diff --git a/agent_based/checkpoint_vsx.py b/agent_based/checkpoint_vsx.py
index c0ad057b3ac9b66e49a23711740a0a2e4fbecbf6..878da36edd65f48bec2a54c3c735b5f82cdd793e 100644
--- a/agent_based/checkpoint_vsx.py
+++ b/agent_based/checkpoint_vsx.py
@@ -16,6 +16,9 @@
# 2020-06-08: changed snmp-scan function
# 2021-09-06: rewritten for CMK 2.0
#
+# ToDo: create WATO for discovery and check function,
+# if we discover other than 'virtual system' we need to adjust parse/check function
+#
# snmpwalk sample
#
# .1.3.6.1.4.1.2620.1.16.22.1.1.1.3.0 = Gauge32: 2
@@ -81,7 +84,6 @@ class CheckpointVsx:
vsxCountersConnNum: int
vsxCountersConnPeakNum: int
vsxCountersConnTableLimit: int
- vsxCountersIsDataValid: str
metrics_rate: List[Tuple[str, int]]
@@ -93,43 +95,43 @@ def parse_checkpoint_vsx_system(string_table: StringTable) -> Optional[Dict[str,
vsxStatusSicTrustState, vsxStatusHAState, vsxStatusVSWeight, vsxCountersConnNum, vsxCountersConnPeakNum, \
vsxCountersConnTableLimit, vsxCountersPackets, vsxCountersDroppedTotal, vsxCountersAcceptedTotal, \
vsxCountersRejectedTotal, vsxCountersBytesAcceptedTotal, vsxCountersBytesDroppedTotal, \
- vsxCountersBytesRejectedTotal, vsxCountersLoggedTotal, vsxCountersIsDataValid = entry
+ vsxCountersBytesRejectedTotal, vsxCountersLoggedTotal = entry
except ValueError:
return
- if vsxStatusVsType.lower() in ['virtual system']: # , 'vsx gateway', 'virtual switch', 'virtual router'
- vsx_systems[vsxStatusVsName] = CheckpointVsx(
- vsxStatusVSId=vsxStatusVSId,
- vsxStatusVsType=vsxStatusVsType,
- vsxStatusMainIP=vsxStatusMainIP,
- vsxStatusPolicyName=vsxStatusPolicyName,
- vsxStatusVsPolicyType=vsxStatusVsPolicyType,
- vsxStatusSicTrustState=vsxStatusSicTrustState,
- vsxStatusHAState=vsxStatusHAState,
- vsxStatusVSWeight=vsxStatusVSWeight,
- vsxCountersConnNum=int(vsxCountersConnNum),
- vsxCountersConnPeakNum=int(vsxCountersConnPeakNum),
- vsxCountersConnTableLimit=int(vsxCountersConnTableLimit),
- vsxCountersIsDataValid=vsxCountersIsDataValid,
- metrics_rate=[
- ('packets_processed', int(vsxCountersPackets)),
- ('packets_dropped', int(vsxCountersDroppedTotal)),
- ('packets_accepted', int(vsxCountersAcceptedTotal)),
- ('packets_rejected', int(vsxCountersRejectedTotal)),
- ('bytes_accepted', int(vsxCountersBytesAcceptedTotal)),
- ('bytes_dropped', int(vsxCountersBytesDroppedTotal)),
- ('bytes_rejected', int(vsxCountersBytesRejectedTotal)),
- ('loggs_send', int(vsxCountersLoggedTotal)),
- ],
- )
+ # if vsxStatusVsType.lower() in ['virtual system']: # , 'vsx gateway', 'virtual switch', 'virtual router'
+ vsx_systems[vsxStatusVsName] = CheckpointVsx(
+ vsxStatusVSId=vsxStatusVSId,
+ vsxStatusVsType=vsxStatusVsType,
+ vsxStatusMainIP=vsxStatusMainIP,
+ vsxStatusPolicyName=vsxStatusPolicyName,
+ vsxStatusVsPolicyType=vsxStatusVsPolicyType,
+ vsxStatusSicTrustState=vsxStatusSicTrustState,
+ vsxStatusHAState=vsxStatusHAState,
+ vsxStatusVSWeight=vsxStatusVSWeight,
+ vsxCountersConnNum=int(vsxCountersConnNum),
+ vsxCountersConnPeakNum=int(vsxCountersConnPeakNum),
+ vsxCountersConnTableLimit=int(vsxCountersConnTableLimit),
+ metrics_rate=[
+ ('packets_processed', int(vsxCountersPackets)),
+ ('packets_dropped', int(vsxCountersDroppedTotal)),
+ ('packets_accepted', int(vsxCountersAcceptedTotal)),
+ ('packets_rejected', int(vsxCountersRejectedTotal)),
+ ('bytes_accepted', int(vsxCountersBytesAcceptedTotal)),
+ ('bytes_dropped', int(vsxCountersBytesDroppedTotal)),
+ ('bytes_rejected', int(vsxCountersBytesRejectedTotal)),
+ ('loggs_send', int(vsxCountersLoggedTotal)),
+ ],
+ )
return vsx_systems
-def discovery_checkpoint_vsx_system(section: Dict[str, CheckpointVsx]) -> DiscoveryResult:
+def discovery_checkpoint_vsx_system(params, section: Dict[str, CheckpointVsx]) -> DiscoveryResult:
for key in section.keys():
- yield Service(
- item=key,
- parameters={'policyname': section[key].vsxStatusPolicyName, 'ha_state': section[key].vsxStatusHAState}
- )
+ if section[key].vsxStatusVsType.lower() in params['vsType']:
+ yield Service(
+ item=key,
+ parameters={'policyname': section[key].vsxStatusPolicyName, 'ha_state': section[key].vsxStatusHAState}
+ )
def check_checkpoint_vsx_system(item, params, section: Dict[str, CheckpointVsx]) -> CheckResult:
@@ -139,66 +141,65 @@ def check_checkpoint_vsx_system(item, params, section: Dict[str, CheckpointVsx])
yield Result(state=State.UNKNOWN, notice='Item not found in SNMP data')
return
- now_time = time.time()
- value_store = get_value_store()
- metrics_prefix = 'checkpoint_vsx_'
-
- for key, value in vsx.metrics_rate:
- try:
- value = get_rate(value_store, f'{metrics_prefix}{key}', now_time, int(value), raise_overflow=True)
- except GetRateError:
- value = 0
- yield Metric(name=f'checkpoint_vsx_{key}', value=value, boundaries=(0, None))
+ if not vsx.vsxStatusSicTrustState.lower() in ['trust established']:
+ yield Result(state=State.WARN, notice='SIC not established')
- # system information
- yield Result(state=State.OK, summary=f'Main IP: {vsx.vsxStatusMainIP}, VS ID: {vsx.vsxStatusVSId}', details=' ')
- # Counters
- # infotext = f'Connections: {vsx.vsxCountersConnNum:.0f}, ' \
- # f'Packets prosessed: {vsx.vsxCountersPackets:.0f}/s, ' \
- # f'Logs send: {vsx.vsxCountersLoggedTotal:0.2f}/s')
+ if vsx.vsxStatusVsType.lower() == 'virtual system':
+ yield Result(state=State.OK, notice=f'System name: {item}')
+ yield Result(state=State.OK, summary=f'Main IP: {vsx.vsxStatusMainIP}')
+ yield Result(state=State.OK, summary=f'VS ID: {vsx.vsxStatusVSId}', details='Virtual system ID:')
+ yield Result(state=State.OK, notice=f'System type: {vsx.vsxStatusVsType}')
- yield Result(state=State.OK, notice=f'System name: {item}')
- yield Result(state=State.OK, notice=f'Virtual system ID: {vsx.vsxStatusVSId}')
- yield Result(state=State.OK, notice=f'Type: {vsx.vsxStatusVsType}')
- yield Result(state=State.OK, notice=f'Weight: {vsx.vsxStatusVSWeight}')
- yield Result(state=State.OK, notice=f'Main IP: {vsx.vsxStatusMainIP}')
- yield Result(state=State.OK, notice=f'Policy name: {vsx.vsxStatusPolicyName}')
- yield Result(state=State.OK, notice=f'Policy type: {vsx.vsxStatusVsPolicyType}')
- yield Result(state=State.OK, notice=f'SIC status: {vsx.vsxStatusSicTrustState}')
+ if not vsx.vsxStatusHAState.lower() in ['active', 'standby']:
+ yield Result(state=State.WARN, summary=f'H/A Status: {vsx.vsxStatusHAState}')
+ else:
+ yield Result(state=State.OK, summary=f'H/A Status: {vsx.vsxStatusHAState}')
- yield Result(state=State.OK, notice=f'Conn table limit: {vsx.vsxCountersConnTableLimit}')
- yield Result(state=State.OK, notice=f'Is data valid: {vsx.vsxCountersIsDataValid}')
+ if not vsx.vsxStatusVsPolicyType.lower() in ['active']:
+ yield Result(state=State.CRIT, notice='No policy installed')
- if vsx.vsxCountersConnTableLimit > 0:
- yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections',
- boundaries=(0, vsx.vsxCountersConnTableLimit),
- levels=(None, vsx.vsxCountersConnTableLimit))
- else:
- yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections')
- yield Metric(value=vsx.vsxCountersConnPeakNum, name=f'{metrics_prefix}connections_peak')
+ if params['policyname'] != vsx.vsxStatusPolicyName: # policy changed
+ yield Result(
+ state=State.WARN,
+ notice=f'Policy name changed: expected {params["policyname"]}, found {vsx.vsxStatusPolicyName}'
+ )
- if not vsx.vsxStatusHAState.lower() in ['active', 'standby']:
- yield Result(state=State.WARN, summary=f'H/A Status: {vsx.vsxStatusHAState}')
- else:
- yield Result(state=State.OK, summary=f'H/A Status: {vsx.vsxStatusHAState}')
+ if params['ha_state'] != vsx.vsxStatusHAState: # H/A state changed
+ yield Result(
+ state=State.WARN,
+ notice=f'State changed: expected/found {params["ha_state"]}/{vsx.vsxStatusHAState}'
+ )
- if not vsx.vsxStatusSicTrustState.lower() in ['trust established']:
- yield Result(state=State.WARN, notice='SIC not established')
+ yield Result(state=State.OK, notice=f'SIC status: {vsx.vsxStatusSicTrustState}')
+ yield Result(state=State.OK, notice=f'Weight: {vsx.vsxStatusVSWeight}')
+ yield Result(state=State.OK, notice=f'Policy name: {vsx.vsxStatusPolicyName}')
+ yield Result(state=State.OK, notice=f'Policy type: {vsx.vsxStatusVsPolicyType}')
- if not vsx.vsxStatusVsPolicyType.lower() in ['active']:
- yield Result(state=State.CRIT, notice='No policy installed')
+ # metrics rate
+ now_time = time.time()
+ value_store = get_value_store()
+ metrics_prefix = 'checkpoint_vsx_'
- if params['policyname'] != vsx.vsxStatusPolicyName: # policy changed
- yield Result(
- state=State.WARN,
- notice=f'Policy name changed: expected {params["policyname"]}, found {vsx.vsxStatusPolicyName}'
- )
+ for key, value in vsx.metrics_rate:
+ try:
+ value = get_rate(value_store, f'{metrics_prefix}{key}', now_time, int(value), raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield Metric(name=f'checkpoint_vsx_{key}', value=value, boundaries=(0, None))
- if params['ha_state'] != vsx.vsxStatusHAState: # H/A state changed
- yield Result(
- state=State.WARN,
- notice=f'State changed: expected/found {params["ha_state"]}/{vsx.vsxStatusHAState}'
- )
+ # metrics count
+ if vsx.vsxCountersConnTableLimit > 0:
+ yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections',
+ boundaries=(0, vsx.vsxCountersConnTableLimit),
+ levels=(None, vsx.vsxCountersConnTableLimit))
+ else:
+ yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections')
+ yield Metric(value=vsx.vsxCountersConnPeakNum, name=f'{metrics_prefix}connections_peak')
+ else:
+ yield Result(state=State.OK, notice=f'System name: {item}')
+ yield Result(state=State.OK, summary=f'Virtual system ID: {vsx.vsxStatusVSId}')
+ yield Result(state=State.OK, summary=f'System Type: {vsx.vsxStatusVsType}')
+ yield Result(state=State.OK, summary=f'SIC status: {vsx.vsxStatusSicTrustState}')
register.snmp_section(
@@ -234,7 +235,6 @@ register.snmp_section(
'23.1.1.10', # vsxCountersBytesDroppedTotal
'23.1.1.11', # vsxCountersBytesRejectedTotal
'23.1.1.12', # vsxCountersLoggedTotal
- '23.1.1.13', # vsxCountersIsDataValid
]),
detect=any_of(
startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
@@ -249,9 +249,11 @@ register.check_plugin(
name='checkpoint_vsx_system',
service_name='VSX System %s',
discovery_function=discovery_checkpoint_vsx_system,
- check_function=check_checkpoint_vsx_system,
- check_ruleset_name='checkpoint_vsx_system',
- check_default_parameters={
+ discovery_default_parameters={
'vsType': ['virtual system', 'vsx gateway', 'virtual switch', 'virtual router']
},
+ discovery_ruleset_name='checkpoint_vsx_system',
+ check_function=check_checkpoint_vsx_system,
+ check_default_parameters={},
+ check_ruleset_name='checkpoint_vsx_system',
)
diff --git a/checkpoint_vsx.mkp b/checkpoint_vsx.mkp
index daaecabfd99fbd0ffe02b7a9a423efb61f5cefc4..e525a9f0688635f90ce09cb9e890fcc109d818fd 100644
Binary files a/checkpoint_vsx.mkp and b/checkpoint_vsx.mkp differ
diff --git a/web/plugins/metrics/checkpoint_vsx.py b/web/plugins/metrics/checkpoint_vsx.py
index d423fd967109977d7106c2ef5c727669b968cfe2..a10e97649d63710b1e1e20679ebc7409f8bf7931 100644
--- a/web/plugins/metrics/checkpoint_vsx.py
+++ b/web/plugins/metrics/checkpoint_vsx.py
@@ -111,7 +111,7 @@ graph_info['checkpoint_vsx_bytes'] = {
graph_info['checkpoint_vsx_logges_send'] = {
'title': _('Check Point VSX: Logs'),
'metrics': [
- ('checkpoint_vsx_logges_send', 'line'),
+ ('checkpoint_vsx_loggs_send', 'line'),
]
}