Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit 40b8dd9e authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

update project

parent d0754019
No related branches found
No related tags found
No related merge requests found
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2018-11.22
#
# Monitor Check Point IPSec VPN statistics
#
# sample snmpwalk
# OMD[mysite]:~$ snmpwalk -v2c -c xyz -ObentU simulant .1.3.6.1.4.1.2620.1.2
# .1.3.6.1.4.1.2620.1.2.1.0 = STRING: IPSec VPN.
# .1.3.6.1.4.1.2620.1.2.2.0 = INTEGER: 6
# .1.3.6.1.4.1.2620.1.2.3.0 = INTEGER: 0
# .1.3.6.1.4.1.2620.1.2.4.1.1.0 = STRING: 43225
# .1.3.6.1.4.1.2620.1.2.4.1.2.0 = STRING: 54672
# .1.3.6.1.4.1.2620.1.2.4.2.1.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.4.2.2.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.4.2.3.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.4.2.4.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.2.1.0 = STRING: 11
# .1.3.6.1.4.1.2620.1.2.5.2.2.0 = STRING: 23
# .1.3.6.1.4.1.2620.1.2.5.2.3.0 = STRING: 10
# .1.3.6.1.4.1.2620.1.2.5.2.4.0 = STRING: 128
# .1.3.6.1.4.1.2620.1.2.5.2.9.0 = STRING: 16
# .1.3.6.1.4.1.2620.1.2.5.2.10.0 = STRING: 12
# .1.3.6.1.4.1.2620.1.2.5.3.1.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.2.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.3.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.4.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.5.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.6.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.3.7.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.1.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.2.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.5.0 = STRING: 43225
# .1.3.6.1.4.1.2620.1.2.5.4.6.0 = STRING: 54672
# .1.3.6.1.4.1.2620.1.2.5.4.7.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.8.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.9.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.10.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.11.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.12.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.13.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.14.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.15.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.16.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.17.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.18.0 = STRING: 0
# .1.3.6.1.4.1.2620.1.2.5.4.19.0 = STRING: 8577840
# .1.3.6.1.4.1.2620.1.2.5.4.20.0 = STRING: 3586064
# .1.3.6.1.4.1.2620.1.2.5.4.21.0 = STRING: "4"
# .1.3.6.1.4.1.2620.1.2.5.4.22.0 = STRING: "4"
# .1.3.6.1.4.1.2620.1.2.5.4.23.0 = STRING: "0"
# .1.3.6.1.4.1.2620.1.2.5.4.24.0 = STRING: "0"
# .1.3.6.1.4.1.2620.1.2.5.4.25.0 = STRING: "0"
#
# Sample info
# [[[u'IPSec VPN\x00', u'6', u'0', u'991140008']],
# [[u'43225', u'54672', u'0', u'0', u'0', u'0']],
# [[u'11', u'10']],
# [[u'0', u'0', u'0', u'0', u'0', u'0', u'0']],
# [[u'0', u'0', u'43225', u'54672', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'8577840', u'3586064', u'4', u'4', u'0', u'0', u'0']]
# ]
#
# sample info no IPSec VPN
# [[], [], [], [], []]
#
#
import time
from dataclasses import dataclass
from typing import List, Dict, NamedTuple
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
register,
Service,
Result,
State,
SNMPTree,
all_of,
startswith,
any_of,
equals,
OIDEnd,
Metric,
check_levels,
contains,
get_value_store,
get_rate,
GetRateError,
IgnoreResultsError,
render,
)
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
CheckResult,
StringTable,
)
@dataclass
class CheckpointIpsecVpn:
version: str
build: str
packets_enc: int
packets_dec: int
esp_sa_in:int
esp_sa_out: int
metrics_rate: List
metrics_count: List
def parse_checkpoint_ipsecvpn(string_table: List[StringTable]) -> CheckpointIpsecVpn:
vpn, cpvgeneral, cpvsastatistics, cpvsaerrors, cpvipsecstatistics, cpvike = string_table
cpvprodname, cpvvermajor, cpvverminor, cpvbuild = vpn[0]
cpvencpackets, cpvdecpackets, cpverrout, cpverrin, cpverrike, cpverrpolicy = cpvgeneral[0]
cpvcurrespsasin, cpvcurrespsasout = cpvsastatistics[0]
cpvsadecrerr, cpvsaautherr, cpvsareplayerr, cpvsapolicyerr, cpvsaothererrin, cpvsaothererrout, \
cpvsaunknownspierr = cpvsaerrors[0]
cpvipsecudpespencpkts, cpvipsecudpespdecpkts, cpvipsecespencpkts, cpvipsecespdecpkts, cpvipsecdecomprbytesbefore, \
cpvipsecdecomprbytesafter, cpvipsecdecomproverhead, cpvipsecdecomprpkts, cpvipsecdecomprerr, \
cpvipseccomprbytesbefore, cpvipseccomprbytesafter, cpvipseccomproverhead, cpvipsecnoncompressiblebytes, \
cpvipseccompressiblepkts, cpvipsecnoncompressiblepkts, cpvipseccomprerrors, cpvipsecespencbytes, \
cpvipsecespdecbytes = cpvipsecstatistics[0]
cpvikecurrsas, cpvikecurrinitsas, cpvikecurrrespsas, cpviketotalfailuresinit, cpvikenoresp, \
cpviketotalfailuresresp = cpvike[0]
return CheckpointIpsecVpn(
version=f'{cpvvermajor}.{cpvverminor}',
build=cpvbuild,
packets_enc=int(cpvencpackets),
packets_dec=int(cpvdecpackets),
esp_sa_in=int(cpvcurrespsasin),
esp_sa_out=int(cpvcurrespsasout),
metrics_rate=[
# cpvsaerrors
('cpvsadecrerr', cpvsadecrerr),
('cpvsaautherr', cpvsaautherr),
('cpvsareplayerr', cpvsareplayerr),
('cpvsapolicyerr', cpvsapolicyerr),
('cpvsaothererrin', cpvsaothererrin),
('cpvsaothererrout', cpvsaothererrout),
('cpvsaunknownspierr', cpvsaunknownspierr),
# cpvipsecstatistics
('cpvipsecudpespencpkts', cpvipsecudpespencpkts),
('cpvipsecudpespdecpkts', cpvipsecudpespdecpkts),
('cpvipsecespencpkts', cpvipsecespencpkts),
('cpvipsecespdecpkts', cpvipsecespdecpkts),
('cpvipsecdecomprbytesbefore', cpvipsecdecomprbytesbefore),
('cpvipsecdecomprbytesafter', cpvipsecdecomprbytesafter),
('cpvipsecdecomproverhead', cpvipsecdecomproverhead),
('cpvipsecdecomprpkts', cpvipsecdecomprpkts),
('cpvipsecdecomprerr', cpvipsecdecomprerr),
('cpvipseccomprbytesbefore', cpvipseccomprbytesbefore),
('cpvipseccomprbytesafter', cpvipseccomprbytesafter),
('cpvipseccomproverhead', cpvipseccomproverhead),
('cpvipsecnoncompressiblebytes', cpvipsecnoncompressiblebytes),
('cpvipseccompressiblepkts', cpvipseccompressiblepkts),
('cpvipsecnoncompressiblepkts', cpvipsecnoncompressiblepkts),
('cpvipseccomprerrors', cpvipseccomprerrors),
('cpvipsecespencbytes', cpvipsecespencbytes),
('cpvipsecespdecbytes', cpvipsecespdecbytes),
# cpvgeneral
('cpverrout', cpverrout),
('cpverrin', cpverrin),
('cpverrike', cpverrike),
('cpverrpolicy', cpverrpolicy),
],
metrics_count=[
# cvpike
('cpvikecurrsas', cpvikecurrsas),
('cpvikecurrinitsas', cpvikecurrinitsas),
('cpvikecurrrespsas', cpvikecurrrespsas),
('cpviketotalfailuresinit', cpviketotalfailuresinit),
('cpvikenoresp', cpvikenoresp),
('cpviketotalfailuresresp', cpviketotalfailuresresp),
],
)
def discovery_checkpoint_ipsecvpn(section: CheckpointIpsecVpn) -> DiscoveryResult:
yield Service()
def check_checkpoint_ipsecvpn(params, section: CheckpointIpsecVpn) -> CheckResult:
yield Result(state=State.OK, notice=f'Version: {section.version}')
yield Result(state=State.OK, notice=f'Build: {section.build}')
now_time = time.time()
value_store = get_value_store()
raise_ingore_res = False
try:
value = get_rate(value_store, f'checkpoint_ipsecvpn_cpvdecpackets', now_time, section.packets_dec, raise_overflow=True)
except GetRateError:
raise_ingore_res = True
value = 0
yield from check_levels(
value=value,
metric_name='checkpoint_ipsecvpn_cpvdecpackets',
label='Packets in',
render_func=lambda v: f'{v:.0f}/s'
)
try:
value = get_rate(value_store, f'checkpoint_ipsecvpn_cpvencpackets', now_time, section.packets_enc, raise_overflow=True)
except GetRateError:
raise_ingore_res = True
value = 0
yield from check_levels(
value=value,
metric_name='checkpoint_ipsecvpn_cpvencpackets',
label='Packets out',
render_func=lambda v: f'{v:.0f}/s'
)
yield from check_levels(
value=section.esp_sa_in,
metric_name='checkpoint_ipsecvpn_cpvcurrespsasin',
label='ESP SAs in',
render_func=lambda v: f'{v:.0f}'
)
yield from check_levels(
value=section.esp_sa_out,
metric_name='checkpoint_ipsecvpn_cpvcurrespsasout',
label='ESP SAs out',
render_func=lambda v: f'{v:.0f}'
)
for key, value in section.metrics_rate:
try:
value = get_rate(value_store, f'checkpoint_ipsecvpn_{key}', now_time, int(value), raise_overflow=True)
except GetRateError:
raise_ingore_res = True
value = 0
yield Metric(name=f'checkpoint_ipsecvpn_{key}', value=value, boundaries=(0, None))
if raise_ingore_res:
raise IgnoreResultsError('Initializing counters')
for metric, value in section.metrics_rate:
yield Metric(name=f'checkpoint_ipsecvpn_{metric}', value=int(value))
register.snmp_section(
name='checkpoint_ipsecvpn',
parse_function=parse_checkpoint_ipsecvpn,
fetch=[
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2', # CHECKPOINT-MIB::vpn
oids=[
'1', # cpvProdName
'2', # cpvVerMajor
'3', # cpvVerMinor
'11', # cpvBuild
]),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2.4', # CHECKPOINT-MIB::cpvGeneral
oids=[
'1.1', # cpvEncPackets
'1.2', # cpvDecPackets
'2.1', # cpvErrOut
'2.2', # cpvErrIn
'2.3', # cpvErrIke
'2.4', # cpvErrPolicy
]),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2.5.2', # CHECKPOINT-MIB::cpvSaStatistics
oids=[
'1', # cpvCurrEspSAsIn
'3', # cpvCurrEspSAsOut
]),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2.5.3', # CHECKPOINT-MIB::cpvSaErrors
oids=[
'1', # cpvSaDecrErr
'2', # cpvSaAuthErr
'3', # cpvSaReplayErr
'4', # cpvSaPolicyErr
'5', # cpvSaOtherErrIn
'6', # cpvSaOtherErrOut
'7', # cpvSaUnknownSpiErr
]),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2.5.4', # CHECKPOINT-MIB::cpvIpsecStatistics
oids=[
'1', # cpvIpsecUdpEspEncPkts
'2', # cpvIpsecUdpEspDecPkts
'5', # cpvIpsecEspEncPkts
'6', # cpvIpsecEspDecPkts
'7', # cpvIpsecDecomprBytesBefore
'8', # cpvIpsecDecomprBytesAfter
'9', # cpvIpsecDecomprOverhead
'10', # cpvIpsecDecomprPkts
'11', # cpvIpsecDecomprErr
'12', # cpvIpsecComprBytesBefore
'13', # cpvIpsecComprBytesAfter
'14', # cpvIpsecComprOverhead
'15', # cpvIpsecNonCompressibleBytes
'16', # cpvIpsecCompressiblePkts
'17', # cpvIpsecNonCompressiblePkts
'18', # cpvIpsecComprErrors
'19', # cpvIpsecEspEncBytes
'20', # cpvIpsecEspDecBytes
]),
SNMPTree(
base='.1.3.6.1.4.1.2620.1.2.9', # CHECKPOINT-MIB::cpvIKE
oids=[
'1.1', # cpvIKECurrSAs
'1.2', # cpvIKECurrInitSAs
'1.3', # cpvIKECurrRespSAs
'2.1', # cpvIKETotalFailuresInit
'2.2', # cpvIKENoResp
'2.3', # cpvIKETotalFailuresResp
]),
],
detect=all_of(
any_of(
startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
all_of(
equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
)
),
startswith('.1.3.6.1.4.1.2620.1.2.1.0', 'IPSec VPN')
)
)
register.check_plugin(
name='checkpoint_ipsecvpn',
service_name='IPSec VPN',
discovery_function=discovery_checkpoint_ipsecvpn,
check_function=check_checkpoint_ipsecvpn,
check_ruleset_name='checkpoint_ipsecvpn',
check_default_parameters={},
)
No preview for this file type
{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': u'Monitor Check Point Firewall IPSec VPN statistics.',
{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': 'Monitor Check Point Firewall IPSec VPN statistics.\n',
'download_url': 'https://thl-cmk.hopto.org',
'files': {'checks': ['checkpoint_ipsecvpn'],
'files': {'agent_based': ['checkpoint_ipsecvpn.py'],
'web': ['plugins/metrics/checkpoint_ipsecvpn.py']},
'name': 'checkpoint_ipsecvpn',
'num_files': 2,
'title': u'Check Point IPSec VPN',
'version': '20200608.v.0.0.1a',
'version.min_required': '1.2.8b8',
'version.packaged': '1.4.0p38'}
\ No newline at end of file
'title': 'Check Point IPSec VPN',
'version': '20210902.v.0.0.2',
'version.min_required': '2.0.0',
'version.packaged': '2021.07.14',
'version.usable_until': None}
\ No newline at end of file
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
......@@ -10,18 +10,13 @@
# Check Point Firewall ipsecvpn metrics plugins
# checkpoint_ipsecvpn
#
from cmk.gui.i18n import _
##############################################################################
#
# define units for perfdata
#
##############################################################################
##############################################################################
#
# define metrics for perfdata
#
##############################################################################
from cmk.gui.plugins.metrics import (
metric_info,
graph_info,
perfometer_info,
)
# cpvsastatistics
metric_info['checkpoint_ipsecvpn_cpvcurrespsasin'] = {
......@@ -230,54 +225,6 @@ metric_info['checkpoint_ipsecvpn_cpviketotalfailuresresp'] = {
'color': '13/a',
}
##############################################################################
#
# map perfdata to metric
#
##############################################################################
check_metrics['check_mk-checkpoint_ipsecvpn'] = {
'cpvcurrespsasin': {'name': 'checkpoint_ipsecvpn_cpvcurrespsasin'},
'cpvcurrespsasout': {'name': 'checkpoint_ipsecvpn_cpvcurrespsasout'},
'cpvdecpackets': {'name': 'checkpoint_ipsecvpn_cpvdecpackets'},
'cpvencpackets': {'name': 'checkpoint_ipsecvpn_cpvencpackets'},
'cpverrike': {'name': 'checkpoint_ipsecvpn_cpverrike'},
'cpverrin': {'name': 'checkpoint_ipsecvpn_cpverrin'},
'cpverrout': {'name': 'checkpoint_ipsecvpn_cpverrout'},
'cpverrpolicy': {'name': 'checkpoint_ipsecvpn_cpverrpolicy'},
'cpvipseccomprbytesafter': {'name': 'checkpoint_ipsecvpn_cpvipseccomprbytesafter'},
'cpvipseccomprbytesbefore': {'name': 'checkpoint_ipsecvpn_cpvipseccomprbytesbefore'},
'cpvipseccomprerrors': {'name': 'checkpoint_ipsecvpn_cpvipseccomprerrors'},
'cpvipseccompressiblepkts': {'name': 'checkpoint_ipsecvpn_cpvipseccompressiblepkts'},
'cpvipseccomproverhead': {'name': 'checkpoint_ipsecvpn_cpvipseccomproverhead'},
'cpvipsecdecomprbytesafter': {'name': 'checkpoint_ipsecvpn_cpvipsecdecomprbytesafter'},
'cpvipsecdecomprbytesbefore': {'name': 'checkpoint_ipsecvpn_cpvipsecdecomprbytesbefore'},
'cpvipsecdecomprerr': {'name': 'checkpoint_ipsecvpn_cpvipsecdecomprerr'},
'cpvipsecdecomproverhead': {'name': 'checkpoint_ipsecvpn_cpvipsecdecomproverhead'},
'cpvipsecdecomprpkts': {'name': 'checkpoint_ipsecvpn_cpvipsecdecomprpkts'},
'cpvipsecespdecbytes': {'name': 'checkpoint_ipsecvpn_cpvipsecespdecbytes'},
'cpvipsecespdecpkts': {'name': 'checkpoint_ipsecvpn_cpvipsecespdecpkts'},
'cpvipsecespencbytes': {'name': 'checkpoint_ipsecvpn_cpvipsecespencbytes'},
'cpvipsecespencpkts': {'name': 'checkpoint_ipsecvpn_cpvipsecespencpkts'},
'cpvipsecnoncompressiblebytes': {'name': 'checkpoint_ipsecvpn_cpvipsecnoncompressiblebytes'},
'cpvipsecnoncompressiblepkts': {'name': 'checkpoint_ipsecvpn_cpvipsecnoncompressiblepkts'},
'cpvipsecudpespdecpkts': {'name': 'checkpoint_ipsecvpn_cpvipsecudpespdecpkts'},
'cpvipsecudpespencpkts': {'name': 'checkpoint_ipsecvpn_cpvipsecudpespencpkts'},
'cpvsaautherr': {'name': 'checkpoint_ipsecvpn_cpvsaautherr'},
'cpvsadecrerr': {'name': 'checkpoint_ipsecvpn_cpvsadecrerr'},
'cpvsaothererrin': {'name': 'checkpoint_ipsecvpn_cpvsaothererrin'},
'cpvsaothererrout': {'name': 'checkpoint_ipsecvpn_cpvsaothererrout'},
'cpvsapolicyerr': {'name': 'checkpoint_ipsecvpn_cpvsapolicyerr'},
'cpvsareplayerr': {'name': 'checkpoint_ipsecvpn_cpvsareplayerr'},
'cpvsaunknownspierr': {'name': 'checkpoint_ipsecvpn_cpvsaunknownspierr'},
'cpvikecurrsas': {'name': 'checkpoint_ipsecvpn_cpvikecurrsas'},
'cpvikecurrinitsas': {'name': 'checkpoint_ipsecvpn_cpvikecurrinitsas'},
'cpvikecurrrespsas': {'name': 'checkpoint_ipsecvpn_cpvikecurrrespsas'},
'cpviketotalfailuresinit': {'name': 'checkpoint_ipsecvpn_cpviketotalfailuresinit'},
'cpvikenoresp': {'name': 'checkpoint_ipsecvpn_cpvikenoresp'},
'cpviketotalfailuresresp': {'name': 'checkpoint_ipsecvpn_cpviketotalfailuresresp'},
}
##############################################################################
#
......@@ -306,26 +253,26 @@ graph_info.append({
graph_info.append({
'title': _('Check Point IPSec SAs'),
'metrics': [
('checkpoint_ipsecvpn_cpvcurrespsasin', 'line'),
('checkpoint_ipsecvpn_cpvcurrespsasout', 'line'),
('checkpoint_ipsecvpn_cpvcurrespsasin', 'area'),
('checkpoint_ipsecvpn_cpvcurrespsasout', '-area'),
],
})
graph_info.append({
'title': _('Check Point IPSec packets'),
'metrics': [
('checkpoint_ipsecvpn_cpvdecpackets', 'line'),
('checkpoint_ipsecvpn_cpvencpackets', 'line'),
('checkpoint_ipsecvpn_cpvdecpackets', 'area'),
('checkpoint_ipsecvpn_cpvencpackets', '-area'),
],
})
graph_info.append({
'title': _('Check Point IPSec compression bytes'),
'metrics': [
('checkpoint_ipsecvpn_cpvipseccomprbytesbefore', 'line'),
('checkpoint_ipsecvpn_cpvipseccomprbytesafter', 'line'),
('checkpoint_ipsecvpn_cpvipsecdecomprbytesbefore', '-line'),
('checkpoint_ipsecvpn_cpvipsecdecomprbytesafter', '-line'),
('checkpoint_ipsecvpn_cpvipseccomprbytesbefore', 'area'),
('checkpoint_ipsecvpn_cpvipseccomprbytesafter', 'area'),
('checkpoint_ipsecvpn_cpvipsecdecomprbytesbefore', '-area'),
('checkpoint_ipsecvpn_cpvipsecdecomprbytesafter', '-ares'),
],
})
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment