Small fixes in check_samba_dc (skip unparsable logs, and handle message with NT_STATUS_NO_SUCH_USER

tags/zabbix-agent-addons-0.2.141-1
Daniel Berteaud 4 years ago
parent 67a3da6404
commit 33c03ebe45
  1. 4
      zabbix_scripts/check_samba_dc_sudo

@ -147,6 +147,8 @@ if (defined $ou){
open (my $auth_log, '<', $audit_auth_log) or die "Couldn't open $audit_auth_log : $!\n"; open (my $auth_log, '<', $audit_auth_log) or die "Couldn't open $audit_auth_log : $!\n";
foreach my $line (<$auth_log>){ foreach my $line (<$auth_log>){
my $event = from_json($line); my $event = from_json($line);
# Skip the log entry if we can't parse JSON
next if (not defined $event);
my $type = $event->{type}; my $type = $event->{type};
# We're only interested in Authentication and Authorization messages # We're only interested in Authentication and Authorization messages
next if ($type ne 'Authentication' and $type ne 'Authorization'); next if ($type ne 'Authentication' and $type ne 'Authorization');
@ -159,7 +161,7 @@ if (defined $ou){
my $subject; my $subject;
if ($type eq 'Authentication'){ if ($type eq 'Authentication'){
# Accounts ending with $ are for computers # Accounts ending with $ are for computers
$subject = ($event->{$type}->{mappedAccount} =~ m/\$$/) ? 'computers' : 'users'; $subject = (($event->{$type}->{mappedAccount} || $event->{$type}->{clientAccount} || '')=~ m/\$$/) ? 'computers' : 'users';
if ($event->{Authentication}->{status} eq 'NT_STATUS_OK'){ if ($event->{Authentication}->{status} eq 'NT_STATUS_OK'){
$json->{activity}->{authentications}->{$subject}->{success}++; $json->{activity}->{authentications}->{$subject}->{success}++;
} else { } else {

Loading…
Cancel
Save