#!/usr/bin/python # # Nagios plugin to check Kaspersky KLMS status using klms-control tool # # Usage: check_klms [options] # # Options: # -h, --help show this help message and exit # -d, --debug Enable debug mode # -w WARN_EXPIRATION_DAYS # WARNING expiration days threshold (Default : 30) # -c CRIT_EXPIRATION_DAYS # CRITICAL expiration days threshold (Default : 10) # -b KLMS_CONTROL_BIN_PATH # Path to klms-control binary (Default : # /opt/kaspersky/klms/bin/klms-control) # # Copyright (c) 2016 Benjamin Renard # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # import sys import subprocess import logging from lxml import etree from optparse import OptionParser parser = OptionParser() default_warn_expiration_days=30 default_crit_expiration_days=10 default_klms_control_bin_path='/opt/kaspersky/klms/bin/klms-control' parser.add_option('-d', '--debug', action="store_true", dest="debug", help="Enable debug mode") parser.add_option('-w', action="store", type="int", dest="warn_expiration_days", help="WARNING expiration days threshold (Default : %s)" % default_warn_expiration_days, default=default_warn_expiration_days) parser.add_option('-c', action="store", type="int", dest="crit_expiration_days", help="CRITICAL expiration days threshold (Default : %s)" % default_crit_expiration_days, default=default_crit_expiration_days) parser.add_option('-b', action="store", type="string", dest="klms_control_bin_path", help="Path to klms-control binary (Default : %s)" % default_klms_control_bin_path, default=default_klms_control_bin_path) (options, args) = parser.parse_args() logformat = '%(levelname)s - %(message)s' if options.debug: loglevel = logging.DEBUG else: loglevel = logging.INFO logging.basicConfig(level=loglevel,format='%(asctime)s - %(levelname)s - %(message)s') logging.debug('Get Anti-SPAM bases status') # Output example : # # UpToDate # 2016-05-18T11:52:10 # 2016-05-18T12:06:23 # try: p = subprocess.Popen([options.klms_control_bin_path, '--get-asp-bases-info'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = p.communicate() tree = etree.fromstring(out) asp_status=tree.findall('status')[0].text logging.debug('Anti-SPAM bases status : %s' % asp_status) except Exception, e: print "UNKNOWN - Failed to retreive or parse Anti-SPAM bases status : %s / %s" % (err,e) sys.exit(3) logging.debug('Get Anti-Virus bases status') # Output example : # # UpToDate # 7711241 # 2016-05-18T04:06:00 # 2016-05-18T07:56:50 # try: p = subprocess.Popen([options.klms_control_bin_path, '--get-avs-bases-info'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = p.communicate() logging.debug('klms-control output : %s' % out) tree = etree.fromstring(out) avs_status=tree.findall('status')[0].text logging.debug('Anti-Virus bases status : %s' % avs_status) except Exception, e: print "UNKNOWN - Failed to retreive or parse Anti-SPAM bases status : %s / %s" % (err,e) sys.exit(3) logging.debug('Get Anti-Phishing bases status') # Output example : # # UpToDate # 2016-05-17T13:55:41 # 2016-05-18T11:26:18 # try: p = subprocess.Popen([options.klms_control_bin_path, '--get-aph-bases-info'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = p.communicate() logging.debug('klms-control output : %s' % out) tree = etree.fromstring(out) aph_status=tree.findall('status')[0].text logging.debug('Anti-Phishing bases status : %s' % aph_status) except Exception, e: print "UNKNOWN - Failed to retreive or parse Anti-Phishing bases status : %s / %s" % (err,e) sys.exit(3) logging.debug('Get License status') # Output example : # # # try: p = subprocess.Popen([options.klms_control_bin_path, '-l', '--query-status'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = p.communicate() logging.debug('klms-control output : %s' % out) tree = etree.fromstring(out) expiration_days=int(tree.findall('.')[0].get('expirationDays')) logging.debug('License expiration day(s) : %s' % expiration_days) except Exception, e: print "UNKNOWN - Failed to retreive or parse License status : %s / %s" % (err,e) sys.exit(3) STATUS_TXT={ 0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN', } STATUS=0 errors=[] infos=[] bases_status_ok=[] if asp_status!='UpToDate': STATUS=2 errors.append('Anti-SPAM base is %s' % asp_status) else: bases_status_ok.append('Anti-SPAM') if avs_status!='UpToDate': STATUS=2 errors.append('Anti-Virus base is %s' % avs_status) else: bases_status_ok.append('Anti-Virus') if aph_status!='UpToDate': STATUS=2 errors.append('Anti-Phishing base is %s' % aph_status) else: bases_status_ok.append('Anti-Phishing') if len(bases_status_ok)>0: infos.append('%s bases uptodate' % '/'.join(bases_status_ok)) LICENSE_STATUS=0 if expiration_days < options.crit_expiration_days: LICENSE_STATUS=2 errors.append('License expire in %s days' % expiration_days) elif expiration_days < options.crit_expiration_days: LICENSE_STATUS=1 if LICENSE_STATUS!=0: errors.append('License expire in %s days' % expiration_days) else: infos.append('License expire in %s days' % expiration_days) MSG="" if len(errors)>0: MSG+=', '.join(errors) if len(infos)>0: MSG+=', '.join(infos) print "%s - %s" % (STATUS_TXT[STATUS],MSG) sys.exit(STATUS)