diff --git a/checkpoint_connections.mkp b/checkpoint_connections.mkp
index 19ee413223db4e2051f4df719123bf4e86040774..67cf02bf942a1dfaa6c5ecbda0a5feeee9942142 100644
Binary files a/checkpoint_connections.mkp and b/checkpoint_connections.mkp differ
diff --git a/checks/checkpoint_fw_connections b/checks/checkpoint_fw_connections
new file mode 100644
index 0000000000000000000000000000000000000000..0acd07b98101214b668038fff0e85b79631c4639
--- /dev/null
+++ b/checks/checkpoint_fw_connections
@@ -0,0 +1,111 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-17
+# #
+# rewrite of the original checkpoint_connections check from check_mk
+#
+# added connection statistic details for tcp/udp/icmp/other .....
+#
+# 29.05.2018 : added connection limit (fwConnTableLimit)
+# 31.05.2020 : changed form checkpoint_connections to checkpoint_fw_connections
+# changed to checkpoint_fw_connections_default_levels to
+# factory_settings['checkpoint_fw_connections_defaults']
+# 07.06.2020 : code cleanup
+# added wato
+# wadded warn/crit for connection rate
+#
+
+factory_settings['checkpoint_fw_connections_defaults'] = {
+ # 'warncritconcurrent': (1000, 2000),
+ # 'warncritnew': (100, 200)
+}
+
+
+def inventory_checkpoint_fw_connections(info):
+ return [(None, {})]
+
+
+def check_checkpoint_fw_connections(item, params, info):
+ fwConnectionsStat, fwpolicystat = info
+
+ fwConnectionsTcp, fwConnectionsUdp, fwConnectionsIcmp, fwConnectionsOther, fwConnectionsSum, fwConnectionRate = fwConnectionsStat[0]
+ fwCurrnetNumConn, fwPeakNumConn, fwConnTableLimit = fwpolicystat[0]
+
+ now_time = time.time()
+
+ fwConnectionsTcp = get_rate('checkpoint_fw_connections.%s.%s' % ('fwConnectionsTcp', item), now_time, int(fwConnectionsTcp), onwrap=SKIP)
+ fwConnectionsUdp = get_rate('checkpoint_fw_connections.%s.%s' % ('fwConnectionsUdp', item), now_time, int(fwConnectionsUdp), onwrap=SKIP)
+ fwConnectionsIcmp = get_rate('checkpoint_fw_connections.%s.%s' % ('fwConnectionsIcmp', item), now_time, int(fwConnectionsIcmp), onwrap=SKIP)
+ fwConnectionsOther = get_rate('checkpoint_fw_connections.%s.%s' % ('fwConnectionsOther', item), now_time, int(fwConnectionsOther), onwrap=SKIP)
+ fwConnectionsSum = get_rate('checkpoint_fw_connections.%s.%s' % ('fwConnectionsSum', item), now_time, int(fwConnectionsSum), onwrap=SKIP)
+ fwConnectionRate = int(fwConnectionRate)
+
+ fwCurrnetNumConn = int(fwCurrnetNumConn)
+ fwPeakNumConn = int(fwPeakNumConn)
+ fwConnTableLimit = int (fwConnTableLimit)
+
+ if fwConnTableLimit == 0:
+ fwConnTableLimit = 'automatically adjusted'
+
+ perfdata = [('fwconnectionstcp', fwConnectionsTcp),
+ ('fwconnectionsudp', fwConnectionsUdp),
+ ('fwconnectionsicmp', fwConnectionsIcmp),
+ ('fwconnectionsother', fwConnectionsOther),
+ ('fwconnectionssum', fwConnectionsSum),
+ ('fwpeaknumconn', fwPeakNumConn)
+ ]
+
+ for info, unit, counter, value, warncrit in [
+ ('current: ', '', 'fwcurrnetnumconn', fwCurrnetNumConn, 'warncritconcurrent'),
+ ('rate: ', '/s', 'fwconnectionrate', fwConnectionRate, 'warncritrate')
+ ]:
+ if params.get(warncrit):
+ warn, crit = params[warncrit]
+ else:
+ warn = None
+ crit = None
+ perfdata.append((counter, value, warn, crit))
+ if crit != None and value >= crit:
+ yield 2, info + '%d' % value + unit + ' (>=%d)' % crit
+ elif warn != None and value >= warn:
+ yield 1, info + '%d' % value + unit + ' (>=%d)' % warn
+ else:
+ yield 0, info % value
+
+ yield 0, 'peak: %d' % fwPeakNumConn
+ yield 0, 'table limit: %s' % fwConnTableLimit
+
+ yield 0, '', perfdata
+
+
+check_info['checkpoint_fw_connections'] = {
+ 'check_function': check_checkpoint_fw_connections,
+ 'inventory_function': inventory_checkpoint_fw_connections,
+ 'service_description': 'Firewall connections',
+ 'has_perfdata': True,
+ 'group': 'checkpoint_fw_connections',
+ 'default_levels_variable': 'checkpoint_fw_connections_defaults',
+ 'snmp_scan_function': lambda oid: (
+ (oid('.1.3.6.1.2.1.1.2.0').startswith('.1.3.6.1.4.1.2620.1.6.123.1') or # CheckPoint System
+ oid('.1.3.6.1.2.1.1.2.0') in ['.1.3.6.1.4.1.8072.3.2.10', ]) and # Virtual System (Linux)
+ oid('.1.3.6.1.4.1.2620.1.1.26.11.1.0')), # CHECKPOINT-MIB::fwConnectionsStatConnectionsTcp.0
+ 'snmp_info': [('.1.3.6.1.4.1.2620.1.1.26.11', [ # CHECKPOINT-MIB::fwConnectionsStat
+ '1', # fwConnectionsStatConnectionsTcp
+ '2', # fwConnectionsStatConnectionsUdp
+ '3', # fwConnectionsStatConnectionsIcmp
+ '4', # fwConnectionsStatConnectionsOther
+ '5', # fwConnectionsStatConnections
+ '6', # fwConnectionsStatConnectionRate
+ ]),
+ ('.1.3.6.1.4.1.2620.1.1.25', [ # CHECKPOINT-MIB::fwPolicyStat
+ '3', # fwNumConn
+ '4', # fwPeakNumConn
+ '10', # fwConnTableLimit
+ ])
+ ]
+}
\ No newline at end of file
diff --git a/packages/checkpoint_connections b/packages/checkpoint_connections
index d0bf7a05352fd19565a880f7484b4ca7ee8a82d5..48620165a0ba01889330b28b62450b608d03eed9 100644
--- a/packages/checkpoint_connections
+++ b/packages/checkpoint_connections
@@ -1,11 +1,12 @@
{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': u'Monitor Check Point Firewall connection statistics.\n\nRewrite of the original check.\nAdded perfdata for peak connections and TCP, UDP, ICMP, other and total connection rate\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['checkpoint_connections'],
- 'web': ['plugins/metrics/checkpoint_connections.py']},
+ 'files': {'checks': ['checkpoint_fw_connections'],
+ 'web': ['plugins/metrics/checkpoint_fw_connections.py',
+ 'plugins/wato/checkpoint_fw_connections.py']},
'name': 'checkpoint_connections',
- 'num_files': 2,
+ 'num_files': 3,
'title': u'Check Point Connections',
- 'version': '20180731.v.0.0.1',
+ 'version': '20200607.v.0.0.2',
'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p35'}
\ No newline at end of file
+ 'version.packaged': '1.4.0p38'}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_fw_connections.py b/web/plugins/metrics/checkpoint_fw_connections.py
new file mode 100644
index 0000000000000000000000000000000000000000..9df7757e3996a53e1cb80050d386fec3efe809d5
--- /dev/null
+++ b/web/plugins/metrics/checkpoint_fw_connections.py
@@ -0,0 +1,138 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-17
+#
+# Check Point Firewall connections metrics plugins
+# checkpoint_fw_connections
+#
+
+##############################################################################
+#
+# define units for perfdata
+#
+##############################################################################
+
+##############################################################################
+#
+# define metrics for perfdata
+#
+##############################################################################
+
+metric_info['checkpoint_fw_connections_fwconnectionstcp'] = {
+ 'title': _('TCP connections'),
+ 'unit': '1/s',
+ 'color': '11/a',
+}
+metric_info['checkpoint_fw_connections_fwconnectionsudp'] = {
+ 'title': _('UDP connections'),
+ 'unit': '1/s',
+ 'color': '21/a',
+}
+metric_info['checkpoint_fw_connections_fwconnectionsicmp'] = {
+ 'title': _('ICMP connections'),
+ 'unit': '1/s',
+ 'color': '31/a',
+}
+metric_info['checkpoint_fw_connections_fwconnectionsother'] = {
+ 'title': _('Other connections'),
+ 'unit': '1/s',
+ 'color': '41/a',
+}
+metric_info['checkpoint_fw_connections_fwconnectionssum'] = {
+ 'title': _('Total connections'),
+ 'unit': '1/s',
+ 'color': '26/a',
+}
+metric_info['checkpoint_fw_connections_fwconnectionrate'] = {
+ 'title': _('Connections rate'),
+ 'unit': '1/s',
+ 'color': '42/a',
+}
+
+metric_info['checkpoint_fw_connections_fwcurrentnumconn'] = {
+ 'title': _('Current connections'),
+ 'unit': 'count',
+ 'color': '26/a',
+}
+metric_info['checkpoint_fw_connections_fwpeaknumconn'] = {
+ 'title': _('Peak Connections'),
+ 'unit': 'count',
+ 'color': '23/a',
+}
+
+
+##############################################################################
+#
+# map perfdata to metric
+#
+##############################################################################
+
+
+check_metrics['check_mk-checkpoint_fw_connections'] = {
+ 'fwconnectionstcp': {'name': 'checkpoint_fw_connections_fwconnectionstcp', },
+ 'fwconnectionsudp': {'name': 'checkpoint_fw_connections_fwconnectionsudp', },
+ 'fwconnectionsicmp': {'name': 'checkpoint_fw_connections_fwconnectionsicmp', },
+ 'fwconnectionsother': {'name': 'checkpoint_fw_connections_fwconnectionsother', },
+ 'fwconnectionssum': {'name': 'checkpoint_fw_connections_fwconnectionssum', },
+ 'fwconnectionrate': {'name': 'checkpoint_fw_connections_fwconnectionrate', },
+ 'fwcurrentnumconn': {'name': 'checkpoint_fw_connections_fwcurrentnumconn', },
+ 'fwpeaknumconn': {'name': 'checkpoint_fw_connections_fwpeaknumconn', },
+}
+
+##############################################################################
+#
+# how to graph perdata
+#
+##############################################################################
+
+graph_info.append({
+ 'title': _('Check Point Firewall Connections per second'),
+ 'metrics': [
+ ('checkpoint_fw_connections_fwconnectionstcp', 'stack'),
+ ('checkpoint_fw_connections_fwconnectionsudp', 'stack'),
+ ('checkpoint_fw_connections_fwconnectionsicmp', 'stack'),
+ ('checkpoint_fw_connections_fwconnectionsother', 'stack'),
+ ('checkpoint_fw_connections_fwconnectionssum', 'line'),
+ ('checkpoint_fw_connections_fwconnectionrate', 'line'),
+ ],
+})
+
+graph_info.append({
+ 'title': _('Check Point Firewall Connections count'),
+ 'metrics': [
+ ('checkpoint_fw_connections_fwpeaknumconn', 'line'),
+ ('checkpoint_fw_connections_fwcurrentnumconn', 'area'),
+ ],
+ 'scalars': [
+ ('checkpoint_fw_connections_fwcurrentnumconn:crit', _('crit')),
+ ('checkpoint_fw_connections_fwcurrentnumconn:warn', _('warn')),
+ ],
+})
+
+
+##############################################################################
+#
+# define perf-o-meter
+#
+##############################################################################
+
+
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_connections_fwcurrentnumconn',
+ 'half_value': 100000.0,
+ 'exponent': 2,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_fw_connections_fwconnectionssum',
+ 'half_value': 1000.0,
+ 'exponent': 2,
+ },
+]))
diff --git a/web/plugins/wato/checkpoint_fw_connections.py b/web/plugins/wato/checkpoint_fw_connections.py
new file mode 100644
index 0000000000000000000000000000000000000000..bc646da611366a6f4e1e65fb00bbcab5a74c4491
--- /dev/null
+++ b/web/plugins/wato/checkpoint_fw_connections.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2020-06-07
+#
+register_check_parameters(
+ subgroup_applications,
+ 'checkpoint_fw_connections',
+ _('Check Point Firewall Connections'),
+ Dictionary(
+ elements=[
+ ('warncritconcurrent',
+ Tuple(
+ title=_('Levels for number of concurrent active connections'),
+ elements=[
+ Integer(title=_('Warning at'), default_value=1000, unit=_('Count'), allow_empty=False),
+ Integer(title=_('Critical at'), default_value=2000, unit=_('Count'), allow_empty=False),
+ ])),
+ ('warncritrate',
+ Tuple(
+ title=_('Levels for number of new connections/s'),
+ elements=[
+ Integer(title=_('Warning at'), default_value=100, unit=_('Count'), allow_empty=False),
+ Integer(title=_('Critical at'), default_value=200, unit=_('Count'), allow_empty=False),
+ ])),
+ ],
+ ),
+ None,
+ match_type='dict',
+)
\ No newline at end of file