Marco gave a great presentation on using Nagios and some other utilities for system monitoring in OpenBSD. One of the things he touched on was creating custom plugins for service checks. I thought I'd share an example of a plugin that I wrote for my email server to alert me of an out of date virus signature database.
The plugin is simple and is written in Perl. It basically checks the version of the ClamAV signature database installed on the system, and compares it against the latest version that ClamAV is advertising on their site. It's interesting the way the signature version is reported; they publish the version information in a DNS TXT resource record. So my plugin does a DNS query and compares the result to the local ClamAV version.
The standard plugin help option is informative. If you want to learn how to use a plugin you can run it with the help argument:
$ /usr/local/libexec/nagios/check_clamav -h
check_clamav Nagios plugin 1.0 (c) 2005 Darren Spruell
Perl Check ClamAV daily.cvd plugin for Nagios
Usage: check_clamav [-w <warn>] [-c <crit>] [-h] [-V] [-v]
-w, --warning=INTEGER
Number of revisions behind current daily.cvd to generate a warning state (Default: 1)
-c, --critical=INTEGER
Number of revisions behind current daily.cvd to generate a critical state (Default: 2)
-h, --help
Show this help
-V, --version
Output version information for the plugin
-v, --verbose
Enable verbose output
It's been a while since I updated my signature database. Let's run the check and see how we're doing. Like most Nagios plugins, we can set a warning threshold and a critical threshold:
$ /usr/local/libexec/nagios/check_clamav -w 1 -c 2
ClamAV CRITICAL: daily.cvd 1355 out of date by 162 revisions.
We're dreadfully out of date; since our critical threshold was set to two versions, and we were further behind than two versions, it showed up as critical. Let's update the signatures (with a wrapper script I wrote for freshclam) and check again:
$ sudo /home/sancho/scripts/clam-update.sh
$ /usr/local/libexec/nagios/check_clamav -w 1 -c 2
ClamAV OK: daily.cvd 1517 (Tue Jun 6 17:05:07 2006) is up to date.
Yes, that looks better.
I also added support for a verbose option which should help a little bit in debugging some of the plugin's workings:
$ /usr/local/libexec/nagios/check_clamav -v
DEBUG: Found clamd at /usr/local/sbin/clamd
DEBUG: Threshhold values: warning=1, critical=2
DEBUG: Local daily.cvd dated Tue Jun 6 17:05:07 2006
DEBUG: Local daily.cvd version = 1517
DEBUG: Latest daily.cvd version = 1517
DEBUG: Installed daily.cvd matches latest from clamav.net
ClamAV OK: daily.cvd 1517 (Tue Jun 6 17:05:07 2006) is up to date.
Nagios plugins have been developed with a basic API to standardize the interface a bit so that plugins follow a common format. My plugin is version 1.0 with the standard disclaimer/license bit:
$ /usr/local/libexec/nagios/check_clamav -V
check_clamav (nagios-plugins 1.4.2) 1.0
The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
The Perl is imperfect, and the functionality that determines the latest version information from the DNS makes some assumptions and still needs work. Rather than using native Perl DNS bindings, it is written to rely on a local application such as dig(1), something else that needs to be fixed. Also, even though the script seems to work perfectly every time from the command line, it reports abnormally in the CGI interface (showing things like negative revisions behind and such) which still need to be debugged and fixed. If you'd like the plugin you can find it here.
we need a port!
a port for this would be pretty cool
maybe creating ports could be the subject of the next meeting and creating one out of this could be an example?