d_mcknight/Varken
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added asa module. fixes #44. Version Bump 1.0!!!

Browse source
This commit is contained in:
Nicholas St. Germain 2018-12-09 21:41:38 -06:00
parent 6c534c63b6
commit ef7f471d58
8 changed files with 113 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Varken.py
View file

@ -20,6 +20,7 @@ from varken.sonarr import SonarrAPI
from varken.tautulli import TautulliAPI from varken.tautulli import TautulliAPI
from varken.radarr import RadarrAPI from varken.radarr import RadarrAPI
from varken.ombi import OmbiAPI from varken.ombi import OmbiAPI
from varken.cisco import CiscoAPI
from varken.dbmanager import DBManager from varken.dbmanager import DBManager
from varken.varkenlogger import VarkenLogger from varken.varkenlogger import VarkenLogger
@ -98,8 +99,14 @@ if __name__ == "__main__":
if server.request_total_counts: if server.request_total_counts:
schedule.every(server.request_total_run_seconds).seconds.do(threaded, OMBI.get_total_requests) schedule.every(server.request_total_run_seconds).seconds.do(threaded, OMBI.get_total_requests)
if CONFIG.ciscoasa_enabled:
for firewall in CONFIG.ciscoasa_firewalls:
ASA = CiscoAPI(firewall, DBMANAGER)
schedule.every(firewall.get_bandwidth_run_seconds).seconds.do(threaded, ASA.get_bandwidth)
# Run all on startup # Run all on startup
SERVICES_ENABLED = [CONFIG.ombi_enabled, CONFIG.radarr_enabled, CONFIG.tautulli_enabled, CONFIG.sonarr_enabled] SERVICES_ENABLED = [CONFIG.ombi_enabled, CONFIG.radarr_enabled, CONFIG.tautulli_enabled,
CONFIG.sonarr_enabled, CONFIG.ciscoasa_enabled]
if not [enabled for enabled in SERVICES_ENABLED if enabled]: if not [enabled for enabled in SERVICES_ENABLED if enabled]:
exit("All services disabled. Exiting") exit("All services disabled. Exiting")
schedule.run_all() schedule.run_all()

7
data/varken.example.ini
View file

@ -10,7 +10,7 @@ sonarr_server_ids = 1,2
radarr_server_ids = 1,2 radarr_server_ids = 1,2
tautulli_server_ids = 1 tautulli_server_ids = 1
ombi_server_ids = 1 ombi_server_ids = 1
asa = false ciscoasa_firewall_ids = false
[influxdb] [influxdb]
url = influxdb.domain.tld url = influxdb.domain.tld
@ -81,10 +81,11 @@ request_type_run_seconds = 300
get_request_total_counts = true get_request_total_counts = true
request_total_run_seconds = 300 request_total_run_seconds = 300
[asa] [ciscoasa-1]
url = firewall.domain.tld url = firewall.domain.tld
username = cisco username = cisco
password = cisco password = cisco
influx_db = asa outside_interface = WAN
ssl = false ssl = false
verify_ssl = true verify_ssl = true
get_bandwidth_run_seconds = 300

1
requirements.txt
View file

@ -7,3 +7,4 @@ geoip2>=2.9.0
influxdb>=5.2.0 influxdb>=5.2.0
schedule>=0.5.0 schedule>=0.5.0
distro>=1.3.0 distro>=1.3.0
urllib3>=1.22

2
varken/__init__.py
View file

@ -1 +1 @@
VERSION = 0.2 VERSION = 1.0

62
varken/cisco.py Normal file
View file

@ -0,0 +1,62 @@
import logging
from requests import Session, Request
from datetime import datetime, timezone
from varken.helpers import connection_handler
class CiscoAPI(object):
def __init__(self, firewall, dbmanager):
self.now = datetime.now(timezone.utc).astimezone().isoformat()
self.dbmanager = dbmanager
self.firewall = firewall
# Create session to reduce server web thread load, and globally define pageSize for all requests
self.session = Session()
self.session.auth = (self.firewall.username, self.firewall.password)
self.logger = logging.getLogger()
self.get_token()
def __repr__(self):
return "<ciscoasa-{}>".format(self.firewall.id)
def get_token(self):
endpoint = '/api/tokenservices'
req = self.session.prepare_request(Request('POST', self.firewall.url + endpoint))
post = connection_handler(self.session, req, self.firewall.verify_ssl)
if not post:
return
self.session.headers = {'X-Auth-Token': post}
def get_bandwidth(self):
self.now = datetime.now(timezone.utc).astimezone().isoformat()
endpoint = '/api/monitoring/device/interfaces/' + self.firewall.outside_interface
if not self.session.headers:
return
req = self.session.prepare_request(Request('GET', self.firewall.url + endpoint))
print(req.headers)
get = connection_handler(self.session, req, self.firewall.verify_ssl)
if not get:
return
influx_payload = [
{
"measurement": "Cisco ASA",
"tags": {
"interface": self.firewall.outside_interface
},
"time": self.now,
"fields": {
"upload_bitrate": get['outputBitRate'],
"download_bitrate": get['inputBitRate']
}
}
]
self.dbmanager.write_points(influx_payload)

8
varken/helpers.py
View file

@ -2,10 +2,10 @@ import os
import time import time
import tarfile import tarfile
import hashlib import hashlib
import urllib3
import geoip2.database import geoip2.database
import logging import logging
from functools import update_wrapper
from json.decoder import JSONDecodeError from json.decoder import JSONDecodeError
from os.path import abspath, join from os.path import abspath, join
from requests.exceptions import InvalidSchema, SSLError from requests.exceptions import InvalidSchema, SSLError
@ -58,6 +58,8 @@ def connection_handler(session, request, verify):
v = verify v = verify
return_json = False return_json = False
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
try: try:
get = s.send(r, verify=v) get = s.send(r, verify=v)
if get.status_code == 401: if get.status_code == 401:
@ -69,6 +71,10 @@ def connection_handler(session, request, verify):
return_json = get.json() return_json = get.json()
except JSONDecodeError: except JSONDecodeError:
logger.error('No JSON response... BORKED! Let us know in discord') logger.error('No JSON response... BORKED! Let us know in discord')
# 204 No Content is for ASA only
elif get.status_code == 204:
if get.headers['X-Auth-Token']:
return get.headers['X-Auth-Token']
except InvalidSchema: except InvalidSchema:
logger.error('You added http(s):// in the config file. Don\'t do that.') logger.error('You added http(s):// in the config file. Don\'t do that.')

37
varken/iniparser.py
View file

@ -2,14 +2,14 @@ import configparser
import logging import logging
from sys import exit from sys import exit
from os.path import join, exists from os.path import join, exists
from varken.structures import SonarrServer, RadarrServer, OmbiServer, TautulliServer, InfluxServer from varken.structures import SonarrServer, RadarrServer, OmbiServer, TautulliServer, InfluxServer, CiscoASAFirewall
logger = logging.getLogger() logger = logging.getLogger()
class INIParser(object): class INIParser(object):
def __init__(self, data_folder): def __init__(self, data_folder):
self.config = configparser.ConfigParser() self.config = configparser.ConfigParser(interpolation=None)
self.data_folder = data_folder self.data_folder = data_folder
self.influx_server = InfluxServer() self.influx_server = InfluxServer()
@ -26,8 +26,8 @@ class INIParser(object):
self.tautulli_enabled = False self.tautulli_enabled = False
self.tautulli_servers = [] self.tautulli_servers = []
self.asa_enabled = False self.ciscoasa_enabled = False
self.asa = None self.ciscoasa_firewalls = []
self.parse_opts() self.parse_opts()
@ -172,15 +172,22 @@ class INIParser(object):
self.ombi_servers.append(server) self.ombi_servers.append(server)
# Parse ASA opts # Parse ASA opts
if self.config.getboolean('global', 'asa'): self.ciscoasa_enabled = self.enable_check('ciscoasa_firewall_ids')
self.asa_enabled = True
url = self.config.get('asa', 'url')
username = self.config.get('asa', 'username')
password = self.config.get('asa', 'password')
scheme = 'https://' if self.config.getboolean('asa', 'ssl') else 'http://'
verify_ssl = self.config.getboolean('asa', 'verify_ssl')
if scheme != 'https://':
verify_ssl = False
db_name = self.config.get('asa', 'influx_db')
self.asa = (scheme + url, username, password, verify_ssl, db_name) if self.ciscoasa_enabled:
fids = self.config.get('global', 'ciscoasa_firewall_ids').strip(' ').split(',')
for firewall_id in fids:
ciscoasa_section = 'ciscoasa-' + firewall_id
url = self.config.get(ciscoasa_section, 'url')
username = self.config.get(ciscoasa_section, 'username')
password = self.config.get(ciscoasa_section, 'password')
scheme = 'https://' if self.config.getboolean(ciscoasa_section, 'ssl') else 'http://'
verify_ssl = self.config.getboolean(ciscoasa_section, 'verify_ssl')
if scheme != 'https://':
verify_ssl = False
outside_interface = self.config.get(ciscoasa_section, 'outside_interface')
get_bandwidth_run_seconds = self.config.getint(ciscoasa_section, 'get_bandwidth_run_seconds')
firewall = CiscoASAFirewall(firewall_id, scheme + url, username, password, outside_interface,
verify_ssl, get_bandwidth_run_seconds)
self.ciscoasa_firewalls.append(firewall)

8
varken/structures.py
View file

@ -70,6 +70,14 @@ class InfluxServer(NamedTuple):
username: str = 'root' username: str = 'root'
password: str = 'root' password: str = 'root'
class CiscoASAFirewall(NamedTuple):
id: int = None
url: str = '192.168.1.1'
username: str = 'cisco'
password: str = 'cisco'
outside_interface: str = None
verify_ssl: bool = False
get_bandwidth_run_seconds: int = 30
class OmbiRequestCounts(NamedTuple): class OmbiRequestCounts(NamedTuple):
pending: int = 0 pending: int = 0