diff --git a/agent_based/checkpoint_fw_connections.py b/agent_based/checkpoint_fw_connections.py
index ea85933f7e397df1b9791d5522f29e9b09bcd594..4af20aa5901ae26134da0e70fac6d73e135bf631 100644
--- a/agent_based/checkpoint_fw_connections.py
+++ b/agent_based/checkpoint_fw_connections.py
@@ -21,8 +21,11 @@
# added relative thresholds (idea and code based on cmk PR #312 by https://github.com/gradecke)
# added lower levels and admin_table_limit, removed default values except for 'levels_upper_relative'
# 2023-03-04: changed for CMK 2.1 (moved gui files from local/share/.. to local/lib/..)
+# removed default levels for Connection limits (Percent)
+# removed dependencies between relative and absolute levels
+# added predictive monitoring for current connections absolute and relative
#
-#
+
# sample string_table
# [[[u'559684419', u'203840211', u'51093794', u'786231', u'815404655', u'0']], [[u'11172', u'27598', u'0']]]
#
@@ -39,6 +42,7 @@ from cmk.base.plugins.agent_based.agent_based_api.v1 import (
Service,
Result,
check_levels,
+ check_levels_predictive,
State,
SNMPTree,
all_of,
@@ -99,10 +103,17 @@ def discovery_checkpoint_fw_connections(section: CheckpointFwConnections) -> Dis
def check_checkpoint_fw_connections(params, section: CheckpointFwConnections) -> CheckResult:
- fwConnTableLimit = params.get('admin_table_limit', section.fwConnTableLimit)
+ fwConnTableLimit = max(params.get('admin_table_limit', section.fwConnTableLimit), section.fwConnTableLimit)
if fwConnTableLimit > 0:
- yield from check_levels(
+ yield from check_levels_predictive(
+ value=section.fwCurrnetNumConn * 100 / fwConnTableLimit,
+ levels=params.get('levels_upper_relative'),
+ boundaries=(0, 100),
+ label='Connections relative',
+ render_func=render.percent,
+ metric_name='checkpoint_fw_connections_relative'
+ ) if isinstance(params.get('levels_upper_relative'), dict) else check_levels(
value=section.fwCurrnetNumConn * 100 / fwConnTableLimit,
levels_upper=params.get('levels_upper_relative'),
levels_lower=params.get('levels_lower_relative'),
@@ -112,30 +123,20 @@ def check_checkpoint_fw_connections(params, section: CheckpointFwConnections) ->
metric_name='checkpoint_fw_connections_relative'
)
- if fwConnTableLimit > 0 and 'levels_upper_relative' in params:
- warn_pct, crit_pct = params['levels_upper_relative']
- warn = fwConnTableLimit * warn_pct / 100
- crit = fwConnTableLimit * crit_pct / 100
- levels_upper = (warn, crit)
- else:
- # use absolute levels if no relative levels provided or no maximum set on CP
- levels_upper = params.get('levels_upper_absolute', (None, None))
-
- if section.fwConnTableLimit > 0 and 'levels_lower_relative' in params:
- warn_pct, crit_pct = params['levels_lower_relative']
- warn = fwConnTableLimit * warn_pct / 100
- crit = fwConnTableLimit * crit_pct / 100
- levels_lower = (warn, crit)
- else:
- # use absolute levels if no relative levels provided or no maximum set on CP
- levels_lower = params.get('levels_lower_absolute', (None, None))
-
for label, unit, metric, value, levels_upper, levels_lower in [
- ('Current', '', 'fwcurrentnumconn', section.fwCurrnetNumConn, levels_upper, levels_lower),
- ('Peak', '', 'fwpeaknumconn', section.fwPeakNumConn, (None, None), (None, None)),
- ('Rate', '/s', 'fwconnectionrate', section.fwConnectionRate, (None, None), (None, None)),
+ ('Current', '', 'fwcurrentnumconn', section.fwCurrnetNumConn, params.get('levels_upper_absolute'),
+ params.get('levels_lower_absolute')),
+ ('Peak', '', 'fwpeaknumconn', section.fwPeakNumConn, None, None),
+ ('Rate', '/s', 'fwconnectionrate', section.fwConnectionRate, None, None),
]:
- yield from check_levels(
+ yield from check_levels_predictive(
+ value=value,
+ label=label,
+ metric_name=f'checkpoint_fw_connections_{metric}',
+ render_func=lambda v: f'{v:.0f}{unit}',
+ levels=levels_upper,
+ boundaries=(0, None),
+ ) if isinstance(levels_upper, dict) else check_levels(
value=value,
label=label,
metric_name=f'checkpoint_fw_connections_{metric}',
@@ -145,12 +146,12 @@ def check_checkpoint_fw_connections(params, section: CheckpointFwConnections) ->
boundaries=(0, None),
)
- if fwConnTableLimit == 0:
+ if section.fwConnTableLimit == 0 and params.get('admin_table_limit', 0) == 0:
yield Result(state=State.OK, summary=f'Table limit: automatically adjusted')
- elif section.fwConnTableLimit == fwConnTableLimit:
- yield Result(state=State.OK, summary=f'Table limit: {section.fwConnTableLimit}')
+ elif section.fwConnTableLimit > params.get('admin_table_limit', 0):
+ yield Result(state=State.OK, summary=f'Table limit: {section.fwConnTableLimit} (set on firewall)')
else:
- yield Result(state=State.OK, summary=f'Table limit: {section.fwConnTableLimit} (CMK admin limit')
+ yield Result(state=State.OK, summary=f'Table limit: {params.get("admin_table_limit", 0)} (CMK admin limit)')
now_time = time.time()
value_store = get_value_store()
@@ -212,7 +213,5 @@ register.check_plugin(
discovery_function=discovery_checkpoint_fw_connections,
check_function=check_checkpoint_fw_connections,
check_ruleset_name='checkpoint_fw_connections',
- check_default_parameters={
- 'levels_upper_relative': (80, 90),
- }
+ check_default_parameters={},
)
diff --git a/checkpoint_fw_connections.mkp b/checkpoint_fw_connections.mkp
index 4201b73e6891a94f92edcd26745ba6f61638831e..bef9fa5b7d8efc483098b26836661029620c9c4f 100644
Binary files a/checkpoint_fw_connections.mkp and b/checkpoint_fw_connections.mkp differ
diff --git a/gui/metrics/checkpoint_fw_connections.py b/gui/metrics/checkpoint_fw_connections.py
index 62d926b0ed1ee70bd473a48de42ad41061ba0f7d..9800ac807553ac7aabdfc19ec360a1870b45d045 100644
--- a/gui/metrics/checkpoint_fw_connections.py
+++ b/gui/metrics/checkpoint_fw_connections.py
@@ -10,8 +10,8 @@
# Check Point Firewall connections metrics plugins
# checkpoint_fw_connections
#
-# 2023-02-18: moved metrics file from ~/local/share/check_mk/... to ~/local/lib/check_mk/...
-#
+# 2023-03-04: moved metrics file from ~/local/share/check_mk/... to ~/local/lib/check_mk/...
+# added predictive metrics
from cmk.gui.i18n import _
@@ -19,8 +19,28 @@ from cmk.gui.plugins.metrics.utils import (
metric_info,
graph_info,
perfometer_info,
+ check_metrics,
)
+# for predictive monitoring
+check_metrics["check_mk-checkpoint_fw_connections"] = {
+ "predict_checkpoint_fw_connections_fwcurrentnumconn": {"auto_graph": False},
+ "predict_checkpoint_fw_connections_relative": {"auto_graph": False},
+}
+metric_info['predict_checkpoint_fw_connections_fwcurrentnumconn'] = {
+ 'title': _('_Predicted connections (absolute)'),
+ 'unit': 'count',
+ 'color': '26/b',
+}
+
+metric_info['predict_checkpoint_fw_connections_relative'] = {
+ 'title': _('_Predicted connections (relative)'),
+ 'unit': '%',
+ 'color': '36/b',
+}
+#
+
+# normal metrics
metric_info['checkpoint_fw_connections_fwconnectionstcp'] = {
'title': _('TCP connections'),
'unit': '1/s',
@@ -72,6 +92,7 @@ metric_info['checkpoint_fw_connections_relative'] = {
graph_info['checkpoint_fw_connections_fwpeaknumconn'] = {
'title': _('Check Point Firewall Connections absolute'),
'metrics': [
+ ('predict_checkpoint_fw_connections_fwcurrentnumconn', 'line'),
('checkpoint_fw_connections_fwcurrentnumconn', 'area'),
('checkpoint_fw_connections_fwpeaknumconn', 'line'),
],
@@ -79,11 +100,15 @@ graph_info['checkpoint_fw_connections_fwpeaknumconn'] = {
('checkpoint_fw_connections_fwcurrentnumconn:crit', _('crit')),
('checkpoint_fw_connections_fwcurrentnumconn:warn', _('warn')),
],
+ 'optional_metrics': [
+ 'predict_checkpoint_fw_connections_fwcurrentnumconn',
+ ],
}
graph_info['checkpoint_fw_connections_relative'] = {
'title': _('Check Point Firewall Connections relative to connection table limit'),
'metrics': [
+ ('predict_checkpoint_fw_connections_relative', 'line'),
('checkpoint_fw_connections_relative', 'area'),
],
'scalars': [
@@ -91,6 +116,9 @@ graph_info['checkpoint_fw_connections_relative'] = {
('checkpoint_fw_connections_relative:warn', _('warn')),
],
'range': (0, 110),
+ 'optional_metrics': [
+ 'predict_checkpoint_fw_connections_relative',
+ ],
}
graph_info['checkpoint_fw_connections_fwconnectionstcp'] = {
diff --git a/gui/wato/checkpoint_fw_connections.py b/gui/wato/checkpoint_fw_connections.py
index d72a8a20ac57649987efeb739f96396d42e39465..a1bf4737041f8e295c9687ab19cce54287828048 100644
--- a/gui/wato/checkpoint_fw_connections.py
+++ b/gui/wato/checkpoint_fw_connections.py
@@ -7,10 +7,11 @@
# URL : https://thl-cmk.hopto.org
# Date : 2020-06-07
#
-# 2023-02-18: moved wato file from ~/local/share/check_mk/... to ~/local/lib/check_mk/...
+# 2023-03-04: moved wato file from ~/local/share/check_mk/... to ~/local/lib/check_mk/...
+# fix: CheckParameterRulespecWithItem -> CheckParameterRulespecWithoutItem
+# changed levels_upper_absolute/levels_upper_relative from Tuple to Levels for predictive monitoring
#
-
from cmk.gui.i18n import _
from cmk.gui.valuespec import (
Dictionary,
@@ -19,66 +20,57 @@ from cmk.gui.valuespec import (
Percentage,
)
from cmk.gui.plugins.wato.utils import (
- CheckParameterRulespecWithItem,
+ CheckParameterRulespecWithoutItem,
rulespec_registry,
RulespecGroupCheckParametersNetworking,
+ Levels,
)
def _parameter_valuespec_checkpoint_fw_connections():
return Dictionary(
elements=[
- ('levels_upper_absolute',
- Tuple(
- title=_('Maximum number of firewall connections'),
- help=_('This rule sets upper limits to the current number of connections through '
- 'a Checkpoint firewall.'),
- elements=[
- Integer(title=_('Warning at'), minvalue=0, unit=_('connections')),
- Integer(title=_('Critical at'), minvalue=0, unit=_('connections')),
- ])),
- ('levels_lower_absolute',
- Tuple(
- title=_('Minimum number of firewall connections'),
- help=_('This rule sets lower limits to the current number of connections through '
- 'a Checkpoint firewall.'),
- elements=[
- Integer(title=_('Warning blow'), minvalue=0, unit=_('connections')),
- Integer(title=_('Critical below'), minvalue=0, unit=_('connections')),
- ])),
('admin_table_limit',
Integer(
- title=_('Admin connection table limit'),
- help=_('This rule sets the maximum number of connections through the firewall. This is use full '
+ title=_('Connection table limit'),
+ help=_('This sets the maximum number of connections through the firewall. This is use full '
'if your firewall is set to automatic connection table limit and you still want '
- 'relative metrics. This setting takes precedence over the the fwConnTableLimit '
- 'configured on the firewall (only for monitoring purposes of curse). This value should match'
+ 'relative metrics. This setting takes precedence over the the onnection table limit '
+ 'configured on the firewall (only for monitoring purposes of curse). This value should match '
'the real values of your firewall, if not you might get relative values above 100%.'),
minvalue=0,
unit=_('connections'),
)),
- ('levels_upper_relative',
+ ('levels_upper_absolute',
+ Levels(
+ title=_('Max. connections (Absolute)'),
+ help=_('This sets the upper limits for the current number of connections through the firewall.'),
+ unit=_('connections'),
+ )),
+ ('levels_lower_absolute',
Tuple(
- title=_('Percentage of maximum connections (only used if a limit is defined on '
- 'the Check Point device)'),
- help=_('This relative threshold can only be used if a maximum number is defined on '
- 'the firewall side and then read from fwConnTableLimit. By default, this '
- 'limit is not set in Check Point devices and this check than falls back to '
- 'the absolute defaults or the ones defined above'),
+ title=_('Min. connections (Absolute)'),
+ help=_('This sets the lower limits for the current number of connections through the firewall. '
+ '"Min. connections (Absolute)" will only be used if "Max. connections (Absolute)" is not using '
+ 'Predictive Levels.'),
elements=[
- Percentage(
- title=_('Warning at'), unit='%', minvalue=0.0, maxvalue=100.0, default_value=80.0),
- Percentage(
- title=_('Critical at'), unit='%', minvalue=0.0, maxvalue=100.0, default_value=90.0),
+ Integer(title=_('Warning blow'), minvalue=0, unit=_('connections')),
+ Integer(title=_('Critical below'), minvalue=0, unit=_('connections')),
])),
+ ('levels_upper_relative',
+ Levels(
+ title=_('Max. connections (Percentage)'),
+ help=_('This relative threshold can only be used if a connection table limit is defined (on the '
+ 'firewall side or with the above "Connection table limit").By default, this limit is not '
+ 'set on Check Point devices.'),
+ unit=_('%'),
+ )),
('levels_lower_relative',
Tuple(
- title=_('Percentage of minimum connections (only used if a limit is defined on '
- 'the Check Point device)'),
- help=_('This relative threshold can only be used if a maximum number is defined on '
- 'the firewall side and then read from fwConnTableLimit. By default, this '
- 'limit is not set in Check Point devices and this check than falls back to '
- 'the absolute defaults or the ones defined above'),
+ title=_('Min. connections (Percentage)'),
+ help=_('This relative threshold can only be used if a maximum number is defined (on the '
+ 'firewall side or with the above "Connection table limit"). By default, this limit is not '
+ 'set on Check Point devices.'),
elements=[
Percentage(
title=_('Warning below'), unit='%', minvalue=0.0, maxvalue=100.0),
@@ -86,12 +78,11 @@ def _parameter_valuespec_checkpoint_fw_connections():
title=_('Critical below'), unit='%', minvalue=0.0, maxvalue=100.0),
])),
],
- # optional_keys=['levels_upper_relative'],
)
rulespec_registry.register(
- CheckParameterRulespecWithItem(
+ CheckParameterRulespecWithoutItem(
check_group_name='checkpoint_fw_connections',
group=RulespecGroupCheckParametersNetworking,
match_type='dict',