Icinga check_http通过代理服务器

时间:2019-02-08 09:44:53

标签: http proxy icinga

我不知道如何使用Icinga的check_http模块来使用http代理。

我尝试使用hosts.conf中的以下条目来实现这一目标。

object Host "host.local.ch" {
  import "generic-host"
  address = "192.168.200.20"
  vars.http_vhosts["http"] = {
    http_uri = "/"
    http_proxy = "127.0.0.1"
    http_proxy_port = 5016
  }
}

1 个答案:

答案 0 :(得分:0)

我找到了一个脚本,对其进行了编辑,并为Icinga的示例用法创建了文件,在这里找到它: https://github.com/ozzi-/icinga-check-http-proxy

保存以下脚本(/etc/icinga2/scripts/check_http_proxy.sh):

#!/bin/bash
# Author: ozzi- , forked from scott.liao (https://github.com/shazi7804/icinga-check-http-proxy)
# Description: ICINGA2 http check with proxy support

# startup checks
if [ -z "$BASH" ]; then
  echo "Please use BASH."
  exit 3
fi
if [ ! -e "/usr/bin/which" ]; then
  echo "/usr/bin/which is missing."
  exit 3
fi
wget=$(which wget)
if [ $? -ne 0 ]; then
  echo "Please install wget."
  exit 3
fi

# Default Values
ssl=""
useragent=""
host=""
port=""
proxy=""
url="/"
times=1
timeout=5
warning=700
critical=2000
certificate=""
bindaddress=""

#set system proxy from environment
getProxy() {
  if [ -z "$1" ]; then
    echo $http_proxy | awk -F'http://' '{print $2}'
  else
    echo $https_proxy | awk -F'http://' '{print $2}'
  fi
}

# Usage Info
usage() {
  echo '''Usage: check_http_proxy [OPTIONS]
  [OPTIONS]:
  -p PORT        Port to connect to (default: 80)
  -u URL         URL path (default: /)
  -H HOSTNAME    Destination Hostname
  -a USERAGENT   Sends a useragent and mimics other request headers of a browser
  -s             Use HTTPS proxy (default connecting to proxy via http)
  -P PROXY       Sets the proxy ip:port (i.e. 127.0.0.1:8840)
  -w WARNING     warning threshold in milliseconds (default: 700)
  -c CRITICAL    Critical threshold in milliseconds (default: 2000)
  -n TRIES       Number of connection attempts (default: 1)
  -t TIMEOUT     Seconds to wait for connection (timeout) (default: 5)
  -C CERTIFICATE Path to a client certificate (PEM and DER file types supported)
  -b IP          Bind address for wget (default: IP of primary networking interface)'''
}

# Check which threshold was reached
checkTime() {
  if [ $1 -gt $critical ]; then
    echo -n "CRITICAL"
  elif [ $1 -gt $warning ]; then
    echo -n "WARNING"
  else
    echo -n "OK"
  fi
}

# Return code value
getStatus() {
  if [ $1 -gt $critical ]; then
    return 2
  elif [ $1 -gt $warning ]; then
    return 1
  else
    return 0
  fi
}

#main
#get options
while getopts "c:p:s:a:w:u:P:H:n:t:C:b:" opt; do
  case $opt in
    c)
      critical=$OPTARG
      ;;
    p)
      port=$OPTARG
      ;;
    s)
      ssl=1
      ;;
    a)
      useragent=$OPTARG
      ;;
    w)
      warning=$OPTARG
      ;;
    u)
      url=$OPTARG
      ;;
    P)
      proxy=$OPTARG
      ;;
    H)
      hostname=$OPTARG
      ;;
    n)
      times=$OPTARG
      ;;
    t)
      timeout=$OPTARG
      ;;
    C)
      client_certificate=$OPTARG
      ;;
    b)
      bindaddress=$OPTARG
      ;;
    *)
      usage
      exit 3
      ;;
  esac
done

#define host with last parameter
host=$hostname

#hostname is required
if [ -z "$host" ] || [ $# -eq 0 ]; then
  echo "Error: host is required"
  usage
  exit 3
fi

#set proxy from environment if available and no proxy option is given
if [ -z "$proxy" ]; then
  proxy="$(getProxy ssl)"
fi

#use ssl or not
if [ -z "$ssl" ]; then
  header="HTTP"
  proxy_cmd="http_proxy=$proxy"
  url_prefix="http://"
else
  header="HTTPS"
  proxy_cmd="https_proxy=$proxy"
  url_prefix="https://"
fi

#different port
if [ -z "$port" ]; then
  url="${url_prefix}${host}${url}"
else
  url="${url_prefix}${host}:${port}${url}"
fi

start=$(echo $(($(date +%s%N)/1000000)))

if [ -z "$useragent" ]; then
  if [ -z "$client_certificate" ]; then
    #execute and capture execution time and return status of wget
    $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url
    status=$?
  elif [ -n "$client_certificate" ]; then
    #execute and capture execution time and return status of wget with client certificate
    $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url
    status=$?
  fi
else
  if [ -n "$client_certificate" ]; then
    $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url \
    --header="User-Agent: $useragent" \
    --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
    --header="Accept-Language: en-us,en;q=0.5" \
    --header="Accept-Encoding: gzip, deflate"
    status=$?
  else
    #execute with fake user agent and capture execution time and return status of wget
    $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url \
    --header="User-Agent: $useragent" \
    --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
    --header="Accept-Language: en-us,en;q=0.5" \
    --header="Accept-Encoding: gzip, deflate"
    status=$?
  fi
fi
end=$(echo $(($(date +%s%N)/1000000)))

#decide output by return code
if [ $status -eq 0 ] ; then
  echo "${header} $(checkTime $((end - start))): $((end - start))ms - ${url}|time=$((end - start))ms;${warning};${critical};0;"
  getStatus $((end - start))
  exit $?
else
  case $status in
    1)
      echo "${header} CRITICAL: Generic error code ($status) - ${url}"
      ;;
    2)
      echo "${header} CRITICAL: Parse error ($status) - ${url}"
      ;;
    3)
      echo "${header} CRITICAL: File I/O error ($status) - ${url}"
      ;;
    4)
      echo "${header} CRITICAL: Network failure ($status) - ${url}"
      ;;
    5)
      echo "${header} CRITICAL: SSL verification failure ($status) - ${url}"
      ;;
    6)
      echo "${header} CRITICAL: Authentication failure ($status) - ${url}"
      ;;
    7)
      echo "${header} CRITICAL: Protocol errors ($status) - ${url}"
      ;;
    8)
      echo "${header} CRITICAL: Server issued an error response ($status) - ${url}"
      ;;
    *)
      echo "${header} UNKNOWN: $status - ${url}"
      exit 3
      ;;
  esac
  exit 2
fi

Icinga命令定义(/etc/icinga2/conf.d/commands.conf):

object CheckCommand "check-http-proxy" {
  command = [ ConfigDir + "/scripts/check_http_proxy.sh" ]
  arguments += {
    "-p" = {
      value = "$chp_port$"
      description = "Port to connect to (default: 80)"
    }
    "-u" = {
      value = "$chp_url$"
      description = "URL path (default: /)"
    }
    "-H" = {
      required = true
      value = "$chp_hostname$"
      description = "Destination Hostname"
    }
    "-s" = {
      value = "$chp_ssl$"
      description = "Use HTTPS proxy (default: http proxy)"
    }
    "-P" = {
      required = true
      value = "$chvp_proxy$"
      description = "Sets the proxy ip:port (i.e. 127.0.0.1:8840)"
    }
    "-a" = {
      value = "$chp_useragent$"
      description = "Sends a useragent and mimics other request headers of a browser"
    }
    "-w" = {
      value = "$chp_warning_timeout$"
      description = "Warning threshold in milliseconds (default: 700)"
    }
    "-c" = {
      value = "$chp_critical_timeout$"
      description = "Critical threshold in milliseconds (default: 2000)"
    }
    "-b" = {
      value = "$chp_bind_adr$"
      description = "Bind address for wget (default: IP of primary networking interface)"
    }
    "-n" = {
      value = "$chp_tries$"
      description = "Number of connection attempts (default: 1)"
    }
    "-t" = {
      value = "$chp_timeout$"
      description = "Seconds to wait for connection (timeout) (default: 5)"
    }
    "-C" = {
      value = "$chp_certificate$"
      description = "Path to a client certificate (PEM and DER file types supported)"
    }
  }
}

在/etc/icinga2/conf.d/hosts.conf中的用法

object Host "sub.domain.ch" {
  check_command = "check-http-proxy"
  vars.chp_hostname = "sub.domain.ch"
  vars.chp_proxy = "127.0.0.1:5016"
}