Skip to content
Permalink
Browse files

DOC: Add check_mk scripts

  • Loading branch information...
wagner-certat committed Mar 28, 2019
1 parent ac66a91 commit 9cf070a82c85890e96d48191c9c14053832dacfa
@@ -85,6 +85,8 @@ CHANGELOG
- `malware_name_mapping`:
- Added the script `apply_mapping_eventdb.py` to apply the mapping to an eventdb.
- Possibility to add local rules using the download tool.
- `check_mk`:
- Added scripts for monitoring queues and statistics.

### Known issues

@@ -8,6 +8,7 @@ This directory contains contributed scripts which are helpful for maintaining an
* **prettyprint**: prints the json output for file-output bot prettyly
* **config-backup**: simple Makefile for doing a `make backup` inside of /opt/intelmq in order to preserve the latest configs
* **logrotate**: an example scrpt for Debian's /etc/logrotate.d/ directory.
* **check_mk**: Scripts for monitoring an IntelMQ instance with Check_MK.

## Outdated
The following scripts are out of date but are left here for reference. TODO: adapt to current version
@@ -0,0 +1,21 @@
# Monitoring scripts for check_mk

Some scripts to integrate IntelMQ into a [Check_MK](https://mathias-kettner.com/) instance:

To use the scripts, add them to the crontab of the user intelmq using
`crontab -e` (append `-u intelmq` if you are not logged in as intelmq):

```
*/1 * * * * /usr/local/bin/cronjob_intelmq_queues.py
*/1 * * * * /usr/local/bin/cronjob_intelmq_statistics.py
```

The spool directory used is `/var/lib/check_mk_agent/spool/`.

## Queues

This script queries all queues and writes the data to a `intelmq-queues` check.

## Statistics

This script queries the internal statistics (beta) and writes them to the `intelmq-statistics` check.
@@ -0,0 +1,28 @@
#!/usr/bin/python3

import intelmq.bin.intelmqctl as ctl
import intelmq.lib.utils as utils
import sys


cont = ctl.IntelMQController(interactive=False)
retval, queues = cont.list_queues()
if retval != 0:
sys.exit(1)

with open('/var/lib/check_mk_agent/spool/70_intelmq-queues.txt', 'w') as handle:
handle.write("<<<local>>>\nP intelmq-queues ")
source_queues = set()
destination_queues = set()

for botid, value in queues.items():
if 'source_queue' in value:
source_queues.add(value['source_queue'])
if 'destination_queues' in value:
destination_queues.update(utils.flatten_queues(value['destination_queues']))

perf = []
for queuename, queuecount in source_queues.union(destination_queues):
perf.append("%s=%d" % (queuename.replace('_', '-'), queuecount))
handle.write("|".join(perf))
handle.write('\n')
@@ -0,0 +1,27 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Created on Thu Mar 28 09:52:19 2019
@author: sebastian
"""
from intelmq import DEFAULTS_CONF_FILE
from intelmq.lib.utils import load_configuration

import redis

config = load_configuration(DEFAULTS_CONF_FILE)

db = redis.Redis(host=config.get('source_pipeline_host', '127.0.0.1'),
port=config.get("source_pipeline_port", "6379"),
db=3,
password=config.get("source_pipeline_password"),
)

with open('/var/lib/check_mk_agent/spool/70_intelmq-statistics.txt', 'w') as handle:
handle.write("<<<local>>>\nP intelmq-statistics ")
stats = []
for key in db.keys():
stats.append("%s=%s" % (key.decode(), db.get(key).decode()))
handle.write("|".join(stats))
handle.write('\n')

0 comments on commit 9cf070a

Please sign in to comment.
You can’t perform that action at this time.