Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit a9de5cde authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

cleanup

parents
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md 0 → 100644
+ 26
0
View file @ a9de5cde
# Check Point L2L VPN
Monitors status of Check Point L2L VPN tunnel
Check Info:
* *service*: this check will create one service per L2L VPN tunnel
* *state*:\
**critical**
* if L2L VPN tunnel state is *down*
* if L2L VPN tunnel probe state is *dead*
**warning**
* if L2L VPN tunnel state is *unknown*
* *wato*:
* you can configure an L2L VPN tunnel alias name
* you can configure the state of a L2L VPN tunnel, if the tunnel not found (globaly or per tunnel)
* *perfdata*: none
Testetd with: [short info about testing]
**Note: check with your hardware manual the disk id and disk placement (upper/lower)**
Sample output
![sample output](/doc/sample.png?raw=true "sample [SHORT TITLE]")
checkpoint_l2l_vpn.mkp 0 → 100644
+ 0
0
View file @ a9de5cde
File added
checks/checkpoint_l2l_vpn 0 → 100644
+ 216
0
View file @ a9de5cde
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
#
# 19.07.2016 : Th.L. : monitor Check Point S2S VPNs
# 24.07.2016 : Th.L. : added missing tunnel handling
# 28.07.2016 : Th.L. : fix for missing item
# 02-05-2018 : Th.L. : code cleanup, rewrite of check and inventory function
#
factory_settings['checkpoint_l2l_vpn_defaults'] = {
# 'state': 3, # default state for tunnel not found
# 'tunnels': [] # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>)
}
def parse_checkpoint_l2l_vpn(info):
parsed = {}
def add_vpn_entry():
parsed.update({l2lpeerobjname: {'l2lpeeripaddr': l2lpeeripaddr,
'l2lpeerobjname': l2lpeerobjname,
'l2lstate': int(l2lstate),
'l2lcommunity': l2lcommunity,
'l2lnexthop': l2lnexthop,
'l2linterface': l2linterface,
'l2lsourceipaddr': l2lsourceipaddr,
'l2llinkpriority': int(l2llinkpriority),
'l2lpeertype': int(l2lpeertype),
'l2ltype': int(l2ltype),
'l2lprobstate': int(l2lprobstate),
}})
# non permanent tunnel
for vpn_entry in info[0]:
l2lpeeripaddr, l2lpeerobjname, l2lstate, l2lcommunity, l2lnexthop, l2linterface, l2lsourceipaddr, l2llinkpriority, l2lprobstate, l2lpeertype, l2ltype = vpn_entry
l2lpeeripaddr = l2lpeeripaddr[:-2]
add_vpn_entry()
# permanent tunnel
for vpn_entry in info[1]:
l2lpeeripaddr, l2lpeerobjname, l2lstate, l2lcommunity, l2lnexthop, l2linterface, l2lsourceipaddr, l2llinkpriority, l2lprobstate, l2lpeertype = vpn_entry
l2lpeeripaddr = l2lpeeripaddr[:-2]
l2ltype = u'2'
add_vpn_entry()
return parsed
def inventory_checkpoint_l2l_vpn(parsed):
for l2lpeeripaddr in parsed.keys():
yield l2lpeeripaddr, {'vpn_entry': parsed.get(l2lpeeripaddr)}
def check_checkpoint_l2l_vpn(item, params, parsed):
permanentTunnelState = {
3: 'active',
4: 'destroy',
129: 'idle',
130: 'phase1',
131: 'down',
132: 'init',
}
permanentTunnelLinkPriority = {
0: 'primary',
1: 'backup',
2: 'on-demand',
}
permanentTunnelProbState = {
0: 'unknown',
1: 'alive',
2: 'dead',
}
permanentTunnelPeerType = {
1: 'regular',
2: 'daip',
3: 'robo',
}
tunnelType = {
1: 'regular',
2: 'permanent',
}
infotext = 'item not found'
longoutput = ''
state = params.get('state', 3)
alias = None
vpn_entry = parsed.get(item, None)
for peerobject, tunnel_alias, not_found_state in params.get('tunnels', []):
if item == peerobject:
alias = tunnel_alias
state = not_found_state
if vpn_entry != None:
state = 0
l2lpeerobjname = item
infotext = ''
if alias:
infotext += '%s, ' % alias
infotext += 'Community: %s, ' % vpn_entry.get('l2lcommunity')
infotext += 'Peer IP: %s' % vpn_entry.get('l2lpeeripaddr')
if vpn_entry.get('l2lsourceipaddr') != '0.0.0.0':
infotext += ', Local IP: %s' % vpn_entry.get('l2lsourceipaddr')
if vpn_entry.get('l2lnexthop') != '0.0.0.0':
infotext += ', Next Hop IP: %s' % vpn_entry.get('l2lnexthop')
if vpn_entry.get('l2linterface') != '':
infotext += ', Local interface: %s' % vpn_entry.get('l2linterface')
# backup or on-demand tunnel
if vpn_entry.get('l2llinkpriority') == 1:
yield 1, 'Tunnel priority: %s' % permanentTunnelLinkPriority.get(vpn_entry.get('l2llinkpriority'))
elif vpn_entry.get('l2llinkpriority') != 0:
infotext += ', Tunnel priority: %s' % permanentTunnelLinkPriority.get(vpn_entry.get('l2llinkpriority'), 'unknown')
# not non permanent tunnel
if vpn_entry.get('l2ltype') != 1:
infotext += ', Tunnel type: %s' % tunnelType.get(vpn_entry.get('l2ltype'))
# daip or robo tunnel
if vpn_entry.get('l2lpeertype') != 1:
infotext += ', Peer type: %s' % permanentTunnelPeerType.get(vpn_entry.get('l2lpeertype'))
# tunnel probe state 'dead'
if vpn_entry.get('l2lprobstate') == 2:
yield 2, 'Tunnel probe state "dead"'
# tunnel state 'down'
if vpn_entry.get('l2lstate') == 131:
yield 2, 'Tunnel down'
# tunnel state not active
if vpn_entry.get('l2lstate', 'unknown') != 3:
yield 1, 'Tunnel state: %s' % permanentTunnelState.get(vpn_entry.get('l2lstate'), 'unknown')
# longoutput += '\nTunnel state: %s' % permanentTunnelState.get(vpn_entry.get('l2lstate'), vpn_entry.get('l2lstate'))
# longoutput += '\nTunnel probe state: %s' % permanentTunnelProbState.get(vpn_entry.get('l2lprobstate'), vpn_entry.get('l2lprobstate'))
# longoutput += '\nTunnel peer IP: %s' % vpn_entry.get('l2lpeeripaddr')
# longoutput += '\nTunnel local IP: %s' % vpn_entry.get('l2lsourceipaddr')
# longoutput += '\nTunnel next hop IP: %s' % vpn_entry.get('l2lnexthop')
# longoutput += '\nTunnel local interface: %s:' % vpn_entry.get('l2linterface')
# longoutput += '\nTunnel priority: %s' % permanentTunnelLinkPriority.get(vpn_entry.get('l2llinkpriority'))
# longoutput += '\nTunnel type: %s' % tunnelType.get(vpn_entry.get('l2ltype'))
# longoutput += '\nPeer type: %s' % permanentTunnelPeerType.get(vpn_entry.get('l2lpeertype'))
# longoutput += '\nCommunity: %s' % vpn_entry.get('l2lcommunity')
else:
# print params
vpn_entry = params.get('vpn_entry')
infotext = ''
if alias:
infotext += '%s, ' % alias
infotext += 'Tunnel not found. Expected: '
infotext += 'Community: %s, ' % vpn_entry.get('l2lcommunity')
infotext += 'Peer IP: %s' % vpn_entry.get('l2lpeeripaddr')
yield state, infotext + longoutput
check_info['checkpoint_l2l_vpn'] = {
'check_function' : check_checkpoint_l2l_vpn,
'inventory_function' : inventory_checkpoint_l2l_vpn,
'parse_function' : parse_checkpoint_l2l_vpn,
'default_levels_variable' : 'checkpoint_l2l_vpn_defaults',
'service_description' : 'L2L VPN: %s',
'group' : 'checkpoint_l2l_vpn',
#'snmp_scan_function': lambda oid: oid('.1.3.6.1.2.1.1.2.0') in ['.1.3.6.1.4.1.2620.1.6.123.1.67', # ClusterXL Gateway
# '.1.3.6.1.4.1.2620.1.6.123.1.65', # Appliance
# '.1.3.6.1.4.1.2620.1.6.123.1.64', # VSX Gateway
# '.1.3.6.1.4.1.2620.1.6.123.1.62', # Gateway
# '.1.3.6.1.4.1.2620.1.6.123.1.49', # R77.30 Gateway
# '.1.3.6.1.4.1.2620.1.6.123.1.48', # Mgmt
# '.1.3.6.1.4.1.8072.3.2.10'] # Virtual System (Linux),
'snmp_scan_function': lambda oid: oid('.1.3.6.1.2.1.1.2.0').startswith('.1.3.6.1.4.1.2620.1.6.123.1') or
oid('.1.3.6.1.2.1.1.2.0') in ['.1.3.6.1.4.1.8072.3.2.10',], # Virtual System (Linux)
'snmp_info' : [
('.1.3.6.1.4.1.2620.500.9002.1', [ # CHECKPOINT-MIB
# '1', # tunnelPeerIpAddr
OID_END, # Tunnel Peer IP
'2', # tunnelPeerObjName
'3', # tunnelState
'4', # tunnelCommunity
'5', # tunnelNextHop
'6', # tunnelInterface
'7', # tunnelSourceIpAddr
'8', # tunnelLinkPriority
'9', # tunnelProbState
'10', # tunnelPeerType
'11', # tunnelType
]),
('.1.3.6.1.4.1.2620.500.9003.1', [ # CHECKPOINT-MIB
# '1', # permanentTunnelPeerIpAddr
OID_END, # Tunnel Peer IP
'2', # permanentTunnelPeerObjName
'3', # permanentTunnelState
'4', # permanentTunnelCommunity
'5', # permanentTunnelNextHop
'6', # permanentTunnelInterface
'7', # permanentTunnelSourceIpAddr
'8', # permanentTunnelLinkPriority
'9', # permanentTunnelProbState
'10', # permanentTunnelPeerType
]),
],
}
doc/sample.png 0 → 100644
+ 0
0
View file @ a9de5cde
doc/sample.png

40.4 KiB

packages/checkpoint_l2l_vpn 0 → 100644
+ 12
0
View file @ a9de5cde
{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': u'monitor Check Point firewall L2L VPN tunnel\n',
'download_url': 'https://thl-cmk.hopto.org',
'files': {'checks': ['checkpoint_l2l_vpn'],
'web': ['plugins/wato/checkpoint_l2l_vpn.py']},
'name': 'checkpoint_l2l_vpn',
'num_files': 2,
'title': u'monitor Check Point firewall L2L VPN tunnel',
'version': '20180731.v0.1.1a',
'version.min_required': '1.2.8b8',
'version.packaged': '1.4.0p35'}
\ No newline at end of file
web/plugins/wato/checkpoint_l2l_vpn.py 0 → 100644
+ 46
0
View file @ a9de5cde
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
register_check_parameters(
subgroup_networking,
'checkpoint_l2l_vpn',
_('Check Point L2L VPN'),
Dictionary(
elements=[
('tunnels',
ListOf(
Tuple(
title=('VPN Tunnel Endpoints'),
elements=[
TextUnicode(
title=_('Peer object name'),
help=_('The configured value must match a tunnel reported by the monitored '
'device.'),
allow_empty=False,
),
TextUnicode(
title=_('Tunnel Alias'),
help=_('You can configure an individual alias here for the tunnel matching '
'the IP-Address or Name configured in the field above.'),
),
MonitoringState(
default_value=2,
title=_('State if tunnel is not found'),
)]),
add_label=_('Add tunnel'),
movable=False,
title=_('VPN tunnel specific configuration'),
)),
('state',
MonitoringState(
title=_('Default state to report when tunnel can not be found anymore'),
help=_('Default state if a tunnel, which is not listed above in this rule, '
'can no longer be found.'),
default_value=3,
),
),
],
),
TextAscii(title=_('Peer object name')),
match_type='dict',
)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com