1 | #!/usr/bin/perl -w |
---|
2 | # -*- perl -*- |
---|
3 | # vim: ft=perl |
---|
4 | |
---|
5 | # Copyright Quentin Smith <quentin@mit.edu> |
---|
6 | # and Bjorn Ruberg <bjorn@ruberg.no> |
---|
7 | # Licenced under GPL v2 |
---|
8 | # |
---|
9 | |
---|
10 | # We use one script for all monitoring. |
---|
11 | # This script may be symlinked with several names, all |
---|
12 | # performing different functions: |
---|
13 | # 389ds_statistics_bytes |
---|
14 | # 389ds_statistics_pdu |
---|
15 | # 389ds_statistics_referrals |
---|
16 | # 389ds_statistics_entries |
---|
17 | # 389ds_connections |
---|
18 | # 389ds_waiters |
---|
19 | # 389ds_operations |
---|
20 | # 389ds_operations_diff |
---|
21 | |
---|
22 | # Magic markers |
---|
23 | #%# family=auto |
---|
24 | #%# capabilities=autoconf suggest |
---|
25 | |
---|
26 | use strict; |
---|
27 | |
---|
28 | my $ret = ''; |
---|
29 | |
---|
30 | if (! eval "require Net::LDAP;") { |
---|
31 | $ret = "Net::LDAP not found"; |
---|
32 | } |
---|
33 | |
---|
34 | use vars qw ( $config $param $act $scope $descr $cn $vlabel |
---|
35 | $info $title $label); |
---|
36 | |
---|
37 | # Change these to reflect your LDAP ACL. The given DN must have |
---|
38 | # read access to the Monitor branch. |
---|
39 | my $basedn = "cn=Monitor"; |
---|
40 | my $server = ($ENV{'server'} || 'localhost'); |
---|
41 | my $userdn = ($ENV{'binddn'} || ''); |
---|
42 | my $userpw = ($ENV{'bindpw'} || ''); |
---|
43 | |
---|
44 | # Remember: connections, bytes, pdu needs scope=base |
---|
45 | |
---|
46 | # http://www.icir.org/fenner/mibs/extracted/DIRECTORY-SERVER-MIB-rfc2605.txt |
---|
47 | |
---|
48 | # The possible measurements |
---|
49 | my %ops = |
---|
50 | ( |
---|
51 | # Only read Total |
---|
52 | 'connections' |
---|
53 | => { |
---|
54 | 'search' => 'cn=monitor', |
---|
55 | 'searchattr' => 'totalconnections', |
---|
56 | 'desc' => 'The number of connections', |
---|
57 | 'label' => 'connections', |
---|
58 | 'vlabel' => 'connections/${graph_period}', |
---|
59 | 'title' => 'Connection rate', |
---|
60 | 'info' => 'Rate of connections to the LDAP server', |
---|
61 | 'scope' => "base" |
---|
62 | }, |
---|
63 | 'connections_active' |
---|
64 | => { |
---|
65 | 'search' => 'cn=monitor', |
---|
66 | 'searchattr' => 'currentconnections', |
---|
67 | 'desc' => 'The number of connections', |
---|
68 | 'label' => 'connections', |
---|
69 | 'vlabel' => 'connections', |
---|
70 | 'type' => 'GAUGE', |
---|
71 | 'title' => 'Active connections', |
---|
72 | 'info' => 'Number of connections to the LDAP server', |
---|
73 | 'scope' => "base" |
---|
74 | }, |
---|
75 | 'binds' |
---|
76 | => { |
---|
77 | 'search' => 'cn=snmp,cn=monitor', |
---|
78 | 'label2' => { |
---|
79 | 'anonymousbinds' => 'Anonymous', |
---|
80 | 'unauthbinds' => 'Unauthenticated', |
---|
81 | 'simpleauthbinds' => 'Simple authentication', |
---|
82 | 'strongauthbinds' => 'Strong authentication', |
---|
83 | 'bindsecurityerrors' => 'Errors', |
---|
84 | }, |
---|
85 | 'desc' => 'The number of binds', |
---|
86 | 'vlabel' => 'binds/${graph_period}', |
---|
87 | 'type' => 'DERIVE', |
---|
88 | 'title' => 'Binds', |
---|
89 | 'info' => 'Number of binds to the LDAP server', |
---|
90 | 'scope' => "base" |
---|
91 | }, |
---|
92 | 'statistics_bytes' |
---|
93 | => { |
---|
94 | 'search' => "cn=monitor", |
---|
95 | 'searchattr' => 'bytessent', |
---|
96 | 'desc' => "The number of bytes sent by the LDAP server.", |
---|
97 | 'vlabel' => 'bytes/${graph_period}', |
---|
98 | 'label' => 'bytes', |
---|
99 | 'title' => "Number of bytes sent", |
---|
100 | 'info' => "The graph shows the number of bytes sent", |
---|
101 | 'scope' => "base" |
---|
102 | }, |
---|
103 | # Entries |
---|
104 | 'statistics_entries' |
---|
105 | => { |
---|
106 | 'search' => "cn=monitor", |
---|
107 | 'searchattr' => 'entriessent', |
---|
108 | 'desc' => "The number of entries sent by the LDAP server.", |
---|
109 | 'vlabel' => 'entries/${graph_period}', |
---|
110 | 'label' => 'entries', |
---|
111 | 'title' => "Number of LDAP Entries", |
---|
112 | 'info' => "The graph shows the number of entries sent", |
---|
113 | 'scope' => "base" |
---|
114 | }, |
---|
115 | 'operations' |
---|
116 | => { |
---|
117 | 'search' => 'cn=snmp,cn=monitor', |
---|
118 | 'label2' => { |
---|
119 | readops => 'Read', |
---|
120 | compareops => 'Compare', |
---|
121 | addentryops => 'Add entry', |
---|
122 | removeentryops => 'Remove entry', |
---|
123 | modifyentryops => 'Modify entry', |
---|
124 | modifyrdnops => 'Modify RDN', |
---|
125 | listops => 'List', |
---|
126 | searchops => 'Search', |
---|
127 | onelevelsearchops => 'One-level search', |
---|
128 | wholesubtreesearchops => 'Subtree search', |
---|
129 | errors => 'Error', |
---|
130 | securityerrors => 'Security error', |
---|
131 | }, |
---|
132 | 'desc' => 'The number of operations', |
---|
133 | 'vlabel' => 'ops/${graph_period}', |
---|
134 | 'type' => 'DERIVE', |
---|
135 | 'title' => 'Operations', |
---|
136 | 'info' => 'Number of completed LDAP operations', |
---|
137 | 'scope' => "base" |
---|
138 | }, |
---|
139 | ); |
---|
140 | |
---|
141 | # Config subroutine |
---|
142 | sub config { |
---|
143 | my $action = shift; |
---|
144 | if(!exists $ops{$action}) { |
---|
145 | die "Unknown action specified: $action"; |
---|
146 | } |
---|
147 | print <<EOF; |
---|
148 | graph_args --base 1000 -l 0 |
---|
149 | graph_vlabel $ops{$action}->{'vlabel'} |
---|
150 | graph_title $ops{$action}->{'title'} |
---|
151 | graph_category 389-ds |
---|
152 | graph_info $ops{$action}->{'info'} |
---|
153 | EOF |
---|
154 | |
---|
155 | if ($ops{$action}->{'label2'}) { |
---|
156 | while (my ($key, $val) = each (%{$ops{$action}->{'label2'}})) { |
---|
157 | my $name = $action . "_" . $key; |
---|
158 | print "$name.label $val\n"; |
---|
159 | print "$name.type ",$ops{$action}->{'type'}||"DERIVE","\n"; |
---|
160 | } |
---|
161 | } else { |
---|
162 | print "$action.label $ops{$action}->{'label'}\n"; |
---|
163 | print "$action.type ",$ops{$action}->{'type'}||"DERIVE","\n"; |
---|
164 | print "$action.min 0\n"; |
---|
165 | } |
---|
166 | } |
---|
167 | |
---|
168 | sub autoconf { |
---|
169 | # Check for Net::LDAP |
---|
170 | if ($ret) { |
---|
171 | print "no ($ret)\n"; |
---|
172 | exit 0; |
---|
173 | } |
---|
174 | |
---|
175 | # Check for LDAP version 3 |
---|
176 | my $ldap = Net::LDAP->new ($server, version => 3) |
---|
177 | or do { print "no ($@)\n"; exit 0; }; |
---|
178 | |
---|
179 | my $mesg; |
---|
180 | if ($userdn ne '') { |
---|
181 | $mesg = $ldap->bind ($userdn, password => $userpw) |
---|
182 | or do { print "no ($@)\n"; exit 0; }; |
---|
183 | } else { |
---|
184 | $mesg = $ldap->bind |
---|
185 | or do { print "no ($@)\n"; exit 0; }; |
---|
186 | } |
---|
187 | if ($mesg->code) { |
---|
188 | print "no (" . $mesg->error . ")\n"; |
---|
189 | exit 0; |
---|
190 | } |
---|
191 | |
---|
192 | $mesg = |
---|
193 | $ldap->search ( |
---|
194 | base => $basedn, |
---|
195 | scope => 'one', |
---|
196 | filter => '(objectClass=monitorServer)', |
---|
197 | attrs => 'cn', |
---|
198 | ); |
---|
199 | if ($mesg->code) { |
---|
200 | print "no (" . $mesg->error . ")\n"; |
---|
201 | exit 0; |
---|
202 | } |
---|
203 | print "yes\n"; |
---|
204 | exit 0; |
---|
205 | } |
---|
206 | |
---|
207 | # Determine action based on filename first |
---|
208 | |
---|
209 | if ($ARGV[0]) { |
---|
210 | if ($ARGV[0] eq 'autoconf') { |
---|
211 | autoconf(); |
---|
212 | } elsif ($ARGV[0] eq "suggest") { |
---|
213 | print "$0\n"; |
---|
214 | } elsif ($ARGV[0] eq "config") { |
---|
215 | foreach my $action (keys %ops) { |
---|
216 | print "multigraph 389ds_", $action, "\n"; |
---|
217 | &config ($action); |
---|
218 | } |
---|
219 | } |
---|
220 | exit 0; |
---|
221 | } |
---|
222 | |
---|
223 | # Net::LDAP variant |
---|
224 | my $ldap = Net::LDAP->new ($server, version => 3) |
---|
225 | or die "Failed to connect to server $server: $@"; |
---|
226 | my $mesg; |
---|
227 | if ($userdn ne '') { |
---|
228 | $mesg = $ldap->bind ($userdn, password => $userpw) |
---|
229 | or die "Failed to bind with $userdn: $@"; |
---|
230 | } else { |
---|
231 | $mesg = $ldap->bind |
---|
232 | or die "Failed to bind anonymously: $@"; |
---|
233 | } |
---|
234 | if ($mesg->code) { |
---|
235 | die "Failed to bind: " . $mesg->error; |
---|
236 | } |
---|
237 | |
---|
238 | foreach my $action (keys %ops) { |
---|
239 | print "multigraph 389ds_", $action, "\n"; |
---|
240 | |
---|
241 | # Default scope for LDAP searches. We'll change to other scopes if |
---|
242 | # necessary. |
---|
243 | $scope = "one"; |
---|
244 | |
---|
245 | my $searchdn = $ops{$action}->{'search'}; |
---|
246 | my $searchattrs; |
---|
247 | |
---|
248 | if ($ops{$action}->{'label2'}) { |
---|
249 | $searchattrs = [keys %{$ops{$action}->{'label2'}}]; |
---|
250 | } else { |
---|
251 | $searchattrs = [$ops{$action}->{'searchattr'} || 'monitorCounter', 'cn']; |
---|
252 | } |
---|
253 | |
---|
254 | my $filter; |
---|
255 | if ($ops{$action}->{'filter'}) { |
---|
256 | $filter = "(&(objectclass=*)" . $ops{$action}->{'filter'} . ")"; |
---|
257 | } else { |
---|
258 | $filter = "(objectClass=*)"; |
---|
259 | } |
---|
260 | |
---|
261 | if ($ops{$action}->{'scope'}) { |
---|
262 | $scope = $ops{$action}->{'scope'}; |
---|
263 | } |
---|
264 | |
---|
265 | my @search = ( |
---|
266 | base => $searchdn, |
---|
267 | scope => $scope, |
---|
268 | filter => $filter, |
---|
269 | attrs => $searchattrs, |
---|
270 | ); |
---|
271 | |
---|
272 | #use Data::Dumper; print Dumper({@search}); |
---|
273 | |
---|
274 | $mesg = |
---|
275 | $ldap->search (@search); |
---|
276 | |
---|
277 | $mesg->code && die $mesg->error; |
---|
278 | |
---|
279 | my $max = $mesg->count; |
---|
280 | |
---|
281 | for (my $i = 0 ; $i < $max ; $i++) { |
---|
282 | my $entry = $mesg->entry ($i); |
---|
283 | my $cn = $entry->get_value('cn'); |
---|
284 | if ($ops{$action}->{'label2'}) { |
---|
285 | foreach my $attr (keys %{$ops{$action}->{'label2'}}) { |
---|
286 | print lc ("${action}_${attr}.value "); |
---|
287 | print $entry->get_value($attr), "\n"; |
---|
288 | } |
---|
289 | } else { |
---|
290 | print lc ("${action}.value "); |
---|
291 | print $entry->get_value($ops{$action}->{'searchattr'} || 'monitorCounter'), "\n"; |
---|
292 | } |
---|
293 | } |
---|
294 | } |
---|
295 | $ldap->unbind; |
---|