From 4694abea218658f2cd192144d3c85100cb7e1d8c Mon Sep 17 00:00:00 2001
From: "th.l" <thl-cmk@outlook.com>
Date: Tue, 24 Aug 2021 21:56:55 +0200
Subject: [PATCH] update project
---
agent_based/checkpoint_fw_connections.py | 215 ++++++++++++++++++
checkpoint_fw_connections.mkp | Bin 3079 -> 4447 bytes
packages/checkpoint_fw_connections | 19 +-
.../metrics/checkpoint_fw_connections.py | 111 +++++----
web/plugins/wato/checkpoint_fw_connections.py | 103 +++++++--
5 files changed, 364 insertions(+), 84 deletions(-)
create mode 100644 agent_based/checkpoint_fw_connections.py
diff --git a/agent_based/checkpoint_fw_connections.py b/agent_based/checkpoint_fw_connections.py
new file mode 100644
index 0000000..ff812b3
--- /dev/null
+++ b/agent_based/checkpoint_fw_connections.py
@@ -0,0 +1,215 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-17
+# #
+# rewrite of the original checkpoint_connections check from check_mk
+#
+# added connection statistic details for tcp/udp/icmp/other .....
+#
+# 2018-05-29: added connection limit (fwConnTableLimit)
+# 2020-05-31: changed form checkpoint_connections to checkpoint_fw_connections
+# changed to checkpoint_fw_connections_default_levels to
+# factory_settings['checkpoint_fw_connections_defaults']
+# 2020-06-07: code cleanup, added wato, added warn/crit for connection rate
+# 2020-06-08: changed snmp-scan function, code cleanup
+# 2021-08-24: rewritten for CMK 2.0,
+# added relative thresholds (idea and code based on cmk PR #312 by https://github.com/gradecke)
+# added lower levels and admin_table_limit
+#
+#
+# sample info
+# [[[u'559684419', u'203840211', u'51093794', u'786231', u'815404655', u'0']], [[u'11172', u'27598', u'0']]]
+#
+# no firewall
+# [[], []]
+#
+
+import time
+from dataclasses import dataclass
+from typing import List, Dict, Any, Optional
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ check_levels,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+ get_rate,
+ GetRateError,
+ get_value_store,
+ IgnoreResultsError,
+ render,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointFwConnections:
+ fwConnectionsTcp: int
+ fwConnectionsUdp: int
+ fwConnectionsIcmp: int
+ fwConnectionsOther: int
+ fwConnectionsSum: int
+ fwConnectionRate: int
+ fwCurrnetNumConn: int
+ fwPeakNumConn: int
+ fwConnTableLimit: int
+
+
+def parse_checkpoint_fw_connections(string_table: List[StringTable]) -> Optional[CheckpointFwConnections]:
+ fwConnectionsStat, fwpolicystat = string_table
+ try:
+ fwConnectionsTcp, fwConnectionsUdp, fwConnectionsIcmp, fwConnectionsOther, fwConnectionsSum, \
+ fwConnectionRate = fwConnectionsStat[0]
+ except(IndexError, ValueError):
+ return
+
+ fwCurrnetNumConn, fwPeakNumConn, fwConnTableLimit = fwpolicystat[0]
+
+ return CheckpointFwConnections(
+ fwConnectionsTcp=int(fwConnectionsTcp),
+ fwConnectionsUdp=int(fwConnectionsUdp),
+ fwConnectionsIcmp=int(fwConnectionsIcmp),
+ fwConnectionsOther=int(fwConnectionsOther),
+ fwConnectionsSum=int(fwConnectionsSum),
+ fwConnectionRate=int(fwConnectionRate),
+ fwCurrnetNumConn=int(fwCurrnetNumConn),
+ fwPeakNumConn=int(fwPeakNumConn),
+ fwConnTableLimit=int(fwConnTableLimit),
+ )
+
+
+def discovery_checkpoint_fw_connections(section: CheckpointFwConnections) -> DiscoveryResult:
+ yield Service()
+
+
+def check_checkpoint_fw_connections(params, section: CheckpointFwConnections) -> CheckResult:
+ fwConnTableLimit = params.get('admin_table_limit', section.fwConnTableLimit)
+
+ if fwConnTableLimit > 0:
+ yield from check_levels(
+ value=section.fwCurrnetNumConn * 100 / fwConnTableLimit,
+ levels_upper=params.get('levels_upper_relative'),
+ levels_lower=params.get('levels_lower_relative'),
+ boundaries=(0, 100),
+ label='Connections relative',
+ render_func=render.percent,
+ metric_name='checkpoint_fw_connections_relative'
+ )
+
+ if fwConnTableLimit > 0 and 'levels_upper_relative' in params:
+ warn_pct, crit_pct = params['levels_upper_relative']
+ warn = fwConnTableLimit * warn_pct / 100
+ crit = fwConnTableLimit * crit_pct / 100
+ levels_upper = (warn, crit)
+ else:
+ # use absolute levels if no relative levels provided or no maximum set on CP
+ levels_upper = params.get('levels_upper_absolute', (None, None))
+
+ if section.fwConnTableLimit > 0 and 'levels_lower_relative' in params:
+ warn_pct, crit_pct = params['levels_lower_relative']
+ warn = fwConnTableLimit * warn_pct / 100
+ crit = fwConnTableLimit * crit_pct / 100
+ levels_lower = (warn, crit)
+ else:
+ # use absolute levels if no relative levels provided or no maximum set on CP
+ levels_lower = params.get('levels_lower_absolute', (None, None))
+
+ for label, unit, metric, value, levels_upper, levels_lower in [
+ ('Current', '', 'fwcurrentnumconn', section.fwCurrnetNumConn, levels_upper, levels_lower),
+ ('Peak', '', 'fwpeaknumconn', section.fwPeakNumConn, (None, None), (None, None)),
+ ('Rate', '/s', 'fwconnectionrate', section.fwConnectionRate, (None, None), (None, None)),
+ ]:
+ yield from check_levels(
+ value=value,
+ label=label,
+ metric_name=f'checkpoint_fw_connections_{metric}',
+ render_func=lambda v: f'{v:.0f}{unit}',
+ levels_upper=levels_upper,
+ levels_lower=levels_lower,
+ boundaries=(0, None),
+ )
+
+ if fwConnTableLimit == 0:
+ yield Result(state=State.OK, summary=f'Table limit: automatically adjusted')
+ elif section.fwConnTableLimit == fwConnTableLimit:
+ yield Result(state=State.OK, summary=f'Table limit: {section.fwConnTableLimit}')
+ else:
+ yield Result(state=State.OK, summary=f'Table limit: {section.fwConnTableLimit} (CMK admin limit')
+
+ now_time = time.time()
+ value_store = get_value_store()
+
+ for key, value in [
+ ('fwconnectionstcp', section.fwConnectionsTcp),
+ ('fwconnectionsudp', section.fwConnectionsUdp),
+ ('fwconnectionsicmp', section.fwConnectionsIcmp),
+ ('fwconnectionsother', section.fwConnectionsOther),
+ ('fwconnectionssum', section.fwConnectionsSum),
+ ]:
+ try:
+ value = get_rate(value_store, f'checkpoint_fw_connections_{key}', now_time, value, raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield Metric(name=f'checkpoint_fw_connections_{key}', value=value, boundaries=(0, None))
+
+
+register.snmp_section(
+ name='checkpoint_fw_connections',
+ parse_function=parse_checkpoint_fw_connections,
+ fetch=[
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.1.26.11', # CHECKPOINT-MIB::fwConnectionsStat
+ oids=[
+ '1', # fwConnectionsStatConnectionsTcp
+ '2', # fwConnectionsStatConnectionsUdp
+ '3', # fwConnectionsStatConnectionsIcmp
+ '4', # fwConnectionsStatConnectionsOther
+ '5', # fwConnectionsStatConnections
+ '6', # fwConnectionsStatConnectionRate
+ ]
+ ),
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.1.25', # CHECKPOINT-MIB::fwPolicyStat
+ oids=[
+ '3', # fwNumConn
+ '4', # fwPeakNumConn
+ '10', # fwConnTableLimit
+ ]
+ ),
+ ],
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_fw_connections',
+ service_name='Firewall connections',
+ discovery_function=discovery_checkpoint_fw_connections,
+ check_function=check_checkpoint_fw_connections,
+ check_ruleset_name='checkpoint_fw_connections',
+ check_default_parameters={
+ # 'levels_upper_absolute': (10000, 20000),
+ # 'levels_upper_relative': (75, 85)
+ }
+)
diff --git a/checkpoint_fw_connections.mkp b/checkpoint_fw_connections.mkp
index 0c78645faa44ac4e6309f9ecd9ca13573fad631b..b8cceab3eb6d87c2dd5ff7cc4ad7244e68f4aa5b 100644
GIT binary patch
delta 4404
zcmV-45zFp}7~diYABzYG2Tvtokq94uF)%nXG%j{7FfK4IGcIjwZ~*NbYj4{)vY!Lw
zKk!l<WG@s&Qv67L@Zt8-+r47jZqTN8AF_raTePi>Ea~(})+qYlZ-&%^dfItx7mIRs
z>qr!5IGh;{htyDxxAI^7&Y%N~1_SmNp!(Ms7~>c4V;JUOJkZB4bVE1H(F>w~zxWD}
zM6neDE6>qMv2%YC_^en-yzxV2LX_)`_Esakc;lWfx3@P|JoA&-_5Ir$+mB~Uf7@5o
zBcj+eT82&#JHCfl?|jdR{g7O4=<=3a`HmNpADochTdqr%zUR>;RwW?k*ok6i8EL<G
z$`Pr6(pdO`-iJ<1iN7N82L6P9&f4)Tpo@())A`=EsZ9bJu52r|$O>2ssC6r_5)sR@
z$@S%xN<O`YpEsB9;Ma!+LefAGE609pm3k9eF@@%tJp6ml^(}jzgf0qX6URX`IXg?`
zsBQcp_BB6Tv)U`ir4dvE!LO+o&lgriZMeTtSf2uv-+XmH7ueN;oibB@MaGnSx?nhg
zn}9%~vn`E7knC9}4Yk%cB$bi4w_?8=fA$4C;8|OW-E6JOy6Gj`dDhi)EQp=hWq6{U
zTvo8|Xc(ntW$LD(Uzh{!PSfGPbMd*hb-Z~<|CfN7*{m|wDb)z9<t+%<&PZwcSThEt
zDoJE5Tslv@*g?I$_dWW5<;AxK4)}lV*U0z&K>u%^pI7|9p^r`J|G$d=KjHrWWI|5%
z`~MS_oCxk8ksjs#fARJ?_NRIA4wuckAb4!-L#xNe%FK&FEs#{<u;KpZq{~^J%m5X<
zG^_X!FO5we?2=EwC6g2M$k>h6nn;uRU#!*Qf3Z&L8L?K?{R)qNOWv2&#VTTj%=u=7
zxbqcjh`twUd5P;{N3ux+iq5}1U;IaaVAC2p!mscD%>iDQ{l97IL+Ss&26TCsXVw3R
ziN+WY#{BPan2O36jYp$Q|3h;;0{st1W8-V;pO6=e#BuG8di$RLN#W&R&XOoRTR7fX
zu!BIrJ9<e@zdI#=)LZ(t<E<woiC3o=e<Q)})bVU^7N`Dd714M?23YavB_O<Ymeh;r
zg#7sa6Zw&PG=!P=Dp|PBGJ8huOjh-K7Hv#OdyoN@K7Du#E0YOnotL4`YnaWkj;R|L
zr~3J+F@{2HA?%7QxTT9h1S=-1(BJaQ`SzAEYOw&MDS#n=HjOREjaX0;FN3qh4$hqA
zHaO$KhlaptaNdTe=Br7ap6hI#nDkcnI0;|lbodra`V7z15%1iX08^F+Qz<sKZR<nq
zlh$zz<V48Gb)n2{y0Q{Cp1bspx=6l4WMwTO<lD``3}Ud6sAKJ#(TbE=-m%fCK8B9@
zHYH1!T3!-=sHu1`;3=*{?+hZ%n8~>k$BDEq3L!<_HaLxzmPb~J$7-vkb~u^=IH%@d
zlA20PJ=VnKyPpVzGHRu>oSTrkp#D1wHWkun<GXf5dX7yk7HhIL*d$7TK`>Qv^?|%R
zH%zkF<yO3Q;!U#9z{Jnip=E=>Xuq*7*S`ldN`;Sq<SiRRu9$^P%xuuQ05!6<flCRl
z;o$D(<|a{w!&jq=!N7Q>s3d`v@A<_5I&84Jp`pJzAHN!~oAJfSJm=*X#&DnyM#CYy
z)0G*-u1E_!^4R2b#=}<^`O_I|-1EsQjq_RKh{PTpIorSwV-h=Cdc+16hVV<*iXs}3
z^kH6q#B0R601PR6_!h>QN?tol`2F77spMz2+_2muUK@P@N?S_<WlfA?gzLE#INF_&
zk?pblkC3i`JPrA7$VVF9frsKZA7})o%CEUI;7UlVf&)k^etiG#>N=$99Y|pAulP02
zCUJBRs!pGIyZjl1%vMJ19a{?U>otw%VNUyhM;d>Cn}3C&9~RH=EH|O^2!>r+?akVQ
zYtC^bR1PV4X}In`N>mysg5sEs%0heXL`xrn_njyrwvrGFK0=?oHS=Z2z|qk^3N^D|
zj>7!J5BI|2W5Uo^V$t<7n1E%+^(UX~wkL1E3Aa4@8C`SBvyaKP`3dTw^dt#GkH+tR
zlP%T}pIpJ(w4u1{+WC{CBM>hMtT3YUR=3%Um?-&}pRfUOBS?4FC#QeUN5xHxRA&uh
zMI%<BDDYu&-r<}^rbKLvp~T^Cl5ZAP)uPtaq1M%)Hi%!XiCrbXG&X~R2fk{Y-{><w
zl73s#Anv^ZQ~!<IKKTz05O&=!SPyA`oP^#{qx#gc+SHo57z2fzu<fIQXqzebTIDu{
zs=aDqUu~`rQmxmA!nXP-^Ev{SwqY=p)KOS*8xE+fjsb-&^-+zr`dC=5Us6j}zf@SN
zFDNaoER@tZDfB6DB7|GKem@<ScIM~0h9<w5v{?Wfn-z!2O>*Z@*UqM#Ue+dmpK03L
z16N^fBb6M~uHcg=jZO%xniJGuTIngZ&_c-@((0ipqv)*aME_3oV$|_&3L!P0MSG>!
z4{So43Qd(1PQD|Cu9LG`OXYVMobWse0x)H<TjGOx7P~3^Mr;;tHDR*{t=J1c@oXz}
zXf*BVDzaN8Z!M@hRRj&?QDo(RRSciA=NPk2`Lzao!@8-`UA})f$Nj!(N64MGk|TF(
zj>VWQB7-R_wU<J_7@5xl49+k-$E)0^Zd%C9O31lu7x?%tCkt8!Vde;I3DAg;w_ZjN
zIRL~S(&eo7`Q+ikQZ=vrk|eM?wHA@@CNSxwQ8!2m;@dpvPfLT)zjH8uLWk7?Jl<Nr
zIoo6l<0Zzh|MIGhg;vYVnuS5v!}m`rdkfVs)YUc=Yig_5>SNVbA@c{QjW2%wP_<<&
zw7P_Dwc%QljeS@zdEl|qVXJbNr<ROEEw>3;yUDrfDd-cy2|zOn{#)HId4ZQ~alDsZ
zbtSlIZ$)rZJq4%Ef<C@~Vre2?ij%}HR|FtZ#(5s8o<%9|xrYk*ld^3W!NCD7%pNt_
zaQQd*Xs)eRSG(%)wV!##FC8A;wYCe}B6kzAQa;~JG=25uGa5z}r!<+B)Ym?1i8r0o
z6PM*76T);_pUZhb(Zev9PT4wG`}rr(V6xp>;SL1E@cEY3gjh*`>~CQNE@5H3BbNPZ
z0_$yC$%b*4TbtHB#?yHD+}6|=rOB;4Zxf`4drB<C;+2(D?w)@?$L$etGWbWspC0E&
zSm?vk%F@3lxR_hIOI=FUZHQwnikCslSgR~QDtL+AidSBSRPb;kv<<Pc9I0Tk-P1PI
z>awJQ3#w_uES4vKg4ZZ5aC5Pz0!RPU6E|E)rw0H<z);S0n)~_Ca$t#%i+~l3&*^oT
z(0<+~U%{3(dzu;2E4Iluj(YnYQ_7a;`Wl@AE<>_CF%36R=cyRE3*8fJrap{sXJnhM
z(>=Qz9A`!2<z`wKZnmjbcHOu;HB~f2JJ&|=JAi-Y$kgF~4_;_&YZIb@%YXmt@~5kx
z-@Ly*efQ>{lSyssphVPn>_})i&xJ~f)sV}BrjBRs$Advr$2;GThhwIWIM|QKMob-Z
zxF55QG}?=VR$Rg>LPufLK0?LAHvL|)otcAGn~OS)V>)CiL^};8qKmR9oPBra)AT)?
z#vraK-xMx?givf6_X;tXy#JWjM(V;5SEGFYxhzw@*L)DU3w><DEmY8}Yup+YK{t5I
zh<*Ied-4NwEG#9o6lL(=zTjbakj8hTAL3ymzH5>$ej753vWmqPPVSBl*wqm?{d2rM
zJ2N6qn79-c6!XJ6!*R0LY;2tYmJvqN&qw+Cre&pnI3Ya)Uz@AM#6N|!U$!mb0b@K=
z$;FVX;|r)m=DkReAVGoz3Ewi@)5Y(W_jy?U=TNWbf9gY1=6`+_ct~pc@00(jj|Zli
z>;K#YJ24@`mHD4vJO7h<cZBDFo*$=Kprss8EP)5d2Pb@{mG`H79v_nPdEA)vnYOX#
z^huO|?&n7&wRgm6HFZYwxX7PcCywSA7haYUHLpF*lB=>-vfQcTBjH^Frs=7?WF1<;
zMl8UCE<RfWW~F^>M8NFIv8-+Q&d8K}=9Ke;ck`ZdeR)+{F!$5e6?`3mC*=%$S(BD6
zeU~2#HH<S0OTRphAKXZ8;pfxq$M9ngpTrM;+n{b?2+t5bf}``NNr-QJx3I*v@gBj`
z;AuSJhI*S7RSs4iY)4Ph8+&Qk!ci&30_z=UNM_E^Ls%-mgKcAp*XkD2(ogX1ZjG<e
z!v!V2xou$yw>3*AZV%<h7(HB0MGC<IDl0N<Dh&O#VXTSF6n^x{(rKJQL@x6kxSY#>
z)Z61h>|^1@)S-;1L~$Ljptm2p_WED3LTcp%W*KAA(sHfvL5!72PcZEQ=!0C?RsXR(
zPB4pu6Jl3=k=F;PaIZP-(_WFk?~7*%;^IZ_6ZBf7bv>I#GLnzhL{6Yf1B|y2&raYj
zF=nwDdjFw=>#*2kuZA#HDxyHle$ohktG)VGAi!VVK4g?tUxGh{Li#%VDI~J@;!mN$
z-;Y1o-&9j}$^`N;T!~&aD+s7(_j;UTY6E7fzt2U}3LZ5;kB&60P!YINBD&s!6N$RN
ziy?Rg5t$wQ225B)ro~^>j@JFP1p{ldb(SR-xaoC%=%PVF0)dU?u6XVS=SA0lbn!9$
zE$}@|?t;~fz~-#qe+G#@txuI%rmIf}_Ug|h{BLXj@8C}j{C?+u4Z}3D{U2kD`+ufx
zj?d-(kKF%h-~Y+Zksh#DQ+mdHLKM(tWse3A8{%QAaF_an>m+b#di}<W>6(V=-4##G
zx7L(z(=_e`;drVv!6Klm>|OtV2TT|MKK={t?@dg%De*8Zp7Vr>oSm%tkD;FgWlGU|
z8sGcjEods+H#%kqONzvTdEV`gb0+=Cv3S0zkVvoaoYbXkVx9`|7>^@b^4iPQxKw+`
z^$$_8NO1~r;=43E8>XKHM1=k-KV{mumM+1Dx&hL--Z&AHB<6TWgs0(uvml?HmBwS?
z=_DsKQ#w$+0Wq&PL^*EyWLElFFyS0d&ZE}MSew{#NG+_Fi{ZZztK*4S3)dwi%M{_s
zd<IMZz%??~EJ>xY^~MG+Vcx|I-NqKo2evS)6}M*0KinW3@3{>kJz)K(G>8Q--)Iug
zXAuk9*v9b5Ced)%tb&<;G1X-d-?Mz`J&X85%mCHCt+|^fwPVd(qlA%x|M3LMDgis}
zvI=KKc775TMhl2|@&wE-&y#QI3_IWh$Rvs#K)koWuDY7a_c+pJbINJ@l?I@EOYtxa
zT~eEROG+>$j&+T7ubPVA)e`W#a@I-6zjq)?hxB~U-LVAqE&noq7&aXwVc_HGf0S<$
zMzo*u#<QHGji0zS=ptTjx|+p?LJAhjr!%BhlC8=Q0L4sbTW7tAF`v8G`$^HP1@s(O
z1%GWBonT+w<n^YfjbosxV!KnUWavHIDHbsZ3L!IM(R8^U68t0u2*pY*3PcWr8W!A4
zaUHVe!WK7eY>N4Rm;FOVSnXRG1V72a7+O$)r^?_vm^r0nagk$F{>8Tq_0T@j<3Lr5
z*2q71nM+flGBnrKMlLWkC>*hl*C3B5ZQ04bBolA&>m$HdL>3m_`+IwmpJL0tm4XM=
z*tcsuT8M;M?IUNC!d!YCDsKrsn7!jxyf7|cIbE3@F3L-P?D9ZRpNFqX%yJlGub}L4
zLCf=v&oqRQ<5P~$=NzATpmx|uFu&#yeIRefVWU*s=zU52^aCjKTe<_`ww*msanhA>
zZH296XA=%urwdZxS^R5Uk?+s@FVGmm^xy@39+Y5oG{>FOsba(0TqN1B(4RhR^)C?P
uy5y%;4|;V6lN<fFw|y#;+Y2C*=?fB*=?fAMBuJ3(WcWYnZq@Supa1}jNX8lf
delta 3033
zcmV;~3nuj6B8M0VABzYGB$3`;kq94uFfcYSI4*WBFfK4IGGQ)lYj6PV9BXgeM$(@R
z_&;nE1QhQiilm;=K?QowwHGu^jmE)!a0FpZt}NDk9UoSWApiYlc1ek(NXwQVZ4Wy}
zByl;fo!yz)C1>OK%i!plK?fKO2K*bK`fZp4{mAH#M&qHO4-n7L^|5h8^rIJlfHY2M
zM97nLve>!52z*s&nyi9InUYjFUuhpS(oR-x*Yd6}XfhAd#0`S$3p+^WR^X{h=a?uq
zi>=5B6DROF+0TLRBtb+@SIoL5XMy7<<Oe5WYwEhh3Vfegh)clIi4!M|6>DGoFaED=
z9XSaj!IC5^_==n>$EQGnYyjhbd)sC<30btXX+p^oB!rA!7dXa*`ZhT~J?oIq@8IM8
z>Cf;P0Jn(WNrHryG>B-zzWAaO!P<8NYA@2rg<dGDBnjhbua|XRTLobfXhC$vv6qg^
zVnF+<aP9Eth4>j_cNfd`qM(*C2bwJ?Yj(*ALN|pj#yyWE5m=$u$UqB!Z<P{@4Xd2R
znkK>B^z(11xKBNX-D}pBW2N3A?_wVt5+`vPAKc=go>s_iSQLv%pqRP|POeY18%>8l
zlNJ#)&+!)#`)>-9!bWUEGquU(q=XYv>zZEW_XnCD_9x1>BMHw64#a=$w>a?s!1!;B
zMwR$)=tEt`{}+k>E$;V!EeLHb2vhKV(RxUjYIR8K-Z7~)2W$~Qxu8be76dQSs*4^#
z*UF*?ipKDUP0gGDNn|)g+n?YNp9eogZ-{+}Q%oO-+L%7LmU(z>VR+qkEDw32QzGQG
zw)e4lC$4hg+XRd_f3^JEl2QFn1Hv0Mh=G4p{D;-QUS0n~N-$-A{C~0WuM3>dGycYS
zFc#lKBQuquj|@YM{{a5RU_xUE7cV^i-faxQuo-XP{l6%@e$`9ksCVi3z3>*&q<{RH
zbpO^R%(nvD@vmSDkSx2Ce~|FD>-aYFlWwqF#w?kV0U{p127(Wc#r&8}$&VjDlOLJS
zA_)6u>80yf`8{%fV{+8*c`lxk<`fJ_pMU)Tdz~q1OsatM4pIr?n7T3P>iw=UhDMYS
z-IdnFOfP0I-b|KJ;EA6L@0u%0dG@Qzp2TJeb=;U|#Ka1FsU7wl%L{uV^Jxg2hxu01
zhZ<@KitaFU9nVQfd%4D?#W}rn*#~S<fv|4~LQ@AqYejv3SR|l0uc;SFKpH(6_>~~%
zcNfjVW=op7$--qf%tiiHE=y{`n&Wl>Qz3zQ65p{M&Y8i!7`W(TO&@Lg7TAnfE~9=L
zRwW37;i9s7XPw`Q{2nZX5<U`@Wd=%`<dU{VjD0Wc#uoL-GW9ujg?U*cxEWI~bQ!^o
z5?ozeT%^i>aQJpK84QfKN(Xkxrrw_nbki{S738qD{qfrYzZg$OW?!^VjNw2ZjD|yg
zr7Lq-3nMScbz@WT84ur1Hh1S-xF3*Zwvyw*k%-?q%=~0VzVgQkuZe=zL*rR#6oFgA
zw!3XWIPQQ)>AKpfqWNr{p>PcK_}lUEF>nUM+yFU$>e8q|8;z$<IZJ2BO-WwOHr<(S
zo^(VkNh6<Jv_A$u>k#}@=b0Sgop;DcnAag8ji?uQNI{}-ung@JcyR}s!T^HPE&4Rr
zgpchm?zt6q$}OMmYRh}@`%2R<7zHYApHi>f@+*d~*{*IE`aD+z#>HpJ$J9d<q&|by
zcj2;s95y(!ZLg5ePLDF7V7zv<S*?}2MJ_ex$OVNqn1wdApg>7c+@RFNy?lP`Qp||H
zog_63@gZj5L43BrQEnk}{03>A*-B;thz>Z!;99Uz>VS)<eu6`EL){dnSw6)9iCk>N
zw3W;=rUaZ)!GFtj)&v_moO(*9W}J2$OYIbYcw%T04100Lax)HiPuZO&1(qB`n6=<F
zU@|f7wJVmib6j<LT#lI$D95`w%g`@!)cFPzVm;fX0}6D-QhUa!)Q(0@*zdVZk-rn=
zjjfP3!q9Mu_TOM{c9swc+I3?h)K%xjj&iZDgj~MI6s*6S@jGSJZyn~^#O!SK0)<F_
z`@7j2TScvqqO(z>U;~iDyPeA^3&LA<f{aE%qBAvus>T+K^ev+T)p5nb3U0=y<c-}S
z3HpLqPe4PABHMeyMdod#F@VX4Jd2aN=*?mr{9wIE91r6Nerfp8R=18;9>}Uo6{mX)
zYp2R|$B<icml8g#vy|O{+>DQFGNmSeUN=+l1)NeB&zouD)Khk&eTHA~Qelr70UuqU
zAGez`wkF1KW6Ip-9UfyjBeg>Ue;v_q_UWhhXX=hqX*3L(Z?`LsrDh|wGto$KrX7o1
zi}&t)%duHb2&6^6q*A8)vbC^|vRykANbj+r$jD<B-N5!@QGOw%)I9r&v)3tq%8JH|
zyrY179zn1Xcdnu!4fnn(LCo^ncyU7`2mR_!+U+7N*But33tWg6yY5o&(xxPEY*=c+
zXIs$>t*?zVeB^2HPhC+p+_EO|+DTRggaO_jnL2#IrP<dEMTOl@-CLwOI6&G&ADeIq
zxPYc&kUTy_R#|ZniP=`w++fXrqIOw)d;{xtn9wkKXfU;COPsCvmaU#M{?Pam{Q{S@
zr~m%f=}%|By#ILK{rUYrr_-HvSnbO<BnRRh<Z=M3B{lbxLM*E#?e8bWs8&lm*iXyD
zTP^W$KXEPHXfGWuYwAenYTaAU#t|Jh59b+Q2{(@9#->?vyW4n$ELcAfFZ5!Mw@J3X
zi#4tDWBEv2lQ9t$e@_i-cKN);pGSw(f9iwrSk`~O1U#hH{|UywzW!6s>Oak4zdr&z
z(-`zevi|cWV5k1`<begCfPZrD63`5Je-Y@(eX2lDYRf<~8G8;x#3Y;XB=Z2IX`K9=
zCwx39WQy8s>G+J7#>Ckn3-Nkd+<#(`&)bRIrZ3P9A!=WZf5Kv?;Di?~oQU_v`6<Um
zTRA^HE0qhVoeT%Zg&#@8dabO@3S53-Rxyko#nx|!>4OC=4f=e3caT2jqx9hgGYtyi
z*`7l*>OV>&QION15`S}jh)#n?>4XJ8O|z(S;OX8P4IiTsuL^9?sPGD&i0Z+6DP(RZ
z(nC}#S4TFfe<ZN(HWM#fs?lroa6=Vq+8R{C7yPBu&G*&E7!~aFOtICY;kHgM39=yj
zOkwpTtNqF%d1l##cir7n2bNi8C*I<j`MrnG7d3T(-#T?HF=QUVQj`wXv*c0l0G?TS
zVLek3xDMc&mmt=&#n^KIQ&FQ>%aR9$hqKITm5VIPf6jkzmeq>t0?VT3-j`pwg7sVO
zo6q8zt6+@|c@@!cg)aJx%N;I*2fMtovo5mMt$B+X0CXfV1KZf!2$y*}md>3Ni{BsO
zs|swQtm_TW2XPRt`4|qFBR+;j?sbphA)HKcVIh1FgUqGM4CXk2)u)>QB9A?0@XHSN
z;O<u4e_f#wqowYOl1_`dG<w*qEU}(qbwBV2qwrtqp*l{ndS5W&ztr8KdEQMG=KgNb
zg`r~6vt@l05^xcvDb^Ma!ECIw6y5&1HKUT;hCCp<!4(A~uRO<63TDox*F#f4fx(Kp
z%LT7o2POu8UZm+o1onFv_~Q7QnYHH$<QWvLfB5QMir!1jxvKt2p8xIrzdN4h`ESkh
zKi%w`+5i7y4u*zq9_gk&me2p>^S_5Z|1<TjKI-b?`Cr7YoEU?d*uL=dZW!F+ws5{U
zz2xUT77*t^MJi5}oD>eT)E@v5823oDn~e6(;SDspZJ!iQelZU$8P5vIP2{EO;lWNB
ze}SB*q08DQyEWu|5ikSIK8O?B_y`Un>LslBf+fk=5emxOu-dJ637Qn#z<WPoS1f98
z#Qp~qhv`Bnt}aM^M21JinK)OBTj?2pBq5d{1WXpJ7t9Nj+u0A)jajWKwbD+(M0nV<
zR-E}5adWlW+%6x#e4-KY*}6Cky_Xt@9+w@5CmM!)S(vx+<Kg0`M-ywc!2CW_Z16Q4
bAN5F+F%cq@FA)X|{_o*`q_%!X0C)fZXMW`C
diff --git a/packages/checkpoint_fw_connections b/packages/checkpoint_fw_connections
index 5493ab4..435d04f 100644
--- a/packages/checkpoint_fw_connections
+++ b/packages/checkpoint_fw_connections
@@ -1,12 +1,17 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'Monitor Check Point Firewall connection statistics.\n\nRewrite of the original check.\nAdded perfdata for peak connections and TCP, UDP, ICMP, other and total connection rate\n',
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitor Check Point Firewall connection statistics.\n'
+ '\n'
+ 'Rewrite of the original check.\n'
+ 'Added perfdata for peak connections and TCP, UDP, ICMP, other '
+ 'and total connection rate\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['checkpoint_fw_connections'],
+ 'files': {'agent_based': ['checkpoint_fw_connections.py'],
'web': ['plugins/metrics/checkpoint_fw_connections.py',
'plugins/wato/checkpoint_fw_connections.py']},
'name': 'checkpoint_fw_connections',
'num_files': 3,
- 'title': u'Check Point Connections',
- 'version': '20200608.v.0.0.2a',
- 'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p38'}
\ No newline at end of file
+ 'title': 'Check Point Connections',
+ 'version': '20210824.v.0.0.3',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_fw_connections.py b/web/plugins/metrics/checkpoint_fw_connections.py
index 18d1627..686768e 100644
--- a/web/plugins/metrics/checkpoint_fw_connections.py
+++ b/web/plugins/metrics/checkpoint_fw_connections.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -11,17 +11,13 @@
# checkpoint_fw_connections
#
-##############################################################################
-#
-# define units for perfdata
-#
-##############################################################################
+from cmk.gui.i18n import _
-##############################################################################
-#
-# define metrics for perfdata
-#
-##############################################################################
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
metric_info['checkpoint_fw_connections_fwconnectionstcp'] = {
'title': _('TCP connections'),
@@ -31,17 +27,17 @@ metric_info['checkpoint_fw_connections_fwconnectionstcp'] = {
metric_info['checkpoint_fw_connections_fwconnectionsudp'] = {
'title': _('UDP connections'),
'unit': '1/s',
- 'color': '12/a',
+ 'color': '25/a',
}
metric_info['checkpoint_fw_connections_fwconnectionsicmp'] = {
'title': _('ICMP connections'),
'unit': '1/s',
- 'color': '13/a',
+ 'color': '31/a',
}
metric_info['checkpoint_fw_connections_fwconnectionsother'] = {
'title': _('Other connections'),
'unit': '1/s',
- 'color': '14/a',
+ 'color': '41/a',
}
metric_info['checkpoint_fw_connections_fwconnectionssum'] = {
'title': _('Total connections'),
@@ -65,32 +61,37 @@ metric_info['checkpoint_fw_connections_fwpeaknumconn'] = {
'color': '16/a',
}
+metric_info['checkpoint_fw_connections_relative'] = {
+ 'title': _('Connections relative'),
+ 'unit': '%',
+ 'color': '36/a',
+}
-##############################################################################
-#
-# map perfdata to metric
-#
-##############################################################################
-
-
-check_metrics['check_mk-checkpoint_fw_connections'] = {
- 'fwconnectionstcp': {'name': 'checkpoint_fw_connections_fwconnectionstcp', },
- 'fwconnectionsudp': {'name': 'checkpoint_fw_connections_fwconnectionsudp', },
- 'fwconnectionsicmp': {'name': 'checkpoint_fw_connections_fwconnectionsicmp', },
- 'fwconnectionsother': {'name': 'checkpoint_fw_connections_fwconnectionsother', },
- 'fwconnectionssum': {'name': 'checkpoint_fw_connections_fwconnectionssum', },
- 'fwconnectionrate': {'name': 'checkpoint_fw_connections_fwconnectionrate', },
- 'fwcurrentnumconn': {'name': 'checkpoint_fw_connections_fwcurrentnumconn', },
- 'fwpeaknumconn': {'name': 'checkpoint_fw_connections_fwpeaknumconn', },
+graph_info['checkpoint_fw_connections_fwpeaknumconn'] = {
+ 'title': _('Check Point Firewall Connections absolute'),
+ 'metrics': [
+ ('checkpoint_fw_connections_fwpeaknumconn', 'line'),
+ ('checkpoint_fw_connections_fwcurrentnumconn', 'area'),
+ ],
+ 'scalars': [
+ ('checkpoint_fw_connections_fwcurrentnumconn:crit', _('crit')),
+ ('checkpoint_fw_connections_fwcurrentnumconn:warn', _('warn')),
+ ],
}
-##############################################################################
-#
-# how to graph perdata
-#
-##############################################################################
+graph_info['checkpoint_fw_connections_relative'] = {
+ 'title': _('Check Point Firewall Connections relative to connection table limit'),
+ 'metrics': [
+ ('checkpoint_fw_connections_relative', 'area'),
+ ],
+ 'scalars': [
+ ('checkpoint_fw_connections_relative:crit', _('crit')),
+ ('checkpoint_fw_connections_relative:warn', _('warn')),
+ ],
+ 'range': (0, 110),
+}
-graph_info.append({
+graph_info['checkpoint_fw_connections_fwconnectionstcp'] = {
'title': _('Check Point Firewall Connections per second'),
'metrics': [
('checkpoint_fw_connections_fwconnectionstcp', 'stack'),
@@ -100,27 +101,21 @@ graph_info.append({
('checkpoint_fw_connections_fwconnectionssum', 'line'),
('checkpoint_fw_connections_fwconnectionrate', 'line'),
],
-})
-
-graph_info.append({
- 'title': _('Check Point Firewall Connections count'),
- 'metrics': [
- ('checkpoint_fw_connections_fwpeaknumconn', 'line'),
- ('checkpoint_fw_connections_fwcurrentnumconn', 'area'),
- ],
- 'scalars': [
- ('checkpoint_fw_connections_fwcurrentnumconn:crit', _('crit')),
- ('checkpoint_fw_connections_fwcurrentnumconn:warn', _('warn')),
- ],
-})
-
-
-##############################################################################
-#
-# define perf-o-meter
-#
-##############################################################################
+}
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'linear',
+ 'segments': ['checkpoint_fw_connections_relative'],
+ 'total': 100,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_connections_fwconnectionrate',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+]))
perfometer_info.append(('stacked', [
{
@@ -135,4 +130,4 @@ perfometer_info.append(('stacked', [
'half_value': 1000.0,
'exponent': 2,
},
-]))
\ No newline at end of file
+]))
diff --git a/web/plugins/wato/checkpoint_fw_connections.py b/web/plugins/wato/checkpoint_fw_connections.py
index 5fd7be0..85dcb50 100644
--- a/web/plugins/wato/checkpoint_fw_connections.py
+++ b/web/plugins/wato/checkpoint_fw_connections.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -7,28 +7,93 @@
# URL : https://thl-cmk.hopto.org
# Date : 2020-06-07
#
-register_check_parameters(
- subgroup_applications,
- 'checkpoint_fw_connections',
- _('Check Point Firewall Connections'),
- Dictionary(
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ Tuple,
+ Integer,
+ Percentage,
+)
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_fw_connections():
+ return Dictionary(
elements=[
- ('warncritcurrent',
+ ('levels_upper_absolute',
Tuple(
- title=_('Levels for number of current active connections'),
+ title=_('Maximum number of firewall connections'),
+ help=_('This rule sets upper limits to the current number of connections through '
+ 'a Checkpoint firewall.'),
elements=[
- Integer(title=_('Warning at'), default_value=1000, unit=_('Count'), allow_empty=False),
- Integer(title=_('Critical at'), default_value=2000, unit=_('Count'), allow_empty=False),
+ Integer(title=_('Warning at'), default_value=1000, unit=_('connections')),
+ Integer(title=_('Critical at'), default_value=2000, unit=_('connections')),
])),
- ('warncritrate',
+ ('levels_lower_absolute',
Tuple(
- title=_('Levels for number of new connections/s'),
+ title=_('Minimum number of firewall connections'),
+ help=_('This rule sets lower limits to the current number of connections through '
+ 'a Checkpoint firewall.'),
elements=[
- Integer(title=_('Warning at'), default_value=100, unit=_('Count'), allow_empty=False),
- Integer(title=_('Critical at'), default_value=200, unit=_('Count'), allow_empty=False),
+ Integer(title=_('Warning blow'), default_value=100, unit=_('connections')),
+ Integer(title=_('Critical below'), default_value=50, unit=_('connections')),
+ ])),
+ ('admin_table_limit',
+ Integer(
+ title=_('Admin connection table limit'),
+ help=_('This rule sets the maximum number of connections through the firewall. This is use full '
+ 'if your firewall is set to automatic connection table limit and you still want '
+ 'relative metrics. This setting takes precedence over the the fwConnTableLimit '
+ 'configured on the firewall (only for monitoring purposes of curse). This value should match'
+ 'the real values of your firewall, if not you might get relative values above 100%.'),
+ minvalue=0,
+ unit=_('connections'),
+ )),
+ ('levels_upper_relative',
+ Tuple(
+ title=_('Percentage of maximum connections (only used if a limit is defined on '
+ 'the Check Point device)'),
+ help=_('This relative threshold can only be used if a maximum number is defined on '
+ 'the firewall side and then read from fwConnTableLimit. By default, this '
+ 'limit is not set in Check Point devices and this check than falls back to '
+ 'the absolute defaults or the ones defined above'),
+ elements=[
+ Percentage(
+ title=_('Warning at'), unit='%', minvalue=0.0, default_value=80.0,
+ ),
+ Percentage(
+ title=_('Critical at'), unit='%', minvalue=0.0, default_value=90.0),
+ ])),
+ ('levels_lower_relative',
+ Tuple(
+ title=_('Percentage of minimum connections (only used if a limit is defined on '
+ 'the Check Point device)'),
+ help=_('This relative threshold can only be used if a maximum number is defined on '
+ 'the firewall side and then read from fwConnTableLimit. By default, this '
+ 'limit is not set in Check Point devices and this check than falls back to '
+ 'the absolute defaults or the ones defined above'),
+ elements=[
+ Percentage(
+ title=_('Warning below'), unit='%', minvalue=0.0, default_value=20.0,
+ ),
+ Percentage(
+ title=_('Critical below'), unit='%', minvalue=0.0, default_value=10.0),
])),
],
- ),
- None,
- match_type='dict',
-)
\ No newline at end of file
+ # optional_keys=['levels_upper_relative'],
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_fw_connections',
+ group=RulespecGroupCheckParametersNetworking,
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_fw_connections,
+ title=lambda: _('Check Point Firewall Connections'),
+ ))
--
GitLab