| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 |
- #!/usr/bin/env python
- #
- # Copyright (c) 2017-2020 Joe Clarke <jclarke@cisco.com>
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- # 1. Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # 2. Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in the
- # documentation and/or other materials provided with the distribution.
- #
- # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- # SUCH DAMAGE.
- from __future__ import print_function
- import paramiko
- import os
- from sparker import Sparker, MessageType # type: ignore
- import time
- import re
- import json
- import CLEUCreds # type: ignore
- from cleu.config import Config as C # type: ignore
- SPARK_ROOM = "Core Alarms"
- CACHE_FILE = "/home/jclarke/nat_limit.dat"
- def send_command(chan, command):
- chan.sendall(command + "\n")
- time.sleep(0.5)
- output = ""
- i = 0
- while i < 60:
- r = chan.recv(65535)
- if len(r) == 0:
- raise EOFError("Remote host has closed the connection")
- r = r.decode("utf-8", "ignore")
- output += r
- if re.search(r"[#>]$", r.strip()):
- break
- time.sleep(1)
- return output
- if __name__ == "__main__":
- prev_state = {}
- curr_state = {}
- spark = Sparker(token=CLEUCreds.SPARK_TOKEN)
- if os.path.exists(CACHE_FILE):
- with open(CACHE_FILE, "r") as fd:
- prev_state = json.load(fd)
- ssh_client = paramiko.SSHClient()
- ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- routers = ["CORE1-EDGE", "CORE2-EDGE"]
- for router in routers:
- try:
- ssh_client.connect(
- router,
- username=CLEUCreds.NET_USER,
- password=CLEUCreds.NET_PASS,
- timeout=60,
- allow_agent=False,
- look_for_keys=False,
- )
- chan = ssh_client.invoke_shell()
- try:
- send_command(chan, "term length 0")
- send_command(chan, "term width 0")
- except:
- pass
- output = ""
- try:
- output = send_command(chan, "show ip nat limit all-host | inc [0-9] +[1-9][0-9]+[^0-9]+$")
- except Exception as ie:
- print(f"Failed to get NAT limit from {router}: {ie}")
- continue
- for line in output.split("\n"):
- m = re.search(r"^(\d+\.\d+\.\d+\.\d+)\s+\d+\s+\d+\s+(\d+)", line)
- if m:
- host = m.group(1)
- misses = m.group(2)
- if host not in prev_state:
- spark.post_to_spark(
- C.WEBEX_TEAM,
- SPARK_ROOM,
- "Host **{}** has exceeded its NAT connection limit **{}** times".format(host, misses),
- MessageType.BAD,
- )
- curr_state[host] = int(misses)
- for host, misses in list(prev_state.items()):
- if host not in curr_state:
- spark.post_to_spark(
- C.WEBEX_TEAM, SPARK_ROOM, "Host **{}** has aged out of the NAT limit exceeded table".format(host), MessageType.GOOD
- )
- except Exception as e:
- ssh_client.close()
- print(f"Failed to get NAT limits from {router}: {e}")
- continue
- ssh_client.close()
- with open(CACHE_FILE, "w") as fd:
- json.dump(curr_state, fd, indent=4)
|
