307 lines
13 KiB
Python
Executable File
307 lines
13 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import argparse
|
|
import sys
|
|
import traceback
|
|
from datetime import datetime
|
|
|
|
import requests
|
|
from urllib3.exceptions import InsecureRequestWarning
|
|
|
|
from checker import nagios
|
|
from checker import print_icinga2_check_status
|
|
from checker.http import fetch_with_retry
|
|
from checker.linuxfabric.base import get_state
|
|
from checker.units import human_readable_size
|
|
|
|
|
|
def transform_inputs(old_dict):
|
|
new_dict = {}
|
|
for key in old_dict:
|
|
for item in old_dict[key]:
|
|
new_key = item['id']
|
|
new_dict[new_key] = item
|
|
return new_dict
|
|
|
|
|
|
def parse_traffic_ts(ts: str):
|
|
datetime_obj = datetime.strptime(ts, '%Y-%m-%dT%H:%M:%S.%fZ')
|
|
current_time = datetime.now()
|
|
time_diff = current_time - datetime_obj
|
|
return time_diff.total_seconds() < 24 * 60 * 60 # less than 24 hrs ago?
|
|
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser(description='Check Graylog input health')
|
|
parser.add_argument('-u', '--url', required=True, help='The base Graylog URL')
|
|
parser.add_argument('-t', '--token', required=True, help='Graylog API token')
|
|
parser.add_argument('-i', '--input', help='Input ID to check. If unset, will check cluster metrics')
|
|
parser.add_argument('--warn-mem', type=int, default=75, help='Percentage of JVM memory used for warm')
|
|
parser.add_argument('--crit-mem', type=int, default=100, help='Percentage of JVM memory used for critical')
|
|
parser.add_argument('--insecure', action='store_false', help="Don't verify SSL")
|
|
parser.add_argument('--crit-notif', action='store_true', help='Return critical when there are notifications')
|
|
parser.add_argument('--ignore-update-notif', action='store_true', help='Ignore any update notifications')
|
|
parser.add_argument('--html', action='store_true', help='Print HTML')
|
|
parser.add_argument('--cluster-metrics', action='store_true',
|
|
help='Also gather cluster metrics and check for notifications')
|
|
args = parser.parse_args()
|
|
|
|
base_url = args.url.strip('/')
|
|
if not args.input:
|
|
args.cluster_metrics = True
|
|
|
|
if not args.insecure:
|
|
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
|
|
|
headers = {
|
|
'Accept': 'application/json',
|
|
'X-Requested-By': 'XMLHttpRequest',
|
|
}
|
|
|
|
text_result = ''
|
|
metrics_json = {
|
|
'metrics': [
|
|
'org.graylog2.throughput.input.1-sec-rate',
|
|
'org.graylog2.throughput.output.1-sec-rate',
|
|
"org.graylog2.journal.append.1-sec-rate",
|
|
"org.graylog2.journal.read.1-sec-rate",
|
|
"org.graylog2.journal.segments",
|
|
"org.graylog2.journal.entries-uncommitted",
|
|
"jvm.memory.heap.used",
|
|
"jvm.memory.heap.committed",
|
|
"jvm.memory.heap.max"
|
|
],
|
|
}
|
|
|
|
if args.input:
|
|
input_data = transform_inputs(
|
|
fetch_with_retry(f'{base_url}/api/cluster/inputstates', headers=headers, auth=(args.token, 'token'),
|
|
verify=args.insecure).json()).get(args.input, {})
|
|
# Get it over with
|
|
if bool(input_data) and input_data.get('state') == 'RUNNING':
|
|
input_name = input_data["message_input"]["title"]
|
|
text_result = f'Graylog input "{input_name}" is running.'
|
|
else:
|
|
input_name = args.input
|
|
if args.html:
|
|
text_result = f'Graylog input <a href="{base_url}/system/inputs" target="_blank">"{input_name}" is not running!</a>'
|
|
else:
|
|
text_result = f'Graylog input "{input_name}" is not running!'
|
|
print_icinga2_check_status(text_result, nagios.STATE_CRIT)
|
|
sys.exit(nagios.STATE_CRIT)
|
|
|
|
# If the input is running, continue gathering metrics and other health checks
|
|
input_name_clean = input_name.lower().replace(' ', '_').replace('-', '_')
|
|
|
|
type = input_data['message_input']['type']
|
|
metrics_json['metrics'] = metrics_json['metrics'] + [
|
|
f'{type}.{args.input}.incomingMessages',
|
|
f'{type}.{args.input}.open_connections',
|
|
f'{type}.{args.input}.total_connections',
|
|
f'{type}.{args.input}.written_bytes_1sec',
|
|
f'{type}.{args.input}.written_bytes_total',
|
|
f'{type}.{args.input}.read_bytes_1sec',
|
|
f'{type}.{args.input}.read_bytes_total',
|
|
]
|
|
|
|
r = fetch_with_retry(f'{base_url}/api/cluster/metrics/multiple', method='post', headers=headers,
|
|
auth=(args.token, 'token'),
|
|
verify=args.insecure, json=metrics_json).json()
|
|
input_metrics = r[list(r.keys())[0]]['metrics']
|
|
|
|
# Format the metrics for later
|
|
metrics_data = {}
|
|
for metric in input_metrics:
|
|
if args.input:
|
|
name = metric['full_name'].replace(type, '').replace('org.graylog2.', '').replace(args.input, '')
|
|
else:
|
|
name = metric['full_name'].replace('org.graylog2.', '')
|
|
name = name.strip('.').replace('-', '_').replace('.', '_')
|
|
value = None
|
|
if 'value' in metric['metric']:
|
|
value = metric["metric"]["value"]
|
|
elif 'count' in metric['metric']:
|
|
value = metric["metric"]["count"]
|
|
elif 'rate' in metric['metric']:
|
|
value = metric["metric"]["rate"]["one_minute"]
|
|
name = f'{name}_one_minute'
|
|
value = int(value)
|
|
metrics_data[name] = value
|
|
|
|
perfdata = {}
|
|
|
|
if args.input:
|
|
# Some metric names are changed for better readability
|
|
perfdata.update({
|
|
f'{input_name_clean}_incoming_messages_rate_per_sec_1min': {
|
|
'value': metrics_data['incomingMessages_one_minute'],
|
|
'min': 0,
|
|
},
|
|
f'{input_name_clean}_connections': {
|
|
'value': metrics_data['open_connections'],
|
|
'min': 0,
|
|
},
|
|
f'{input_name_clean}_network_out_total_1sec': {
|
|
'value': metrics_data['written_bytes_1sec'],
|
|
'min': 0,
|
|
'unit': 'B',
|
|
},
|
|
f'{input_name_clean}_network_out_total_total': {
|
|
'value': metrics_data['written_bytes_total'],
|
|
'min': 0,
|
|
'unit': 'B',
|
|
},
|
|
f'{input_name_clean}_network_in_1sec': {
|
|
'value': metrics_data['read_bytes_1sec'],
|
|
'min': 0,
|
|
'unit': 'B',
|
|
},
|
|
f'{input_name_clean}_network_in_total': {
|
|
'value': metrics_data['read_bytes_total'],
|
|
'min': 0,
|
|
'unit': 'B',
|
|
}
|
|
})
|
|
|
|
if args.cluster_metrics:
|
|
jvm_mem_usage_warn = int(metrics_data['jvm_memory_heap_max'] / int(100 / args.warn_mem))
|
|
jvm_mem_usage_crit = int(metrics_data['jvm_memory_heap_max'] / int(100 / args.crit_mem))
|
|
|
|
# Get traffic data for last 24 hrs
|
|
traffic_last_24_hrs = fetch_with_retry(f'{base_url}/api/system/cluster/traffic?daily=false', headers=headers,
|
|
auth=(args.token, 'token'), verify=args.insecure).json()
|
|
input_traffic_avg = sum([v for k, v in traffic_last_24_hrs['input'].items() if parse_traffic_ts(k)])
|
|
output_traffic_avg = sum([v for k, v in traffic_last_24_hrs['output'].items() if parse_traffic_ts(k)])
|
|
|
|
elasticsearch_health = fetch_with_retry(f'{base_url}/api/system/indexer/cluster/health', headers=headers,
|
|
auth=(args.token, 'token'), verify=args.insecure).json()
|
|
elasticsearch_status = elasticsearch_health['status'].lower()
|
|
elasticsearch_active_shards = elasticsearch_health['shards']['active']
|
|
|
|
indexer_failures = fetch_with_retry(f'{base_url}/api/system/indexer/failures?limit=10&offset=0',
|
|
headers=headers, auth=(args.token, 'token'), verify=args.insecure).json()
|
|
|
|
perfdata.update({
|
|
'throughput_input_1_sec_rate': {
|
|
'value': int(metrics_data['throughput_input_1_sec_rate']),
|
|
'min': 0,
|
|
},
|
|
'throughput_output_1_sec_rate': {
|
|
'value': int(metrics_data['throughput_output_1_sec_rate']),
|
|
'min': 0,
|
|
},
|
|
'entries_uncommitted': {
|
|
'value': metrics_data['journal_entries_uncommitted'],
|
|
'min': 0,
|
|
},
|
|
'jvm_memory_used': {
|
|
'value': metrics_data['jvm_memory_heap_used'],
|
|
'min': 0,
|
|
'warn': jvm_mem_usage_warn,
|
|
'crit': jvm_mem_usage_crit,
|
|
'max': int(metrics_data['jvm_memory_heap_max']),
|
|
'unit': 'B',
|
|
},
|
|
'network_traffic_in_avg': {
|
|
'value': input_traffic_avg,
|
|
'min': 0,
|
|
'unit': 'B',
|
|
},
|
|
'to_elasticsearch_24hrs_avg': {
|
|
'value': output_traffic_avg,
|
|
'min': 0,
|
|
'unit': 'B',
|
|
},
|
|
'elasticsearch_active_shards': {
|
|
'value': elasticsearch_active_shards,
|
|
'min': 0
|
|
},
|
|
'indexer_failures': {
|
|
'value': indexer_failures['total'],
|
|
'warn': 1,
|
|
'crit': 1,
|
|
'min': 0,
|
|
},
|
|
})
|
|
|
|
# Check for notifications
|
|
if args.cluster_metrics:
|
|
notifications_query = fetch_with_retry(f'{base_url}/api/system/notifications', headers=headers,
|
|
auth=(args.token, 'token'), verify=args.insecure).json()
|
|
|
|
notifications = []
|
|
for notif in notifications_query['notifications']:
|
|
if notif['type'] == 'outdated_version' and not args.ignore_update_notif:
|
|
notifications.append(notif)
|
|
elif notif['type'] != 'outdated_version':
|
|
notifications.append(notif)
|
|
|
|
if len(notifications):
|
|
notif = "notifications" if len(notifications) else "notification"
|
|
are = "are" if len(notifications) else "is"
|
|
if args.html:
|
|
notif_str = f'<a href="{base_url}/system/overview" target="_blank">There {are} {len(notifications)} {notif}.</a>'
|
|
else:
|
|
notif_str = f'There {are} {len(notifications)} {notif}.'
|
|
else:
|
|
notif_str = 'No notifications'
|
|
|
|
if indexer_failures['total'] > 0:
|
|
indexer_failures_exit = nagios.STATE_CRIT
|
|
if args.html:
|
|
text_result += f' <a href="{base_url}/system/indices/failures" target="_blank">There are {indexer_failures["total"]} indexer failures!</a>'
|
|
else:
|
|
text_result += f' There are {indexer_failures["total"]} indexer failures!'
|
|
else:
|
|
indexer_failures_exit = nagios.STATE_OK
|
|
|
|
# https://go2docs.graylog.org/5-0/setting_up_graylog/elasticsearch.htm#ClusterStatusExplained
|
|
if elasticsearch_status == 'yellow':
|
|
elasticsearch_exit_code = nagios.STATE_WARN
|
|
text_result += ' Elasticsearch is condition YELLOW!'
|
|
elif elasticsearch_status == 'red':
|
|
elasticsearch_exit_code = nagios.STATE_CRIT
|
|
text_result += ' Elasticsearch is condition RED!'
|
|
elif elasticsearch_status == 'green':
|
|
elasticsearch_exit_code = nagios.STATE_OK
|
|
else:
|
|
print_icinga2_check_status(f'unknown Elasticsearch health: {elasticsearch_status}', nagios.STATE_UNKNOWN)
|
|
sys.exit(nagios.STATE_UNKNOWN)
|
|
|
|
jvm_mem_usage_state = get_state(int(metrics_data['jvm_memory_heap_used']), jvm_mem_usage_warn,
|
|
jvm_mem_usage_crit, operator='gt')
|
|
if jvm_mem_usage_state != nagios.STATE_OK:
|
|
text_result += f' JVM memory usage is high!'
|
|
|
|
exit_code = max(nagios.STATE_OK, jvm_mem_usage_state, elasticsearch_exit_code, indexer_failures_exit)
|
|
|
|
if len(notifications):
|
|
text_result += f' There {are} {len(notifications)} {notif}!'
|
|
if args.crit_notif:
|
|
exit_code = nagios.STATE_CRIT # force crit
|
|
|
|
if args.input:
|
|
# show less data
|
|
text_result = text_result + f' JVM memory usage: {int((perfdata["jvm_memory_used"]["value"] / metrics_data["jvm_memory_heap_max"]) * 100)}%'
|
|
else:
|
|
# show more data
|
|
text_result = text_result + f' JVM memory usage: {int((perfdata["jvm_memory_used"]["value"] / metrics_data["jvm_memory_heap_max"]) * 100)}%, throughput last 1 second: {human_readable_size(perfdata["throughput_input_1_sec_rate"]["value"])} in - {human_readable_size(perfdata["throughput_output_1_sec_rate"]["value"])} out, Elasticsearch active shards: {perfdata["elasticsearch_active_shards"]["value"]}'
|
|
|
|
if args.input:
|
|
text_result = text_result + f' {input_name_clean} events/second for last minute: {perfdata[f"{input_name_clean}_incoming_messages_rate_per_sec_1min"]["value"]}, {input_name_clean}_connections: {perfdata[f"{input_name_clean}_connections"]["value"]}, {input_name_clean}_network_in_total: {human_readable_size(perfdata[f"{input_name_clean}_network_in_total"]["value"], decimal_places=0)}'
|
|
exit_code = nagios.STATE_OK
|
|
else:
|
|
text_result = text_result + '\n' + notif_str
|
|
|
|
print_icinga2_check_status(text_result, exit_code, perfdata)
|
|
sys.exit(exit_code)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
try:
|
|
main()
|
|
except Exception as e:
|
|
print(f'UNKNOWN: exception "{e}"')
|
|
print(traceback.format_exc())
|
|
sys.exit(nagios.STATE_UNKNOWN)
|