Nagios Plugin for Barracuda Spam Firewalls

Posted on October 19th, 2007 by Mike

In our environment we use Barracuda Spam Firewalls to handle in and outbound mail delivery. Wanting to keep an eye on the in and outbound queues to make sure we are not seeing any delays with delivery I went looking for ways to monitor the queues and alert when they are above certain thresholds. Barracuda exposes the queue lengths in a number of ways (CGI/API, web interface and SNMP) and since we wanted this automated and we already use Nagios I chose to use SNMP. I tried some of the other SNMP plugins to try to use those, but after a bit of struggling without success I decided to write my own in PHP (mainly because that is what is easiest for me). Use the download link below to download a zip file of the plugin.

Downloaded a total of 338 times

Or click on this link to see the code within this post.

> check_cuda

#!/usr/bin/php -q
<?php
#
# check_cuda - nagios plugin
#
#
# Copyright (C) 2007 Mike Seigafuse
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# Report bugs to: mike@seigafuse.net
#
# This script will check counters of a Barracuda Spam Firewall using PHP SNMP functions
# and return them along with the status.
#
$numbparams = sizeof($argv);
# should be 5
if ($numbparams < 5 ) {
	echo "Usage: check_cuda <host ip> <community string> <queue> <warn> <crit>\\n";
	echo "     Queue can be either in, out or bounce\\n";
	echo "     Warning and Critical values should be positive integers\\n";
	exit;
}
$host = $argv[1];
$cstring = $argv[2];
$checkqueue = strtoupper($argv[3]);
$warn = $argv[4];
$crit = $argv[5];
 
$mailinqueue = "1.3.6.1.4.1.2021.8.1.101.1";
$mailoutqueue = "1.3.6.1.4.1.2021.8.1.101.2";
$mailbouncequeue = "1.3.6.1.4.1.2021.8.1.101.3";
 
function getsnmpvalue($host, $cstring, $oid) {
     $valuestring = snmpget($host, $cstring, $oid);
     $colpos = strpos($valuestring, ":");
     $subvalue = trim(substr($valuestring, $colpos+1));
     return $subvalue;
}
 
# Ready set go, time to do the real work
 
if ($checkqueue == "IN") {
	$queuelen = getsnmpvalue($host, $cstring, $mailinqueue);
} elseif ($checkqueue == "OUT") {
         $queuelen = getsnmpvalue($host, $cstring, $mailoutqueue);
} elseif ($checkqueue == "BOUNCE") {
         $queuelen = getsnmpvalue($host, $cstring, $mailbouncequeue);
}
if ($queuelen < $warn) {
	$format = '%s OK - %d messages queued |Mail%sQueue=%d;%d;%d';
	printf($format, $checkqueue, $queuelen, $checkqueue, $queuelen, $warn, $crit);
	exit(0);
}
if (($queuelen > $warn) && ($queuelen < $crit)) {
	$format = '%s Warning - %d messages queued |Mail%sQueue=%d;%d;%d';
	printf($format, $checkqueue, $queuelen, $checkqueue, $queuelen, $warn, $crit);
	exit(1);
}
if ($queuelen > $crit) {
	$format = '%s Critical - %d messages queued |Mail%sQueue=%d;%d;%d';
	printf($format, $checkqueue, $queuelen, $checkqueue, $queuelen, $warn, $crit);
	exit(2);
}
 
?>

Usage

Usage: check_cuda host-ip community-string queue warning-threshold critical-threshold

Queue can be either in, out or bounce
Warning and Critical values should be positive integers

Prerequisites

This plugin requires php_snmp support

Nagios Configuration

Commands

Define commands as shown below:

define command {
command_name Check Barracuda Inbound Mail Queue
command_line $USER1$/check_cuda $HOSTADDRESS$ public in 500 1000
}

define command {
command_name Check Barracuda Outbound Mail Queue
command_line $USER1$/check_cuda $HOSTADDRESS$ public out 500 1000
}

Obviously you will need to change the SNMP community string from public to match your community string. If you wish you could also add a check command to track the bounce queue. You may also want to use different warning and critical threshold than I did (500 and 1000 respectively). These numbers may not be right for your situation.

Contact Groups

Add a service group like the one below (customizing for your site of course):

# contactgroups Cuda Admins
define contactgroup {
contactgroup_name Cuda_Admins
alias Cuda_Admins
members joe,sally,fred
}

Service Templates

define service {
name Check Barracuda Mail Queue Template
use generic-service
contact_groups Cuda_Admins
register 0
}

Services

Add the service as needed to your hosts, sample shown below:

define service {
service_description Check Barracuda Inbound Mail Queue
use Check Barracuda Mail Queue Template
host_name yourcuda
check_command Check Barracuda Inbound Mail Queue
}

define service {
service_description Check Barracuda Outbound Mail Queue
use Check Barracuda Mail Queue Template
host_name yourcuda
check_command Check Barracuda Outbound Mail Queue
}

If you have any questions, comments or problems then just post a comment on this post and I’ll get back to you.

Update (January 2008)

There are now some additional plug-ins available to perform the same functions written in PERL and with hooks to graphing solutions. You can find them here.

3 Comments »
Filed under: Network Monitoring

Forums and Comments

Posted on October 7th, 2007 by Mike

I moved comments from the forums to the appropriate pages (ADISS, etc) and updated pages to let people know to just leave comments on pages now. The forums were confusing and not adding any real value. For those of you who posted about ADISS, your comments and my replies can be found on the ADISS page. Once I moved the comments I also removed the forums since they were no longer needed.

No Comments »
Filed under: Site News

Daily diskspace alerts using OCS Inventory NG

Posted on July 26th, 2007 by Mike

Being proactive about managing system capacity is always a good idea. If you happen to use the OCS Inventory NG tool then here is a way for you to automatically have reports emailed to you (or various people) regarding systems with disk capacity below a threshold you set in a configuration file. This solution is geared towards Windows Servers, but you can easily change the select statement and use a different criteria (change where osname like ‘%server%’ to suit yourself). The results are sent as an attached CSV file, so you can easily view it in Excel or Open Office or even using vi if that is suits your fancy.

The percentage free space threshold, along with email addresses and domain names (aka workgroup names) are configured in a file named ocsdiff_conf.php. I run this (and other reports which I may post later) from a new subdirectory named reports that I created under /var/www/html/ocsreports. Be sure to set the same ownership and permissions on files in this directory as the other files under ocsreports. Here is what the file looks like:

> ocsdiff_conf.php

<?php
# ocsdiff configuration file
#
# Database host
$dbhost = "localhost";
$dbname = "ocsweb";
$dbuser = "ocs";
$dbpass = "XXX";
$adminemail = "admin@yourdomain.tld";
$diskthreshold = 5; # percentage free space threshold
$domains = array(
		0 => array(
			'name' => 'XXXXX',
			'email' => "fred@yourdomain.tld,barney@yourdomain.tld"),
		1 => array(
			'name' => 'YYYYY',
			'email' => "wilma@yourdomain.tld"),
		2 => array(
			'name' => 'ZZZZZ',
			'email' => "betty@yourdomain.tld"));
$diskdomains = array(
		0 => array(
			'name' => 'XXXXX',
			'email' => "fred@yourdomain.tld,barney@yourdomain.tld"),
		1 => array(
			'name' => 'YYYYY',
			'email' => "wilma@yourdomain.tld"),
		2 => array(
			'name' => 'ZZZZZ',
			'email' => "betty@yourdomain.tld"));
?>

The file is named like this because the first report I wrote was to generate reports on hardware changes (RAM and disk in particular). I know reports like this can be implemented using GLPI integration - but we already have a helpdesk/ticketing system and I just can’t justify the effort to setup GLPI when writing one’s own reports is just not that hard.

The report itself is contained in the code below, I named the file diskreport.php and I scheduled it to run everyday using cron. I run my cron jobs for OCS-NG reports under the apache account.

> diskreport.php

<?php
# This program will generate a daily report of disks with free space
# below a threshold set in the configuration file 
# Written by Mike Seigafuse July 2007
#
# Get the configuration file
require_once("ocsdiff_conf.php");
# Initialize headers so that email will be readable as Excel attachment
$today = date("Y-m-d G:i:s");
$headers = "From: ITInventory@yourdomain.tld\\r\\n";
$headers .= "Reply-To: ITInventory@yourdomain.tld\\r\\n";
$headers .= "MIME-Version: 1.0\\r\\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\\r\\n";
$headers .= "Content-type: application/vnd.ms-excel\\r\\n";
$headers .= "Content-disposition: attachment; filename=$today.csv\\r\\n";
# Connect to database
$link = mysql_connect("$dbhost", "$dbuser", "$dbpass")
    or die("Could not connect : " . mysql_error());
mysql_select_db("$dbname") or die("Could not select database");
# Now loop through the defined disk domains and prepare report 
for($i = 0; $i < sizeof($diskdomains); $i++) {
	$entry = $diskdomains[$i];
	$name = $entry['name'];
	$email = $entry['email'];
	$subject = "Daily Disk Utilization Report for domain $name";
	$msg = "Computer Name,Drive Letter,Type,Filesystem,Total,Free,Free %\\n";
	# Now we have the domain name and contact, next get a current list of
	# deviceIDs from this domain
	$query = "select id, name, userid from hardware where workgroup='$name' and osname like '%server%'";
	$deviceresults = mysql_query($query)  or die("Query failed : " . mysql_error());
	while ($line = mysql_fetch_array($deviceresults, MYSQL_ASSOC)) {
		$deviceid = $line['id'];
		$computername = rtrim($line['name']);
		# Disk checking section
		$query = "select letter, type, filesystem, total, free
			from drives
			where hardware_id='$deviceid' and
			type = 'Hard Drive'";
		$diskresults = mysql_query($query)  or die("Query failed : " . mysql_error());
		# All information is now collected, now generate output 
		while ($diskline = mysql_fetch_array($diskresults, MYSQL_ASSOC)) {
			$driveletter = $diskline['letter'];
			$drivetype = $diskline['type'];
			$drivefs = $diskline['filesystem'];
			$drivetotal = $diskline['total'];
			$drivefree = $diskline['free'];
			$freeperc = (($drivefree/$drivetotal) * 100);
			if ($freeperc < $diskthreshold) {
				$msg .= "$computername,$driveletter,$drivetype,$drivefs,$drivetotal,$drivefree,$freeperc\\n";
				}
			} # end of disk loop
		} # end of devices in a domain loop
	# send out the email for this domain
	if ($msg == "") $msg = "No disk space issues found\\n";
	mail("$email", $subject, $msg, $headers);
	} # end of domain loop
# Almost done, just need to free up result memory
mysql_free_result($deviceresults);
mysql_free_result($diskresults);
# The End :)
?>

Be sure to change the From and Reply To addresses in at the top of the file to suit yourself. If I have time I will move this to the configuration file.

My version of OCS-NG displays 4020 on the screen, I believe this equates to V1.0 (I know 1.01 is released, but just haven’t had the time to upgrade yet). I am running on RHEL 4.

Use the link below to download a zip file of both of these files. If you have any comments or questions post a comment on this post and I will reply.

Downloaded a total of 221 times

5 Comments »
Filed under: Systems Administration

Updated NORSK posted

Posted on April 30th, 2007 by Mike

The NORSK page and downloads have been updated with a new release (0.6). This release adds the following:

Additional checking for blank users names returned from Contivity switches, when detected the blank is replaced with UNKNOWN
Additional administrative functions to enabled NORSK administrators to modify the configuration file and the .htaccess file via the web interface

Details can be found here.

No Comments »
Filed under: Network Administration Tools

NORSK posted to site

Posted on April 11th, 2007 by Mike

NORSK is a web based utility that allows administrators of Nortel Contivity switches to delegate the ability for other groups (such as a Call Center or Helpdesk) to terminate orphaned sessions on Nortel Contivity switches. This is done using a web interface and does not require granting full administrative rights on those devices. You can find more details and the link to download the tool here.

No Comments »
Filed under: Network Administration Tools

M	T	W	T	F	S	S
« Oct
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

seigafuse.com

Pages

Favorite OSS Projects

My Project Links

Technical Blogs

Meta