Nmap Development mailing list archives
Re: ganglia-gmetad-info.nse
From: Brendan Coles <bcoles () gmail com>
Date: Tue, 28 Jun 2011 13:27:31 +1000
I've combined the ganglia-gmond-info and ganglia-gmetad-info scripts into ganglia-info.nse ( attached ) -- @output -- PORT STATE SERVICE REASON VERSION -- 8651/tcp open ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster name: Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad) -- | ganglia-info: -- | Service: Ganglia Meta Daemon -- | Version: 3.0.7 -- | Grid Name: Fyodor's Grid -- | Cluster Name: Fyodor's Cluster 1 -- | Owner: Fyodor -- | Cluster Name: Fyodor's Cluster 2 -- | Owner: Fyodor -- | Hostname: ganglia.example.com -- | IP: 192.168.1.1 -- | disk total: 482.853GB -- | cpu speed: 2133MHz -- | part max used: 74.7% -- | swap total: 2097144KB -- | os name: Linux -- | cpu user: 3.4% -- | cpu system: 0.4% -- | cpu aidle: 95.2% -- | load five: 0.13 -- | proc run: 0 -- | mem free: 714040KB -- | mem buffers: 262100KB -- | swap free: 2097144KB -- | bytes in: 2332.70bytes/sec -- | pkts out: 2.70packets/sec -- | cpu num: 2CPUs -- | disk free: 188.861GB -- | mem total: 3114872KB -- | cpu wio: 0.1% -- | boottime: 1307115184s -- | machine type: x86 -- | os release: 2.6.18-238.9.1.el5 -- | cpu nice: 0.0% -- | cpu idle: 96.1% -- | load one: 0.04 -- | load fifteen: 0.14 -- | proc total: 245 -- | mem shared: 0KB -- | mem cached: 1260100KB -- | gexec: OFF -- | bytes out: 640.10bytes/sec -- |_ pkts in: 12.90packets/sec On Fri, Jun 10, 2011 at 12:51 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:
Would it make sense to do one script called ganglia-info rather than two scripts? I guess it would still be good for the version detection to identify which service you are dealing with. On Thu, Jun 9, 2011 at 1:13 PM, Brendan Coles <bcoles () gmail com> wrote:Hi nmap-dev, Attached is ganglia-gmetad-info.nse which is designed to retrieve system information from a Ganglia Meta Daemon, as per the script ideas page on secwiki.org I've also attached a tiny modification to the Ganglia Monitoring Daemon script ( ganglia-gmond-info.nse --- see: http://seclists.org/nmap-dev/2011/q2/875 ) to stop the script returningdatafrom a Ganglia Meta Daemon. These two services are almost identical. If you aren't familiar with Ganglia, the monitoring daemon (port 8649) returns data for hosts in a single cluster whereas the meta daemon (port 8651) returns data for hostsinmultiple clusters. Nmap currently reports both services as "ganglia" --- can anyone foreseeanyissues with changing the nmap-service-probes for Ganglia from: match ganglia m|^<\?xml version=\"1\.0\".*<!DOCTYPE GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\" SOURCE=\"([^\"]+)\">.*<CLUSTER NAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XML Grid monitor/ v/$1/ i/Cluster name:$3;Owner: $4; Source: $2/ d/specialized/ to: match ganglia-metad m|^<\?xml version=\"1\.0\".*<!DOCTYPE GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"SOURCE=\"gmetad\">.*<CLUSTERNAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XMLGridmonitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/ match ganglia-gmond m|^<\?xml version=\"1\.0\".*<!DOCTYPE GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"SOURCE=\"gmond\">.*<CLUSTERNAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XMLGridmonitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/ ... in order to reflect the difference in the service type? (Note the difference in the "source" property of the GANGLIA_XML node.) Is this a good idea? The difference between the two is currently only reported (in service fingerprinting mode) in the version, as follows: 8649/tcp open ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Clustername:Fyodor's Cluster; Owner: Fyodor; Source: gmond) 8651/tcp open ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Clustername:Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad) ( Note the difference in "source:" ) If the probes aren't changed then both scripts will be triggered by the "ganglia" service if the user is running all discovery scripts. If the probes can't be changed for some unforeseen reason, would it beworthcombining these two scripts into one? Furthermore, both scripts currently print the following in debugging modeifthe service type is incorrect: ("%s: %s:%s is not a Ganglia Monitoring Daemon."):format(script_name, host.targetname or host.ip, port.number) or: ("%s: %s:%s is not a Ganglia Meta Daemon."):format(script_name, host.targetname or host.ip, port.number) ... based on the aforementioned GANGLIA_XML nodes. Perhaps a bettersolutionwould be to return the error message even when debugging is off andadvisethe user to try the other script? Finally, what do you think of the (rather verbose) output? Shouldverbositybe a script argument? If so, what data do you consider important for the standard output? Feedback is welcomed and appreciated. ----------------------------------- description = [[ Retrieves system information from a listening Ganglia Meta Daemon.Gangliais a scalable distributed monitoring system for high-performancecomputingsystems such as clusters and Grids. The information retrieved includesHDDsize, available memory, OS version, architecture (and more) from each of the systems in each of the clusters in the grid. For more information about the Ganglia Meta Daemon, see: http://ganglia.sourceforge.net/http://en.wikipedia.org/wiki/Ganglia_(software)#Ganglia_Meta_Daemon_.28gmetad.29]] --- -- @usage -- nmap --script ganglia-gmetad-info --script-args ganglia-gmetad-info.timeout=30,ganglia-gmetad-info.bytes=1000000 -p 8651 <target> -- -- @args ganglia-gmetad-info.timeout -- Set timeout in seconds. The default value is 30. -- About 5KB-10KB of data is returned for each host in the cluster. -- Retrieving data from a grid of 25 hosts (~100KB-250KB) takes ~8s-20s @ 100Kb/s -- @args ganglia-gmetad-info.bytes -- Set the number of bytes to retrieve. The default value is 1000000. -- About 5KB-10KB of data is returned for each host in the cluster. -- 1,000,000 bytes should be enough for at least 100 hosts. -- -- @output -- PORT STATE SERVICE REASON VERSION -- 8651/tcp open ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster name: Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad) -- | ganglia-gmetad-info: -- | Version: 3.0.7 -- | Grid: -- | Name: Fyodor's Grid -- | Cluster: -- | Name: Fyodor's Cluster 1 -- | Owner: Fyodor -- | Cluster: -- | Name: Fyodor's Cluster 2 -- | Owner: Fyodor -- | Host [Name: ganglia.example.com; IP: 192.168.1.1] -- | disk total: 482.853GB -- | cpu speed: 2133MHz -- | part max used: 74.7% -- | swap total: 2097144KB -- | os name: Linux -- | cpu user: 3.4% -- | cpu system: 0.4% -- | cpu aidle: 95.2% -- | load five: 0.13 -- | proc run: 0 -- | mem free: 714040KB -- | mem buffers: 262100KB -- | swap free: 2097144KB -- | bytes in: 2332.70bytes/sec -- | pkts out: 2.70packets/sec -- | cpu num: 2CPUs -- | disk free: 188.861GB -- | mem total: 3114872KB -- | cpu wio: 0.1% -- | boottime: 1307115184s -- | machine type: x86 -- | os release: 2.6.18-238.9.1.el5 -- | cpu nice: 0.0% -- | cpu idle: 96.1% -- | load one: 0.04 -- | load fifteen: 0.14 -- | proc total: 245 -- | mem shared: 0KB -- | mem cached: 1260100KB -- | gexec: OFF -- | bytes out: 640.10bytes/sec -- |_ pkts in: 12.90packets/sec Regards, Brendan Coles http://itsecuritysolutions.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Attachment:
ganglia-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ganglia-gmetad-info.nse Brendan Coles (Jun 09)
- Re: ganglia-gmetad-info.nse Toni Ruottu (Jun 09)
- Re: ganglia-gmetad-info.nse Brendan Coles (Jun 27)
- Re: ganglia-gmetad-info.nse Toni Ruottu (Jun 09)