Monitoring plugin to check conntrack NAT source ID address for a destination.
- filter destination with IP address, protocol and destination port
- check NAT source IP address against one detected from routing table
- check number of NAT source IP address use against a limit
This script could be used as Icinga/Nagios check plugin.
- conntrack CLI command
cd /usr/local/src git clone https://gitlab.easter-eggs.com/brenard/check_conntrack_src_addr.git mkdir -p /usr/local/lib/nagios/plugins/ ln -s /usr/local/src/check_conntrack_src_addr/check_conntrack_src_addr /usr/local/lib/nagios/plugins/
Usage: ./check_conntrack_src_addr [-h|-d] -D destination [-l limit] [-c] [-f IP address] -h Show this help message -d Show debug messages -C The conntrack command path (default: /usr/sbin/conntrack) -S Use sudo to run conntrack commands -D [destination] The destination IP address -p [protocol] The destination procotol (ex: tcp or udp) -P [port] The destination procotol port (ex: 5600) -c Check source NAT IP address against detected source IP address from route table -f [IP address] If check source NAT IP address enabled, specified source IP address of connection -i [input interface] If check source NAT IP address enabled, specified source input interface device (default: auto-detected from source IP address)
Copyright (c) 2020 Easter-eggs
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.