search

Alignak-monitoring-contrib / alignak-module-nsca

Alignak receiver module to handle NSCA passive checks
GNU Affero General Public License v3.0
0 stars 0 forks source link

Identify incorrectly configured nsca clients #15

Open spea1 opened 7 years ago

spea1 commented 7 years ago

I can not identify incorrectly configured nsca clients in the receiverd.log. For example wrong encryption_method setings It is possible to write the source ip to the receiverd.log?

# /usr/local/var/log/alignak/receiverd.log

[2017-10-12 17:23:09 CEST] WARNING: [alignak.module.nsca] Packet output decoding error: 'ascii' codec can't decode byte 0x83 in
position 36: ordinal not in range(128)
[2017-10-12 17:23:09 CEST] WARNING: [alignak.module.nsca] Faulty NSCA packet content: 9c5c84f370b52ac5a792d5bb106e7483c9028a6a72
4d12fa48c6b731c675d00dd58028247966bb2770b7257b85db48d18a474dba82b9ee14682c8c7a923f74ff1ceaf59a19423e7b39fb0311d1e8f019cfca421486
aa7a490cec767ce412505d4ce6aa36e51611d6962f35078dfac99ca93c7bd4d498d335c80abb2214a1c2be9c5fb4646c65272afe4d5d66106c18f7ad67fc5841
7412fa48c6b731c675d00dd58028247966bb2770b7257b85db48d18a474dba82b9ee14682c8c7a923f74ff1ceaf59a19423e7b39fb0311d1e8dd38e5ff5433ae
95310a36b04c5cb07d243c20dc8a0fdc3827e3a3687727a0da9cefcc5841f4edaefd06f03efc603489fb89b97694494c23554f9b777d553e5e2fc5ea25dc7072
513b866f9aeb0e9a23bf61a0ed4d5f1f558a4141d1101da8e87ae6ef6a7c8be78ac32d0a4abf57aa0f429a2a8cc3ff2f7b084844a72377a38dfb4d91932a5ed6
ed207d41ae4d4fd03c696475d09107d23825efaf170e37b6c9fda5870542e2e4a1f3129456847e42ceaecbf13acf025f54411b98783b4b235e2f928056cd3d72
592b982ef59a09f643b53bb3b64d124050885a2c974309e0be68f4ad7a7f8fa782df245319b74aa90e44cf3ccdb1a0456258095c9e242ce9c6a65d94925a32d4
ea3f7835d54147d53c656475de9f0dd52d22e7b8160c30bdcce9bbed0627f4b2eab650e82f9c1f2699e785ad6f8f5157551c1bce7d7d41535644d7cb15993d66
4921d47af18604f7329236ecae11124c53891c44991c43b7ec7eeaba7c7483ac8fdb215a1bac5dd10528df7a9890ff396719460ade3820e1d3ab519c902c40df
d911490cec767ce412505d4ce6aa36e51611d6962f35078dfac99ca93c7bd4d498d335c80abb2214a1c2be9c5fb4646c65272afe4d5d66106c18f7ad67fc5841
7412fa48c6b731c675d00dd58028247966bb2770b7257b85db48d18a474dba82b9ee14682c8c7a923f74ff1ceaf59a19423e7b39fb0311d1e81240
[2017-10-12 17:23:09 CEST] INFO: [alignak.module.nsca] Dropping packet with stale timestamp - packet was 1507821789.07 seconds o
ld. Timestamp: 0
mohierf commented 7 years ago

Sure it is. This PR: https://github.com/Alignak-monitoring-contrib/alignak-module-nsca/pull/9 is made to dump the client IP to the debug log ...

Making it dumped to the INFO log level would have spammed the receiver log file ... this will be possible, IMHO, when we will adress this issue: #10.

With #10, when an host is spamming your receiver, you will be able to blacklist the host which you will have found in the receiver log file 😉

spea1 commented 7 years ago

works great thanks!

[2017-10-12 18:01:38 CEST] INFO: [alignak.module.nsca] Connection from: ('1.2.3.4', 64654)
[2017-10-12 18:01:38 CEST] WARNING: [alignak.module.nsca] Packet output decoding error: 'ascii' codec can't decode byte 0x89 inposition 37: ordinal not in range(128)
[2017-10-12 18:01:38 CEST] WARNING: [alignak.module.nsca] Faulty NSCA packet content: e60f2b3ef18334ba9f37cd624d1e284e8939959107
e177346bceb59122620a311fc97e6fcde2ac4b818fd2c6dc48911ddcbe43ed4a9da04a72a0c11a0df6c908506c9e84d6682132aab30cff1b0b09d08125ce4119
...
...
d877346bceb59122620a311fc97e6fcde2ac4b818fd2c6dc48911ddcbe43ed4a9da04a72a0c11a0df6c908506c9e84d6682132aab30cff1b0b0665
[2017-10-12 18:01:38 CEST] INFO: [alignak.module.nsca] Dropping packet with stale timestamp - packet was 1507824098.2 seconds old. Timestamp: 0
mohierf commented 7 years ago

I had the same problem as you 😉

spea1 commented 7 years ago

How about a configuration parameter in the mod-nsca.cfg for the problem. default no log otherwise entry log level