summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS2
-rwxr-xr-xplugins-scripts/check_ntp.pl472
2 files changed, 2 insertions, 472 deletions
diff --git a/NEWS b/NEWS
index 2550ca8..33e8a5c 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ This file documents the major additions and syntax changes between releases.
21 check_ssh now returns CRITICAL for protocol/version errors 21 check_ssh now returns CRITICAL for protocol/version errors
22 If a plugin is invoked with -h/--help or -V/--version, the exit status 22 If a plugin is invoked with -h/--help or -V/--version, the exit status
23 is now UNKNOWN 23 is now UNKNOWN
24 The superseded check_ntp.pl was removed, please use check_ntp_peer or
25 check_ntp_time instead
24 26
252.1.1 2nd December 2014 272.1.1 2nd December 2014
26 FIXES 28 FIXES
diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl
deleted file mode 100755
index f400001..0000000
--- a/plugins-scripts/check_ntp.pl
+++ /dev/null
@@ -1,472 +0,0 @@
1#!@PERL@ -w
2#
3# (c)1999 Ian Cass, Knowledge Matters Ltd.
4# Read the GNU copyright stuff for all the legalese
5#
6# Check NTP time servers plugin. This plugin requires the ntpdate utility to
7# be installed on the system, however since it's part of the ntp suite, you
8# should already have it installed.
9#
10#
11# Nothing clever done in this program - its a very simple bare basics hack to
12# get the job done.
13#
14# Things to do...
15# check @words[9] for time differences greater than +/- x secs & return a
16# warning.
17#
18# (c) 1999 Mark Jewiss, Knowledge Matters Limited
19# 22-9-1999, 12:45
20#
21# Modified script to accept 2 parameters or set defaults.
22# Now issues warning or critical alert is time difference is greater than the
23# time passed.
24#
25# These changes have not been tested completely due to the unavailability of a
26# server with the incorrect time.
27#
28# (c) 1999 Bo Kersey, VirCIO - Managed Server Solutions <bo@vircio.com>
29# 22-10-99, 12:17
30#
31# Modified the script to give useage if no parameters are input.
32#
33# Modified the script to check for negative as well as positive
34# time differences.
35#
36# Modified the script to work with ntpdate 3-5.93e Wed Apr 14 20:23:03 EDT 1999
37#
38# Modified the script to work with ntpdate's that return adjust or offset...
39#
40#
41# Script modified 2000 June 01 by William Pietri <william@bianca.com>
42#
43# Modified script to handle weird cases:
44# o NTP server doesn't respond (e.g., has died)
45# o Server has correct time but isn't suitable synchronization
46# source. This happens while starting up and if contact
47# with master has been lost.
48#
49# Modifed to run under Embedded Perl (sghosh@users.sf.net)
50# - combined logic some blocks together..
51#
52# Added ntpdate check for stratum 16 desynch peer (James Fidell) Feb 03, 2003
53#
54# ntpdate - offset is in seconds
55# changed ntpdc to ntpq - jitter/dispersion is in milliseconds
56#
57# Patch for for regex for stratum1 refid.
58
59require 5.004;
60use POSIX;
61use strict;
62use Getopt::Long;
63use vars qw($opt_V $opt_h $opt_H $opt_t $opt_w $opt_c $opt_O $opt_j $opt_k $verbose $PROGNAME $def_jitter $ipv4 $ipv6);
64use FindBin;
65use lib "$FindBin::Bin";
66use utils qw($TIMEOUT %ERRORS &print_revision &support);
67
68$PROGNAME="check_ntp";
69
70sub print_help ();
71sub print_usage ();
72
73$ENV{'PATH'}='@TRUSTED_PATH@';
74$ENV{'BASH_ENV'}='';
75$ENV{'ENV'}='';
76
77# defaults in sec
78my $DEFAULT_OFFSET_WARN = 60; # 1 minute
79my $DEFAULT_OFFSET_CRIT = 120; # 2 minutes
80# default in millisec
81my $DEFAULT_JITTER_WARN = 5000; # 5 sec
82my $DEFAULT_JITTER_CRIT = 10000; # 10 sec
83
84Getopt::Long::Configure('bundling');
85GetOptions
86 ("V" => \$opt_V, "version" => \$opt_V,
87 "h" => \$opt_h, "help" => \$opt_h,
88 "v" => \$verbose, "verbose" => \$verbose,
89 "4" => \$ipv4, "use-ipv4" => \$ipv4,
90 "6" => \$ipv6, "use-ipv6" => \$ipv6,
91 "w=f" => \$opt_w, "warning=f" => \$opt_w, # offset|adjust warning if above this number
92 "c=f" => \$opt_c, "critical=f" => \$opt_c, # offset|adjust critical if above this number
93 "O" => \$opt_O, "zero-offset" => \$opt_O, # zero-offset bad
94 "j=s" => \$opt_j, "jwarn=i" => \$opt_j, # jitter warning if above this number
95 "k=s" => \$opt_k, "jcrit=i" => \$opt_k, # jitter critical if above this number
96 "t=s" => \$opt_t, "timeout=i" => \$opt_t,
97 "H=s" => \$opt_H, "hostname=s" => \$opt_H);
98
99if ($opt_V) {
100 print_revision($PROGNAME,'@NP_VERSION@');
101 exit $ERRORS{'UNKNOWN'};
102}
103
104if ($opt_h) {
105 print_help();
106 exit $ERRORS{'UNKNOWN'};
107}
108
109# jitter test params specified
110if (defined $opt_j || defined $opt_k ) {
111 $def_jitter = 1;
112}
113
114$opt_H = shift unless ($opt_H);
115my $host = $1 if ($opt_H && $opt_H =~ m/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[a-zA-Z][-a-zA-Z0-9]+(\.[a-zA-Z][-a-zA-Z0-9]+)*)$/);
116unless ($host) {
117 print "No target host specified\n";
118 print_usage();
119 exit $ERRORS{'UNKNOWN'};
120}
121
122my ($timeout, $owarn, $ocrit, $jwarn, $jcrit);
123
124$timeout = $TIMEOUT;
125($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1);
126
127$owarn = $DEFAULT_OFFSET_WARN;
128($opt_w) && ($opt_w =~ /^([0-9.]+)$/) && ($owarn = $1);
129
130$ocrit = $DEFAULT_OFFSET_CRIT;
131($opt_c) && ($opt_c =~ /^([0-9.]+)$/) && ($ocrit = $1);
132
133$jwarn = $DEFAULT_JITTER_WARN;
134($opt_j) && ($opt_j =~ /^([0-9]+)$/) && ($jwarn = $1);
135
136$jcrit = $DEFAULT_JITTER_CRIT;
137($opt_k) && ($opt_k =~ /^([0-9]+)$/) && ($jcrit = $1);
138
139if ($ocrit < $owarn ) {
140 print "Critical offset should be larger than warning offset\n";
141 print_usage();
142 exit $ERRORS{"UNKNOWN"};
143}
144
145if ($def_jitter) {
146 if ($opt_k < $opt_j) {
147 print "Critical jitter should be larger than warning jitter\n";
148 print_usage();
149 exit $ERRORS{'UNKNOWN'};
150 }
151}
152
153
154my $stratum = -1;
155my $ignoreret = 0;
156my $answer = undef;
157my $offset = undef;
158my $jitter = undef;
159my $syspeer = undef;
160my $candidate = 0;
161my @candidates;
162my $msg; # first line of output to print if format is invalid
163
164my $state = $ERRORS{'UNKNOWN'};
165my $ntpdate_error = $ERRORS{'UNKNOWN'};
166my $jitter_error = $ERRORS{'UNKNOWN'};
167
168# some systems don't have a proper ntpq (migrated from ntpdc)
169my $have_ntpq = undef;
170if ($utils::PATH_TO_NTPQ && -x $utils::PATH_TO_NTPQ ) {
171 $have_ntpq = 1;
172}else{
173 $have_ntpq = 0;
174}
175
176# Just in case of problems, let's not hang Nagios
177$SIG{'ALRM'} = sub {
178 print ("ERROR: No response from ntp server (alarm)\n");
179 exit $ERRORS{"UNKNOWN"};
180};
181alarm($timeout);
182
183# Determine protocol to be used for ntpdate and ntpq
184my $ntpdate = $utils::PATH_TO_NTPDATE;
185my $ntpq = $utils::PATH_TO_NTPQ;
186if ($ipv4) {
187 $ntpdate .= " -4";
188 $ntpq .= " -4";
189}
190elsif ($ipv6) {
191 $ntpdate .= " -6";
192 $ntpq .= " -6";
193}
194# else don't use any flags
195
196###
197###
198### First, check ntpdate
199###
200###
201
202if (!open (NTPDATE, $ntpdate . " -q $host 2>&1 |")) {
203 print "Could not open $ntpdate: $!\n";
204 exit $ERRORS{"UNKNOWN"};
205}
206
207my $out;
208while (<NTPDATE>) {
209 #print if ($verbose); # noop
210 $msg = $_ unless ($msg);
211 $out .= "$_ ";
212
213 if (/stratum\s(\d+)/) {
214 $stratum = $1;
215 }
216
217 if (/(offset|adjust)\s+([-.\d]+)/i) {
218 $offset = $2;
219
220 # An offset of 0.000000 with an error is probably bogus. Actually,
221 # it's probably always bogus, but let's be paranoid here.
222 # Has been reported that 0.0000 happens in a production environment
223 # on Solaris 8 so this check should be taken out - SF tracker 1150777
224 if (defined $opt_O ) {
225 if ($offset == 0) { undef $offset;}
226 }
227
228 $ntpdate_error = defined ($offset) ? $ERRORS{"OK"} : $ERRORS{"CRITICAL"};
229 print "ntperr = $ntpdate_error \n" if $verbose;
230
231 }
232
233 if (/no server suitable for synchronization found/) {
234 if ($stratum == 16) {
235 $ntpdate_error = $ERRORS{"WARNING"};
236 $msg = "Desynchronized peer server found";
237 $ignoreret=1;
238 }
239 else {
240 $ntpdate_error = $ERRORS{"CRITICAL"};
241 $msg = "No suitable peer server found - ";
242 }
243 }
244
245}
246$out =~ s/\n//g;
247close (NTPDATE) ||
248 die $! ? "$out - Error closing $ntpdate pipe: $!"
249 : "$out - Exit status: $? from $ntpdate\n";
250
251# declare an error if we also get a non-zero return code from ntpdate
252# unless already set to critical
253if ( $? && !$ignoreret ) {
254 print "stderr = $? : $! \n" if $verbose;
255 $ntpdate_error = $ntpdate_error == $ERRORS{"CRITICAL"} ? $ERRORS{"CRITICAL"} : $ERRORS{"UNKNOWN"} ;
256 print "ntperr = $ntpdate_error : $!\n" if $verbose;
257}
258
259###
260###
261### Then scan xntpq/ntpq if it exists
262### and look in the 11th column for jitter
263###
264# Field 1: Tally Code ( Space, 'x','.','-','+','#','*','o')
265# Only match for '*' which implies sys.peer
266# or 'o' which implies pps.peer
267# If both exist, the last one is picked.
268# Field 2: address of the remote peer
269# Field 3: Refid of the clock (0.0.0.0 if unknown, WWWV/PPS/GPS/ACTS/USNO/PCS/... if Stratum1)
270# Field 4: stratum (0-15)
271# Field 5: Type of the peer: local (l), unicast (u), multicast (m)
272# broadcast (b); not sure about multicast/broadcast
273# Field 6: last packet receive (in seconds)
274# Field 7: polling interval
275# Field 8: reachability resgister (octal)
276# Field 9: delay
277# Field 10: offset
278# Field 11: dispersion/jitter
279#
280# According to bug 773588 Some solaris xntpd implementations seemto match on
281# "#" even though the docs say it exceeds maximum distance. Providing patch
282# here which will generate a warining.
283
284if ($have_ntpq) {
285
286 if ( open(NTPQ, $ntpq . " -np $host 2>&1 |") ) {
287 while (<NTPQ>) {
288 print $_ if ($verbose);
289 if ( /timed out/ ){
290 $have_ntpq = 0 ;
291 last ;
292 }
293 # number of candidates on <host> for sys.peer
294 if (/^(\*|\+|\#|o])/) {
295 ++$candidate;
296 push (@candidates, $_);
297 print "Candidate count= $candidate\n" if ($verbose);
298 }
299
300 # match sys.peer or pps.peer
301 if (/^(\*|o)(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/) {
302 $syspeer = $2;
303 $stratum = $4;
304 $jitter = $11;
305 print "match $_ \n" if $verbose;
306 if ($jitter > $jcrit) {
307 print "Jitter_crit = $11 :$jcrit\n" if ($verbose);
308 $jitter_error = $ERRORS{'CRITICAL'};
309 } elsif ($jitter > $jwarn ) {
310 print "Jitter_warn = $11 :$jwarn\n" if ($verbose);
311 $jitter_error = $ERRORS{'WARNING'};
312 } else {
313 $jitter_error = $ERRORS{'OK'};
314 }
315 } else {
316 print "No match!\n" if $verbose;
317 $jitter = '(not parsed)';
318 }
319
320 }
321 close NTPQ ||
322 die $! ? "Error closing $ntpq pipe: $!"
323 : "Exit status: $? from $ntpq\n";
324
325 # if we did not match sys.peer or pps.peer but matched # candidates only
326 # generate a warning
327 # based on bug id 773588
328 unless (defined $syspeer) {
329 if ($#candidates >=0) {
330 foreach my $c (@candidates) {
331 $c =~ /^(#)([-0-9.\s]+)\s+([-0-9A-Za-z_().]+)\s+([-0-9.]+)\s+([lumb-]+)\s+([-0-9m.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)/;
332 $syspeer = $2;
333 $stratum = $4;
334 $jitter = $11;
335 print "candidate match $c \n" if $verbose;
336 if ($jitter > $jcrit) {
337 print "Candidate match - Jitter_crit = $11 :$jcrit\n" if ($verbose);
338 $jitter_error = $ERRORS{'CRITICAL'};
339 }elsif ($jitter > $jwarn ) {
340 print "Candidate match - Jitter_warn = $11 :$jwarn \n" if ($verbose);
341 $jitter_error = $ERRORS{'WARNING'};
342 } else {
343 $jitter_error = $ERRORS{'WARNING'};
344 }
345 }
346
347 }
348 }
349 }
350}
351
352
353if ($ntpdate_error != $ERRORS{'OK'}) {
354 $state = $ntpdate_error;
355 if ($ntpdate_error == $ERRORS{'WARNING'} ) {
356 $answer = $msg;
357 }
358 else {
359 $answer = $msg . "Server for ntp probably down";
360 }
361
362 if (defined($offset) && abs($offset) > $ocrit) {
363 $state = $ERRORS{'CRITICAL'};
364 $answer = "Server Error and offset $offset sec > +/- $ocrit sec";
365 } elsif (defined($offset) && abs($offset) > $owarn) {
366 $answer = "Server error and offset $offset sec > +/- $owarn sec";
367 } elsif (defined($jitter) && abs($jitter) > $jcrit) {
368 $answer = "Server error and jitter $jitter msec > +/- $jcrit msec";
369 } elsif (defined($jitter) && abs($jitter) > $jwarn) {
370 $answer = "Server error and jitter $jitter msec > +/- $jwarn msec";
371 }
372
373} elsif ($have_ntpq && $jitter_error != $ERRORS{'OK'}) {
374 $state = $jitter_error;
375 $answer = "Jitter $jitter too high";
376 if (defined($offset) && abs($offset) > $ocrit) {
377 $state = $ERRORS{'CRITICAL'};
378 $answer = "Jitter error and offset $offset sec > +/- $ocrit sec";
379 } elsif (defined($offset) && abs($offset) > $owarn) {
380 $answer = "Jitter error and offset $offset sec > +/- $owarn sec";
381 } elsif (defined($jitter) && abs($jitter) > $jcrit) {
382 $answer = "Jitter error and jitter $jitter msec > +/- $jcrit msec";
383 } elsif (defined($jitter) && abs($jitter) > $jwarn) {
384 $answer = "Jitter error and jitter $jitter msec > +/- $jwarn msec";
385 }
386
387} elsif( !$have_ntpq ) { # no errors from ntpdate and no ntpq or ntpq timed out
388 if (abs($offset) > $ocrit) {
389 $state = $ERRORS{'CRITICAL'};
390 $answer = "Offset $offset sec > +/- $ocrit sec";
391 } elsif (abs($offset) > $owarn) {
392 $state = $ERRORS{'WARNING'};
393 $answer = "Offset $offset sec > +/- $owarn sec";
394 } elsif (( abs($offset) > $owarn) && $def_jitter ) {
395 $state = $ERRORS{'WARNING'};
396 $answer = "Offset $offset sec > +/- $owarn sec, ntpq timed out";
397 } elsif ( $def_jitter ) {
398 $state = $ERRORS{'WARNING'};
399 $answer = "Offset $offset secs, ntpq timed out";
400 } else{
401 $state = $ERRORS{'OK'};
402 $answer = "Offset $offset secs";
403 }
404
405
406
407} else { # no errors from ntpdate or ntpq
408 if (abs($offset) > $ocrit) {
409 $state = $ERRORS{'CRITICAL'};
410 $answer = "Offset $offset sec > +/- $ocrit sec, jitter $jitter msec";
411 } elsif (abs($jitter) > $jcrit ) {
412 $state = $ERRORS{'CRITICAL'};
413 $answer = "Jitter $jitter msec> +/- $jcrit msec, offset $offset sec";
414 } elsif (abs($offset) > $owarn) {
415 $state = $ERRORS{'WARNING'};
416 $answer = "Offset $offset sec > +/- $owarn sec, jitter $jitter msec";
417 } elsif (abs($jitter) > $jwarn ) {
418 $state = $ERRORS{'WARNING'};
419 $answer = "Jitter $jitter msec> +/- $jwarn msec, offset $offset sec";
420
421 } else {
422 $state = $ERRORS{'OK'};
423 $answer = "Offset $offset secs, jitter $jitter msec, peer is stratum $stratum";
424 }
425
426}
427
428foreach my $key (keys %ERRORS) {
429 if ($state==$ERRORS{$key}) {
430# print ("NTP $key: $answer");
431 print ("NTP $key: $answer|offset=$offset, jitter=" . $jitter/1000 . ",peer_stratum=$stratum\n");
432 last;
433 }
434}
435exit $state;
436
437
438####
439#### subs
440
441sub print_usage () {
442 print "Usage: $PROGNAME -H <host> [-46] [-O] [-w <warn>] [-c <crit>] [-j <warn>] [-k <crit>] [-v verbose]\n";
443}
444
445sub print_help () {
446 print_revision($PROGNAME,'@NP_VERSION@');
447 print "Copyright (c) 2003 Bo Kersey/Karl DeBisschop\n";
448 print "\n";
449 print_usage();
450 print "
451Checks the local timestamp offset versus <host> with ntpdate
452Checks the jitter/dispersion of clock signal between <host> and its sys.peer with ntpq\n
453-O (--zero-offset)
454 A zero offset on \"ntpdate\" will generate a CRITICAL.\n
455-w (--warning)
456 Clock offset in seconds at which a warning message will be generated.\n Defaults to $DEFAULT_OFFSET_WARN.
457-c (--critical)
458 Clock offset in seconds at which a critical message will be generated.\n Defaults to $DEFAULT_OFFSET_CRIT.
459-j (--jwarn)
460 Clock jitter in milliseconds at which a warning message will be generated.\n Defaults to $DEFAULT_JITTER_WARN.
461-k (--jcrit)
462 Clock jitter in milliseconds at which a critical message will be generated.\n Defaults to $DEFAULT_JITTER_CRIT.
463
464 If jitter/dispersion is specified with -j or -k and ntpq times out, then a
465 warning is returned.\n
466-4 (--use-ipv4)
467 Use IPv4 connection
468-6 (--use-ipv6)
469 Use IPv6 connection
470\n";
471support();
472}