Cleanup config.nodes_of

[check_mk.git] / checks / fireeye_content

#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# +------------------------------------------------------------------+
# |             ____ _               _        __  __ _  __           |
# |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
# |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
# |           | |___| | | |  __/ (__|   <    | |  | | . \            |
# |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
# |                                                                  |
# | Copyright Mathias Kettner 2016             mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software;  you can redistribute it and/or modify it
# under the  terms of the  GNU General Public License  as published by
# the Free Software Foundation in version 2.  check_mk is  distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
# ails.  You should have  received  a copy of the  GNU  General Public
# License along with GNU Make; see the file  COPYING.  If  not,  write
# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
# Boston, MA 02110-1301 USA.

# .1.3.6.1.4.1.25597.11.5.1.5.0 456.180 --> FE-FIREEYE-MIB::feSecurityContentVersion.0
# .1.3.6.1.4.1.25597.11.5.1.6.0 1 --> FE-FIREEYE-MIB::feLastContentUpdatePassed.0
# .1.3.6.1.4.1.25597.11.5.1.7.0 2016/02/26 15:42:06 --> FE-FIREEYE-MIB::feLastContentUpdateTime.0

from collections import namedtuple


def parse_fireeye_content(info):
    security_content_status_map = {
        '1': 'OK',
        '0': 'failed',
    }

    version, update_status_raw, update_time_str = info[0]
    update_status = security_content_status_map.get(update_status_raw)

    # If content update has never completed, last_update_time contains no valid timestamp
    # In that case, we just skip the output
    try:
        update_time_seconds = \
            time.mktime(time.strptime(update_time_str, '%Y/%m/%d %H:%M:%S'))
    except ValueError:
        update_time_seconds = None

    SecurityContent = namedtuple('SecurityContent',
                                 'version update_status update_time_str update_time_seconds')
    return SecurityContent(version, update_status, update_time_str, update_time_seconds)


def check_fireeye_content(_no_item, params, parsed):
    if parsed.update_status != 'OK':
        yield 1, 'Update: failed'

    yield 0, 'Last update: %s' % parsed.update_time_str

    if parsed.update_time_seconds is None:
        yield 0, 'update has never completed'
    else:
        yield check_levels(
            time.time() - parsed.update_time_seconds,
            None,
            params.get('update_time_levels'),
            human_readable_func=get_age_human_readable,
            infoname="Age",
        )

    yield 0, "Security version: %s" % parsed.version


check_info["fireeye_content"] = {
    "parse_function": parse_fireeye_content,
    "inventory_function": discover_single,
    "check_function": check_fireeye_content,
    "service_description": "Security content",
    "snmp_info": (
        ".1.3.6.1.4.1.25597.11.5.1",
        [
            "5",  # FE-FIREEYE-MIB::feSecurityContentVersion
            "6",  # FE-FIREEYE-MIB::feLastContentUpdatePassed
            "7",  # FE-FIREEYE-MIB::feLastContentUpdateTime
        ]),
    "snmp_scan_function": scan_fireeye,
    "includes": ["fireeye.include"],
    "group": "fireeye_content",
}