2010-10-21 Sergio Martin <sergio.martin@artica.es>

* util/recon_scripts
	util/recon_scripts/PandoraFMS
	util/recon_scripts/snmpdevices.pl: Added the example recon script
	that creates several modules for each searched interface



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3439 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2010-10-21 09:28:32 +00:00
parent af7facace8
commit 6d438ac71a
3 changed files with 287 additions and 0 deletions

View File

@ -1,3 +1,10 @@
2010-10-21 Sergio Martin <sergio.martin@artica.es>
* util/recon_scripts
util/recon_scripts/PandoraFMS
util/recon_scripts/snmpdevices.pl: Added the example recon script
that creates several modules for each searched interface
2010-10-21 Junichi Satoh <junichi@rworks.jp>
* lib/PandoraFMS/NetworkServer.pm: Deleted FreeBSD specific SNMPGET

View File

@ -0,0 +1 @@
../../bin/PandoraFMS/

View File

@ -0,0 +1,279 @@
#!/usr/bin/perl
# (c) Sancho Lerena 2010 <slerena@artica.es>
# SNMP Recon App script
use POSIX qw(setsid strftime strftime ceil);
use strict;
use warnings;
use IO::Socket::INET;
use NetAddr::IP;
# Default lib dir for RPM and DEB packages
use lib '/usr/lib/perl5';
use PandoraFMS::Tools;
use PandoraFMS::DB;
use PandoraFMS::Core;
use PandoraFMS::Config;
##########################################################################
# Global variables so set behaviour here:
my $target_timeout = 5; # Fixed to 5 secs by default
my $target_interval = 600;
##########################################################################
# Code begins here, do not touch
##########################################################################
my $pandora_conf = "/etc/pandora/pandora_server.conf";
my $task_id = $ARGV[0]; # Passed automatically by the server
my $target_group = $ARGV[1]; # Defined by user
my $create_incident = $ARGV[2]; # Defined by user
# Used Custom Fields in this script
my $target_network = $ARGV[3]; # Defined by user
my $target_community = $ARGV[4]; # Defined by user
# Unused Custom Fields in this script
# my $field3 = $ARGV[5]; # Defined by user
# my $field4 = $ARGV[6]; # Defined by user
##########################################################################
# Update recon task status.
##########################################################################
sub update_recon_task ($$$) {
my ($dbh, $id_task, $status) = @_;
db_do ($dbh, 'UPDATE trecon_task SET utimestamp = ?, status = ? WHERE id_rt = ?', time (), $status, $id_task);
}
##########################################################################
# Show help
##########################################################################
sub show_help {
print "\nSpecific Pandora FMS SNMP Recon Plugin for SNMP device autodiscovery\n";
print "(c) Artica ST 2010 <info\@artica.es>\n\n";
print "Usage:\n\n";
print " snmp_recon_app.pl <task_id> <group_id> <create_incident_flag> <network> <snmp_community> \n\n";
exit;
}
##########################################################################
# Return the ID of the given address, -1 if it does not exist.
##########################################################################
sub get_addr_id ($$) {
my ($dbh, $addr) = @_;
my $addr_id = get_db_value ($dbh, 'SELECT id_a FROM taddress WHERE ip = ?', $addr);
return (defined ($addr_id) ? $addr_id : -1);
}
##########################################################################
# Return the ID of the agent with the given IP.
##########################################################################
sub get_agent_from_addr ($$) {
my ($dbh, $ip_address) = @_;
return 0 if (! defined ($ip_address) || $ip_address eq '');
my $agent_id = get_db_value ($dbh, 'SELECT id_agent FROM taddress, taddress_agent, tagente
WHERE tagente.id_agente = taddress_agent.id_agent
AND taddress_agent.id_a = taddress.id_a
AND ip = ?', $ip_address);
return (defined ($agent_id)) ? $agent_id : -1;
}
##########################################################################
# Add the given address to taddress.
##########################################################################
sub add_address ($$) {
my ($dbh, $ip_address) = @_;
return db_insert ($dbh, 'INSERT INTO taddress (ip) VALUES (?)', $ip_address);
}
##########################################################################
# Get SNMP response.
##########################################################################
sub get_snmp_response ($$$) {
my ($target_timeout, $target_community, $addr) = @_;
# The OID used is the SysUptime OID
my $buffer = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr .1.3.6.1.2.1.1.3.0 2>/dev/null`;
print "/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr .1.3.6.1.2.1.1.3.0 2>/dev/null";
# Remove forbidden caracters
$buffer =~ s/\l|\r|\"|\n|\<|\>|\&|\[|\]//g;
return $buffer;
}
##########################################################################
# Process a SNMP requestr and create the module XML
##########################################################################
sub process_module_snmp ($$$$$$$$$){
my ($dbh, $target_community, $addr, $oid, $type, $module_name, $module_type, $module_description, $conf) = @_;
my %parameters;
$parameters{'id_tipo_modulo'} = $module_type;
$parameters{'nombre'} = $module_name;
$parameters{'descripcion'} = $module_description;
$parameters{'id_agente'} = get_agent_from_addr ($dbh, $addr);
$parameters{'ip_target'} = $addr;
$parameters{'tcp_send'} = 1;
$parameters{'snmp_community'} = $target_community;
$parameters{'snmp_oid'} = $oid;
# id_modulo = 2 for snmp modules
$parameters{'id_modulo'} = 2;
pandora_create_module_from_hash ($conf, \%parameters, $dbh);
}
##########################################################################
##########################################################################
# M A I N C O D E
##########################################################################
##########################################################################
if ($#ARGV == -1){
show_help();
}
# Pandora server configuration
my %conf;
$conf{"quiet"} = 0;
$conf{"verbosity"} = 1; # Verbose 1 by default
$conf{"daemon"}=0; # Daemon 0 by default
$conf{'PID'}=""; # PID file not exist by default
$conf{'pandora_path'} = $pandora_conf;
# Read config file
pandora_load_config (\%conf);
# Connect to the DB
my $dbh = db_connect ('mysql', $conf{'dbname'}, $conf{'dbhost'}, '3306', $conf{'dbuser'}, $conf{'dbpass'});
# Start the network sweep
# Get a NetAddr::IP object for the target network
my $net_addr = new NetAddr::IP ($target_network);
if (! defined ($net_addr)) {
logger (\%conf, "Invalid network " . $target_network . " for SNMP Recon App task", 1);
update_recon_task ($dbh, $task_id, -1);
return -1;
}
# Scan the network for hosts
my ($total_hosts, $hosts_found, $addr_found) = ($net_addr->num, 0, '');
for (my $i = 1, $net_addr++; $net_addr < $net_addr->broadcast; $i++, $net_addr++) {
my $addr = (split(/\//, $net_addr))[0];
$hosts_found ++;
# Update the recon task
update_recon_task ($dbh, $task_id, ceil ($i / ($total_hosts / 100)));
# Does the host already exist?
next if (get_agent_from_addr ($dbh, $addr) > 0);
my $alive = 0;
if (pandora_ping (\%conf, $addr) == 1) {
$alive = 1;
}
next unless ($alive > 0);
# Resolve the address
my $host_name = gethostbyaddr(inet_aton($addr), AF_INET);
$host_name = $addr unless defined ($host_name);
logger(\%conf, "SNMP Recon App found host $host_name.", 10);
# Add the new address if it does not exist
my $addr_id = get_addr_id ($dbh, $addr);
my $resp;
my $oid;
my $module_type;
my $module_description;
my $module_name;
my $xml = "";
my $ax; # Counter
my $conf = \%conf;
$resp = "";
# Obtain SNMP response
$resp = get_snmp_response ($target_timeout, $target_community, $addr);
# No valid SNMP response.
if ($resp eq ""){
next;
}
# Create agent if really has SNMP information
$addr_id = add_address ($dbh, $addr) unless ($addr_id > 0);
if ($addr_id <= 0) {
logger (\%conf, "Could not add address '$addr' for host '$host_name'", 3);
next;
}
# Create a new agent
my $agent_id;
$agent_id = pandora_create_agent (\%conf, $conf{'servername'}, $host_name, $addr, $target_group, 0, 11, '', 300, $dbh);
# Assign the new address to the agent
db_insert ($dbh, 'INSERT INTO taddress_agent (`id_a`, `id_agent`) VALUES (?, ?)', $addr_id, $agent_id);
# Generate an event
pandora_event (\%conf, "[RECON] New SNMP host [$host_name] detected on network [" . $target_network . ']', $target_group, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh);
# SysUptime
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.3.0", "ticks", "SysUptime", "generic_data_string", "System uptime reported by SNMP", $conf);
# SysName
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.5.0", "", "SysName", "generic_data_string", "System name reported by SNMP", $conf);
# Local system total traffic
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.3.0", "", "Local InReceives", "generic_data_inc", "System local incoming traffic (bytes)", $conf);
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.10.0", "", "Local OutRequests", "generic_data_inc", "System local outgoing traffic (bytes)", $conf);
# Process interface list
# Get interface limit
my $interface_limit = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr .1.3.6.1.2.1.2.1.0 2>/dev/null`;
for ($ax = 1; $ax<$interface_limit; $ax++){
my $interface = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr RFC1213-MIB::ifDescr.$ax 2>/dev/null`;
# Remove forbidden caracters
$interface =~ s/\"|\n|\<|\>|\&|\[|\]//g;
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.8.$ax", "interface", "$interface Status", "generic_proc", "Operative status for $interface at position $ax", $conf);
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.10.$ax", "", "$interface Inbound bps", "generic_data_inc", "Incoming traffic for $interface", $conf);
process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.16.$ax", "", "$interface Outbound bps", "generic_data_inc", "Outgoing traffic for $interface", $conf);
# Do a grace sleep to avoid destination server ban me
sleep 1;
}
}
# Mark recon task as done
update_recon_task ($dbh, $task_id, -1);
# End of code