Sophos Central Monitoring, Help :)

[James_GrP]

Hi all,

Used to use Nagios, way back when in a different life, loved it then and now trying to get the old grey matter firing again to be able to get a monitoring solution working using XI and an API/Script developed by Sophos which can be found here: https://github.com/sophos/Sophos-Centra ... ntegration

I have the script running just fine after juggling python versions and I get output, what I need help with is a little guidance on the best method of piping this into Nagios.

Sample output below:

Code: Select all

{"rt": "2016-12-08T11:13:44.596Z", "group": "UPDATING", "severity": "low", "dhost": "X220-JP-LPT", "endpoint_type": "computer", "endpoint_id": "4b36cb-3200-34c2-0a1e-68", "suser": "James", "end": "2016-12-08T11:13:44.586Z", "customer_id": "0cbbf-d377-4cec-af-850891be8", "type": "Event::Endpoint::UpdateRebootRequired", "id": "344f81-502c-47-9a30-448b1b860", "name": "Reboot recommended after software update"}

I may need a little spoon feeding!


Seasons greetings

James

[rkennedy]

Here's my json.txt as an example -

Code: Select all

[root@localhost xiapi]# cat json.txt
{
            "instance_id": "1",
            "host_id": "420",
            "name": "1.2.3.4",
            "display_name": "1.2.3.4",
            "address": "1.2.3.4",
            "alias": "1.2.3.4",
            "status_update_time": "2016-12-07 15:39:46",
            "status_text": "CRITICAL - 1.2.3.4: rta nan, lost 100%",
            "status_text_long": "",
            "current_state": "1",
            "icon_image": "em01.png",
            "icon_image_alt": "",
            "performance_data": "rta=0.000ms;3000.000;5000.000;0; pl=100%;80;100;; rtmax=0.000ms;;;; rtmin=0.000ms;;;;",
            "should_be_scheduled": "1",
            "check_type": "0",
            "last_state_change": "2016-12-07 10:58:45",
            "last_hard_state_change": "2016-12-07 10:58:45",
            "last_hard_state": "1",
            "last_time_up": "2016-12-07 10:56:19",
            "last_time_down": "2016-12-07 15:39:46",
            "last_time_unreachable": "1969-12-31 19:00:00",
            "last_notification": "2016-12-07 15:09:33",
            "next_notification": "2016-12-07 16:09:33",
            "no_more_notifications": "0",
            "acknowledgement_type": "0",
            "current_notification_number": "5",
            "event_handler_enabled": "1",
            "process_performance_data": "1",
            "obsess_over_host": "1",
            "modified_host_attributes": "0",
            "event_handler": "",
            "check_command": "check_xi_host_ping!3000.0!80%!5000.0!100%",
            "normal_check_interval": "5",
            "retry_check_interval": "1",
            "check_timeperiod_id": "131",
            "has_been_checked": "1",
            "current_check_attempt": "5",
            "max_check_attempts": "5",
            "last_check": "2016-12-07 15:39:36",
            "next_check": "2016-12-07 15:44:46",
            "state_type": "1",
            "notifications_enabled": "1",
            "problem_acknowledged": "0",
            "passive_checks_enabled": "1",
            "active_checks_enabled": "1",
            "flap_detection_enabled": "1",
            "is_flapping": "0",
            "percent_state_change": "0",
            "latency": "0.00013",
            "execution_time": "10.00343",
            "scheduled_downtime_depth": "0"
        }

Now take a look at something called 'jq', which will allow you to pasrse json data. https://github.com/stedolan/jq/releases ... jq-linux64

Using it, you'll be able to pull the variable data from the JSON, which you can then format / work to your needs.

Code: Select all

[root@localhost xiapi]# cat json.txt | /tmp/xiapi/jq '.status_text'
"CRITICAL - 1.2.3.4: rta nan, lost 100%"

The other option that you have, is to use check_http against the API end points, to see if data is valid. You can use -r to match regex, or -s to match a string. It really depends, on what sort of data you're looking to get, and how deep you want to monitor your API.

Code: Select all

[root@localhost libexec]# ./check_http -H nagios.com -f follow -r 'nagios'
HTTP OK: HTTP/1.1 200 OK - 57491 bytes in 0.424 second response time |time=0.424316s;;;0.000000 size=57491B;;;0
[root@localhost libexec]# ./check_http -H nagios.com -f follow -r 'test'
HTTP CRITICAL: HTTP/1.1 200 OK - pattern not found - 57491 bytes in 0.463 second response time |time=0.462712s;;;0.000000 size=57491B;;;0

The first option will allow you to make metrics of the variables, where as the second one will let you simply check if text exists in the return. The choice is yours.