ssh_firewall_session.sh -- 登陆防火墙并执行dis session statistics
firewall_check_sessions.c -- 调用上面脚本,过滤出sessioin的数值
执行:./firewall_check_sessions ssh_firewall_session.sh 192.168.0.1
vi ssh_firewall_session.sh
#!/usr/bin/expect -f
#set port 22
set user xxxxxx
set host [lindex $argv 0 0]
set password xxxxxx
set timeout 30
expect "*assword:*"
send "$password\r"
expect "*FW*"
send "display session statistics\r"
expect "*FW*"
send "quit"
vi firewall_check_sessions.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define OK 0
#define WARNING 1
#define CRITICAL 2
#define UNKNOWN 3
#define LEN 1000L
#define MIN_LEN 32L
//#define TCL_CMD "/home/weihu/tcl/"
#define TCL_CMD "/usr/local/nagios/libexec/"
int exitstatus=OK;
char *exit_status[4]={"OK","WARNING","CRITICAL","UNKNOWN"};
char status_information[LEN];
char performance_data[LEN];
//save session
char cur_session[MIN_LEN]={0};
char tcp_session[MIN_LEN]={0};
char half_open[MIN_LEN]={0};
char half_close[MIN_LEN]={0};
char udp_session[MIN_LEN]={0};
char icmp_session[MIN_LEN]={0};
char rawip_session[MIN_LEN]={0};
int parse_status(char *sh_cmd,char *active_status,char *active_ip_addr) {
int ret;
FILE *fp;
char readbuf[LEN];
char *p,*str;
int line=0;
int mark1=0;
int mark2=0;
char tmp1[LEN];
char tmp2[LEN];
char tmp3[LEN];
char tmp4[LEN];
// fp=popen("/home/neo/check_log/tcl/auto_ssh.sh","r");
fp=popen(sh_cmd,"r");
if(fp==NULL) {
fprintf(stderr,"popen() error. ");
exitstatus=CRITICAL;
printf("%s: - %s | %s\n",exit_status[exitstatus],status_information,performance_data);
exit(exitstatus);
}
while(fgets(readbuf,LEN,fp)!=NULL) {
line++;
// printf("line=%d,readbuf=%s",line,readbuf);
if(strstr(readbuf,"Current session")) {
sscanf(readbuf,"Current session(s):%s",cur_session);
// printf("cur_session=%s\n",cur_session);
}
if(strstr(readbuf,"TCP session")) {
sscanf(readbuf," Current TCP session(s): %s",tcp_session);
// printf("tcp_session=%s\n",tcp_session);
}
if(strstr(readbuf,"Half-Open")) {
sscanf(readbuf," Half-Open: %s Half-Close: %s",half_open,half_close);
// printf("half_open=%s,half_close=%s\n",half_open,half_close);
}
if(strstr(readbuf,"UDP session")) {
sscanf(readbuf," Current UDP session(s): %s",udp_session);
// printf("udp_session=%s\n",udp_session);
}
if(strstr(readbuf,"ICMP session")) {
sscanf(readbuf," Current ICMP session(s): %s",icmp_session);
// printf("icmp_session=%s\n",icmp_session);
}
if(strstr(readbuf,"RAWIP session")) {
sscanf(readbuf," Current RAWIP session(s): %s",rawip_session);
// printf("rawip_session=%s\n",rawip_session);
break;
}
/*
if(line==3) {
for(p=strtok(readbuf," ");p;p=strtok(NULL," ")) {
// str=p;
//Sun
mark1++;
if(mark1==2) {
// printf("p=%s\n",p);
strcpy(active_status,p);
// printf("active_status=%s\n",active_status);
}
}
}
if(line==4) {
for(p=strtok(readbuf," ");p;p=strtok(NULL," /")) {
mark2++;
if(mark2==2) {
// printf("p=%s\n",p);
strcpy(active_ip_addr,p);
// printf("active_ip_addr=%s\n",active_ip_addr);
}
}
break;
}
*/
}
// printf("line=%d\n",line);
ret=pclose(fp);
if(ret==-1) {
fprintf(stderr,"popen() error.\n");
return -1;
}
return 0;
}
int main(int argc, char *argv[]) {
int ret;
char sh_cmd[LEN];
char active_status[LEN];
char active_ip_addr[LEN];
if(argc<=1) {
printf("%s %s\n",argv[0],"auto_ssh_firewall_dis_session.sh + ip");
exit(-1);
}
sprintf(sh_cmd,"%s%s %s",TCL_CMD,argv[1],argv[2]);
// printf("sh_cmd=%s\n",sh_cmd);
ret=parse_status(sh_cmd,active_status,active_ip_addr);
if(ret!=0) {
fprintf(stderr,"parse_status() error.\n");