../../defs/glob/glob.d.ts"/> import blog = require('glob'); results in: error ts2072: mod
Read more

openid - Okta: Failed to get authorization code through API call -

i'm integrating okta own idp server using okta's api. i'm implementing authorization code flow following steps below: in own server, use /api/v1/authn endpoint sessiontoken. use sessiontoken obtain authorization calling endpoint: /oauth2/v1/authorize?client_id=" + clientid + "&sessiontoken=" + sessiontoken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirecturl + "&state=evanyang&nonce=" it's supposed return response status code 302 , location header containing redirect url code value. however, keep getting response status code 200 , without location header, html body saying "you using unsupported browser." , "javascript disabled on browser." according api documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request , sessiontoken parameter sufficient this: an okta one-time sessiontoken. allows api-based
Read more

thorough guide for profiling racket code -

did googling ("racket profiling", "racket measure performance"), didn't find , there no examples in docs. did google "profile" search on htdp - no luck. (profile (f ...)) output isn't obvious other small snippets. ideally want python's python -m cprofile usage examples. when search "python profiling", both duckduckgo , google give top result: 26.4. python profilers . (although scanned quickly, seems more of reference "thorough usage guide" examples. if had else in mind, perhaps please link that?) the equivalent racket documentation be: profile: statistical profiler . a usage example: #lang racket (require profile) (profile-thunk (thunk (function-to-profile arg0 arg1) )) here (thunk e) convenience (lambda () e) . bigger example: #lang racket (module mod racket (provide f) (define (f) (for/list ([i 10000]) i))) (require (prefix-in mod: 'mod)) (define (f) (for ([i 10000
Read more