├── README.md
├── ZabbixOpenHardwareMonitor
├── README.md
├── Template OpenHardwareMonitor.xml
├── getOHM.bat
└── getOHM.py
├── arpMonitoring
├── README.md
├── Template ARP Monitoring.xml
└── arpSender.sh
├── canary
├── README.md
├── Template Canary.xml
├── files2monitor
└── notify.sh
├── ipDiscovery
├── README.md
├── files
│ ├── discovery.png
│ └── table.html
└── ipDiscovery.py
├── iperf3zabbix
├── Iperf Monitoring.yaml
└── iperf3zabbix.py
├── paloAltoVPN
├── README.md
├── Template Palo Alto VPN.xml
└── pavpn.py
├── upTimePort
├── README.md
├── report.py
└── upTimePort.py
├── updateNamesFromInventory
├── README.md
└── updateNamesFromInventory.py
└── zabbixKibanaDictionaries
├── README.md
└── zabbixKibanaDictionaries.py
/README.md:
--------------------------------------------------------------------------------
1 | # gassnerZabbixScripts
2 | Scripts related to Zabbix
3 |
4 | ## ipDiscovery
5 |
6 | This script has been developed to help fast Zabbix deploying, collecting SNMP data from network routers, and automatically creating discovery rules. It is also able to output csv and html reports.
7 |
8 | ## updateNamesFromInventory
9 |
10 | Zabbix automatic network discovery inserts an IP address, or the reverse resolved name at the moment of the discovery in the name of the host. This script copies the content from the "Name" inventory field to the host field. When two identical names are identified, ip address is inserted in the beggining of the name and host is kept enable. It is possible to configure that when the host belongs to some groups, it also should be disabled. If name in inventory changes, even the host name is not an IP address, it will be updated.
11 |
12 | ## zabbixKibanaDictionaries
13 |
14 | Script to generate logstash dictionaries from zabbix host names and host groups. These data can be used in elastic search and Kibana reports.
15 |
16 | ## upTimePort
17 |
18 | Script to generate one report for each switch in a given Zabbix group, and show all ports that are without use for more than a time period.
19 |
20 | ## arpMonitoring
21 |
22 | Script and Zabbix template using LLD to:
23 | - Detect newly connected devices on the network.
24 | - Have a history of which macs were used by which ips and vice versa.
25 | - Detect if there are multiple ips associated to the same mac.
26 | - Detect if there are multiple macs associated to the same ip address.
27 | - Identify the active period on the network for each device.
28 |
29 | ## canary
30 |
31 | Script and Zabbix template to:
32 | - Detect actions on canary files, read, write or open.
33 | - Support for multiple files monitoring.
34 | - Avoid multiple simultaneous execution of the script using flock.
35 | - Sends information to zabbix only when incident happens, for monitoring resource optimization.
36 | - Records information from inotify, top, netstat, lsof, who, ps and fuser upon event detection.
37 | - Dependencies: inotify-tools, flock, zabbix_sender
38 |
39 | ## ZabbixOpenHardwareMonitor
40 |
41 | Script and Zabbix template to monitor Open Hardware Monitor.
42 |
43 |
--------------------------------------------------------------------------------
/ZabbixOpenHardwareMonitor/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rggassner/gassnerZabbixScripts/c0d4633c61ff85985d8eae60f71bc3cb19039581/ZabbixOpenHardwareMonitor/README.md
--------------------------------------------------------------------------------
/ZabbixOpenHardwareMonitor/Template OpenHardwareMonitor.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 5.0
4 | 2021-11-09T00:20:35Z
5 |
6 |
7 | Templates
8 |
9 |
10 |
11 |
12 | Template OpenHardwareMonitor
13 | Template OpenHardwareMonitor
14 | Rafael Gustavo Gassner 11/2021
15 | This script monitors the csv file generated by the sensor logging of OpenHardwareMonitor https://openhardwaremonitor.org/
16 | It is a fast and dirty implementation, so you will not find any unity along with the indicators, and the name of the metric is based on the simple aggregation of the first two rows of the sensor csv file.
17 | You will need to have python3 in your windows, and schedule a task to periodically run the script.
18 | Low level discovery and data collection are made by the same script.
19 |
20 |
21 | Templates
22 |
23 |
24 |
25 |
26 | Open Hardware Monitor
27 |
28 |
29 |
30 |
31 | Open Hardware Monitor Discovery
32 | TRAP
33 | ohm.discovery
34 | 0
35 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
36 |
37 |
38 | {#NAME}
39 | TRAP
40 | ohm.metric[{#KEY}]
41 | 0
42 | 7d
43 | FLOAT
44 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
45 |
46 |
47 | Open Hardware Monitor
48 |
49 |
50 |
51 |
52 |
53 |
54 | {#KEY}
55 | $.key
56 |
57 |
58 | {#NAME}
59 | $.name
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/ZabbixOpenHardwareMonitor/getOHM.bat:
--------------------------------------------------------------------------------
1 | cd C:\Program Files\Zabbix Agent\ohm
2 | C:\Users\MyUserName\AppData\Local\Microsoft\WindowsApps\python.exe getOHM.py
--------------------------------------------------------------------------------
/ZabbixOpenHardwareMonitor/getOHM.py:
--------------------------------------------------------------------------------
1 | import csv
2 | from datetime import datetime
3 | from pyzabbix import ZabbixMetric, ZabbixSender
4 | #Be sure to use the same name configured for the host in zabbix server
5 | THIS_HOST='DESKTOP'
6 | ZABBIX_SERVER='192.168.1.1'
7 | packet=[]
8 | now = datetime.now()
9 |
10 | #Read csv file
11 | with open('OpenHardwareMonitorLog-'+str(now.year)+'-'+str(now.strftime("%m"))+'-'+str(now.strftime("%d"))+'.csv', 'r') as csv_file:
12 | reader = csv.reader(csv_file)
13 | for i, row in enumerate(reader):
14 | if i == 0:
15 | header1=row
16 | if i == 1:
17 | header2=row
18 | last=row
19 | ctime=datetime.strptime(last[0],'%m/%d/%Y %H:%M:%S')
20 | ctime=int(ctime.timestamp())
21 |
22 | #Low Level Discovery
23 | first=True
24 | lld='{ \"data\":['
25 | for i, col in enumerate(header1):
26 | part1=col.replace('/','.').replace(' ','.')
27 | part2=header2[i].replace('/','.').replace(' ','.')
28 | if part2 != "Time":
29 | if first:
30 | first=False
31 | else:
32 | lld=lld+','
33 | lld=lld+'{'
34 | lld=lld+'"name":"'+col+' '+header2[i]+'",'
35 | lld=lld+'"key":"'+part1+'-'+part2+'"'
36 | lld=lld+'}'
37 | lld=lld+']}'
38 | packet.append(ZabbixMetric(THIS_HOST,'ohm.discovery',lld,ctime))
39 |
40 | #Send data
41 | for i, col in enumerate(header1):
42 | part1=col.replace('/','.').replace(' ','.')
43 | part2=header2[i].replace('/','.').replace(' ','.')
44 | if part2 != "Time":
45 | packet.append(ZabbixMetric(THIS_HOST,'ohm.metric['+part1+"-"+part2+']',last[i],ctime))
46 | result = ZabbixSender(use_config=False,zabbix_server=ZABBIX_SERVER).send(packet)
47 |
--------------------------------------------------------------------------------
/arpMonitoring/README.md:
--------------------------------------------------------------------------------
1 | This script activelly scans arp and sends to zabbix server using zabbix_sender.
2 |
3 | # Installing on monitoring host:
4 |
5 | - Install arp-scan
6 | - Install zabbix-sender
7 | - Install and configure zabbix-agent
8 | - Configure "interfaces" variable in arpMonitoring.sh
9 | - Set crontab to run the arpMonitoring.sh every ten minutes or so.
10 |
11 | # Configurations on Zabbix-Server:
12 |
13 | - Import Template ARP Monitoring.xml into the templates
14 | - Associate the template with the host that will monitor arp.
15 |
16 | Run some times manually so Zabbix will create the LLD items and start populating them.
17 |
18 | With the script and template, you will be able to:
19 | - Detect newly connected devices on the network.
20 | - Have a history of which macs were used by which ips and the other way around.
21 | - Detect if there are multiple ips associated to the same mac.
22 | - Detect if there are multiple macs associated to the same ip address.
23 | - Identify the active period on the network for each device.
24 |
25 | Since this is designed for a small environment, the trigger for new device has no recovery expression, and should be manually disabled.
26 |
27 | You can configure the "new device" trigger disabled for initial run.
28 |
29 | After that you could disable each trigger mannualy when you have recognized the new device as not beeing a rogue one.
30 |
31 | In the zabbix template, "Allowed hosts" variable should be configured for your environment in item prototypes and in discovery rule.
32 |
--------------------------------------------------------------------------------
/arpMonitoring/Template ARP Monitoring.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 5.0
4 | 2021-02-23T19:09:20Z
5 |
6 |
7 | Templates
8 |
9 |
10 |
11 |
12 | Template ARP Monitoring
13 | Template ARP Monitoring
14 | Rafael Gustavo Gassner 02/2021
15 | This script activelly scans arp and sends to zabbix server using zabbix_sender.
16 | arp-scan should be installed and interfaces variable should
17 | be configured for your environment.
18 | You will want to run every 10 minutes or so, using crontab.
19 | First run(s) might not populate data, since LLD items
20 | are still beeing created in zabbix server.
21 | With the script and template, you will be able to:
22 | - Detect newly connected devices on the network.
23 | - Have a history of which macs were used by which ips and vice versa.
24 | - Detect if there are multiple ips associated to the same mac.
25 | - Detect if there are multiple macs associated to the same ip address.
26 | - Identify the active period on the network for each device.
27 | Since this is designed for a small environment, the trigger for
28 | new device has no recovery expression, and should be manually disabled.
29 | You can configure the "new device" trigger disabled for initial run.
30 | After that you could disable each trigger mannualy when you have
31 | recognized the new device as not beeing a rogue one.
32 | In the zabbix template, "Allowed hosts" variable should be configured
33 | for your environment in item prototypes and in discovery rule.
34 |
35 |
36 | Templates
37 |
38 |
39 |
40 |
41 | ARP
42 |
43 |
44 |
45 |
46 | Address discovery
47 | TRAP
48 | arp.discovery
49 | 0
50 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
51 |
52 |
53 | Ip address count for mac {#HWADDRESS}
54 | TRAP
55 | arp.ipCount[{#HWADDRESS}]
56 | 0
57 | 7d
58 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
59 | IP
60 |
61 |
62 | ARP
63 |
64 |
65 |
66 |
67 | {last(#1)}<>0
68 | New device using mac {#HWADDRESS} and IP {#IPADDRESS} detected by {HOST.HOST} arp table.
69 | INFO
70 | Identify new physical addresses in the same network as your host. Triggers should be disabled mannualy. Recommended to create triggers disabled on the first run.
71 |
72 |
73 | feature
74 | arp
75 |
76 |
77 |
78 |
79 |
80 |
81 | Mac(s) associated with IP {#IPADDRESS}
82 | TRAP
83 | arp.ipMacs[{#IPADDRESS}]
84 | 0
85 | 7d
86 | 0
87 | TEXT
88 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
89 |
90 |
91 | ARP
92 |
93 |
94 |
95 |
96 | Mac address count for IP {#IPADDRESS}
97 | TRAP
98 | arp.macCount[{#IPADDRESS}]
99 | 0
100 | 7d
101 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
102 | mac
103 |
104 |
105 | ARP
106 |
107 |
108 |
109 |
110 | Ip address(es) associated with mac {#HWADDRESS}
111 | TRAP
112 | arp.macIps[{#HWADDRESS}]
113 | 0
114 | 7d
115 | 0
116 | TEXT
117 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
118 |
119 |
120 | ARP
121 |
122 |
123 |
124 |
125 |
126 |
127 | {Template ARP Monitoring:arp.macCount[{#IPADDRESS}].last(#1)}>1 and {Template ARP Monitoring:arp.ipMacs[{#IPADDRESS}].str(lala,#1)}=0
128 | IP {#IPADDRESS} in use in more than one mac detected by {HOST.HOST} arp table. Adresses found {ITEM.LASTVALUE2}
129 | INFO
130 |
131 |
132 | feature
133 | arp
134 |
135 |
136 |
137 |
138 | {Template ARP Monitoring:arp.ipCount[{#HWADDRESS}].last(#1)}>1 and {Template ARP Monitoring:arp.macIps[{#HWADDRESS}].str(lala,#1)}=0
139 | Mac {#HWADDRESS} in use in more than one IP detected by {HOST.HOST} arp table. Adresses found {ITEM.LASTVALUE2}
140 | INFO
141 |
142 |
143 | feature
144 | arp
145 |
146 |
147 |
148 |
149 |
150 |
151 | {#HWADDRESS}
152 | $.HWAddress
153 |
154 |
155 | {#IPADDRESS}
156 | $.ipAddress
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
--------------------------------------------------------------------------------
/arpMonitoring/arpSender.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Rafael Gustavo Gassner 02/2021
3 | #This script activelly scans arp and sends to zabbix server using zabbix_sender.
4 | #arp-scan should be installed and interfaces variable should
5 | # be configured for your environment.
6 | #You will want to run every 10 minutes or so, using crontab.
7 | #First run(s) might not populate data, since LLD items
8 | # are still beeing created in zabbix server.
9 | #With the script and template, you will be able to:
10 | # - Detect newly connected devices on the network.
11 | # - Have a history of which macs were used by which ips and the other way around.
12 | # - Detect if there are multiple ips associated to the same mac.
13 | # - Detect if there are multiple macs associated to the same ip address.
14 | # - Identify the active period on the network for each device.
15 | #Since this is designed for a small environment, the trigger for
16 | #new device has no recovery expression, and should be manually disabled.
17 | #You can configure the "new device" trigger disabled for initial run.
18 | #After that you could disable each trigger mannualy when you have
19 | #recognized the new device as not beeing a rogue one.
20 | #In the zabbix template, "Allowed hosts" variable should be configured
21 | # for your environment in item prototypes and in discovery rule.
22 |
23 | interfaces="eth0.1 eth0.2"
24 | zabbix_conf="/etc/zabbix/zabbix_agentd.conf"
25 | arp_scan="/usr/sbin/arp-scan"
26 | sender="/usr/bin/zabbix_sender"
27 |
28 | fullData=`for iface in $interfaces
29 | do
30 | $arp_scan --localnet --interface=$iface -q -x | sort | uniq
31 | done`
32 | IFS=$'\n'
33 | first=1
34 | lld="{ \"data\":["
35 | for entry in $fullData
36 | do
37 | if [[ first -eq 0 ]]
38 | then
39 | lld="${lld},"
40 | else
41 | first=0
42 | fi
43 | ipAddress=`echo $entry | awk '{print $1}'`
44 | HWAddress=`echo $entry | awk '{print $2}'`
45 | lld="${lld}{"
46 | lld="${lld}\"ipAddress\":\"${ipAddress}\","
47 | lld="${lld}\"HWAddress\":\"${HWAddress}\""
48 | lld="${lld}}"
49 | done
50 | lld="${lld}]}"
51 | $sender -c $zabbix_conf -k arp.discovery -o $lld
52 | for mac in `echo "$fullData" | awk '{print $2}'| sort | uniq`
53 | do
54 | ips=`echo "$fullData" | grep "$mac" | awk '{print $1}' | tr '\n' ' '`
55 | $sender -c $zabbix_conf -k arp.macIps[$mac] -o $ips
56 | done
57 | for ip in `echo "$fullData" | awk '{print $1}'| sort | uniq`
58 | do
59 | macs=`echo "$fullData" | grep -P "^${ip}\t" | awk '{print $2}' | tr '\n' ' '`
60 | $sender -c $zabbix_conf -k arp.ipMacs[$ip] -o $macs
61 | done
62 | for line in $fullData
63 | do
64 | mac=`echo "$line" | awk {'print $2'}`
65 | nIp=`echo "$fullData" | grep "${mac}" | wc -l`
66 | $sender -c $zabbix_conf -k arp.ipCount[$mac] -o $nIp
67 | done
68 | for line in $fullData
69 | do
70 | ip=`echo "$line" | awk {'print $1'}`
71 | nMac=`echo "$fullData" | grep -P "^${ip}\t" | wc -l`
72 | $sender -c $zabbix_conf -k arp.macCount[$ip] -o $nMac
73 | done
74 |
--------------------------------------------------------------------------------
/canary/README.md:
--------------------------------------------------------------------------------
1 | Monitor when a file, or set of files, are accessed and upon detection execute several commands to help identify the source of the access. This script can be used to monitor decoy files, for cybersecurity reasons.
2 |
3 | This script should be run by cron every minute.
4 |
5 | The file files2monitor should contain the files to monitor, all in one line, space separated.
6 |
7 | Dependencies: inotify-tools, flock, zabbix_sender
8 |
9 | ## canary
10 |
11 | Script and Zabbix template to:
12 | - Detect actions on canary files, read, write or open.
13 | - Support for multiple files monitoring.
14 | - Avoid multiple simultaneous execution of the script using flock.
15 | - Sends information to zabbix only when incident happens, for monitoring resource optimization.
16 | - Records information from inotify, top, netstat, lsof, who, ps and fuser upon event detection.
17 | - Dependencies: inotify-tools, flock, zabbix_sender
18 |
--------------------------------------------------------------------------------
/canary/Template Canary.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 5.0
4 | 2021-03-06T00:12:15Z
5 |
6 |
7 | Templates
8 |
9 |
10 |
11 |
12 | Template Canary
13 | Template Canary
14 |
15 |
16 | Templates
17 |
18 |
19 |
20 |
21 | Canary files
22 |
23 |
24 |
25 |
26 | fuser
27 | TRAP
28 | canary.fuser[]
29 | 0
30 | 0
31 | TEXT
32 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
33 | Show fuser for all the pids using the file
34 |
35 |
36 | Canary files
37 |
38 |
39 |
40 |
41 | lsofile
42 | TRAP
43 | canary.lsofile[]
44 | 0
45 | 0
46 | TEXT
47 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
48 | Show lsof for the canary file that triggered.
49 |
50 |
51 | Canary files
52 |
53 |
54 |
55 |
56 | lsof
57 | TRAP
58 | canary.lsof[]
59 | 0
60 | 0
61 | TEXT
62 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
63 | Show lsof for all the files (First one thousand lines)
64 |
65 |
66 | Canary files
67 |
68 |
69 |
70 |
71 | netstat
72 | TRAP
73 | canary.netstat[]
74 | 0
75 | 0
76 | TEXT
77 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
78 | Show output of "netstat -tupan" (First one thousand lines)
79 |
80 |
81 | Canary files
82 |
83 |
84 |
85 |
86 | ps
87 | TRAP
88 | canary.ps[]
89 | 0
90 | 0
91 | TEXT
92 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
93 | Show "ps -ef f" output (First one thousand lines)
94 |
95 |
96 | Canary files
97 |
98 |
99 |
100 |
101 | Canary status
102 | TRAP
103 | canary.status[]
104 | 0
105 | 7d
106 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
107 | Status used for triggers.
108 | 1 - Canary is dead
109 | 0 - Canary is alive
110 |
111 |
112 | Canary files
113 |
114 |
115 |
116 |
117 | {max(3600)}=1 and
118 | {nodata(3600)}=0
119 | Canary file was accessed in the last hour
120 | HIGH
121 |
122 |
123 | feature
124 | canary
125 |
126 |
127 |
128 |
129 |
130 |
131 | top
132 | TRAP
133 | canary.top[]
134 | 0
135 | 0
136 | TEXT
137 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
138 | "top" command when canary file was triggered.
139 |
140 |
141 | Canary files
142 |
143 |
144 |
145 |
146 | who
147 | TRAP
148 | canary.who[]
149 | 0
150 | 0
151 | TEXT
152 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
153 | "who -a" command when canary file was triggered.
154 |
155 |
156 | Canary files
157 |
158 |
159 |
160 |
161 |
162 |
163 | attack
164 | data breach
165 |
166 |
167 | feature
168 | canary
169 |
170 |
171 | service
172 | DLP
173 |
174 |
175 | team
176 | security
177 |
178 |
179 |
180 |
181 |
182 |
--------------------------------------------------------------------------------
/canary/files2monitor:
--------------------------------------------------------------------------------
1 | /tmp/1
2 | /tmp/2
3 |
--------------------------------------------------------------------------------
/canary/notify.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Canary file monitoring with Zabbix
3 | #Rafael Gustavo Gassner - 03/2021
4 | #Monitor when a file, or set of files, are accessed and upon detection
5 | #execute several commands to help identify the source of the access.
6 | #This script should be run by cron every minute.
7 | #The file files2monitor should contain the files to monitor, all in one line, space separated.
8 | #
9 | #If you have problems using flock, you can avoid simultaneous execution with:
10 | #* * * * * root lsof /opt/notify.sh || /opt/notify.sh >/dev/null 2>&1
11 | #
12 | #Dependencies: inotify-tools, flock, zabbix_sender
13 | {
14 | flock -n 100 || exit
15 | maxLines=900
16 | sender="/usr/bin/zabbix_sender"
17 | conf="/etc/zabbix/zabbix_agentd.conf"
18 | spath="/usr/src/canary"
19 | $sender -c $conf -k canary.status[] -o "0" &
20 | inotifywait --format '%w,%-e' -m -q --fromfile $spath/files2monitor | \
21 | while IFS= read -r event
22 | do
23 | echo $event
24 | filename=`echo $event | cut -d , -f 1`
25 | fevent=`echo $event | cut -d , -f 2`
26 | $sender -c $conf -k canary.top[] -o "`echo filename: $filename - event: $event - command: top -n -n1; top -b -n1`" &
27 | $sender -c $conf -k canary.lsofile[] -o "`echo filename: $filename - event: $event - command: lsof -n $filename; lsof -n $filename`" &
28 | $sender -c $conf -k canary.who[] -o "`echo filename: $filename - event: $event - command: who -a; who -a`" &
29 | for pid in `fuser $filename`
30 | do
31 | $sender -c $conf -k canary.fuser[] -o "`echo filename: $filename - event: $event - pid: $pid - command: ps -p $pid; ps -p $pid`" &
32 | done
33 | $sender -c $conf -k canary.ps[] -o "`echo filename: $filename - event: $event - command: ps -ef f; ps -ef f | head -n $maxLines`" &
34 | $sender -c $conf -k canary.lsof[] -o "`echo filename: $filename - event: $event - command: lsof -n; lsof -n | head -n $maxLines`" &
35 | $sender -c $conf -k canary.netstat[] -o "`echo filename: $filename - event: $event - command: netstat -tupan; netstat -tupan | head -n $maxLines`" &
36 | $sender -c $conf -k canary.status[] -o "1" &
37 | pkill -f "inotifywait --format %w,%-e -m -q --fromfile $spath/files2monitor"
38 | done
39 | } 100>/tmp/notify.lock
40 |
--------------------------------------------------------------------------------
/ipDiscovery/README.md:
--------------------------------------------------------------------------------
1 | # ipDiscovery
2 |
3 | This script has been developed to help fast Zabbix deploying, collecting SNMP data from network routers, and automatically creating discovery rules. It is also able to output csv and html reports.
4 |
5 | ## Description
6 |
7 | Zabbix has a useful network discovery feature, but if you have to manually insert and keep updated thousands of network classes, this task gets a bit tricky.
8 |
9 | This script tries to solve this issue. It will iterate over all hosts on a previously chosen Zabbix host group, preferably routers and/or firewalls, and will query the SNMP ipAddrTable [rfc1213-mib2.asn1](http://www.alvestrand.no/objectid/sources/rfc1213-mib2.asn1) .
10 |
11 | All interaction with Zabbix is made through [PyZabbix](https://github.com/lukecyca/pyzabbix). You are able to configure including and excluding IP network ranges, those do not apply to the reporting options.
12 |
13 | ## Instalation
14 |
15 | In a debian based system:
16 |
17 | apt-get install python-setuptools python-dev build-essential
18 | easy_install pip
19 | pip install --upgrade virtualenv
20 | pip install pyzabbix
21 | pip install ipaddress
22 | pip install pysnmp
23 |
24 | ## Configuration
25 |
26 | The following parameters are in the beginning of the ipDiscovery.py script file. Configure the Zabbix user that will run the script. Ensure that it has enough rights to see the hosts and to create the discovery rules:
27 |
28 | user = "Admin"
29 |
30 | The password for that user:
31 |
32 | secret = "zabbix"
33 |
34 | The URL for the Zabbix API:
35 |
36 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
37 |
38 | The SNMP community to access the devices:
39 |
40 | community = "public"
41 |
42 | The name of the Zabbix host group to get the device information:
43 |
44 | routersGroupName="Router"
45 | The name of the Zabbix discovery rule that will be used as a template to create the new ones:
46 |
47 | templateDiscoveryRule="TEMPLATE"
48 |
49 | Only include IP networks that are in the specified range(s) below:
50 |
51 | includeIfInRange=["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]
52 |
53 | Do not include IP networks that are in the specified range(s) below. In case it matches both include and ignore rules, IP network is not included.
54 |
55 | ignoreIfInRange=["127.0.0.0/8"]
56 |
57 | Some devices can have hundreds of interfaces, so you can break them in many rules. This attribute defines the maximum number of networks in each rule. You should not configure it to more than 112, or you might get into Zabbix maximum number of networks per rule restriction.
58 |
59 | maxNetPerRule = 10
60 |
61 | ## Usage
62 |
63 | ./ipDiscovery.py -h
64 | Usage: ipDiscovery.py [options]
65 |
66 | Options:
67 | -h, --help show this help message and exit
68 | -t TYPE, --type=TYPE output type: html, csv or api [default: html]
69 |
70 | ## ./ipDiscovery .py -t html
71 |
72 | This will produce a [Ajax searchable DataTable](https://datatables.net/examples/data_sources/ajax.html) as this [example](files/table.html).
73 |
74 | ## ./ipDiscovery.py -t csv
75 |
76 | This will produce a csv file like this:
77 |
78 | AdslRouter,1-lo,127.0.0.1/8
79 | AdslRouter,12-ppp0,179.181.19.234/32
80 | AdslRouter,4-br0,192.168.1.1/24
81 |
82 | ## ./ipDiscovery.py -t api
83 |
84 | This will create the Zabbix discovery rules as configured above.
85 |
86 | 
87 |
88 |
89 | > Written with [StackEdit](https://stackedit.io/).
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
--------------------------------------------------------------------------------
/ipDiscovery/files/discovery.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rggassner/gassnerZabbixScripts/c0d4633c61ff85985d8eae60f71bc3cb19039581/ipDiscovery/files/discovery.png
--------------------------------------------------------------------------------
/ipDiscovery/files/table.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
Router
Id-Name
Ip/Mask
6 |
Router
Id-Name
Ip/Mask
7 |
AdslRouter
1-lo
127.0.0.1/8
8 |
AdslRouter
12-ppp0
179.181.19.234/32
9 |
AdslRouter
4-br0
192.168.1.1/24
10 |
11 |
12 |
13 |
27 |
28 |
--------------------------------------------------------------------------------
/ipDiscovery/ipDiscovery.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | # -*- coding: utf-8 -*-
3 | #apt-get install python-setuptools python-dev build-essential
4 | #easy_install pip
5 | #pip install --upgrade virtualenv
6 | #pip install pyzabbix
7 | #pip install ipaddress
8 | #pip install pysnmp
9 |
10 | #Rafael Gustavo Gassner - 06/2017
11 |
12 | #Features:
13 | #- Discover networks from routers that are in a zabbix group and create a Zabbix Discovery Rule including those networks.
14 | #- Choose the max number of networks created in each discovery rule.
15 | #- Copy checks, delay, proxy configuration and device uniqueness criteria from a template discovery rule.
16 | #- Create html or csv router network interfaces report, including its name.
17 | #- Include and exclude ip range options.
18 | #- Template rule can be changed and you can run the script to update de discovery rules. All discovery rule that matches the router name pattern will be deleted and re-created.
19 |
20 | #Documentation:
21 | #Do not configure more than 112 maxNetPerRule or you might get into 2048 zabbix characters restriction for ip range.
22 |
23 | from pyzabbix import ZabbixAPI
24 | from pysnmp.hlapi import *
25 | from pysnmp.proto import rfc1902
26 | from optparse import OptionParser
27 | import ipaddress
28 |
29 | user = "Admin"
30 | secret = "zabbix"
31 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
32 | community = "public"
33 | routersGroupName="Router"
34 | templateDiscoveryRule="TEMPLATE"
35 | includeIfInRange=["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]
36 | ignoreIfInRange=["127.0.0.0/8"]
37 | maxNetPerRule = 10
38 | tableColor = "#FFFFFF"
39 |
40 | parser = OptionParser()
41 | parser.add_option("-t", "--type",
42 | default="html",
43 | help="output type: html, csv "
44 | "or api [default: %default]")
45 | (options, args) = parser.parse_args()
46 |
47 | nameCounter=0
48 |
49 | zapi.session.auth = (user, secret)
50 | #zapi.session.verify = False
51 | zapi.login(user, secret)
52 | hostgroup=zapi.hostgroup.get(filter={"name": routersGroupName})
53 | if not hostgroup:
54 | print ("Host Group not found.")
55 | exit()
56 |
57 | for h in hostgroup:
58 | groupid=h['groupid']
59 |
60 |
61 | def isInIncludeRange(network):
62 | network=unicode(network,"utf-8")
63 | for i in includeIfInRange:
64 | i=unicode(i,"utf-8")
65 | n1 = ipaddress.ip_network(i, strict=False)
66 | n2 = ipaddress.ip_network(network, strict=False)
67 | try:
68 | if(len(list(n1.address_exclude(n2))) >= 0):
69 | return True
70 | except ValueError:
71 | pass
72 | return False
73 |
74 | def isInExcludeRange(network):
75 | network=unicode(network,"utf-8")
76 | for i in ignoreIfInRange:
77 | i=unicode(i,"utf-8")
78 | n1 = ipaddress.ip_network(i, strict=False)
79 | n2 = ipaddress.ip_network(network, strict=False)
80 | try:
81 | if(len(list(n1.address_exclude(n2))) >= 0):
82 | return True
83 | except ValueError:
84 | pass
85 | return False
86 |
87 | def netmask_to_cidr(netmask):
88 | return sum([bin(int(x)).count('1') for x in netmask.split('.')])
89 |
90 | def getDescription(router,community,id):
91 | errorIndication, errorStatus, errorIndex, varBinds = next(
92 | getCmd(SnmpEngine(),
93 | CommunityData(community),
94 | UdpTransportTarget((router, 161)),
95 | ContextData(),
96 | ObjectType(ObjectIdentity('1.3.6.1.2.1.2.2.1.2.'+str(id))),lexicographicMode=False)
97 | )
98 | if errorIndication:
99 | #print(errorIndication)
100 | #break
101 | return "NoDescription"
102 | elif errorStatus:
103 | #print('%s at %s' % (errorStatus.prettyPrint(),
104 | #errorIndex and varBinds[int(errorIndex) - 1][0] or '?'))
105 | #break
106 | return "No Description"
107 | else:
108 | for varBind in varBinds:
109 | return varBind[1]
110 |
111 | def print_html_header():
112 | print ("")
113 | print ("")
114 | print ("")
115 | print ("
Router
Id-Name
Ip/Mask
")
116 | print ("
Router
Id-Name
Ip/Mask
")
117 |
118 | def print_body(rtype):
119 | hosts=zapi.host.get(selectInventory=True)
120 | if not hosts:
121 | print ("Empty list.")
122 | exit()
123 | for s in zapi.host.get(output="extend", groupids=[groupid], filter={"status": 0}):
124 | name=(s['name'])
125 | hostid=(s['hostid'])
126 | for i in zapi.hostinterface.get(hostids=[hostid],filter={"type": 2}):
127 | ip=(i['ip'])
128 | name=name.replace(" ","_")
129 | gen_report(ip,community,name,rtype)
130 |
131 | def print_html_footer():
132 | print ("
")
189 | elif (rtype == "csv"):
190 | print (str(name)+","+str(id)+"-"+str(description)+","+rfc1902.IpAddress.prettyPrint(ip)+"/"+str(netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask))))
191 | elif ((rtype == "api") and (netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask))!=32) and (netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask)) >=16 ) and isInIncludeRange(rfc1902.IpAddress.prettyPrint(ip)+"/"+str(netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask)))) and not (isInExcludeRange(rfc1902.IpAddress.prettyPrint(ip)+"/"+str(netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask))))) ):
192 | if(rcounter==0):
193 | ipRange=rfc1902.IpAddress.prettyPrint(ip)+"/"+str(netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask)))
194 | else:
195 | ipRange=ipRange+","+rfc1902.IpAddress.prettyPrint(ip)+"/"+str(netmask_to_cidr(rfc1902.IpAddress.prettyPrint(mask)))
196 | rcounter=rcounter+1
197 | if (rcounter==maxNetPerRule):
198 | update_discovery(name,ipRange)
199 | ipRange=""
200 | rcounter=0
201 | if ((rtype == "api") and (rcounter != 0)):
202 | update_discovery(name,ipRange)
203 | ipRange=""
204 | rcounter=0
205 | nameCounter=0
206 |
207 | def update_discovery(dname,ipRange):
208 | global nameCounter
209 | template=zapi.drule.get(output="extend", selectDChecks="extend", filter={"name": templateDiscoveryRule})
210 | if not template:
211 | print ("Discovery rule template not found.")
212 | exit()
213 | for t in template:
214 | templateid=t['druleid']
215 | t['iprange']=ipRange
216 | t['name']=dname+"-"+str(nameCounter)
217 | #To create enabled, set status 0
218 | t['status']="1"
219 | zapi.drule.create(t)
220 | nameCounter=nameCounter+1
221 |
222 | if (options.type=="html"):
223 | print_html_header()
224 | print_body(options.type)
225 | print_html_footer()
226 | elif (options.type=="csv"):
227 | print_body(options.type)
228 | elif (options.type=="api"):
229 | print_body(options.type)
230 |
--------------------------------------------------------------------------------
/iperf3zabbix/Iperf Monitoring.yaml:
--------------------------------------------------------------------------------
1 | zabbix_export:
2 | version: '7.0'
3 | template_groups:
4 | - uuid: 7df96b18c230490a9a0a9e2307226338
5 | name: Templates
6 | templates:
7 | - uuid: f617ad893d9c4da5a087b547b5635fb8
8 | template: 'Iperf Monitoring'
9 | name: 'Iperf Monitoring'
10 | groups:
11 | - name: Templates
12 | items:
13 | - uuid: 03fc0fca74304bd483b408e77f5f4e63
14 | name: iperf3.sum_received.bits_per_second
15 | type: TRAP
16 | key: iperf3.sum_received.bits_per_second
17 | delay: '0'
18 | value_type: FLOAT
19 | units: bps
20 | tags:
21 | - tag: application
22 | value: iperf3
23 | - uuid: 1b796e7ab2d34ce7b2c0620b9bb72cd9
24 | name: iperf3.sum_sent.bits_per_second
25 | type: TRAP
26 | key: iperf3.sum_sent.bits_per_second
27 | delay: '0'
28 | value_type: FLOAT
29 | units: bps
30 | tags:
31 | - tag: application
32 | value: iperf3
33 | - uuid: b10c3bd94e89450495d90215ea8bbdbe
34 | name: iperf3.sum_sent.retransmits
35 | type: TRAP
36 | key: iperf3.sum_sent.retransmits
37 | delay: '0'
38 | units: ret
39 | tags:
40 | - tag: application
41 | value: iperf3
42 |
--------------------------------------------------------------------------------
/iperf3zabbix/iperf3zabbix.py:
--------------------------------------------------------------------------------
1 | #!venv/bin/python
2 | import iperf3
3 | import json
4 | from zabbix_utils import Sender
5 | ZABBIX_SERVER = {"server": "192.168.1.1","port": 10051}
6 | sender = Sender(**ZABBIX_SERVER)
7 | host='VPN'
8 | client = iperf3.Client()
9 | client.duration = 3
10 | client.intervals = 3
11 | client.server_hostname = '192.168.1.100'
12 | client.port = 5201
13 | result = client.run()
14 | directions=['sum_sent','sum_received']
15 | attributes=['bits_per_second','retransmits']
16 | data = json.loads(str(result))
17 | for direction in directions:
18 | for attribute in attributes:
19 | if attribute in data['end'][direction]:
20 | print('{} {}'.format('iperf3.'+direction+'.'+attribute,data['end'][direction][attribute]))
21 | response = sender.send_value(host,'iperf3.'+direction+'.'+attribute,data['end'][direction][attribute])
22 | if response.failed == 0:
23 | print(f"Value sent successfully in {response.time}")
24 | else:
25 | print("Failed to send value")
26 |
27 |
--------------------------------------------------------------------------------
/paloAltoVPN/README.md:
--------------------------------------------------------------------------------
1 | Monitor Palo Alto VPN metrics
2 |
3 |
4 |
--------------------------------------------------------------------------------
/paloAltoVPN/Template Palo Alto VPN.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 5.0
4 | 2022-01-05T02:26:55Z
5 |
6 |
7 | Templates
8 |
9 |
10 |
11 |
12 | Template Palo Alto VPN
13 | Template Palo Alto VPN
14 | Rafael Gustavo Gassner 01/2022
15 | This script monitors Palo Alto VPN using a python script that collects data from web api.
16 |
17 |
18 | Templates
19 |
20 |
21 |
22 |
23 | Palo Alto VPN
24 |
25 |
26 |
27 |
28 | Palo Alto VPN Discovery
29 | TRAP
30 | pavpn.discovery
31 | 0
32 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
33 |
34 |
35 | GWID {#NAME}
36 | TRAP
37 | pavpn.gwid[{#KEY}]
38 | 0
39 | 7d
40 | 0
41 | TEXT
42 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
43 |
44 |
45 | Palo Alto VPN
46 |
47 |
48 |
49 |
50 | ID {#NAME}
51 | TRAP
52 | pavpn.id[{#KEY}]
53 | 0
54 | 7d
55 | 0
56 | TEXT
57 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
58 |
59 |
60 | Palo Alto VPN
61 |
62 |
63 |
64 |
65 | Inner Interface {#NAME}
66 | TRAP
67 | pavpn.inner-if[{#KEY}]
68 | 0
69 | 7d
70 | 0
71 | TEXT
72 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
73 |
74 |
75 | Palo Alto VPN
76 |
77 |
78 |
79 |
80 | Local IP {#NAME}
81 | TRAP
82 | pavpn.localip[{#KEY}]
83 | 0
84 | 7d
85 | 0
86 | TEXT
87 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
88 |
89 |
90 | Palo Alto VPN
91 |
92 |
93 |
94 |
95 | Mon {#NAME}
96 | TRAP
97 | pavpn.mon[{#KEY}]
98 | 0
99 | 7d
100 | 0
101 | TEXT
102 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
103 |
104 |
105 | Palo Alto VPN
106 |
107 |
108 |
109 |
110 | Outer Interface {#NAME}
111 | TRAP
112 | pavpn.outer-if[{#KEY}]
113 | 0
114 | 7d
115 | 0
116 | TEXT
117 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
118 |
119 |
120 | Palo Alto VPN
121 |
122 |
123 |
124 |
125 | Owner {#NAME}
126 | TRAP
127 | pavpn.owner[{#KEY}]
128 | 0
129 | 7d
130 | 0
131 | TEXT
132 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
133 |
134 |
135 | Palo Alto VPN
136 |
137 |
138 |
139 |
140 | Peer IP {#NAME}
141 | TRAP
142 | pavpn.peerip[{#KEY}]
143 | 0
144 | 7d
145 | 0
146 | TEXT
147 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
148 |
149 |
150 | Palo Alto VPN
151 |
152 |
153 |
154 |
155 | State {#NAME}
156 | TRAP
157 | pavpn.state[{#KEY}]
158 | 0
159 | 7d
160 | 0
161 | TEXT
162 | 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8
163 |
164 |
165 | Palo Alto VPN
166 |
167 |
168 |
169 |
170 |
171 |
172 | {#KEY}
173 | $.key
174 |
175 |
176 | {#NAME}
177 | $.name
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
--------------------------------------------------------------------------------
/paloAltoVPN/pavpn.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python3
2 | #Return json formatted db for zabbix low level discovery
3 | #Rafael Gustavo Gassner - 01/2022
4 |
5 | #apt install python3-pip
6 | #pip3 install xmltodict
7 | #pip3 install py-zabbix
8 |
9 | import requests,xmltodict,json
10 | from datetime import datetime
11 | from pyzabbix import ZabbixMetric, ZabbixSender
12 | from requests.packages.urllib3.exceptions import InsecureRequestWarning
13 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
14 |
15 | THIS_HOST='Zabbix server'
16 | ZABBIX_SERVER='192.168.1.1'
17 | WEB_SERVER=''
18 | KEY=''
19 |
20 | url = 'https://'+WEB_SERVER+'/api/?type=op&cmd=%3Cshow%3E%3Crunning%3E%3Ctunnel%3E%3Cflow%3E%3Call%3E%3C/all%3E%3C/flow%3E%3C/tunnel%3E%3C/running%3E%3C/show%3E&key='+KEY
21 |
22 | packet=[]
23 | ctime=datetime.now()
24 | ctime=int(ctime.timestamp())
25 | response = requests.get(url,verify=False)
26 | data = json.loads(json.dumps(xmltodict.parse(response.content)))
27 |
28 | #Low Level Discovery
29 | first=True
30 | lld='{ \"data\":['
31 | for vpn in data['response']['result']['IPSec']['entry']:
32 | if first:
33 | first=False
34 | else:
35 | lld=lld+','
36 | lld=lld+'{'
37 | lld=lld+'"name":"'+vpn['name']+'",'
38 | lld=lld+'"key":"'+vpn['name']+'"'
39 | lld=lld+'}'
40 | lld=lld+']}'
41 | packet.append(ZabbixMetric(THIS_HOST,'pavpn.discovery',lld,ctime))
42 |
43 |
44 | #Send data
45 | for vpn in data['response']['result']['IPSec']['entry']:
46 | for key, value in vpn.items():
47 | packet.append(ZabbixMetric(THIS_HOST,'pavpn.'+key+'['+vpn['name']+']',value,ctime))
48 | result = ZabbixSender(use_config=False,zabbix_server=ZABBIX_SERVER).send(packet)
49 |
50 |
--------------------------------------------------------------------------------
/upTimePort/README.md:
--------------------------------------------------------------------------------
1 | # upTimePort
2 |
3 | Script to generate one report for each switch in a given Zabbix group, and show all ports that are without use for more than a time period.
4 |
5 | ## Description
6 |
7 | Sometimes you run out of switches ports, and ask yourself if all of them are really in use. This script will generate a report showing which ports are without use for a determined period.
8 |
9 | ## Instalation
10 |
11 | In a debian based system:
12 |
13 | apt-get install python-setuptools python-dev build-essential
14 | easy_install pip
15 | pip install --upgrade virtualenv
16 | pip install pyzabbix
17 | pip install pysnmp-apps
18 | pip install pysnmp==4.3.0
19 | yum install python-devel pysnmp-mibs
20 |
21 |
22 | ## Configuration
23 |
24 | The following parameters are in the beginning of the upTimePort.py script file. Configure the Zabbix user that will run the script. Ensure that it has enough rights to see the hosts and to create the discovery rules:
25 |
26 | user = "Admin"
27 |
28 | The password for that user:
29 |
30 | secret = "zabbix"
31 |
32 | The URL for the Zabbix API:
33 |
34 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
35 |
36 | The SNMP community to access the devices:
37 |
38 | community = "public"
39 |
40 | The id of the Zabbix host group to get the device information:
41 |
42 | switchGroupID="8"
43 |
44 | The path to the reporting script:
45 |
46 | reportScript = "/root/scripts/upTimePort/report.py"
47 |
48 | The report output directory:
49 |
50 | outputDirectory = "/var/www/html/reports/upTimePort"
51 |
52 | You can configure how long a port must be down to be shown in the reports in the script report.py:
53 |
54 | #seconds * 100
55 | target=259200000
56 |
57 | ## Usage
58 |
59 | ./upTimePort.py
60 |
61 | This script takes no parameters.
62 |
63 | > Written with [StackEdit](https://stackedit.io/).
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
--------------------------------------------------------------------------------
/upTimePort/report.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | #apt-get install python-pip
3 | #pip install pysnmp-apps
4 | #yum install python-devel pysnmp-mibs
5 | #pip install pysnmp==4.3.0
6 | #Rafael Gustavo Gassner - 07/2017
7 |
8 | import datetime
9 | import sys
10 | from pysnmp.hlapi import *
11 | switch=sys.argv[1]
12 | comunidade=sys.argv[2]
13 |
14 | #seconds * 100
15 | #1 month = 259200000
16 | target=259200000
17 |
18 |
19 | def duration_human(seconds):
20 | seconds = long(round(seconds))
21 | minutes, seconds = divmod(seconds, 60)
22 | hours, minutes = divmod(minutes, 60)
23 | days, hours = divmod(hours, 24)
24 | years, days = divmod(days, 365.242199)
25 |
26 | minutes = long(minutes)
27 | hours = long(hours)
28 | days = long(days)
29 | years = long(years)
30 |
31 | duration = []
32 | if years > 0:
33 | duration.append('%d year' % years + 's'*(years != 1))
34 | else:
35 | if days > 0:
36 | duration.append('%d day' % days + 's'*(days != 1))
37 | if hours > 0:
38 | duration.append('%d hour' % hours + 's'*(hours != 1))
39 | if minutes > 0:
40 | duration.append('%d minute' % minutes + 's'*(minutes != 1))
41 | if seconds > 0:
42 | duration.append('%d second' % seconds + 's'*(seconds != 1))
43 | return ' '.join(duration)
44 |
45 | errorIndication, errorStatus, errorIndex, varBinds = next(
46 | getCmd(SnmpEngine(),
47 | CommunityData(comunidade),
48 | UdpTransportTarget((switch, 161)),
49 | ContextData(),
50 | ObjectType(ObjectIdentity('1.3.6.1.2.1.1.3.0')),lexicographicMode=False)
51 | )
52 |
53 | if errorIndication:
54 | print(errorIndication)
55 | elif errorStatus:
56 | print('%s at %s' % (errorStatus.prettyPrint(),
57 | errorIndex and varBinds[int(errorIndex) - 1][0] or '?'))
58 | else:
59 | for varBind in varBinds:
60 | uptime=varBind[1]
61 |
62 | print ("Uptime:"+duration_human(uptime/100)+"
")
63 | print ("
Alias
Description
Time without use
")
64 |
65 | for (errorIndication,
66 | errorStatus,
67 | errorIndex,
68 | varBinds) in nextCmd(SnmpEngine(),
69 | CommunityData(comunidade),
70 | UdpTransportTarget((switch, 161)),
71 | ContextData(),
72 | ObjectType(ObjectIdentity('1.3.6.1.2.1.2.2.1.2')),
73 | ObjectType(ObjectIdentity('1.3.6.1.2.1.2.2.1.8')),
74 | ObjectType(ObjectIdentity('1.3.6.1.2.1.2.2.1.9')),
75 | ObjectType(ObjectIdentity('1.3.6.1.2.1.31.1.1.1.18')),
76 | lexicographicMode=False):
77 |
78 | if errorIndication:
79 | print(errorIndication)
80 | break
81 | elif errorStatus:
82 | print('%s at %s' % (errorStatus.prettyPrint(),
83 | errorIndex and varBinds[int(errorIndex)-1][0] or '?'))
84 | break
85 | else:
86 | zipped = zip(varBinds[0::4],varBinds[1::4],varBinds[2::4],varBinds[3::4])
87 | for ((t,description),(t,status),(t,iuptime),(t,alias)) in zipped:
88 | if ((iuptime>0) and (iuptimetarget)):
91 | print ("
"+alias+"
"+description+"
"+duration_human(downtime/100)+"
")
92 | print("
")
93 |
94 |
--------------------------------------------------------------------------------
/upTimePort/upTimePort.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | #pip install pyzabbix
3 | #Get a list of all switches and call external report script to create reports for it.
4 | #Rafael Gustavo Gassner - 08/07/2017
5 | from __future__ import print_function
6 | from pyzabbix import ZabbixAPI
7 | import os,re,errno
8 | import datetime
9 | switchGroupID=8
10 | user = "Admin"
11 | secret = "zabbix"
12 | community = "public"
13 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
14 | reportScript = "/root/scripts/upTimePort/report.py"
15 | outputDirectory = "/var/www/html/reports/upTimePort"
16 | zapi.session.auth = (user, secret)
17 | #zapi.session.verify = False
18 | zapi.login(user, secret)
19 | hosts=zapi.host.get(output="extend", selectInventory=True)
20 | if not hosts:
21 | print ("Empty list.")
22 | exit()
23 | now = datetime.datetime.now()
24 | directory=outputDirectory+"/"+str(now.year)+"/"+str(now.month)+"/"+str(now.day)+"/"
25 | try:
26 | os.makedirs(directory)
27 | except OSError as e:
28 | if e.errno != errno.EEXIST:
29 | raise
30 | for s in zapi.host.get(output="extend", selectInventory=True, groupids=[switchGroupID]):
31 | name=(s['name'])
32 | hostid=(s['hostid'])
33 | for i in zapi.hostinterface.get(hostids=[hostid],filter={"type": 2}):
34 | ip=(i['ip'])
35 | name=name.replace(" ","_")
36 | print (name+" "+ip)
37 | os.system(reportScript+" "+ip+" "+ community+" >"+directory+name+".html")
38 |
--------------------------------------------------------------------------------
/updateNamesFromInventory/README.md:
--------------------------------------------------------------------------------
1 | # updateNamesFromInventory
2 |
3 | This script has been developed to help fast Zabbix deploying, updating names from inventory field.
4 |
5 | ## Description
6 |
7 | Zabbix has a useful network discovery feature, but if you have to manually rename the discovered hosts, that would take too much time on a large environment.
8 | This script tries to solve this issue. It will copy the host name from inventory to the actual host name. You will want to configure automatic inventory for all hosts in you Discovery actions.
9 |
10 | All interaction with Zabbix is made through [PyZabbix](https://github.com/lukecyca/pyzabbix). Sometimes hosts have multiple interfaces, like servers, routers, firewalls, and are discovered more than once, and to save resources, only one of them should be monitored. You can configure a list of groups which hosts should be disabled if they have the same name.
11 |
12 | ## Instalation
13 |
14 | In a debian based system:
15 |
16 | apt-get install python-setuptools python-dev build-essential
17 | easy_install pip
18 | pip install --upgrade virtualenv
19 | pip install pyzabbix
20 |
21 | ## Configuration
22 |
23 | The following parameters are in the beginning of the updateNamesFromInventory.py script file. Configure the Zabbix user that will access the API. Ensure that it has enough rights to change the hosts the hosts:
24 |
25 | user = "Admin"
26 |
27 | The password for that user:
28 |
29 | secret = "zabbix"
30 |
31 | The URL for the Zabbix API:
32 |
33 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
34 |
35 | The ids of the hosts groups which should be disabled if repeated:
36 |
37 | disableIfDuplicatedGroups=[8,9]
38 |
39 | ## Usage
40 |
41 | ./updateNamesFromInventory.py
42 |
43 | This script has no parameters
44 |
45 | > Written with [StackEdit](https://stackedit.io/).
--------------------------------------------------------------------------------
/updateNamesFromInventory/updateNamesFromInventory.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | #pip install pyzabbix
3 | #Updates Zabbix host name if it is an ip address
4 | #If name from inventory has changed, update
5 | #If repeated name, insert name after ip
6 | #If host is in any of the predefined groups, and is repeated, disable the one with ip in the name
7 | #Rafael Gustavo Gassner - 06/2017
8 | from pyzabbix import ZabbixAPI
9 | import re
10 | #A situation you will want to disable if duplicated name is a server with multiple network addresses, for example.
11 | disableIfDuplicatedGroups=[8,9]
12 | user = "Admin"
13 | secret = "zabbix"
14 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
15 | zapi.session.auth = (user, secret)
16 | #zapi.session.verify = False
17 | first=1
18 | existsFlag=0
19 | prog = re.compile('([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$')
20 | isDuplicated = re.compile('([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})-.+$')
21 | zapi.login(user, secret)
22 | hosts=zapi.host.get(output="extend", selectInventory=True)
23 | if not hosts:
24 | print ("Empty list.")
25 | exit()
26 | for h in hosts:
27 | name=(h['name'])
28 | id=(h['hostid'])
29 | inventory=(h['inventory'])
30 | if inventory == []:
31 | continue
32 | print (name)
33 | if prog.match(name):
34 | if 'name' in inventory:
35 | if inventory['name'] != '':
36 | print (name," ",inventory['name'])
37 | #Verify if there is already a host with the name you will try to insert
38 | exists = zapi.host.get(filter={"host": inventory['name']})
39 | existsFlag=0
40 | for e in exists:
41 | if e['name'] == inventory['name']:
42 | print("Repeated name.")
43 | existsFlag=1
44 | zapi.host.update(hostid=id,name=name+"-"+inventory['name'])
45 | zapi.host.update(hostid=id,host=name+"-"+inventory['name'])
46 | if existsFlag == 0:
47 | zapi.host.update(hostid=id,name=inventory['name'])
48 | zapi.host.update(hostid=id,host=inventory['name'])
49 | else:
50 | print (name,"Inventory available, but name empty.")
51 | else:
52 | print (name, "Inventory not available.")
53 | else:
54 | #If there was an update and the name is not empty
55 | if (name != inventory['name']) and (inventory['name'] != ""):
56 | exists = zapi.host.get(filter={"host": inventory['name']})
57 | existsFlag=0
58 | for e in exists:
59 | if e['name'] == inventory['name']:
60 | existsFlag=1
61 | if existsFlag == 0:
62 | print (name," ",inventory['name'], "Is not an ip address. Names differ, updating from inventory.")
63 | zapi.host.update(hostid=id,name=inventory['name'])
64 | zapi.host.update(hostid=id,host=inventory['name'])
65 |
66 | print ("Disabling duplicated")
67 | servers=zapi.host.get(groupids=disableIfDuplicatedGroups)
68 | for r in servers:
69 | nameServer=(r['name'])
70 | idServer=(r['hostid'])
71 | if isDuplicated.match(nameServer):
72 | print (nameServer)
73 | zapi.host.update(hostid=int(idServer),status='1')
74 |
--------------------------------------------------------------------------------
/zabbixKibanaDictionaries/README.md:
--------------------------------------------------------------------------------
1 | # zabbixKibanaDictionaries
2 |
3 | Script to generate logstash dictionaries from zabbix host names and host groups. These data can be used in elastic search and Kibana reports.
4 |
5 | ## Description
6 |
7 | Zabbix can sometimes be used as a inventory data source and help the reporting in other tools. This script is for extracting information from zabbix hosts and hostgroups to create data dictionaries for other reporting tools.
8 |
9 | All interaction with Zabbix is made through [PyZabbix](https://github.com/lukecyca/pyzabbix).
10 | ## Instalation
11 |
12 | In a debian based system:
13 |
14 | apt-get install python-setuptools python-dev build-essential
15 | easy_install pip
16 | pip install --upgrade virtualenv
17 | pip install pyzabbix
18 |
19 | ## Configuration
20 |
21 | The following parameters are in the beginning of the zabbixKibanaDictionaries.py script file. Configure the Zabbix user that will access the API. Ensure that it has enough rights to change the hosts the hosts:
22 |
23 | user = "Admin"
24 |
25 | The password for that user:
26 |
27 | secret = "zabbix"
28 |
29 | The URL for the Zabbix API:
30 |
31 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
32 |
33 | ## Usage
34 |
35 | Usage: zabbixKibanaDictionaries.py [options]
36 |
37 | Options:
38 | -h, --help show this help message and exit
39 | -t TYPE, --type=TYPE output type: host, location, trend, environment, team,
40 | service or office [default: host]
41 |
42 | You probably will need to change the grouping regex to match your requirements.
43 |
44 | Sample Dictionary output:
45 |
46 | "127.0.0.1": Zabbix server
47 | "192.168.1.1": Roteador Adsl
48 |
49 |
50 | Logstash sample configuration:
51 |
52 | filter {
53 | translate {
54 | override = true
55 | field => "[sflow.ReporterIP]"
56 | destination => "[sflow.ReporterName]"
57 | dictionary => "/path/to/dictionary.yaml"
58 | }
59 | }
60 |
61 | > Written with [StackEdit](https://stackedit.io/).
--------------------------------------------------------------------------------
/zabbixKibanaDictionaries/zabbixKibanaDictionaries.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | # -*- coding: utf-8 -*-
3 | #pip install pyzabbix
4 |
5 | import sys
6 | reload(sys)
7 | sys.setdefaultencoding('utf8')
8 |
9 | from pyzabbix import ZabbixAPI
10 | import os,re
11 | from optparse import OptionParser
12 |
13 | parser = OptionParser()
14 | parser.add_option("-t", "--type",
15 | default="host",
16 | help="output type: host, location, trend, environment, team, "
17 | "service or office [default: %default]")
18 | (options, args) = parser.parse_args()
19 |
20 | user = "Admin"
21 | secret = "zabbix"
22 | zapi = ZabbixAPI("http://127.0.0.1/zabbix")
23 | ips = {}
24 | isTeam = re.compile('^Equipe - .*$')
25 | isType = re.compile('^Tipo - .*$')
26 | isLocation = re.compile('^Localidade - .*$')
27 | isOffice = re.compile('^Unidade - .*$')
28 | isService = re.compile('^Servi.* - .*$')
29 | isTrend = re.compile('^Marca - .*$')
30 | isEnvironment = re.compile('^Ambiente - .*$')
31 | zapi.session.auth = (user, secret)
32 | zapi.login(user, secret)
33 | hosts=zapi.host.get()
34 | if not hosts:
35 | print ("Empty list.")
36 | exit()
37 | for h in hosts:
38 | name=(h['name'])
39 | status=(h['status'])
40 | hostId=(h['hostid'])
41 | #filter enabled hosts
42 | if (status == "0" ) or (status == "1"):
43 | if (options.type == "host"):
44 | ifaces=zapi.hostinterface.get(hostids=[hostId])
45 | for iface in ifaces:
46 | ips={iface['ip']:"1"}
47 | for key in ips:
48 | print ("\""+key+"\": "+name)
49 | break
50 | ips={}
51 | if (options.type == "location"):
52 | ifaces=zapi.hostinterface.get(hostids=[hostId])
53 | for iface in ifaces:
54 | ips={iface['ip']:"1"}
55 | for key in ips:
56 | groups=zapi.hostgroup.get(hostids=[hostId])
57 | for g in groups:
58 | if isLocation.match(g['name']):
59 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
60 | break
61 | ips={}
62 | if (options.type == "trend"):
63 | ifaces=zapi.hostinterface.get(hostids=[hostId])
64 | for iface in ifaces:
65 | ips={iface['ip']:"1"}
66 | for key in ips:
67 | groups=zapi.hostgroup.get(hostids=[hostId])
68 | for g in groups:
69 | if isTrend.match(g['name']):
70 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
71 | break
72 | ips={}
73 | if (options.type == "team"):
74 | ifaces=zapi.hostinterface.get(hostids=[hostId])
75 | for iface in ifaces:
76 | ips={iface['ip']:"1"}
77 | for key in ips:
78 | groups=zapi.hostgroup.get(hostids=[hostId])
79 | for g in groups:
80 | if isTeam.match(g['name']):
81 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
82 | break
83 | ips={}
84 | if (options.type == "type"):
85 | ifaces=zapi.hostinterface.get(hostids=[hostId])
86 | for iface in ifaces:
87 | ips={iface['ip']:"1"}
88 | for key in ips:
89 | groups=zapi.hostgroup.get(hostids=[hostId])
90 | for g in groups:
91 | if isType.match(g['name']):
92 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
93 | break
94 | ips={}
95 | if (options.type == "environment"):
96 | ifaces=zapi.hostinterface.get(hostids=[hostId])
97 | for iface in ifaces:
98 | ips={iface['ip']:"1"}
99 | for key in ips:
100 | groups=zapi.hostgroup.get(hostids=[hostId])
101 | for g in groups:
102 | if isEnvironment.match(g['name']):
103 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
104 | break
105 | ips={}
106 | if (options.type == "office"):
107 | ifaces=zapi.hostinterface.get(hostids=[hostId])
108 | for iface in ifaces:
109 | ips={iface['ip']:"1"}
110 | for key in ips:
111 | groups=zapi.hostgroup.get(hostids=[hostId])
112 | for g in groups:
113 | if isOffice.match(g['name']):
114 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
115 | break
116 | ips={}
117 | if (options.type == "service"):
118 | ifaces=zapi.hostinterface.get(hostids=[hostId])
119 | for iface in ifaces:
120 | ips={iface['ip']:"1"}
121 | for key in ips:
122 | groups=zapi.hostgroup.get(hostids=[hostId])
123 | for g in groups:
124 | if isService.match(g['name']):
125 | print ("\""+key+"\": "+(g['name']).split(" ",2)[2])
126 | break
127 | ips={}
128 |
--------------------------------------------------------------------------------