madchap / graylog2-zabbix Goto Github PK

View Code? Open in Web Editor NEW

32.0 7.0 22.0 31 KB

Basic Zabbix monitoring for Graylog2

License: MIT License

Shell 100.00%

graylog2-zabbix's Introduction

graylog2-zabbix

No longer actively maintained.

Basic Zabbix monitoring for Graylog2

Mainly written for my own use, please feel to fork/use and give feedback.

Branch pre-2.1 - Graylog 2.1 and below

Written using Zabbix 2.4 and Graylog 1.3. Lightly tested, but does no harm anyway. Confirmed to work on Zabbix 3.0 and Graylog 2.0.3 as well.

Master branch - Graylog 2.1 and up

Tested using Zabbix 3.2 and Graylog 2.1.1, 2.2.3.

For specific Elasticsearch monitoring, please head over to Elastizabbix (https://github.com/mkhpalm/elastizabbix)

Requirements

jq (https://github.com/stedolan/jq) 1.4+
curl

This doesn't require anything on the agent. It is an external script curl'ing to the Graylog2 API.

Please note, if running by hand, that the poll_data item has to be run first.

How to install

Create a Graylog2 user with the "reader" role
Enter the credentials in the check_graylog_node_creds.txt file.
Copy the 2 files to your zabbix's externalscripts directory.
Make sure your files permissions are adequate.
Import the XML template in Zabbix.
Add template to graylog server and subscribe your graylog server hosts to it.

Usage

Note: As of 2.1, the default API port is 9000; It used to be 12900. You can change it back to the old behavior with rest_listen_uri, pass port 9000 to the zabbix items (tedious) or simply modify the script at the top to change the port.

check_graylog_node -H <HOSTNAME> -a <ATTRIBUTE> [-p <GRAYLOG_API_PORT>] [-h] [-d]

Args:
    -H : Hostname or IP address of graylog server
    -a : Attribute to monitor. See list below.
    -p : Graylog API port (default: 12900)
    -d : Debug message to log file (default: false)
    -h : Displays help

List of attributes:
    - node_id : returns graylog node_id
    - node_transport
    - node_is_master
    - node_cluster
    - node_type
    - node_throughput
    - lb_status
    - total_message_count
    - es_cluster_health
    - journal_size
    - journal_num_segments
    - journal_uncommitted_entries
    - journal_events_read
    - journal_events_append
    - buffer_input_utilization
    - buffer_output_utilization
    - buffer_input_utilization_percent
    - buffer_output_utilization_percent
    - poll_data
    - current_deflector (not yet supported, because not accessible via regular user)
    - system_lifecycle
    - system_isprocessing
    - system_tz
    - system_version
    - system_startedat
    - cluster_stream_count
    - cluster_stream_rule_count
    - cluster_user_count
    - cluster_output_count
    - cluster_dashboard_count
    - cluster_input_count
    - cluster_global_input_count
    - cluster_extractor_count
    - cluster_contentpack_count
    - cluster_alerts_count

graylog2-zabbix's People

Contributors

Stargazers

Watchers

Forkers

shk3bq4d brun061 osterik zabbixcn mcules alicengiz jacekd87 anttipalola mazuco jdelvecchio buzzy3 xtha danni-phantom assantoss lichnak yakkobr opensourcecristian mostmarius josenilto

graylog2-zabbix's Issues

Unable to run script, jq error

I installed jq-1.5 on ubuntu. I used the 1.5 release zip file. When I run the script as ROOT:
bash check_graylog_node -H hostname -a journal_size -p 12900

I get this error:
jq: error: Could not open file /tmp/hostname-journal.json: No such file or directory

Anybody know what could be causing this?

It does not seem to do anything

Hi,
the script does not seem to do anything, not even launching curl. JS and curl are installed.

This is the output when launched with bash -x

-sh-3.2$ bash -x check_graylog_node -H graylog.fdqn.tld -a node_id
+ DEBUG=0
+ WORKDIR=/tmp
++ basename check_graylog_node
+ LOG=/tmp/check_graylog_node.log
+ APIPORT=9000
+ USERNAME=zabbix
+ PASSWORD=monitoring
+ getopts hH:a:p::l:d opts
+ case $opts in
+ HOSTNAME=graylog.fdqn.tld
+ getopts hH:a:p::l:d opts
+ case $opts in
+ ATTR=node_id
+ getopts hH:a:p::l:d opts
+ '[' 0 == 1 ']'
+ [[ 5 -lt 4 ]]
++ basename check_graylog_node
+ LOCKFILE=/tmp/check_graylog_node-graylog.fdqn.tld.lock
+ LOCKFD=99
+ _prepare_locking
+ eval 'exec 99>"/tmp/check_graylog_node-graylog.fdqn.tld.lock"'
++ exec
+ trap _no_more_locking EXIT
+ CURL_BASE_CMD='curl -u zabbix:monitoring -sS http://graylog.fdqn.tld:9000/api'
+ NODE_INFO_FILE=/tmp/graylog.fdqn.tld-node.json
+ JOURNAL_INFO_FILE=/tmp/graylog.fdqn.tld-journal.json
+ SYSTEM_INFO_FILE=/tmp/graylog.fdqn.tld-system.json
+ CLUSTER_INFO_FILE=/tmp/graylog.fdqn.tld-cluster.json
+ case $ATTR in
+ shlock
+ _lock s
+ flock -s 99
+ get_node_id
+ debug '[get_node_id] Executing'
+ '[' 0 == 1 ']'
+ jq -e -r .node_id /tmp/graylog.fdqn.tld-node.json
+ _no_more_locking
+ _lock u
+ flock -u 99
+ _lock xn
+ flock -xn 99
+ rm -f /tmp/check_graylog_node-graylog.fdqn.tld.lock

The curl if launched manually works:

-sh-3.2$ curl -u zabbix:monitoring -sS http://graylog.fdqn.tld:9000/api
{"cluster_id":"c0ca4d64-71ad-4bb4-8088-19420246bbb8","node_id":"80d2da2a-56af-48d2-b2b4-da7f3fffcf75","version":"2.2.ge your logs in the dark and have lasers going and make it look like you're from space!"}-

But it seems that the script does not even attempt to launch curl.

Thanks in advance for any help!

Password not escaped properly.

If you try and poll data with a password with % $ @ # this script will fail as the password from the file is not escaped properly. A quick solution is to put the password into single quotes. If you do not everything appears to work but you do not get any results in your JSON files. This is more of an FYI but I would fix the escaping issue or put the single quotes into the creds file so people do not make a mistake and spend time trying to figure out what went wrong.

null values returned regularly

Every so often, calls to specific monitors return a null value, which would cause the monitor to become disabled in Zabbix until the next check to re-enable it.

This will cause false-positive alerts.

Importing template fails because of trigger dependency

Fails to import because of failed trigger dependency, despite the fact that the base trigger is indeed created before and others with the same dep actually are created.

Created: Application "Graylog" on "Template graylog2 server".
Created: Item "API port status" on "Template graylog2 server".
Created: Item "Buffer input utilization" on "Template graylog2 server".
Created: Item "Buffer input utilization percent" on "Template graylog2 server".
Created: Item "Buffer output utilization" on "Template graylog2 server".
Created: Item "Buffer output utilization percent" on "Template graylog2 server".
Created: Item "Cluster alerts count" on "Template graylog2 server".
Created: Item "Cluster content packs count" on "Template graylog2 server".
Created: Item "Cluster extractor count" on "Template graylog2 server".
Created: Item "Cluster global inputs count" on "Template graylog2 server".
Created: Item "Cluster id" on "Template graylog2 server".
Created: Item "Cluster inputs count" on "Template graylog2 server".
Created: Item "Cluster outputs count" on "Template graylog2 server".
Created: Item "Cluster streams count" on "Template graylog2 server".
Created: Item "Cluster streams rules count" on "Template graylog2 server".
Created: Item "Cluster users count" on "Template graylog2 server".
Created: Item "Current deflector" on "Template graylog2 server".
Created: Item "ES cluster health" on "Template graylog2 server".
Created: Item "Is master" on "Template graylog2 server".
Created: Item "Is processing" on "Template graylog2 server".
Created: Item "Journal events append" on "Template graylog2 server".
Created: Item "Journal events read" on "Template graylog2 server".
Created: Item "Journal number of segments" on "Template graylog2 server".
Created: Item "Journal size" on "Template graylog2 server".
Created: Item "Journal uncommitted entries" on "Template graylog2 server".
Created: Item "Lifecycle state" on "Template graylog2 server".
Created: Item "Load balancer status" on "Template graylog2 server".
Created: Item "Message count" on "Template graylog2 server".
Created: Item "Node id" on "Template graylog2 server".
Created: Item "Started at" on "Template graylog2 server".
Created: Item "This script's data poller" on "Template graylog2 server".
Created: Item "Throughput" on "Template graylog2 server".
Created: Item "Timezone" on "Template graylog2 server".
Created: Item "Transport address" on "Template graylog2 server".
Created: Item "Type" on "Template graylog2 server".
Created: Item "Version" on "Template graylog2 server".
Created: Trigger "API port is DOWN" on "Template graylog2 server".
Created: Trigger "Buffer input utilization is over 80%" on "Template graylog2 server".
Created: Trigger "Buffer output utilization is over 80%" on "Template graylog2 server".
Created: Trigger "ES cluster health is RED" on "Template graylog2 server".
Created: Trigger "ES cluster health is YELLOW" on "Template graylog2 server".
Created: Trigger "Fail to poll data" on "Template graylog2 server".
Created: Trigger "Journal append events stacking up" on "Template graylog2 server".
Created: Trigger "Journal read events stacking up" on "Template graylog2 server".
Created: Trigger "Journal uncommitted entries are stacking up" on "Template graylog2 server".
Created: Trigger "Node cluster ID changed" on "Template graylog2 server".
Created: Trigger "Node ID changed" on "Template graylog2 server".
Created: Trigger "Node is marked as DOWN" on "Template graylog2 server".
Created: Trigger "Node is not processing" on "Template graylog2 server".
Created: Trigger "Node is not running" on "Template graylog2 server".
Created: Trigger "Node master status changed" on "Template graylog2 server".
Created: Trigger "Node transport info changed" on "Template graylog2 server".
Trigger "Buffer input utilization is over 80%" depends on trigger "API port is DOWN", which does not exist.

Json files are empty

Hi.

I had the problem that the json files after pull stay empty.

I checked everything and debugged the script.

The only thing I could fix ist was to replace the line 123

${CURL_BASE_CMD}${1} | jq '.' > $2

with a direct call of curl:

curl -u "$USERNAME":"$PASSWORD" -Ss "http://$HOSTNAME:$APIPORT/api$1" | jq '.' > $2

Don't know what the reason was, but now with " instead of ' and without ${} and wrap the url with " everything works.

Tried to put everything in the CURL_BASE_CMD var, but no success.

Maybe this helps someone.

Zabbix 3.2
Graylog 3.1
Debian 8.10 (Jessie)
Bash 4.3.30

Cannot write the file to /tmp

Hey,
Ever seen the issue where the .sh script cannot write the json file to /tmp?

debug '[get_system_lb_status] Executing'
'[' '!' -z ']'
jq -r .lb_status /tmp/192.168.32.163-system.json
jq: /tmp/192.168.32.163-system.json: No such file or directory

Thanks