diff --git a/agent_based/checkpoint_ia_adquery.py b/agent_based/checkpoint_ia_adquery.py
new file mode 100644
index 0000000000000000000000000000000000000000..c5d225b6e357f945504d83695c7abb0fb0a16e1f
--- /dev/null
+++ b/agent_based/checkpoint_ia_adquery.py
@@ -0,0 +1,192 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-17-05
+#
+# Check Point Identity Awareness status
+#
+# 2020-06-08: changed snmp-scan function
+#
+# snmpwalk sample
+# .1.3.6.1.4.1.2620.1.38.25.1.1.1.0 = Counter32: 1
+# .1.3.6.1.4.1.2620.1.38.25.1.1.2.0 = Counter32: 2
+# .1.3.6.1.4.1.2620.1.38.25.1.1.3.0 = Counter32: 3
+# .1.3.6.1.4.1.2620.1.38.25.1.1.4.0 = Counter32: 4
+# .1.3.6.1.4.1.2620.1.38.25.1.1.5.0 = Counter32: 5
+# .1.3.6.1.4.1.2620.1.38.25.1.2.1.0 = Counter32: 0
+# .1.3.6.1.4.1.2620.1.38.25.1.2.2.0 = Counter32: 0
+# .1.3.6.1.4.1.2620.1.38.25.1.2.3.0 = Counter32: 0
+# .1.3.6.1.4.1.2620.1.38.25.1.2.4.0 = Counter32: 0
+# .1.3.6.1.4.1.2620.1.38.25.1.2.5.0 = Counter32: 0
+# .1.3.6.1.4.1.2620.1.38.25.1.3.1.0 = STRING: "doamin1.de"
+# .1.3.6.1.4.1.2620.1.38.25.1.3.2.0 = STRING: "doamin1.de"
+# .1.3.6.1.4.1.2620.1.38.25.1.3.3.0 = STRING: "domain1.de"
+# .1.3.6.1.4.1.2620.1.38.25.1.3.4.0 = STRING: "domain2.de"
+# .1.3.6.1.4.1.2620.1.38.25.1.3.5.0 = STRING: "domain2.de"
+# .1.3.6.1.4.1.2620.1.38.25.1.4.1.0 = IpAddress: 10.1.1.13
+# .1.3.6.1.4.1.2620.1.38.25.1.4.2.0 = IpAddress: 10.1.1.14
+# .1.3.6.1.4.1.2620.1.38.25.1.4.3.0 = IpAddress: 10.1.1.31
+# .1.3.6.1.4.1.2620.1.38.25.1.4.4.0 = IpAddress: 10.1.1.16
+# .1.3.6.1.4.1.2620.1.38.25.1.4.5.0 = IpAddress: 10.1.1.17
+# .1.3.6.1.4.1.2620.1.38.25.1.5.1.0 = Counter32: 77462
+# .1.3.6.1.4.1.2620.1.38.25.1.5.2.0 = Counter32: 85917
+# .1.3.6.1.4.1.2620.1.38.25.1.5.3.0 = Counter32: 58378
+# .1.3.6.1.4.1.2620.1.38.25.1.5.4.0 = Counter32: 4810
+# .1.3.6.1.4.1.2620.1.38.25.1.5.5.0 = Counter32: 6256
+#
+# sample info
+# [[u'1', u'0', u'domain1.de', u'10.1.1.13', u'77462'],
+# [u'2', u'0', u'domain1.de', u'10.1.1.14', u'85917'],
+# [u'3', u'0', u'domain1.de', u'10.1.1.31', u'58378'],
+# [u'4', u'0', u'domain2.de', u'10.1.1.16', u'4810'],
+# [u'5', u'0', u'domain2.de', u'10.1.1.17', u'6256']]
+#
+import time
+from dataclasses import dataclass
+from typing import Optional, Dict
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ check_levels,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ get_rate,
+ GetRateError,
+ get_value_store,
+ Result,
+ State,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointIaDc:
+ status_code: int
+ status_str: str
+ events: int
+
+
+_dcstatus = {
+ '0': 'Ok',
+ '1': 'Bad Credentials',
+ '2': 'Connectivity Error',
+ '3': 'Internal Error',
+ '4': 'Connection Time Out'
+}
+
+
+def parse_checkpoint_ia_adquery(string_table: StringTable) -> Optional[Dict[str, Dict[str, CheckpointIaDc]]]:
+ domains = {}
+ for entry in string_table:
+ try:
+ status, domain, ipaddr, events = entry
+ except ValueError:
+ return
+
+ if len(ipaddr.split('.')) == 4:
+ if not domains.get(domain):
+ domains[domain] = {}
+
+ domains[domain].update({
+ ipaddr: CheckpointIaDc(
+ status_code=int(status),
+ status_str=_dcstatus.get(status, f'unknown: {status}'),
+ events=int(events)
+ )
+ })
+ return domains
+
+
+def discovery_checkpoint_ia_adquery(section: Dict[str, Dict[str, CheckpointIaDc]]) -> DiscoveryResult:
+ for key in section.keys():
+ yield Service(item=key)
+
+
+def check_checkpoint_ia_adquery(item, params, section: Dict[str, Dict[str, CheckpointIaDc]]) -> CheckResult:
+ try:
+ dcs = section[item]
+ except KeyError:
+ return
+
+ events_sum = 0
+ now_time = time.time()
+ value_store = get_value_store()
+
+ for key in dcs.keys():
+ dc = dcs[key]
+ events_sum += dc.events
+
+ dc_ip_address = key.replace('.', '_')
+ try:
+ value = get_rate(value_store, f'checkpoint_ia_adquery_{dc_ip_address}', now_time, dc.events, raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield from check_levels(
+ value=value,
+ label=f'DC {key} Events',
+ metric_name=f'checkpoint_ia_adquery_{dc_ip_address}',
+ render_func=lambda v: f'{v:.2f}/s',
+ notice_only=True
+ )
+
+ if not dc.status_code == 0:
+ yield Result(state=State.CRIT, notice=f'DC {key} connection status: {dc.status_str}')
+ #else:
+ # yield Result(state=State.OK, notice=f'DC {key} connection status: {dc.status_str}')
+
+ yield Result(state=State.OK, summary=f'# of DCs: {len(dcs)}', details=' ')
+
+ try:
+ value = get_rate(value_store, f'checkpoint_ia_adquery_events_sum', now_time, events_sum, raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield from check_levels(
+ value=value,
+ label='Events (sum)',
+ metric_name=f'checkpoint_ia_adquery_events_sum',
+ render_func=lambda v: f'{v:.2f}/s',
+ )
+
+
+register.snmp_section(
+ name='checkpoint_ia_adquery',
+ parse_function=parse_checkpoint_ia_adquery,
+ fetch=SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.38.25.1', # CHECKPOINT-MIB::identityAwarenessADQueryStatusEntry
+ oids=[
+ '2', # identityAwarenessADQueryStatusCurrStatus
+ '3', # identityAwarenessADQueryStatusDomainName
+ '4', # identityAwarenessADQueryStatusDomainIP
+ '5', # identityAwarenessADQueryStatusEvents
+ ]
+ ),
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_ia_adquery',
+ service_name='Identity Awareness AD Domain %s',
+ discovery_function=discovery_checkpoint_ia_adquery,
+ check_function=check_checkpoint_ia_adquery,
+ check_default_parameters={
+ },
+ check_ruleset_name='checkpoint_ia_adquery',
+)
diff --git a/agent_based/checkpoint_identity_awareness.py b/agent_based/checkpoint_identity_awareness.py
new file mode 100644
index 0000000000000000000000000000000000000000..0c8c79947c98c482e0e99d84e860dee708e31f64
--- /dev/null
+++ b/agent_based/checkpoint_identity_awareness.py
@@ -0,0 +1,233 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-17-05
+#
+# Check Point Identity Awareness status
+#
+# 2018-03-15 : code cleanup, added identity counters 39-44
+# 2020-06-08 : changed snmp-scan function
+#
+# snmpwalk sample
+#
+# .1.3.6.1.4.1.2620.1.38.1.0 = STRING: "Identity Awareness"
+# .1.3.6.1.4.1.2620.1.38.2.0 = Gauge32: 149
+# .1.3.6.1.4.1.2620.1.38.3.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.4.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.5.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.6.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.7.0 = Gauge32: 149
+# .1.3.6.1.4.1.2620.1.38.8.0 = Gauge32: 188
+# .1.3.6.1.4.1.2620.1.38.9.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.10.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.11.0 = Gauge32: 337
+# .1.3.6.1.4.1.2620.1.38.12.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.13.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.14.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.15.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.16.0 = Gauge32: 221
+# .1.3.6.1.4.1.2620.1.38.17.0 = Gauge32: 44
+# .1.3.6.1.4.1.2620.1.38.18.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.19.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.20.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.21.0 = Gauge32: 2272
+# .1.3.6.1.4.1.2620.1.38.22.0 = Gauge32: 68786
+# .1.3.6.1.4.1.2620.1.38.23.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.39.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.40.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.41.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.42.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.43.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.44.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.101.0 = Gauge32: 0
+# .1.3.6.1.4.1.2620.1.38.102.0 = STRING: "OK"
+# .1.3.6.1.4.1.2620.1.38.103.0 = STRING: "OK"
+#
+# sample info
+# [[u'Identity Awareness', u'149', u'0', u'0', u'0', u'0', u'149', u'188', u'0', u'0', u'337', u'0', u'0', u'0', u'0',
+# u'221', u'44', u'0', u'0', u'0', u'2272', u'68786', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'OK', u'OK']]
+#
+
+import time
+from dataclasses import dataclass
+from typing import Optional, Dict
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ get_rate,
+ GetRateError,
+ get_value_store,
+ Result,
+ State,
+ Metric,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointIaStatus:
+ iaStatus: int
+ iaStatusShortDesc: str
+ iaStatusLongDesc: str
+ metrics_count: Dict[str, int]
+ metrics_rate: Dict[str, int]
+
+
+def parse_checkpoint_identity_awareness(string_table: StringTable) -> Optional[CheckpointIaStatus]:
+ try:
+ iaAuthUsers, iaUnAuthUsers, iaAuthUsersKerberos, iaAuthMachKerberos, iaAuthUsersPass, \
+ iaAuthUsersADQuery, iaAuthMachADQuery, iaLoggedInAgent, iaLoggedInCaptivePortal, iaLoggedInADQuery, \
+ iaAntiSpoffProtection, iaSuccUserLoginKerberos, iaSuccMachLoginKerberos, iaSuccUserLoginPass, \
+ iaSuccUserLoginADQuery, iaSuccMachLoginADQuery, iaUnSuccUserLoginKerberos, iaUnSuccMachLoginKerberos, \
+ iaUnSuccUserLoginPass, iaSuccUserLDAP, iaUnSuccUserLDAP, iaDataTrans, iaRADIUSAccounting, \
+ iaIdentityCollectorActiveDirectory, iaIdentityCollectorCiscoISE, iaTerminalServer, iaRemoteAccess, \
+ iaIdentityWebAPI, iaStatus, iaStatusShortDesc, iaStatusLongDesc = string_table[0]
+ except IndexError:
+ return
+
+ return CheckpointIaStatus(
+ iaStatus=int(iaStatus),
+ iaStatusShortDesc=iaStatusShortDesc,
+ iaStatusLongDesc=iaStatusLongDesc,
+ metrics_count={
+ 'iaAuthUsers': int(iaAuthUsers),
+ 'iaUnAuthUsers': int(iaUnAuthUsers),
+ 'iaAuthUsersKerberos': int(iaAuthUsersKerberos),
+ 'iaAuthMachKerberos': int(iaAuthMachKerberos),
+ 'iaAuthUsersPass': int(iaAuthUsersPass),
+ 'iaAuthUsersADQuery': int(iaAuthUsersADQuery),
+ 'iaAuthMachADQuery': int(iaAuthMachADQuery),
+ 'iaLoggedInAgent': int(iaLoggedInAgent),
+ 'iaLoggedInCaptivePortal': int(iaLoggedInCaptivePortal),
+ 'iaLoggedInADQuery': int(iaLoggedInADQuery),
+ 'iaAntiSpoffProtection': int(iaAntiSpoffProtection),
+ 'iaSuccUserLoginKerberos': int(iaSuccUserLoginKerberos),
+ 'iaSuccMachLoginKerberos': int(iaSuccMachLoginKerberos),
+ 'iaSuccUserLoginPass': int(iaSuccUserLoginPass),
+ 'iaSuccUserLoginADQuery': int(iaSuccUserLoginADQuery),
+ 'iaSuccMachLoginADQuery': int(iaSuccMachLoginADQuery),
+ 'iaUnSuccUserLoginKerberos': int(iaUnSuccUserLoginKerberos),
+ 'iaUnSuccMachLoginKerberos': int(iaUnSuccMachLoginKerberos),
+ 'iaUnSuccUserLoginPass': int(iaUnSuccUserLoginPass),
+ 'iaDataTrans': int(iaDataTrans),
+ 'iaRADIUSAccounting': int(iaRADIUSAccounting) if iaRADIUSAccounting.isdigit() else None,
+ 'iaIdentityCollectorActiveDirectory': int(iaIdentityCollectorActiveDirectory) if iaIdentityCollectorActiveDirectory.isdigit() else None,
+ 'iaIdentityCollectorCiscoISE': int(iaIdentityCollectorCiscoISE) if iaIdentityCollectorCiscoISE.isdigit() else None,
+ 'iaTerminalServer': int(iaTerminalServer) if iaTerminalServer.isdigit() else None,
+ 'iaRemoteAccess': int(iaRemoteAccess) if iaRemoteAccess.isdigit() else None,
+ 'iaIdentityWebAPI': int(iaIdentityWebAPI) if iaIdentityWebAPI.isdigit() else None,
+ },
+ metrics_rate={
+ 'iaSuccUserLDAP': int(iaSuccUserLDAP),
+ 'iaUnSuccUserLDAP':int(iaUnSuccUserLDAP),
+ },
+ )
+
+
+def discovery_checkpoint_identity_awareness(section: CheckpointIaStatus) -> DiscoveryResult:
+ yield Service()
+
+
+def check_checkpoint_identity_awareness(params, section: CheckpointIaStatus) -> CheckResult:
+
+ yield Result(state=State.OK, summary=f'Authenticated users: {section.metrics_count["iaAuthUsers"]}')
+ yield Result(state=State.OK, summary=f'Unauthenticated users: {section.metrics_count["iaUnAuthUsers"]}')
+
+ if not section.iaStatus == 0:
+ yield Result(state=State.WARN, notice=section.iaStatusLongDesc)
+
+ for key, value in section.metrics_count.items():
+ if value is not None and key not in params['ignore_counters']:
+ yield Metric(
+ value=value,
+ name=f'checkpoint_identity_awareness_{key}',
+ )
+
+ now_time = time.time()
+ value_store = get_value_store()
+ for key, value in section.metrics_rate.items():
+ if value is not None and key not in params['ignore_counters']:
+ try:
+ value = get_rate(value_store, f'checkpoint_identity_awareness_{key}', now_time, value, raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield Metric(
+ value=value,
+ name=f'checkpoint_identity_awareness_{key}',
+ )
+
+
+register.snmp_section(
+ name='checkpoint_identity_awareness',
+ parse_function=parse_checkpoint_identity_awareness,
+ fetch=SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.38', # CHECKPOINT-MIB::identityAwareness
+ oids=[
+ '2', # identityAwarenessAuthUsers
+ '3', # identityAwarenessUnAuthUsers
+ '4', # identityAwarenessAuthUsersKerberos
+ '5', # identityAwarenessAuthMachKerberos
+ '6', # identityAwarenessAuthUsersPass
+ '7', # identityAwarenessAuthUsersADQuery
+ '8', # identityAwarenessAuthMachADQuery
+ '9', # identityAwarenessLoggedInAgent
+ '10', # identityAwarenessLoggedInCaptivePortal
+ '11', # identityAwarenessLoggedInADQuery
+ '12', # identityAwarenessAntiSpoffProtection
+ '13', # identityAwarenessSuccUserLoginKerberos
+ '14', # identityAwarenessSuccMachLoginKerberos
+ '15', # identityAwarenessSuccUserLoginPass
+ '16', # identityAwarenessSuccUserLoginADQuery
+ '17', # identityAwarenessSuccMachLoginADQuery
+ '18', # identityAwarenessUnSuccUserLoginKerberos
+ '19', # identityAwarenessUnSuccMachLoginKerberos
+ '20', # identityAwarenessUnSuccUserLoginPass
+ '21', # identityAwarenessSuccUserLDAP
+ '22', # identityAwarenessUnSuccUserLDAP
+ '23', # identityAwarenessDataTrans
+
+ '39', # identityAwarenessRADIUSAccounting
+ '40', # identityAwarenessIdentityCollectorActiveDirectory
+ '41', # identityAwarenessIdentityCollectorCiscoISE
+ '42', # identityAwarenessTerminalServer
+ '43', # identityAwarenessRemoteAccess
+ '44', # identityAwarenessIdentityWebAPI
+
+ '101', # identityAwarenessStatus
+ '102', # identityAwarenessStatusShortDesc
+ '103', # identityAwarenessStatusLongDesc
+ ]
+ ),
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_identity_awareness',
+ service_name='Identity Awareness status',
+ discovery_function=discovery_checkpoint_identity_awareness,
+ check_function=check_checkpoint_identity_awareness,
+ check_default_parameters={
+ 'ignore_counters' : [],
+ },
+ check_ruleset_name='checkpoint_identity_awareness',
+)
diff --git a/checkpoint_identity_awareness.mkp b/checkpoint_identity_awareness.mkp
index c418891959721aec540ef31b364c218367a9e62a..8e50f8e104fdea023967752f890c35cbd86705fb 100644
Binary files a/checkpoint_identity_awareness.mkp and b/checkpoint_identity_awareness.mkp differ
diff --git a/packages/checkpoint_identity_awareness b/packages/checkpoint_identity_awareness
index 31f53e2cf5f0c3f8f3f25e052fad54a2d4ffecfd..a6cd71955c4ec119f35277393b335cf16f1eda97 100644
--- a/packages/checkpoint_identity_awareness
+++ b/packages/checkpoint_identity_awareness
@@ -1,14 +1,17 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'Monitors status of Check Point Identity Awareness.\nCreates one check for the global IA status and one check for each AD Query (LDAP) domain.\n',
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitors status of Check Point Identity Awareness.\n'
+ 'Creates one check for the global IA status and one check for '
+ 'each AD Query (LDAP) domain.\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['checkpoint_ia_adquery',
- 'checkpoint_identity_awareness'],
+ 'files': {'agent_based': ['checkpoint_ia_adquery.py',
+ 'checkpoint_identity_awareness.py'],
'web': ['plugins/wato/checkpoint_identity_awareness.py',
'plugins/metrics/checkpoint_identity_awareness.py',
'plugins/metrics/checkpoint_ia_adquery.py']},
'name': 'checkpoint_identity_awareness',
'num_files': 5,
- 'title': u'Check Point Identity Awareness checks',
- 'version': '20200608.v.0.1d',
- 'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p38'}
\ No newline at end of file
+ 'title': 'Check Point Identity Awareness checks',
+ 'version': '20210825.v.0.2',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_ia_adquery.py b/web/plugins/metrics/checkpoint_ia_adquery.py
index cc9811a0b32b7c72c658f76d88a8356c6502a7a9..0aaf9e1cb2b2bf48c7db5f4440883491add6d855 100644
--- a/web/plugins/metrics/checkpoint_ia_adquery.py
+++ b/web/plugins/metrics/checkpoint_ia_adquery.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -10,6 +10,15 @@
# Check Point Identity Awareness AD Query metrics plugin
# checkpoint_ia_query
#
+
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
metric_info['checkpoint_ia_adquery_summary'] = {
'title': _('Events summary'),
'unit': '1/s',
@@ -56,51 +65,45 @@ metric_info['checkpoint_ia_adquery_dc_10_250_1_113'] = {
#
#
#
-check_metrics['check_mk-checkpoint_ia_adquery'] = {
- 'events_sum': {'name': 'checkpoint_ia_adquery_summary', },
- 'dc_10_140_110_1': {'name': 'checkpoint_ia_adquery_dc_10_140_110_1', },
- 'dc_10_140_110_2': {'name': 'checkpoint_ia_adquery_dc_10_140_110_2', },
- 'dc_10_215_2_252': {'name': 'checkpoint_ia_adquery_dc_10_215_2_252', },
- 'dc_10_215_2_253': {'name': 'checkpoint_ia_adquery_dc_10_215_2_253', },
- 'dc_10_225_110_240': {'name': 'checkpoint_ia_adquery_dc_10_225_110_240', },
- 'dc_10_250_1_112': {'name': 'checkpoint_ia_adquery_dc_10_250_1_112', },
- 'dc_10_250_1_113': {'name': 'checkpoint_ia_adquery_dc_10_250_1_113', },
-}
-# igepa graph
-graph_info.append({
+
+graph_info['checkpoint_ia_adquery_dc'] = {
'title': _('Check Point Identity Awareness AD queries'),
'metrics': [
('checkpoint_ia_adquery_summary', 'line'),
('checkpoint_ia_adquery_dc_10_250_1_112', 'stack'),
('checkpoint_ia_adquery_dc_10_250_1_113', 'stack'),
],
-})
-
-# hri graph
-graph_info.append({
- 'title': _('Check Point Identity Awareness AD queries'),
- 'metrics': [
- ('checkpoint_ia_adquery_summary', 'line'),
- ('checkpoint_ia_adquery_dc_10_140_110_1', 'stack'),
- ('checkpoint_ia_adquery_dc_10_140_110_2', 'stack'),
+ 'optional_metrics': [
+ 'checkpoint_ia_adquery_dc_10_250_1_112',
+ 'checkpoint_ia_adquery_dc_10_250_1_113',
],
-})
+}
-# h&r graph
-graph_info.append({
- 'title': _('Check Point Identity Awareness AD queries'),
- 'metrics': [
- ('checkpoint_ia_adquery_summary', 'line'),
- ('checkpoint_ia_adquery_dc_10_215_2_252', 'stack'),
- ('checkpoint_ia_adquery_dc_10_215_2_253', 'stack'),
- ('checkpoint_ia_adquery_dc_10_225_110_240', 'stack'),
- ],
-})
+
+# graph_info.append({
+# 'title': _('Check Point Identity Awareness AD queries'),
+# 'metrics': [
+# ('checkpoint_ia_adquery_summary', 'line'),
+# ('checkpoint_ia_adquery_dc_10_140_110_1', 'stack'),
+# ('checkpoint_ia_adquery_dc_10_140_110_2', 'stack'),
+# ],
+# })
+
+# graph_info.append({
+# 'title': _('Check Point Identity Awareness AD queries'),
+# 'metrics': [
+# ('checkpoint_ia_adquery_summary', 'line'),
+# ('checkpoint_ia_adquery_dc_10_215_2_252', 'stack'),
+# ('checkpoint_ia_adquery_dc_10_215_2_253', 'stack'),
+# ('checkpoint_ia_adquery_dc_10_225_110_240', 'stack'),
+# ],
+# })
perfometer_info.append({
'type': 'linear',
- 'segments': ['checkpoint_ia_adquery_summary',
- ],
+ 'segments': [
+ 'checkpoint_ia_adquery_summary',
+ ],
'total': 100,
})
diff --git a/web/plugins/metrics/checkpoint_identity_awareness.py b/web/plugins/metrics/checkpoint_identity_awareness.py
index 3f37f854ddd08f4eefa9138eaec1e206932ae691..e3cde3d22bfc2141ec3cfdd1d81d2cd0a3827b7e 100644
--- a/web/plugins/metrics/checkpoint_identity_awareness.py
+++ b/web/plugins/metrics/checkpoint_identity_awareness.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -11,6 +11,14 @@
# checkpoint_identity_awareness
#
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
metric_info['checkpoint_identity_awareness_iaSuccUserLoginADQuery'] = {
'title': _('Successfull ADQuery user login attempts'),
'unit': 'count',
@@ -157,44 +165,7 @@ metric_info['checkpoint_identity_awareness_iaDataTrans'] = {
'color': '42/a',
}
-
-check_metrics['check_mk-checkpoint_identity_awareness'] = {
- 'iaSuccUserLoginADQuery': {'name': 'checkpoint_identity_awareness_iaSuccUserLoginADQuery', 'auto_graph': False },
- 'iaSuccMachLoginADQuery': {'name': 'checkpoint_identity_awareness_iaSuccMachLoginADQuery', 'auto_graph': False },
- 'iaSuccUserLoginKerberos': {'name': 'checkpoint_identity_awareness_iaSuccUserLoginKerberos', 'auto_graph': False },
- 'iaSuccMachLoginKerberos': {'name': 'checkpoint_identity_awareness_iaSuccMachLoginKerberos', 'auto_graph': False },
- 'iaSuccUserLoginPass': {'name': 'checkpoint_identity_awareness_iaSuccUserLoginPass', 'auto_graph': False },
- 'iaUnSuccUserLoginKerberos': {'name': 'checkpoint_identity_awareness_iaUnSuccUserLoginKerberos', 'auto_graph': False },
- 'iaUnSuccMachLoginKerberos': {'name': 'checkpoint_identity_awareness_iaUnSuccMachLoginKerberos', 'auto_graph': False },
- 'iaUnSuccUserLoginPass': {'name': 'checkpoint_identity_awareness_iaUnSuccUserLoginPass', 'auto_graph': False },
-
- 'iaSuccUserLDAP': {'name': 'checkpoint_identity_awareness_iaSuccUserLDAP', 'auto_graph': False },
- 'iaUnSuccUserLDAP': {'name': 'checkpoint_identity_awareness_iaUnSuccUserLDAP', 'auto_graph': False },
-
- 'iaAuthUsers': {'name': 'checkpoint_identity_awareness_iaAuthUsers', 'auto_graph': False },
- 'iaAuthUsersADQuery': {'name': 'checkpoint_identity_awareness_iaAuthUsersADQuery', 'auto_graph': False },
- 'iaAuthUsersKerberos': {'name': 'checkpoint_identity_awareness_iaAuthUsersKerberos', 'auto_graph': False },
- 'iaAuthMachADQuery': {'name': 'checkpoint_identity_awareness_iaAuthMachADQuery', 'auto_graph': False },
- 'iaAuthMachKerberos': {'name': 'checkpoint_identity_awareness_iaAuthMachKerberos', 'auto_graph': False },
- 'iaAuthUsersPass': {'name': 'checkpoint_identity_awareness_iaAuthUsersPass', 'auto_graph': False },
- 'iaUnAuthUsers': {'name': 'checkpoint_identity_awareness_iaUnAuthUsers', 'auto_graph': False },
-
- 'iaLoggedInADQuery': {'name': 'checkpoint_identity_awareness_iaLoggedInADQuery', 'auto_graph': False },
- 'iaLoggedInAgent': {'name': 'checkpoint_identity_awareness_iaLoggedInAgent', 'auto_graph': False },
- 'iaTerminalServer': {'name': 'checkpoint_identity_awareness_iaTerminalServer', 'auto_graph': False},
- 'iaRemoteAccess': {'name': 'checkpoint_identity_awareness_iaRemoteAccess', 'auto_graph': False},
- 'iaLoggedInCaptivePortal': {'name': 'checkpoint_identity_awareness_iaLoggedInCaptivePortal', 'auto_graph': False },
- 'iaIdentityCollectorCiscoISE': {'name': 'checkpoint_identity_awareness_iaIdentityCollectorCiscoISE', 'auto_graph': False},
- 'iaIdentityWebAPI': {'name': 'checkpoint_identity_awareness_iaIdentityWebAPI', 'auto_graph': False},
- 'iaRADIUSAccounting': {'name': 'checkpoint_identity_awareness_iaRADIUSAccounting', 'auto_graph': False},
- 'iaIdentityCollectorActiveDirectory': {'name': 'checkpoint_identity_awareness_iaIdentityCollectorActiveDirectory', 'auto_graph': False},
-
- 'iaAntiSpoffProtection': {'name': 'checkpoint_identity_awareness_iaAntiSpoffProtection', 'auto_graph': False},
-
- 'iaDataTrans': {'name': 'checkpoint_identity_awareness_iaDataTrans', 'auto_graph': False},
-}
-
-graph_info.append({
+graph_info['checkpoint_identity_awareness_login_attempts'] = {
'title': _('Check Point Identity Awareness login attempts'),
'metrics': [
('checkpoint_identity_awareness_iaUnSuccUserLoginPass', '-stack'),
@@ -206,17 +177,31 @@ graph_info.append({
('checkpoint_identity_awareness_iaSuccMachLoginADQuery', 'stack'),
('checkpoint_identity_awareness_iaSuccUserLoginADQuery', 'stack'),
],
-})
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnSuccUserLoginPass',
+ 'checkpoint_identity_awareness_iaUnSuccMachLoginKerberos',
+ 'checkpoint_identity_awareness_iaUnSuccUserLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccUserLoginPass',
+ 'checkpoint_identity_awareness_iaSuccMachLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccUserLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccMachLoginADQuery',
+ 'checkpoint_identity_awareness_iaSuccUserLoginADQuery',
+ ],
+}
-graph_info.append({
+graph_info['checkpoint_identity_awareness_ldap_queries'] = {
'title': _('Check Point Identity Awareness LDAP queries'),
'metrics': [
('checkpoint_identity_awareness_iaUnSuccUserLDAP', '-area'),
('checkpoint_identity_awareness_iaSuccUserLDAP', 'area'),
],
-})
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnSuccUserLDAP',
+ 'checkpoint_identity_awareness_iaSuccUserLDAP',
+ ]
+}
-graph_info.append({
+graph_info['checkpoint_identity_awareness_auth_user_machine'] = {
'title': _('Check Point Identity Awareness authenticated/unauthenticated users/machines'),
'metrics': [
('checkpoint_identity_awareness_iaUnAuthUsers', 'stack'),
@@ -227,9 +212,18 @@ graph_info.append({
('checkpoint_identity_awareness_iaAuthUsersADQuery', 'stack'),
('checkpoint_identity_awareness_iaAuthUsers', 'line'),
],
-})
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnAuthUsers',
+ 'checkpoint_identity_awareness_iaAuthUsersPass',
+ 'checkpoint_identity_awareness_iaAuthMachKerberos',
+ 'checkpoint_identity_awareness_iaAuthMachADQuery',
+ 'checkpoint_identity_awareness_iaAuthUsersKerberos',
+ 'checkpoint_identity_awareness_iaAuthUsersADQuery',
+ 'checkpoint_identity_awareness_iaAuthUsers',
+ ]
+}
-graph_info.append({
+graph_info['checkpoint_identity_awareness_loggid_in_users'] = {
'title': _('Check Point Identity Awareness logged in users with'),
'metrics': [
('checkpoint_identity_awareness_iaLoggedInCaptivePortal', 'stack'),
@@ -242,7 +236,18 @@ graph_info.append({
('checkpoint_identity_awareness_iaLoggedInAgent', 'stack'),
('checkpoint_identity_awareness_iaLoggedInADQuery', 'stack'),
],
-})
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaLoggedInCaptivePortal',
+ 'checkpoint_identity_awareness_iaRADIUSAccounting',
+ 'checkpoint_identity_awareness_iaIdentityWebAPI',
+ 'checkpoint_identity_awareness_iaIdentityCollectorActiveDirectory',
+ 'checkpoint_identity_awareness_iaIdentityCollectorCiscoISE',
+ 'checkpoint_identity_awareness_iaRemoteAccess',
+ 'checkpoint_identity_awareness_iaTerminalServer',
+ 'checkpoint_identity_awareness_iaLoggedInAgent',
+ 'checkpoint_identity_awareness_iaLoggedInADQuery',
+ ],
+}
#graph_info.append({
# 'title': _('Check Point Identity Awareness users with an active Traffic Anti-Spoffing protection'),
diff --git a/web/plugins/wato/checkpoint_identity_awareness.py b/web/plugins/wato/checkpoint_identity_awareness.py
index f75fd95c79d6efea99f410e8361fff41f942dff1..1c3dc7c705c327cb3acebb2b4fa28a229ddef614 100644
--- a/web/plugins/wato/checkpoint_identity_awareness.py
+++ b/web/plugins/wato/checkpoint_identity_awareness.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -9,7 +9,27 @@
#
# Check_MK checkpoint_identity_awareness WATO plugin
#
-ignorecounters = [
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ Integer,
+ TextAscii,
+ FixedValue,
+ ListChoice,
+ ListOf,
+ Tuple,
+ TextUnicode,
+ MonitoringState,
+)
+
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+_ignorecounters = [
# ('iaAuthUsers', 'Authenticated users and machines'), # will be used in perf-o-meter
('iaAuthUsersPass', 'Authenticated users by name and password'),
('iaAuthUsersADQuery', 'Authenticated users by ADQuery'),
@@ -42,24 +62,27 @@ ignorecounters = [
('iaDataTrans', 'How much data did the gateway transmitted'),
]
-register_check_parameters(subgroup_applications,
- 'checkpoint_identity_awareness',
- _('Check Point Identity Awareness'),
- Dictionary(
- title=_('Check Point Identity Awareness status'),
- elements=[
- ('ignore_counters',
- ListChoice(
- title=_('list of counters to ignore'),
- label=_('list of counters to ignore'),
- help=_('Counters to remove from performance data. '
- 'Metrics file (~/local/share/check_mk/web/plugins/metrics/checkpoint_identity_awareness.py) '
- 'graph definition needs to be adjusted.'),
- choices=ignorecounters,
- default_value=[],
- )),
- ],
- ),
- None,
- match_type='dict',
- )
+
+def _parameter_valuespec_checkpoint_identity_awareness():
+ return Dictionary(
+ title=_('Check Point Identity Awareness status'),
+ elements=[
+ ('ignore_counters',
+ ListChoice(
+ title=_('list of counters to ignore'),
+ help=_('Counters to remove from performance data.'),
+ choices=_ignorecounters,
+ default_value=[],
+ )),
+ ],
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_identity_awareness',
+ group=RulespecGroupCheckParametersNetworking,
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_identity_awareness,
+ title=lambda: _('Check Point Identity Awareness'),
+ ))