diff --git a/CHANGELOG b/CHANGELOG
index e7d0bc95963bce4d8763965b8acefc3c1c8a586d..b1f5762306da87bf854e845a2dcd481a89f52ad2 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,3 +8,6 @@
2021-06-14: rewrite for cmk 2.0, added wato for checkpoint_fw_ls
2021-08-09: fixed empty string_table, fixed log server default state
2021-08-16: code cleanup
+2023-04-23: refactoring
+ moved wato files to ~/local/lib/check_mk/gui/plugins/wato
+ moved metrics file to ~/local/lib/check_mk/gui/plugins/metrics
diff --git a/agent_based/checkpoint_fw_ls.py b/agent_based/checkpoint_fw_ls.py
index 5319ef1b55838a37eaf1684def36c57d38690175..7ab842f7709e1bced36ca9da24835872de0b187d 100644
--- a/agent_based/checkpoint_fw_ls.py
+++ b/agent_based/checkpoint_fw_ls.py
@@ -16,25 +16,27 @@
# 2021-06-14: rewrite for cmk 2.0, added wato
# 2021-08-09: fixed empty string_table, fixed log server default state
# 2021-08-16: code cleanup
+# 2023-04-23: refactoring
+
#
# sample snmpwalk
#
# CHECKPOINT-MIB::fwLSConnOverall.0 = INTEGER: 0
# CHECKPOINT-MIB::fwLSConnOverallDesc.0 = STRING: Security Gateway is reporting logs as defined
-# CHECKPOINT-MIB::fwLSConnIndex.1.0 = Gauge32: 1
-# CHECKPOINT-MIB::fwLSConnIndex.2.0 = Gauge32: 2
-# CHECKPOINT-MIB::fwLSConnName.1.0 = STRING: 10.140.2.203
-# CHECKPOINT-MIB::fwLSConnName.2.0 = STRING: 10.140.2.103
-# CHECKPOINT-MIB::fwLSConnState.1.0 = Gauge32: 0
-# CHECKPOINT-MIB::fwLSConnState.2.0 = Gauge32: 2
-# CHECKPOINT-MIB::fwLSConnStateDesc.1.0 = STRING: Log-Server Connected
-# CHECKPOINT-MIB::fwLSConnStateDesc.2.0 = STRING: Log-Server Disconnected
-# CHECKPOINT-MIB::fwLSConnSendRate.1.0 = Gauge32: 0
-# CHECKPOINT-MIB::fwLSConnSendRate.2.0 = Gauge32: 0
+# CHECKPOINT-MIB::index.1.0 = Gauge32: 1
+# CHECKPOINT-MIB::index.2.0 = Gauge32: 2
+# CHECKPOINT-MIB::name.1.0 = STRING: 10.140.2.203
+# CHECKPOINT-MIB::name.2.0 = STRING: 10.140.2.103
+# CHECKPOINT-MIB::state.1.0 = Gauge32: 0
+# CHECKPOINT-MIB::state.2.0 = Gauge32: 2
+# CHECKPOINT-MIB::state_desc.1.0 = STRING: Log-Server Connected
+# CHECKPOINT-MIB::state_desc.2.0 = STRING: Log-Server Disconnected
+# CHECKPOINT-MIB::send_rate.1.0 = Gauge32: 0
+# CHECKPOINT-MIB::send_rate.2.0 = Gauge32: 0
# CHECKPOINT-MIB::fwLocalLoggingDesc.0 = STRING: Logs are written to log server
# CHECKPOINT-MIB::fwLocalLoggingStat.0 = INTEGER: 0
-# CHECKPOINT-MIB::fwLocalLoggingWriteRate.0 = Gauge32: 0
-# CHECKPOINT-MIB::fwLoggingHandlingRate.0 = Gauge32: 0
+# CHECKPOINT-MIB::local_logging_write_rate.0 = Gauge32: 0
+# CHECKPOINT-MIB::logging_handling_rate.0 = Gauge32: 0
#
# .1.3.6.1.4.1.2620.1.1.30.1.0 = INTEGER: 0
# .1.3.6.1.4.1.2620.1.1.30.2.0 = STRING: "Security Gateway is reporting logs as defined"
@@ -56,29 +58,27 @@
#
# sample info
# log server running
-# [[[u'0', u'Security Gateway is reporting logs as defined', u'Logs are written to log server', u'0']],
-# [[u'1', u'192.168.10.10', u'0', u'Log-Server Connected'],
-# [u'2', u'192.168.10.11', u'2', u'Backup Log-Server Not Active']]]
+# [[['0', 'Security Gateway is reporting logs as defined', 'Logs are written to log server', '0']],
+# [['1', '192.168.10.10', '0', 'Log-Server Connected'],
+# ['2', '192.168.10.11', '2', 'Backup Log-Server Not Active']]]
#
# no log server
# [[], []]
#
from typing import NamedTuple, List, Dict, Optional
-
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
CheckResult,
StringTable,
)
-
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
register,
Service,
equals,
Result,
State,
- Metric,
+ check_levels,
SNMPTree,
startswith,
all_of,
@@ -87,29 +87,29 @@ from cmk.base.plugins.agent_based.agent_based_api.v1 import (
class CheckPointFwLsOverAll(NamedTuple):
- fwlsconnoverall: int
- fwlsconnoveralldesc: str
- fwlocalloggingdesc: str
- fwlocalloggingstat: int
- fwLocalLoggingWriteRate: Optional[int]
- fwLoggingHandlingRate: Optional[int]
+ conn_over_all: int
+ conn_over_all_desc: str
+ local_logging_desc: str
+ local_logging_stat: int
+ local_logging_write_rate: Optional[int]
+ logging_handling_rate: Optional[int]
class CheckPointFwLs(NamedTuple):
- fwLSConnIndex: int
- fwLSConnName: str
- fwLSConnState: int
- fwLSConnStateDesc: str
- fwLSConnSendRate: Optional[int]
+ index: int
+ name: str
+ state: int
+ state_desc: str
+ send_rate: Optional[int]
-_fwLSConnState_des = {
+_state_desc = {
0: 'Ok',
1: 'Error',
2: 'Not Active',
}
-_fwLocalLoggingStat = {
+_state = {
0: 'Logging to log servers',
1: 'Logging local configured',
2: 'Logging local due to connectivity',
@@ -117,79 +117,90 @@ _fwLocalLoggingStat = {
}
-def parse_checkpoint_fw_ls(string_table: List[StringTable]) -> Optional[Dict]:
+def parse_checkpoint_fw_ls(string_table: List[StringTable]) -> Optional[Dict[str, any]]:
over_all, log_servers = string_table
try:
- fwlsconnoverall, fwlsconnoveralldesc, fwlocalloggingdesc, fwlocalloggingstat, fwlocalloggingwriterate, \
- fwlogginghandlingrate = over_all[0]
+ conn_over_all, conn_over_all_desc, local_logging_desc, local_logging_stat, local_logging_write_rate, \
+ logging_handling_rate = over_all[0]
except (IndexError, ValueError):
return
parsed = {}
parsed.update({'over all': CheckPointFwLsOverAll(
- fwlsconnoverall=int(fwlsconnoverall),
- fwlsconnoveralldesc=fwlsconnoveralldesc,
- fwlocalloggingdesc=fwlocalloggingdesc,
- fwlocalloggingstat=int(fwlocalloggingstat),
- fwLocalLoggingWriteRate=int(fwlocalloggingwriterate) if fwlocalloggingwriterate.isdigit() else None,
- fwLoggingHandlingRate=int(fwlogginghandlingrate) if fwlogginghandlingrate.isdigit() else None,
+ conn_over_all=int(conn_over_all),
+ conn_over_all_desc=conn_over_all_desc,
+ local_logging_desc=local_logging_desc,
+ local_logging_stat=int(local_logging_stat),
+ local_logging_write_rate=int(local_logging_write_rate) if local_logging_write_rate.isdigit() else None,
+ logging_handling_rate=int(logging_handling_rate) if logging_handling_rate.isdigit() else None,
)})
- for fwLSConnIndex, fwLSConnName, fwLSConnState, fwLSConnStateDesc, fwLSConnSendRate in log_servers:
- parsed.update({fwLSConnName: CheckPointFwLs(
- fwLSConnIndex=int(fwLSConnIndex),
- fwLSConnName=fwLSConnName,
- fwLSConnState=int(fwLSConnState),
- fwLSConnStateDesc=fwLSConnStateDesc,
- fwLSConnSendRate=int(fwLSConnSendRate) if fwLSConnSendRate.isdigit() else None,
+ for index, name, state, state_desc, send_rate in log_servers:
+ parsed.update({name: CheckPointFwLs(
+ index=int(index),
+ name=name,
+ state=int(state),
+ state_desc=state_desc,
+ send_rate=int(send_rate) if send_rate.isdigit() else None,
)})
return parsed
-def discovery_checkpoint_fw_ls(section: Dict) -> DiscoveryResult:
+def discovery_checkpoint_fw_ls(section: Dict[str, any]) -> DiscoveryResult:
for key in section.keys():
yield Service(item=key)
-def check_checkpoint_fw_ls(item, params, section: Dict) -> CheckResult:
+def check_checkpoint_fw_ls(item, params, section: Dict[str, any]) -> CheckResult:
if item == 'over all':
over_all = section['over all']
- if over_all.fwLocalLoggingWriteRate is not None: # R80.10 and up
- yield Metric(name='checkpoint_fw_ls_localloggingwriterate', value=over_all.fwLocalLoggingWriteRate)
- if over_all.fwLoggingHandlingRate is not None:
- yield Metric(name='checkpoint_fw_ls_logginghandlingrate', value=over_all.fwLoggingHandlingRate)
-
- yield Result(state=State(over_all.fwlsconnoverall), summary=over_all.fwlsconnoveralldesc)
- if over_all.fwlocalloggingdesc != '':
- if over_all.fwlocalloggingstat in [1, 3]:
- yield Result(state=State.WARN, summary=over_all.fwlocalloggingdesc)
- elif over_all.fwlocalloggingstat == 2:
- yield Result(state=State.CRIT, summary=over_all.fwlocalloggingdesc)
+ yield Result(state=State(over_all.conn_over_all), summary=over_all.conn_over_all_desc)
+ if over_all.local_logging_desc != '':
+ if over_all.local_logging_stat in [1, 3]:
+ yield Result(state=State.WARN, summary=over_all.local_logging_desc)
+ elif over_all.local_logging_stat == 2:
+ yield Result(state=State.CRIT, summary=over_all.local_logging_desc)
else:
- yield Result(state=State.OK, notice=over_all.fwlocalloggingdesc)
+ yield Result(state=State.OK, notice=over_all.local_logging_desc)
+
+ for key, value, label in [
+ ('checkpoint_fw_ls_logginghandlingrate', over_all.logging_handling_rate, 'Logging handling rate'),
+ ('checkpoint_fw_ls_localloggingwriterate', over_all.local_logging_write_rate, 'Local logging write rate'),
+ ]:
+ if value is not None:
+ yield from check_levels(
+ value=value,
+ label=label,
+ metric_name=key,
+ render_func=lambda v: f'{v}/s',
+ boundaries=(0, None),
+ )
+
else:
try:
log_server = section[item]
- except IndexError:
+ except KeyError:
return
- print(params)
- if log_server.fwLSConnSendRate is not None: # R80.10 and up
- yield Metric(name='checkpoint_fw_ls_lsconnsendrate', value=log_server.fwLSConnSendRate)
-
- if log_server.fwLSConnState == 1:
+ if log_server.state == 1:
yield Result(state=State.CRIT, summary='State: Connection error')
else:
- yield Result(state=State.OK, summary=f'State: {log_server.fwLSConnStateDesc}')
+ yield Result(state=State.OK, summary=f'State: {log_server.state_desc}')
- exp_connection_state = params['exp_connection_status']
- mon_connection_state = params['mon_connection_state']
+ if log_server.state_desc.lower() != params["exp_connection_status"].lower():
+ yield Result(state=State(params["mon_connection_state"]),
+ summary=f'Expected connection state: {params["exp_connection_status"]}')
- if log_server.fwLSConnStateDesc.lower() != exp_connection_state.lower():
- yield Result(state=State(mon_connection_state),
- summary=f'Expected connection state: {exp_connection_state}')
+ if log_server.send_rate is not None: # R80.10 and up
+ yield from check_levels(
+ value=log_server.send_rate,
+ label='Sending rate',
+ metric_name='checkpoint_fw_ls_lsconnsendrate',
+ render_func=lambda v: f'{v}/s',
+ boundaries=(0, None),
+ )
register.snmp_section(
@@ -203,18 +214,18 @@ register.snmp_section(
'2', # fwLSConnOverallDesc
'4', # fwLocalLoggingDesc
'5', # fwLocalLoggingStat
- '6', # fwLocalLoggingWriteRate
- '7', # fwLoggingHandlingRate
+ '6', # local_logging_write_rate
+ '7', # logging_handling_rate
]
),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.1.30.3.1', # CHECKPOINT-MIB::fwLSConnEntry
oids=[
- '1', # fwLSConnIndex
- '2', # fwLSConnName
- '3', # fwLSConnState
- '4', # fwLSConnStateDesc
- '5', # fwLSConnSendRate
+ '1', # index
+ '2', # name
+ '3', # state
+ '4', # state_desc
+ '5', # send_rate
]
)
diff --git a/agent_based/checkpoint_fwm_ls.py b/agent_based/checkpoint_fwm_ls.py
index 57b01eb8809cbf7090f968ebad1e90c88d42eca7..c3fd60a8d2229e1167a4ceb881351b6253d1d6b5 100644
--- a/agent_based/checkpoint_fwm_ls.py
+++ b/agent_based/checkpoint_fwm_ls.py
@@ -17,7 +17,7 @@
# 2021-06-14: rewrite for cmk 2.0
# 2021-08-09: fixed empty string_table
# 2021-08-16: code cleanup
-#
+# 2023-04-23: refactoring
#
# sample snmpwalk (R77.30)
@@ -86,10 +86,10 @@
# CHECKPOINT-MIB::lsGWState.1.0 = STRING: Connected
# CHECKPOINT-MIB::lsGWLastLoginTime.1.0 = STRING: N/A
# CHECKPOINT-MIB::lsGWLogReceiveRate.1.0 = Gauge32: 0
-# CHECKPOINT-MIB::lsIndexerInfoTotalReadLogs.0 = Wrong Type (should be Gauge32 or Unsigned32): STRING: "20171"
-# CHECKPOINT-MIB::lsIndexerInfoTotalUpdatesAndLogsIndexed.0 = Wrong Type (should be Gauge32 or Unsigned32): STRING: "2607010"
-# CHECKPOINT-MIB::lsIndexerInfoTotalReadLogsErrors.0 = Wrong Type (should be Gauge32 or Unsigned32): STRING: "0"
-# CHECKPOINT-MIB::lsIndexerInfoTotalUpdatesAndLogsIndexedErrors.0 = Wrong Type (should be Gauge32 or Unsigned32): STRING: "9021"
+# CHECKPOINT-MIB::lsIndexerInfoTotalReadLogs.0 = STRING: "20171"
+# CHECKPOINT-MIB::lsIndexerInfoTotalUpdatesAndLogsIndexed.0 = STRING: "2607010"
+# CHECKPOINT-MIB::lsIndexerInfoTotalReadLogsErrors.0 = STRING: "0"
+# CHECKPOINT-MIB::lsIndexerInfoTotalUpdatesAndLogsIndexedErrors.0 = STRING: "9021"
# CHECKPOINT-MIB::lsIndexerInfoUpdatesAndLogsIndexedRate.0 = Gauge32: 4
# CHECKPOINT-MIB::lsIndexerInfoReadLogsRate.0 = Gauge32: 0
# CHECKPOINT-MIB::lsIndexerInfoUpdatesAndLogsIndexedRatePeak.0 = Gauge32: 10
@@ -137,20 +137,18 @@
# .1.3.6.1.4.1.2620.1.11.103.0 = STRING: "Log Server is not running"
#
# sample info
-# [[[u'Check Point Log Server', u'6', u'0', u'4663', u'1', u'0', u'OK', u'OK']], []]
+# [[['Check Point Log Server', '6', '0', '4663', '1', '0', 'OK', 'OK']], []]
#
# no logserver active
# [[], []]
#
from typing import NamedTuple, List, Optional
-
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
CheckResult,
StringTable,
)
-
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
register,
Service,
@@ -158,6 +156,7 @@ from cmk.base.plugins.agent_based.agent_based_api.v1 import (
Result,
State,
Metric,
+ check_levels,
SNMPTree,
startswith,
all_of,
@@ -166,20 +165,20 @@ from cmk.base.plugins.agent_based.agent_based_api.v1 import (
class CheckPointFwmR77(NamedTuple):
- lsvermajor: str
- lsverminor: str
- lsbuildnumber: int
- lsfwmisalive: int
- lsstatcode: int
- lsstatshortdescr: str
- lsstatlongdescr: str
+ ver_major: str
+ ver_minor: str
+ build_number: int
+ is_alive: int
+ state: int
+ state_short_desc: str
+ state_long_desc: str
class CheckPointFwmR80(NamedTuple):
- UpdatesAndLogsIndexedRate: int
- ReadLogsRate: int
- UpdatesAndLogsIndexedRatePeak: int
- ReadLogsRatePeak: int
+ updates_and_logs_indexed_rate: int
+ read_logs_rate: int
+ updates_and_logs_indexed_rate_peak: int
+ read_logs_rate_peak: int
class CheckPointFwm(NamedTuple):
@@ -189,44 +188,40 @@ class CheckPointFwm(NamedTuple):
def parse_checkpoint_fwm_ls(string_table: List[StringTable]) -> Optional[CheckPointFwm]:
try:
- lsvermajor, lsverminor, lsbuildnumber, lsfwmisalive, lsstatcode, lsstatshortdescr, \
- lsstatlongdescr = string_table[0][0]
+ ver_major, ver_minor, build_number, is_alive, state, state_short_desc, \
+ state_long_desc = string_table[0][0]
except (IndexError, ValueError):
return
- checkpointfwmr77 = CheckPointFwmR77(
- lsvermajor=lsvermajor,
- lsverminor=lsverminor,
- lsbuildnumber=lsbuildnumber,
- lsfwmisalive=int(lsfwmisalive),
- lsstatcode=int(lsstatcode),
- lsstatshortdescr=lsstatshortdescr,
- lsstatlongdescr=lsstatlongdescr,
+ r77 = CheckPointFwmR77(
+ ver_major=ver_major,
+ ver_minor=ver_minor,
+ build_number=build_number,
+ is_alive=int(is_alive),
+ state=int(state),
+ state_short_desc=state_short_desc,
+ state_long_desc=state_long_desc,
)
try:
- UpdatesAndLogsIndexedRate, ReadLogsRate, UpdatesAndLogsIndexedRatePeak, ReadLogsRatePeak = string_table[1][0]
- except IndexError:
- return CheckPointFwm(
- R77=checkpointfwmr77,
- R80=None,
- )
- except ValueError:
+ updates_and_logs_indexed_rate, read_logs_rate, updates_and_logs_indexed_rate_peak, \
+ read_logs_rate_peak = string_table[1][0]
+ except (IndexError, ValueError):
return CheckPointFwm(
- R77=checkpointfwmr77,
+ R77=r77,
R80=None,
)
- checkpointfwmr80 = CheckPointFwmR80(
- UpdatesAndLogsIndexedRate=int(UpdatesAndLogsIndexedRate),
- ReadLogsRate=int(ReadLogsRate),
- UpdatesAndLogsIndexedRatePeak=int(UpdatesAndLogsIndexedRatePeak),
- ReadLogsRatePeak=int(ReadLogsRatePeak),
+ r80 = CheckPointFwmR80(
+ updates_and_logs_indexed_rate=int(updates_and_logs_indexed_rate),
+ read_logs_rate=int(read_logs_rate),
+ updates_and_logs_indexed_rate_peak=int(updates_and_logs_indexed_rate_peak),
+ read_logs_rate_peak=int(read_logs_rate_peak),
)
return CheckPointFwm(
- R77=checkpointfwmr77,
- R80=checkpointfwmr80,
+ R77=r77,
+ R80=r80,
)
@@ -235,22 +230,38 @@ def discovery_checkpoint_fwm_ls(section: CheckPointFwm) -> DiscoveryResult:
def check_checkpoint_fwm_ls(params, section: CheckPointFwm) -> CheckResult:
- yield Result(state=State.OK, summary=f'Version: {section.R77.lsvermajor}.{section.R77.lsverminor}')
- yield Result(state=State.OK, summary=f'Build: {section.R77.lsbuildnumber}')
+ yield Result(state=State.OK, summary=f'Version: {section.R77.ver_major}.{section.R77.ver_minor}')
+ yield Result(state=State.OK, summary=f'Build: {section.R77.build_number}')
if not params['ignore_status_on_r80_10']:
- if section.R77.lsfwmisalive != 1:
+ if section.R77.is_alive != 1:
yield Result(state=State.CRIT, summary='Is not alive')
- if section.R77.lsstatcode != 0:
+ if section.R77.state != 0:
yield Result(state=State.CRIT,
- summary=f'Status: {section.R77.lsstatshortdescr}',
- details=f'Status: {section.R77.lsstatlongdescr}')
+ summary=f'Status: {section.R77.state_short_desc}',
+ details=f'Status: {section.R77.state_long_desc}')
+
if section.R80 is not None:
+ for key, value, label in [
+ ('checkpoint_fwm_ls_readlogsrate',
+ section.R80.read_logs_rate,
+ 'Logs read rate'),
+ ('checkpoint_fwm_ls_updatesandlogsindexedrate',
+ section.R80.updates_and_logs_indexed_rate,
+ 'Updates and logs index rate',),
+ ]:
+ if value is not None:
+ yield from check_levels(
+ label=label,
+ value=value,
+ metric_name=key,
+ render_func=lambda v: f'{v}/s',
+ boundaries=(0, None),
+ )
+
for key, value in [
- ('checkpoint_fwm_ls_updatesandlogsindexedrate', section.R80.UpdatesAndLogsIndexedRate),
- ('checkpoint_fwm_ls_updatesandlogsindexedratepeak', section.R80.UpdatesAndLogsIndexedRatePeak),
- ('checkpoint_fwm_ls_readlogsrate', section.R80.ReadLogsRate),
- ('checkpoint_fwm_ls_readlogsratepeak', section.R80.ReadLogsRatePeak),
+ ('checkpoint_fwm_ls_updatesandlogsindexedratepeak', section.R80.updates_and_logs_indexed_rate_peak),
+ ('checkpoint_fwm_ls_readlogsratepeak', section.R80.read_logs_rate_peak),
]:
if value is not None:
yield Metric(name=key, value=value)
diff --git a/checkman/checkpoint_fw_ls b/checkman/checkpoint_fw_ls
index 29a1f888c56e7f76285a4c7c58cb4608e74ee5d0..5df3d275716896aac95b5ef827bc5a7ffde4cf79 100644
--- a/checkman/checkpoint_fw_ls
+++ b/checkman/checkpoint_fw_ls
@@ -1,26 +1,26 @@
-title: Checkpoint Firewalls: Status of Connection to the log server
-agents: snmp
-catalog: hw/network/checkpoint
-license: GPL
-distribution: https://thl-cmk.hopto.org
-description:
- This check monitors the connection form the firewall to the log server.
- The service for the log server connection will be in the state {CRIT} if there
- is an connection error or the connection state changes (for example form connected
- to disconnected). The overall state changes to {WARN}/{CRIT} if the gateway
- reports an overall state of error or warning. For "Local Logging" the over all
- service changes to {WARN} if the gateway reports "local logging configured" or
- "local logging due to high rate". If the Gateway reports "Logging local due to
- connectivity" the overall state changes to {CRIT}.
-
- This check was tested with Check Point R77.10/R77.20/R77.30 and R80.10.
-
- Note: the perfdata may not be available on R77.x
-
-inventory:
- The inventory creates one service for each log server and one service for the
- over all log server connection status.
-
-item:
- The item will be created from the IP address of the log server(s). For the over
- all service the item is static "over all".
+title: Checkpoint Firewalls: Status of Connection to the log server
+agents: snmp
+catalog: hw/network/checkpoint
+license: GPL
+distribution: https://thl-cmk.hopto.org
+description:
+ This check monitors the connection form the firewall to the log server.
+ The service for the log server connection will be in the state {CRIT} if there
+ is an connection error or the connection state changes (for example form connected
+ to disconnected). The overall state changes to {WARN}/{CRIT} if the gateway
+ reports an overall state of error or warning. For "Local Logging" the over all
+ service changes to {WARN} if the gateway reports "local logging configured" or
+ "local logging due to high rate". If the Gateway reports "Logging local due to
+ connectivity" the overall state changes to {CRIT}.
+
+ This check was tested with Check Point R77.10/R77.20/R77.30 and R80.10.
+
+ Note: the perfdata may not be available on R77.x
+
+inventory:
+ The inventory creates one service for each log server and one service for the
+ over all log server connection status.
+
+item:
+ The item will be created from the IP address of the log server(s). For the over
+ all service the item is static "over all".
diff --git a/checkpoint_log_server.mkp b/checkpoint_log_server.mkp
index 22ff9234a6d976dbb9507f2131b2c591a189f036..f19e0886c6f0ff252a002943cb6b2437864ffcdd 100644
Binary files a/checkpoint_log_server.mkp and b/checkpoint_log_server.mkp differ
diff --git a/gui/metrics/checkpoint_fw_log.py b/gui/metrics/checkpoint_fw_log.py
new file mode 100644
index 0000000000000000000000000000000000000000..ad2f815fa47dc756d036fcc3f8b043404c778d6a
--- /dev/null
+++ b/gui/metrics/checkpoint_fw_log.py
@@ -0,0 +1,143 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-17
+#
+# Check Point Logserver metrics plugins
+# checkpoint_fw_ls / checkpoint_fwm_ls
+#
+# 2023-04-22: moved metrics file to ~/local/lib/check_mk/gui/plugins/metrics
+#
+
+from cmk.gui.i18n import _
+from cmk.gui.plugins.metrics.utils import (
+ metric_info,
+ graph_info,
+ perfometer_info
+)
+
+metric_info['checkpoint_fw_ls_localloggingwriterate'] = {
+ 'title': _('Local Logging Writing Rate'),
+ 'unit': '1/s',
+ 'color': '11/a',
+}
+metric_info['checkpoint_fw_ls_logginghandlingrate'] = {
+ 'title': _('Logging Handling Rate'),
+ 'unit': '1/s',
+ 'color': '21/a',
+}
+metric_info['checkpoint_fw_ls_lsconnsendrate'] = {
+ 'title': _('Sending Rate'),
+ 'unit': '1/s',
+ 'color': '31/a',
+}
+
+metric_info['checkpoint_fwm_ls_updatesandlogsindexedrate'] = {
+ 'title': _('Updates and logs index rate'),
+ 'unit': '1/s',
+ 'color': '12/a',
+}
+metric_info['checkpoint_fwm_ls_updatesandlogsindexedratepeak'] = {
+ 'title': _('Updates and logs peak index rate'),
+ 'unit': '1/s',
+ 'color': '22/a',
+}
+
+metric_info['checkpoint_fwm_ls_readlogsrate'] = {
+ 'title': _('Logs read rate'),
+ 'unit': '1/s',
+ 'color': '26/a',
+}
+metric_info['checkpoint_fwm_ls_readlogsratepeak'] = {
+ 'title': _('Logs read peak rate'),
+ 'unit': '1/s',
+ 'color': '22/a',
+}
+
+graph_info['checkpoint_fw_ls_over_all'] = {
+ 'title': _('Check Point Firewall Logserver: over all'),
+ 'metrics': [
+ ('checkpoint_fw_ls_localloggingwriterate', 'line'),
+ ('checkpoint_fw_ls_logginghandlingrate', 'line'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_fw_ls_localloggingwriterate',
+ 'checkpoint_fw_ls_logginghandlingrate',
+ ],
+ 'range': (0, 'checkpoint_fw_ls_logginghandlingrate:max'),
+}
+
+graph_info['checkpoint_fw_ls_gateway'] = {
+ 'title': _('Check Point Firewall Log server'),
+ 'metrics': [
+ ('checkpoint_fw_ls_lsconnsendrate', 'line'),
+ ],
+ 'range': (0, 'checkpoint_fw_ls_lsconnsendrate:max'),
+}
+
+graph_info['checkpoint_fwm_ls_management_read'] = {
+ 'title': _('Check Point Management Firewall Log server read rate'),
+ 'metrics': [
+ ('checkpoint_fwm_ls_readlogsratepeak', 'line'),
+ ('checkpoint_fwm_ls_readlogsrate', 'line'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_fwm_ls_readlogsratepeak',
+ 'checkpoint_fwm_ls_readlogsrate',
+ ],
+ 'range': (0, 'checkpoint_fwm_ls_readlogsrate:max'),
+}
+
+graph_info['checkpoint_fwm_ls_management_indexed'] = {
+ 'title': _('Check Point Management Firewall Log server index rate'),
+ 'metrics': [
+ ('checkpoint_fwm_ls_updatesandlogsindexedratepeak', 'line'),
+ ('checkpoint_fwm_ls_updatesandlogsindexedrate', 'line'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_fwm_ls_updatesandlogsindexedratepeak',
+ 'checkpoint_fwm_ls_updatesandlogsindexedrate',
+ ],
+ 'range': (0, 'checkpoint_fwm_ls_updatesandlogsindexedrate:max'),
+}
+
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_ls_localloggingwriterate',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_ls_logginghandlingrate',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+]))
+
+perfometer_info.append({
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_ls_lsconnsendrate',
+ 'half_value': 500.0,
+ 'exponent': 2,
+})
+
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fwm_ls_readlogsrate',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fwm_ls_updatesandlogsindexedrate',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+]))
diff --git a/gui/wato/checkpoint_fw_ls.py b/gui/wato/checkpoint_fw_ls.py
new file mode 100644
index 0000000000000000000000000000000000000000..d25ac26af62fde51d210ab8ed05ee3e58d52b0d3
--- /dev/null
+++ b/gui/wato/checkpoint_fw_ls.py
@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2016-07-29
+#
+# 2023-04-23: moved wato file to ~/local/lib/check_mk/gui/plugins/wato
+#
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ TextAscii,
+ MonitoringState,
+ DropdownChoice,
+)
+from cmk.gui.plugins.wato.utils import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_fw_ls():
+ return Dictionary(elements=[
+ ('exp_connection_status',
+ DropdownChoice(
+ title=_('Expected connection status for the log server'),
+ choices=[
+ ('Backup Log-Server Not Active', _('Backup: The log server is a backup log server')),
+ ('Log-Server Connected', _('Connected: The gateway is connected to the log server')),
+ ('Log-Server Disconnected', _('Disconnected: The gateway is not connected to the log server')),
+ ],
+ default_value='Log-Server Connected',
+ )),
+ ('mon_connection_state',
+ MonitoringState(
+ default_value=1,
+ title=_('State if connection state differs from expected state.'),
+ )),
+ ])
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_fw_ls',
+ group=RulespecGroupCheckParametersNetworking,
+ item_spec=lambda: TextAscii(title=_('Log server IP'), ),
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_fw_ls,
+ title=lambda: _('Check Point Firewall gateway log server'),
+ ))
diff --git a/gui/wato/checkpoint_fwm_ls.py b/gui/wato/checkpoint_fwm_ls.py
new file mode 100644
index 0000000000000000000000000000000000000000..e3157406078dcb9be4a9972eb928270f4c056a86
--- /dev/null
+++ b/gui/wato/checkpoint_fwm_ls.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2016-07-29
+#
+# 2023-04-23: moved wato file to ~/local/lib/check_mk/gui/plugins/wato
+
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ TextAscii,
+ FixedValue,
+)
+from cmk.gui.plugins.wato.utils import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_fwm_ls():
+ return Dictionary(elements=[
+ ('ignore_status_on_r80_10',
+ FixedValue(
+ True,
+ title=_('Ignore status and alive on Check Point R80.10'),
+ totext=_(''),
+ default_value=False,
+ )),
+ ])
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_fwm_ls',
+ group=RulespecGroupCheckParametersNetworking,
+ item_spec=lambda: TextAscii(title=_('Check Point Firewall management log server'), ),
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_fwm_ls,
+ title=lambda: _('Check Point Firewall management log server'),
+ ))
diff --git a/packages/checkpoint_log_server b/packages/checkpoint_log_server
index 103a1dd82815015053948bb4da11c2afc7b3e6a4..398a3525080ac5a797a4834cb4dad575408e082b 100644
--- a/packages/checkpoint_log_server
+++ b/packages/checkpoint_log_server
@@ -5,13 +5,12 @@
'download_url': 'https://thl-cmk.hopto.org',
'files': {'agent_based': ['checkpoint_fw_ls.py', 'checkpoint_fwm_ls.py'],
'checkman': ['checkpoint_fw_ls', 'checkpoint_fwm_ls'],
- 'web': ['plugins/metrics/checkpoint_fw_log.py',
- 'plugins/wato/checkpoint_fwm_ls.py',
- 'plugins/wato/checkpoint_fw_ls.py']},
+ 'gui': ['metrics/checkpoint_fw_log.py',
+ 'wato/checkpoint_fw_ls.py',
+ 'wato/checkpoint_fwm_ls.py']},
'name': 'checkpoint_log_server',
- 'num_files': 7,
'title': 'Check Point Log service status',
- 'version': '20210816.v0.2b',
- 'version.min_required': '2.0.0',
- 'version.packaged': '2021.09.20',
+ 'version': '0.3.0-20230423',
+ 'version.min_required': '2.1.0b1',
+ 'version.packaged': '2.1.0p21',
'version.usable_until': None}
\ No newline at end of file