Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit 87aa8226 authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

update project

parent 78932095
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
agent_based/checkpoint_vsx_system.py 0 → 100644
+ 270
0
View file @ 87aa8226
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2017-17-05
#
# Check Point vsx Cluster status
#
# Monitor status of virtual systems in Check Point vsx/vsls cluster
#
# 2018-08-03: changed snmp scan function
# 2018-08-13: code cleanup, add metrics
# 2020-06-08: changed snmp-scan function
# 2021-09-06: rewritten for CMK 2.0
# 2021-09-07: added WATO for check and discovery function
# renamed from checkpoint_vsx to checkpoint_vsx_system
#
# snmpwalk sample
#
# .1.3.6.1.4.1.2620.1.16.22.1.1.1.3.0 = Gauge32: 2
# .1.3.6.1.4.1.2620.1.16.22.1.1.2.3.0 = Gauge32: 2
# .1.3.6.1.4.1.2620.1.16.22.1.1.3.3.0 = STRING: "HRI"
# .1.3.6.1.4.1.2620.1.16.22.1.1.4.3.0 = STRING: "Virtual System"
# .1.3.6.1.4.1.2620.1.16.22.1.1.5.3.0 = STRING: "10.140.1.3"
# .1.3.6.1.4.1.2620.1.16.22.1.1.6.3.0 = STRING: "Standard"
# .1.3.6.1.4.1.2620.1.16.22.1.1.7.3.0 = STRING: "Active"
# .1.3.6.1.4.1.2620.1.16.22.1.1.8.3.0 = STRING: "Trust established"
# .1.3.6.1.4.1.2620.1.16.22.1.1.9.3.0 = STRING: "Standby"
# .1.3.6.1.4.1.2620.1.16.22.1.1.10.3.0 = Gauge32: 0
#
# .1.3.6.1.4.1.2620.1.16.23.1.1.2.3.0 = Gauge32: 40
# .1.3.6.1.4.1.2620.1.16.23.1.1.3.3.0 = Gauge32: 864
# .1.3.6.1.4.1.2620.1.16.23.1.1.4.3.0 = Gauge32: 14900
# .1.3.6.1.4.1.2620.1.16.23.1.1.5.3.0 = STRING: "69459"
# .1.3.6.1.4.1.2620.1.16.23.1.1.6.3.0 = STRING: "2405"
# .1.3.6.1.4.1.2620.1.16.23.1.1.7.3.0 = STRING: "67054"
# .1.3.6.1.4.1.2620.1.16.23.1.1.8.3.0 = STRING: "0"
# .1.3.6.1.4.1.2620.1.16.23.1.1.9.3.0 = STRING: "4228862"
# .1.3.6.1.4.1.2620.1.16.23.1.1.10.3.0 = STRING: "72445"
# .1.3.6.1.4.1.2620.1.16.23.1.1.11.3.0 = STRING: "0"
# .1.3.6.1.4.1.2620.1.16.23.1.1.12.3.0 = STRING: "7074"
# .1.3.6.1.4.1.2620.1.16.23.1.1.13.3.0 = INTEGER: 0
#
import time
from dataclasses import dataclass
from typing import List, Dict, Optional, Tuple
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
register,
Service,
Result,
State,
SNMPTree,
all_of,
startswith,
any_of,
equals,
Metric,
get_value_store,
get_rate,
GetRateError,
check_levels,
)
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
CheckResult,
StringTable,
)
@dataclass
class CheckpointVsx:
vsxStatusVSId: str
vsxStatusVsType: str
vsxStatusMainIP: str
vsxStatusPolicyName: str
vsxStatusVsPolicyType: str
vsxStatusSicTrustState: str
vsxStatusHAState: str
vsxStatusVSWeight: str
vsxCountersConnNum: int
vsxCountersConnPeakNum: int
vsxCountersConnTableLimit: int
metrics_rate: List[Tuple[str, int]]
def parse_checkpoint_vsx_system(string_table: StringTable) -> Optional[Dict[str, CheckpointVsx]]:
vsx_systems = {}
for entry in string_table:
try:
vsxStatusVSId, vsxStatusVsName, vsxStatusVsType, vsxStatusMainIP, vsxStatusPolicyName, \
vsxStatusVsPolicyType, vsxStatusSicTrustState, vsxStatusHAState, vsxStatusVSWeight, vsxCountersConnNum, \
vsxCountersConnPeakNum, vsxCountersConnTableLimit, vsxCountersPackets, vsxCountersDroppedTotal, \
vsxCountersAcceptedTotal, vsxCountersRejectedTotal, vsxCountersBytesAcceptedTotal, \
vsxCountersBytesDroppedTotal, vsxCountersBytesRejectedTotal, vsxCountersLoggedTotal = entry
except ValueError:
return
vsx_systems[vsxStatusVsName] = CheckpointVsx(
vsxStatusVSId=vsxStatusVSId,
vsxStatusVsType=vsxStatusVsType,
vsxStatusMainIP=vsxStatusMainIP,
vsxStatusPolicyName=vsxStatusPolicyName,
vsxStatusVsPolicyType=vsxStatusVsPolicyType,
vsxStatusSicTrustState=vsxStatusSicTrustState,
vsxStatusHAState=vsxStatusHAState,
vsxStatusVSWeight=vsxStatusVSWeight,
vsxCountersConnNum=int(vsxCountersConnNum),
vsxCountersConnPeakNum=int(vsxCountersConnPeakNum),
vsxCountersConnTableLimit=int(vsxCountersConnTableLimit),
metrics_rate=[
('packets_processed', int(vsxCountersPackets)),
('packets_dropped', int(vsxCountersDroppedTotal)),
('packets_accepted', int(vsxCountersAcceptedTotal)),
('packets_rejected', int(vsxCountersRejectedTotal)),
('bytes_accepted', int(vsxCountersBytesAcceptedTotal)),
('bytes_dropped', int(vsxCountersBytesDroppedTotal)),
('bytes_rejected', int(vsxCountersBytesRejectedTotal)),
('loggs_send', int(vsxCountersLoggedTotal)),
],
)
return vsx_systems
def discovery_checkpoint_vsx_system(params, section: Dict[str, CheckpointVsx]) -> DiscoveryResult:
for key in section.keys():
if section[key].vsxStatusVsType.lower() in params['vs_type']:
yield Service(
item=key,
parameters={'policyname': section[key].vsxStatusPolicyName, 'ha_state': section[key].vsxStatusHAState}
)
def check_checkpoint_vsx_system(item, params, section: Dict[str, CheckpointVsx]) -> CheckResult:
try:
vsx = section[item]
except KeyError:
yield Result(state=State.UNKNOWN, notice='Item not found in SNMP data')
return
if not vsx.vsxStatusSicTrustState.lower() in ['trust established']:
yield Result(state=State(params['state_sic_not_established']), notice='SIC not established')
if vsx.vsxStatusVsType.lower() in ['virtual system', 'vsx gateway']:
yield Result(state=State.OK, notice=f'System name: {item}')
yield Result(state=State.OK, summary=f'Main IP: {vsx.vsxStatusMainIP}')
yield Result(state=State.OK, summary=f'VS ID: {vsx.vsxStatusVSId}', details='Virtual system ID:')
yield Result(state=State.OK, notice=f'System type: {vsx.vsxStatusVsType}')
if not vsx.vsxStatusHAState.lower() in ['active', 'standby']:
yield Result(state=State(params['state_ha_not_act_stb']), summary=f'H/A Status: {vsx.vsxStatusHAState}')
else:
yield Result(state=State.OK, summary=f'H/A Status: {vsx.vsxStatusHAState}')
if not vsx.vsxStatusVsPolicyType.lower() in ['active']:
yield Result(state=State(params['state_policy_not_installed']), notice='No policy installed')
if params['policyname'] != vsx.vsxStatusPolicyName: # policy changed
yield Result(
state=State(params['state_policy_changed']),
notice=f'Policy name changed: expected {params["policyname"]}, found {vsx.vsxStatusPolicyName}'
)
if params['ha_state'] != vsx.vsxStatusHAState: # H/A state changed
yield Result(
state=State(params['state_ha_changed']),
notice=f'State changed: expected/found {params["ha_state"]}/{vsx.vsxStatusHAState}'
)
yield Result(state=State.OK, notice=f'SIC status: {vsx.vsxStatusSicTrustState}')
yield Result(state=State.OK, notice=f'Weight: {vsx.vsxStatusVSWeight}')
yield Result(state=State.OK, notice=f'Policy name: {vsx.vsxStatusPolicyName}')
yield Result(state=State.OK, notice=f'Policy type: {vsx.vsxStatusVsPolicyType}')
# metrics rate
now_time = time.time()
value_store = get_value_store()
metrics_prefix = 'checkpoint_vsx_'
for key, value in vsx.metrics_rate:
try:
value = get_rate(value_store, f'{metrics_prefix}{key}', now_time, int(value), raise_overflow=True)
except GetRateError:
value = 0
yield Metric(name=f'checkpoint_vsx_{key}', value=value, boundaries=(0, None))
# metrics count
yield from check_levels(
value=vsx.vsxCountersConnNum,
metric_name=f'{metrics_prefix}connections',
levels_upper=params.get('levels_upper_absolute'),
levels_lower=params.get('levels_lower_absolute'),
label='Connections',
render_func=lambda v: f'{v:.0f}',
boundaries=(0, None),
)
yield Metric(value=vsx.vsxCountersConnPeakNum, name=f'{metrics_prefix}connections_peak')
if vsx.vsxCountersConnTableLimit > 0:
yield Metric(value=vsx.vsxCountersConnTableLimit, name=f'{metrics_prefix}connections_limit')
else:
yield Result(state=State.OK, notice=f'System name: {item}')
yield Result(state=State.OK, summary=f'Virtual system ID: {vsx.vsxStatusVSId}')
yield Result(state=State.OK, summary=f'System Type: {vsx.vsxStatusVsType}')
yield Result(state=State.OK, summary=f'SIC status: {vsx.vsxStatusSicTrustState}')
register.snmp_section(
name='checkpoint_vsx_system',
parse_function=parse_checkpoint_vsx_system,
supersedes=[
'checkpoint_vsx',
'checkpoint_vsx_connections',
'checkpoint_vsx_traffic',
'checkpoint_vsx_packets',
'checkpoint_vsx_status',
],
fetch=SNMPTree(
base='.1.3.6.1.4.1.2620.1.16', # CHECKPOINT-MIB::vsx
oids=[
'22.1.1.1', # vsxStatusVSId
'22.1.1.3', # vsxStatusVsName
'22.1.1.4', # vsxStatusVsType
'22.1.1.5', # vsxStatusMainIP
'22.1.1.6', # vsxStatusPolicyName
'22.1.1.7', # vsxStatusVsPolicyType
'22.1.1.8', # vsxStatusSicTrustState
'22.1.1.9', # vsxStatusHAState
'22.1.1.10', # vsxStatusVSWeight
'23.1.1.2', # vsxCountersConnNum
'23.1.1.3', # vsxCountersConnPeakNum
'23.1.1.4', # vsxCountersConnTableLimit
'23.1.1.5', # vsxCountersPackets
'23.1.1.6', # vsxCountersDroppedTotal
'23.1.1.7', # vsxCountersAcceptedTotal
'23.1.1.8', # vsxCountersRejectedTotal
'23.1.1.9', # vsxCountersBytesAcceptedTotal
'23.1.1.10', # vsxCountersBytesDroppedTotal
'23.1.1.11', # vsxCountersBytesRejectedTotal
'23.1.1.12', # vsxCountersLoggedTotal
]),
detect=any_of(
startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
all_of(
equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
)
)
)
register.check_plugin(
name='checkpoint_vsx_system',
service_name='VSX System %s',
discovery_function=discovery_checkpoint_vsx_system,
discovery_default_parameters={
'vs_type': ['virtual system', 'vsx gateway']
},
discovery_ruleset_name='discovery_checkpoint_vsx_system',
check_function=check_checkpoint_vsx_system,
check_default_parameters={
'state_sic_not_established': 2,
'state_ha_not_act_stb': 2,
'state_policy_not_installed': 2,
'state_policy_changed': 1,
'state_ha_changed': 1,
},
check_ruleset_name='checkpoint_vsx_system',
)
checkpoint_vsx_system.mkp 0 → 100644
+ 0
0
View file @ 87aa8226
File added
packages/checkpoint_vsx_system 0 → 100644
+ 21
0
View file @ 87aa8226
{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': 'Monitor status of virtual systems in Check Point vsx/vsls '
'cluster.\n'
'\n'
' - creates one check for every virtual system. \n'
' - check goes critical if virtual system status is not '
"'Active' or 'Standby'\n"
' - longoutput gives details for each virtual system.\n'
' - monitors VSX virtual system counters '
'(connections/packets/bytes/logs).\n',
'download_url': 'https://thl-cmk.hopto.org',
'files': {'agent_based': ['checkpoint_vsx_system.py'],
'web': ['plugins/metrics/checkpoint_vsx_system.py',
'plugins/wato/checkpoint_vsx_system.py']},
'name': 'checkpoint_vsx_system',
'num_files': 3,
'title': 'Check Point VSX system status and counter',
'version': '20210907.v.0.3a',
'version.min_required': '2.0.0',
'version.packaged': '2021.07.14',
'version.usable_until': None}
\ No newline at end of file
web/plugins/metrics/checkpoint_vsx_system.py 0 → 100644
+ 135
0
View file @ 87aa8226
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2018-03-13
#
# Check Point VSX status metrics plugin
# checkpoint_vsx
#
from cmk.gui.i18n import _
from cmk.gui.plugins.metrics import (
metric_info,
graph_info,
perfometer_info,
)
metric_info['checkpoint_vsx_connections'] = {
'title': _('Connections active'),
'unit': 'count',
'color': '26/a',
}
metric_info['checkpoint_vsx_connections_peak'] = {
'title': _('Connections peak'),
'unit': 'count',
'color': '21/a',
}
metric_info['checkpoint_vsx_connections_limit'] = {
'title': _('Connections limit'),
'unit': 'count',
'color': '31/a',
}
metric_info['checkpoint_vsx_packets_processed'] = {
'title': _('Packets processed'),
'unit': '1/s',
'color': '12/a',
}
metric_info['checkpoint_vsx_packets_dropped'] = {
'title': _('Packets dropped'),
'unit': '1/s',
'color': '22/a',
}
metric_info['checkpoint_vsx_packets_accepted'] = {
'title': _('Packets accepted'),
'unit': '1/s',
'color': '32/a',
}
metric_info['checkpoint_vsx_packets_rejected'] = {
'title': _('Packets rejected'),
'unit': '1/s',
'color': '42/a',
}
metric_info['checkpoint_vsx_bytes_accepted'] = {
'title': _('Bytes accepted'),
'unit': 'bytes/s',
'color': '13/a',
}
metric_info['checkpoint_vsx_bytes_dropped'] = {
'title': _('Bytes dropped'),
'unit': 'bytes/s',
'color': '23/a',
}
metric_info['checkpoint_vsx_bytes_rejected'] = {
'title': _('Bytes rejected'),
'unit': 'bytes/s',
'color': '33/a',
}
metric_info['checkpoint_vsx_loggs_send'] = {
'title': _('Loggs send'),
'unit': '1/s',
'color': '14/a',
}
graph_info['checkpoint_vsx_connections'] = {
'title': _('Check Point VSX: Connections'),
'metrics': [
('checkpoint_vsx_connections_limit', 'line'),
('checkpoint_vsx_connections_peak', 'line'),
('checkpoint_vsx_connections', 'area'),
],
'scalars': [
('checkpoint_vsx_connections:crit', _('crit')),
('checkpoint_vsx_connections:warn', _('warn')),
],
'optional_metrics': [
'checkpoint_vsx_connections_limit'
],
}
graph_info['checkpoint_vsx_packets'] = {
'title': _('Check Point VSX: Packets'),
'metrics': [
('checkpoint_vsx_packets_rejected', 'line'),
('checkpoint_vsx_packets_dropped', 'line'),
('checkpoint_vsx_packets_accepted', 'line'),
('checkpoint_vsx_packets_processed', 'line'),
]
}
graph_info['checkpoint_vsx_bytes'] = {
'title': _('Check Point VSX: Bytes'),
'metrics': [
('checkpoint_vsx_bytes_rejected', 'line'),
('checkpoint_vsx_bytes_dropped', 'line'),
('checkpoint_vsx_bytes_accepted', 'line'),
]
}
graph_info['checkpoint_vsx_logges_send'] = {
'title': _('Check Point VSX: Logs'),
'metrics': [
('checkpoint_vsx_loggs_send', 'line'),
]
}
perfometer_info.append(('stacked', [
{
'type': 'logarithmic',
'metric': 'checkpoint_vsx_connections',
'half_value': 50000.0,
'exponent': 2,
},
{
'type': 'logarithmic',
'metric': 'checkpoint_vsx_packets_processed',
'half_value': 50000.0,
'exponent': 2,
},
]))
web/plugins/wato/checkpoint_vsx_system.py 0 → 100644
+ 128
0
View file @ 87aa8226
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2021-09-07
#
from cmk.gui.i18n import _
from cmk.gui.valuespec import (
Dictionary,
TextAscii,
Tuple,
Integer,
MonitoringState,
Transform,
ListChoice,
)
from cmk.gui.plugins.wato import (
CheckParameterRulespecWithItem,
rulespec_registry,
RulespecGroupCheckParametersNetworking,
RulespecGroupCheckParametersDiscovery,
HostRulespec,
)
def _parameter_valuespec_checkpoint_vsx_system():
return Transform(
Dictionary(
elements=[
('levels_upper_absolute',
Tuple(
title=_('Maximum number of firewall connections'),
help=_('This rule sets upper limits to the current number of connections through '
'a Checkpoint firewall.'),
elements=[
Integer(title=_('Warning at'), minvalue=0, unit=_('connections')),
Integer(title=_('Critical at'), minvalue=0, unit=_('connections')),
])),
('levels_lower_absolute',
Tuple(
title=_('Minimum number of firewall connections'),
help=_('This rule sets lower limits to the current number of connections through '
'a Checkpoint firewall.'),
elements=[
Integer(title=_('Warning blow'), minvalue=0, unit=_('connections')),
Integer(title=_('Critical below'), minvalue=0, unit=_('connections')),
])),
('state_sic_not_established',
MonitoringState(
title=_('State if SIC is not established'),
help=_('Monitoring state if SIC is not established'),
default_value=2,
)),
('state_ha_not_act_stb',
MonitoringState(
title=_('State if H/A state not active/standby'),
help=_('Monitoring state if H/A state not active or standby'),
default_value=2,
)),
('state_policy_not_installed',
MonitoringState(
title=_('State if no policy is installed'),
help=_('Monitoring state if no policy is installed'),
default_value=2,
)),
('state_policy_changed',
MonitoringState(
title=_('State on policy name change'),
help=_('Monitoring status on policy name change'),
default_value=1,
)),
('state_ha_changed',
MonitoringState(
title=_('State on H/A state change'),
help=_('Monitoring status on H/A state change'),
default_value=1,
)),
],
))
rulespec_registry.register(
CheckParameterRulespecWithItem(
check_group_name='checkpoint_vsx_system',
group=RulespecGroupCheckParametersNetworking,
match_type='dict',
parameter_valuespec=_parameter_valuespec_checkpoint_vsx_system,
title=lambda: _('Check Point VSX system'),
item_spec=lambda: TextAscii(title=_('VSX System name'), ),
))
def _valuespec_discovery_checkpoint_vsx_system():
_vs_types = [
('virtual system', 'Virtual system'),
('vsx gateway', 'VSX gateway'),
('virtual switch', 'Virtual switch'),
('virtual router', 'Virtual router'),
]
return Transform(
Dictionary(
title=_('Check Point VSX system'),
elements=[
('vs_type',
ListChoice(
title=_('VS types to discover'),
help=_('Virtual system types to discover'),
choices=_vs_types,
default_value=[
'virtual system',
'vsx gateway',
],
)),
],
))
rulespec_registry.register(
HostRulespec(
group=RulespecGroupCheckParametersDiscovery,
match_type='dict',
name='discovery_checkpoint_vsx_system',
valuespec=_valuespec_discovery_checkpoint_vsx_system,
))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com