From 87aa82267360ff96a0c84d0252ac254f1077f5db Mon Sep 17 00:00:00 2001
From: "th.l" <thl-cmk@outlook.com>
Date: Tue, 7 Sep 2021 22:04:36 +0200
Subject: [PATCH] update project
---
agent_based/checkpoint_vsx_system.py | 270 +++++++++++++++++++
checkpoint_vsx_system.mkp | Bin 0 -> 4944 bytes
packages/checkpoint_vsx_system | 21 ++
web/plugins/metrics/checkpoint_vsx_system.py | 135 ++++++++++
web/plugins/wato/checkpoint_vsx_system.py | 128 +++++++++
5 files changed, 554 insertions(+)
create mode 100644 agent_based/checkpoint_vsx_system.py
create mode 100644 checkpoint_vsx_system.mkp
create mode 100644 packages/checkpoint_vsx_system
create mode 100644 web/plugins/metrics/checkpoint_vsx_system.py
create mode 100644 web/plugins/wato/checkpoint_vsx_system.py
diff --git a/agent_based/checkpoint_vsx_system.py b/agent_based/checkpoint_vsx_system.py
new file mode 100644
index 0000000..d7281d4
--- /dev/null
+++ b/agent_based/checkpoint_vsx_system.py
@@ -0,0 +1,270 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-17-05
+#
+# Check Point vsx Cluster status
+#
+# Monitor status of virtual systems in Check Point vsx/vsls cluster
+#
+# 2018-08-03: changed snmp scan function
+# 2018-08-13: code cleanup, add metrics
+# 2020-06-08: changed snmp-scan function
+# 2021-09-06: rewritten for CMK 2.0
+# 2021-09-07: added WATO for check and discovery function
+# renamed from checkpoint_vsx to checkpoint_vsx_system
+#
+# snmpwalk sample
+#
+# .1.3.6.1.4.1.2620.1.16.22.1.1.1.3.0 = Gauge32: 2
+# .1.3.6.1.4.1.2620.1.16.22.1.1.2.3.0 = Gauge32: 2
+# .1.3.6.1.4.1.2620.1.16.22.1.1.3.3.0 = STRING: "HRI"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.4.3.0 = STRING: "Virtual System"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.5.3.0 = STRING: "10.140.1.3"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.6.3.0 = STRING: "Standard"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.7.3.0 = STRING: "Active"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.8.3.0 = STRING: "Trust established"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.9.3.0 = STRING: "Standby"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.10.3.0 = Gauge32: 0
+#
+# .1.3.6.1.4.1.2620.1.16.23.1.1.2.3.0 = Gauge32: 40
+# .1.3.6.1.4.1.2620.1.16.23.1.1.3.3.0 = Gauge32: 864
+# .1.3.6.1.4.1.2620.1.16.23.1.1.4.3.0 = Gauge32: 14900
+# .1.3.6.1.4.1.2620.1.16.23.1.1.5.3.0 = STRING: "69459"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.6.3.0 = STRING: "2405"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.7.3.0 = STRING: "67054"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.8.3.0 = STRING: "0"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.9.3.0 = STRING: "4228862"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.10.3.0 = STRING: "72445"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.11.3.0 = STRING: "0"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.12.3.0 = STRING: "7074"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.13.3.0 = INTEGER: 0
+#
+import time
+from dataclasses import dataclass
+from typing import List, Dict, Optional, Tuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+ get_value_store,
+ get_rate,
+ GetRateError,
+ check_levels,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointVsx:
+ vsxStatusVSId: str
+ vsxStatusVsType: str
+ vsxStatusMainIP: str
+ vsxStatusPolicyName: str
+ vsxStatusVsPolicyType: str
+ vsxStatusSicTrustState: str
+ vsxStatusHAState: str
+ vsxStatusVSWeight: str
+ vsxCountersConnNum: int
+ vsxCountersConnPeakNum: int
+ vsxCountersConnTableLimit: int
+ metrics_rate: List[Tuple[str, int]]
+
+
+def parse_checkpoint_vsx_system(string_table: StringTable) -> Optional[Dict[str, CheckpointVsx]]:
+ vsx_systems = {}
+ for entry in string_table:
+ try:
+ vsxStatusVSId, vsxStatusVsName, vsxStatusVsType, vsxStatusMainIP, vsxStatusPolicyName, \
+ vsxStatusVsPolicyType, vsxStatusSicTrustState, vsxStatusHAState, vsxStatusVSWeight, vsxCountersConnNum, \
+ vsxCountersConnPeakNum, vsxCountersConnTableLimit, vsxCountersPackets, vsxCountersDroppedTotal, \
+ vsxCountersAcceptedTotal, vsxCountersRejectedTotal, vsxCountersBytesAcceptedTotal, \
+ vsxCountersBytesDroppedTotal, vsxCountersBytesRejectedTotal, vsxCountersLoggedTotal = entry
+ except ValueError:
+ return
+ vsx_systems[vsxStatusVsName] = CheckpointVsx(
+ vsxStatusVSId=vsxStatusVSId,
+ vsxStatusVsType=vsxStatusVsType,
+ vsxStatusMainIP=vsxStatusMainIP,
+ vsxStatusPolicyName=vsxStatusPolicyName,
+ vsxStatusVsPolicyType=vsxStatusVsPolicyType,
+ vsxStatusSicTrustState=vsxStatusSicTrustState,
+ vsxStatusHAState=vsxStatusHAState,
+ vsxStatusVSWeight=vsxStatusVSWeight,
+ vsxCountersConnNum=int(vsxCountersConnNum),
+ vsxCountersConnPeakNum=int(vsxCountersConnPeakNum),
+ vsxCountersConnTableLimit=int(vsxCountersConnTableLimit),
+ metrics_rate=[
+ ('packets_processed', int(vsxCountersPackets)),
+ ('packets_dropped', int(vsxCountersDroppedTotal)),
+ ('packets_accepted', int(vsxCountersAcceptedTotal)),
+ ('packets_rejected', int(vsxCountersRejectedTotal)),
+ ('bytes_accepted', int(vsxCountersBytesAcceptedTotal)),
+ ('bytes_dropped', int(vsxCountersBytesDroppedTotal)),
+ ('bytes_rejected', int(vsxCountersBytesRejectedTotal)),
+ ('loggs_send', int(vsxCountersLoggedTotal)),
+ ],
+ )
+ return vsx_systems
+
+
+def discovery_checkpoint_vsx_system(params, section: Dict[str, CheckpointVsx]) -> DiscoveryResult:
+ for key in section.keys():
+ if section[key].vsxStatusVsType.lower() in params['vs_type']:
+ yield Service(
+ item=key,
+ parameters={'policyname': section[key].vsxStatusPolicyName, 'ha_state': section[key].vsxStatusHAState}
+ )
+
+
+def check_checkpoint_vsx_system(item, params, section: Dict[str, CheckpointVsx]) -> CheckResult:
+ try:
+ vsx = section[item]
+ except KeyError:
+ yield Result(state=State.UNKNOWN, notice='Item not found in SNMP data')
+ return
+
+ if not vsx.vsxStatusSicTrustState.lower() in ['trust established']:
+ yield Result(state=State(params['state_sic_not_established']), notice='SIC not established')
+
+ if vsx.vsxStatusVsType.lower() in ['virtual system', 'vsx gateway']:
+ yield Result(state=State.OK, notice=f'System name: {item}')
+ yield Result(state=State.OK, summary=f'Main IP: {vsx.vsxStatusMainIP}')
+ yield Result(state=State.OK, summary=f'VS ID: {vsx.vsxStatusVSId}', details='Virtual system ID:')
+ yield Result(state=State.OK, notice=f'System type: {vsx.vsxStatusVsType}')
+
+ if not vsx.vsxStatusHAState.lower() in ['active', 'standby']:
+ yield Result(state=State(params['state_ha_not_act_stb']), summary=f'H/A Status: {vsx.vsxStatusHAState}')
+ else:
+ yield Result(state=State.OK, summary=f'H/A Status: {vsx.vsxStatusHAState}')
+
+ if not vsx.vsxStatusVsPolicyType.lower() in ['active']:
+ yield Result(state=State(params['state_policy_not_installed']), notice='No policy installed')
+
+ if params['policyname'] != vsx.vsxStatusPolicyName: # policy changed
+ yield Result(
+ state=State(params['state_policy_changed']),
+ notice=f'Policy name changed: expected {params["policyname"]}, found {vsx.vsxStatusPolicyName}'
+ )
+
+ if params['ha_state'] != vsx.vsxStatusHAState: # H/A state changed
+ yield Result(
+ state=State(params['state_ha_changed']),
+ notice=f'State changed: expected/found {params["ha_state"]}/{vsx.vsxStatusHAState}'
+ )
+
+ yield Result(state=State.OK, notice=f'SIC status: {vsx.vsxStatusSicTrustState}')
+ yield Result(state=State.OK, notice=f'Weight: {vsx.vsxStatusVSWeight}')
+ yield Result(state=State.OK, notice=f'Policy name: {vsx.vsxStatusPolicyName}')
+ yield Result(state=State.OK, notice=f'Policy type: {vsx.vsxStatusVsPolicyType}')
+
+ # metrics rate
+ now_time = time.time()
+ value_store = get_value_store()
+ metrics_prefix = 'checkpoint_vsx_'
+
+ for key, value in vsx.metrics_rate:
+ try:
+ value = get_rate(value_store, f'{metrics_prefix}{key}', now_time, int(value), raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield Metric(name=f'checkpoint_vsx_{key}', value=value, boundaries=(0, None))
+
+ # metrics count
+ yield from check_levels(
+ value=vsx.vsxCountersConnNum,
+ metric_name=f'{metrics_prefix}connections',
+ levels_upper=params.get('levels_upper_absolute'),
+ levels_lower=params.get('levels_lower_absolute'),
+ label='Connections',
+ render_func=lambda v: f'{v:.0f}',
+ boundaries=(0, None),
+ )
+
+ yield Metric(value=vsx.vsxCountersConnPeakNum, name=f'{metrics_prefix}connections_peak')
+ if vsx.vsxCountersConnTableLimit > 0:
+ yield Metric(value=vsx.vsxCountersConnTableLimit, name=f'{metrics_prefix}connections_limit')
+ else:
+ yield Result(state=State.OK, notice=f'System name: {item}')
+ yield Result(state=State.OK, summary=f'Virtual system ID: {vsx.vsxStatusVSId}')
+ yield Result(state=State.OK, summary=f'System Type: {vsx.vsxStatusVsType}')
+ yield Result(state=State.OK, summary=f'SIC status: {vsx.vsxStatusSicTrustState}')
+
+
+register.snmp_section(
+ name='checkpoint_vsx_system',
+ parse_function=parse_checkpoint_vsx_system,
+ supersedes=[
+ 'checkpoint_vsx',
+ 'checkpoint_vsx_connections',
+ 'checkpoint_vsx_traffic',
+ 'checkpoint_vsx_packets',
+ 'checkpoint_vsx_status',
+ ],
+ fetch=SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.16', # CHECKPOINT-MIB::vsx
+ oids=[
+ '22.1.1.1', # vsxStatusVSId
+ '22.1.1.3', # vsxStatusVsName
+ '22.1.1.4', # vsxStatusVsType
+ '22.1.1.5', # vsxStatusMainIP
+ '22.1.1.6', # vsxStatusPolicyName
+ '22.1.1.7', # vsxStatusVsPolicyType
+ '22.1.1.8', # vsxStatusSicTrustState
+ '22.1.1.9', # vsxStatusHAState
+ '22.1.1.10', # vsxStatusVSWeight
+ '23.1.1.2', # vsxCountersConnNum
+ '23.1.1.3', # vsxCountersConnPeakNum
+ '23.1.1.4', # vsxCountersConnTableLimit
+ '23.1.1.5', # vsxCountersPackets
+ '23.1.1.6', # vsxCountersDroppedTotal
+ '23.1.1.7', # vsxCountersAcceptedTotal
+ '23.1.1.8', # vsxCountersRejectedTotal
+ '23.1.1.9', # vsxCountersBytesAcceptedTotal
+ '23.1.1.10', # vsxCountersBytesDroppedTotal
+ '23.1.1.11', # vsxCountersBytesRejectedTotal
+ '23.1.1.12', # vsxCountersLoggedTotal
+ ]),
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_vsx_system',
+ service_name='VSX System %s',
+ discovery_function=discovery_checkpoint_vsx_system,
+ discovery_default_parameters={
+ 'vs_type': ['virtual system', 'vsx gateway']
+ },
+ discovery_ruleset_name='discovery_checkpoint_vsx_system',
+ check_function=check_checkpoint_vsx_system,
+ check_default_parameters={
+ 'state_sic_not_established': 2,
+ 'state_ha_not_act_stb': 2,
+ 'state_policy_not_installed': 2,
+ 'state_policy_changed': 1,
+ 'state_ha_changed': 1,
+ },
+ check_ruleset_name='checkpoint_vsx_system',
+)
diff --git a/checkpoint_vsx_system.mkp b/checkpoint_vsx_system.mkp
new file mode 100644
index 0000000000000000000000000000000000000000..3c075169a0fa0d03a55ecb9bac73eeecb311d558
GIT binary patch
literal 4944
zcmb8v^*<br<G^vI8BUvKy6Y{b<4!xrsTsqV+B7FmZDQK#iOHMpF~?5lv`u$2b!rUv
z{SQ8m$M?6_<MI6c#U4*gJku|0_XPXK+3}5=r-zHX?`wabfY&~OKE96cMI^-~CB)^$
zWkvl(#YLs;MBlr4;v6f5c`UW1Jp@NQP=r`24k^neIVu>sc2Uk{owTSeH9I#R;96=J
zIV}FJ629e@cL8jp*3PmtA?ZA*_b1m8Gb`NmPSL$N8=l%aZ&dQM#Nd*bIG|q62l6kE
z-@u>;hU>|1$>8V*#N#?};$$IeiflIc{As<8u`D43-p8@i{Qz8_@|Hc2{8S^+Sev<W
zV?C>z)m_wj7qnGA<BTALTwcAUFEbH)*-|quHk7;37ysaQsKr@y2lxnQ>L<R;cBiHt
zo62WLGRvwCYou+OM&1MRMH+7CLO<P$17X9hB`9v~lq)jhF3gj9q9jyUbS~%^=o{O?
zh!Tjd)ksiWoMPGThRMN=91e<g+0xyqaG4oj9R{mzRcTPYxul^5Re&Dxjxw_DVDsu6
z;eI*o8-K2Gx0NTapJ{G9k?vS6b;i{s$=#T}Qj>s&%vn`Vo0FjJd9^36cEYN-f~R=#
z6J1+YFva41Yz+?H&HkNrat2B6?5bH>YR%e<r5dj1`^rzbV7u=&!?Qzj%8wjEeEXEj
zPzk?XW)n9F`V0Qy8sd<@a*ODl{q9Gj7&ReFZ;Hv4i@-BnKZDe;SG#D@kGBuD(uT3V
zqgRgo*5mRgco@PHij<b=0i~>=T%ZODp<L=QC!~lXm#O{wp0N=s4dxWGibBG4kiWZq
zL~&C%CGm43<@HRG!WR!VYbTw5@_kR+J5RbYKBI(GeC_X5m{rP0n(o4<g=_&)5z$VO
zCJc-Vy-!AXy*%*#sO~9CEED`pL2lmPa6ZDY8JZhdyL<M`P4xR4Lf%Iey?YhgbF6Iw
z#o-oKjfhoyqY!Y+{&-=5b!zjWU6XY<+PZ*ux4CS;2fVGYFXPvfwtD7BBAKWePH;UM
zB^>fY{wt|3kqJlCkZx)&$ZXoQL_7$`j+QlrUsrR^p2|l0Ep@_x1j6Xt6SSY6BG5w5
z#S7%2G64Z_P0s9aO$Ji7cx*p@=HMuyPGuJ*FR;0{ir7}NrY0^_d1RkK$DgCuTHn)P
z3-Ky<FTjoHP)S8QbaL|d%Da+P+mwYc-)W+M>^Fu5eh*sv{l^28Z>`P_7qP`>OKV9o
zIw8JCF<NpR8b?IhggxDL==*32EMDfk^KMMM#A4}1uZcGSllD^ZTCZK?;Qm-Y`#w2^
z*VEBe<k<W5;9~NXD|w7iu5ALu&ql5O@$WsG_q9ajt1IGZw;=$rF+0mX;PHs{LOC5D
zFTY_qvW}1C0A)fqP86h~^rt&4N`jlyomh`lx91lVPXTlBEpMq_XMzjOPiMk7gYXs4
zrV|dBj7G@0W9-AKod<p!Ff)cJGxT5m4Ry*O|G-Vk-%`0!osoqY81e6pC)2~(m-s(_
zbhO`TH(31Eq@T|z44^Wob9j{O%NE|3l1?t669kc_gS43y+LB_=Zrso4curhdZQ(6$
zFrpQzdzK#T0|ZTk{sU=U<3qc=p){CehBb9XDQAB#C`S{Gh0naQ2~|c1;0<>zP3#d}
zIcQ}3$qk<1(epTzXQ^U&=gdx>r-pZ!s%vmzE?e;57bS>`CEId123pqf$xf8xDT25>
zxUtWmJ*<N6;kpP{;H!3nXWc*!VbCDs^<f;L;M9S$1^7Q`#h;B)o2XUY6Y(H<MR=eQ
z*aGw6u^zS@Ub{_Df>=GT$F&<K2_lcx1+icMLn2Gyc+)@kpB?Lj$-R@*Tw2wFqFx`?
z!KO7OzMW-X#8<7Y-9K6eAki<iygnI+5fmjyPvm@Vw^`>Uc_$L+<{wv5O6g|t9(WY2
zqNA|ia@swS?29_?dAseZQ6hlkAmbihL4_p$&X@^2@EElIx1wNG@BVN{Ms`Y8DD1|1
zeNH_HtM|VE7kV|47*F8~l{>d}{5?Am9M~*j#y6DSW7ihV;Jtyj)7ETgtda&x$!h<N
zq4Yi9Vy9=!1jx?Y@<k9Z>6veJY{|+!JS~JLZ)wNsn{)7W!Ll*$Pm!6T{A>zRieOrT
zPI@5+wP(^AMzb_g8?{5LsXA(p4@d`_yLhVUE6j^qnYX3&o;K6I+jp1{8A5`A!>eu5
z(wUYJ&xf;nMD30Ve%yR7LG?;dQg!F2)3VbkMsQ-SM!>(y#)CTy*)_vx^Su86Sbe-$
zykow4AjPR{aR5C3&`uX|__q^{F(HZBgUp%__^vKbx_IMB`Vuetj_5z(1-Z!@)|VJq
zza(iX(J+&-<+f}|q`;;c^e{{EJv)sAB4?J%lZN>D_Rr(2%l5SGNDt^8ay}No#|-O=
zOz)tW<fM0+_Nz&Ue5}8eUc9K=|DsYAlp0cEvO%4n#^*aiF*!AFJy$bum+xA_kgME)
zXzpp5^J=!)S};vdv$b4V5t`^dlGaFnsk{|t2VTN}z3q_zvm4ch_|301zpOix>B-=%
zim^ckt5lC5P1QMWn`zsxZTbl_1}wXC+^`PFy%Xs&ney`DW+<Xq%q$3So*#FZMK}Lb
zhp%$R%yy4WaVpRcudrZWsWY;1{TlIU!ANZsIZ!HXF8JS1-tkh!jBkca+2S<y)>R?j
zS6n2QeET{oqScf|{1h=}8Hp^le6r|F_mvi5IOwE$Yp9pxd$4wIK$YU{lHdhb)U(fF
zj^2Uxzt22x6U3wh`XZS`B?^xmML+Tzb$?tHp6Ak$mwxXEt;jT<TpTG6(%(5V>*fzv
z&5|Rb_)ou-!=kuAw{VH;GmjlO$^W*vkkt<=e4j$wCS;*Q?Vt5Fp)xZdmzdvWL+<q&
z+WuR+l#KP??B+$|fa|^DW5UI9YaU(ysC~A<8kvo5&Gv>9>X=gGZ)hBbQkmi{my<_^
z-%)QH?_?b4IQ>6f!2-pXZcGHX#~z)Y-kY`})-id7rf)9fZlHf!^O>V~j)OD+6$;L>
zKH9f(a}bF{E~F_!-(tEq{ZwmS{f<KA>nOj8=+;7UZ~mm3AGR$3c78qzj9J#l?*v!-
zc+Y)Ww#<u~8;{)>dW>~HuJ#`{sviDB+J?)C+ueQ#1p0qq7BU6DA{{s4anlO`bnbHh
z*i%IsMi?lt5AEDOqtkWw(0ju0K?Efv=ei+GSKb7qMTh@5U5Nov!&H8ZZs%D2fs%jp
zWw_A(dCl$SD}-=pdinhv&y$mcfD2VR*n?wH&_LOHr04ti(ou`Ln2%8s?WEXH8{Zlk
zQS4=2`NX*0Ab55kD<Er>VSYYr(VRYd5)t*08cy_z{grDdsXeZjz&eq{MrON7?blYV
zIslD&hK(k%B~N|CAo)k5r_<Gi$F6AzwVK*%D1fXMssks^id4<<W1zB^<M%KxqZ2OE
zRsx27rq$x`xSjHd6hLRx1FtcMMhZ;h=?NwJ`GI0Iv4*cX2N=0da?A1eQ+<?&h=7G0
zwvfvPduMRwTga5NpjF98(8#!`s!pE||0?Bg8s9a2tt{`o@BT?`^dFM?JXJNc=-7S$
z#mJ+`KVUT#;z`M7W=`z%S%@pB5Y}r^McbBJBDIZTuR}Y=wxXyF;WYoAX<kd+UWvEE
zhR(%G*|yEI?wxfcbq4dpi&?@)V(n4QN$1OaISF?O#XRx7O_LN`V0*@A+8ZCL_l0(z
zBlTa1GH|*MBb%JvmFUZYf<7n@Kj8<BAp+I$r$qf9@D;cn3p70Q!xc9C8^8shhP67Z
zN)Hcs1r?0ksakQ~2)>}kKqzSLnxfo?rG4J8^C8UYGzyd6na^h`CzQT`!mZNT)vAzu
z)l$3KhnCsy;6I)lrpLMy$(E#?NAn9^Ng@UH;Zp=9-Q&8hp36(zq%r`&QjmB1_Q8-#
zFTM8-JrT`O^~)cO-~78GmhB4gPY(Tei%}9@Ur=7HvSG$ke!K$iSJ3C4P3DI$6rj~}
zHBE%C<lVPj>K+~N9`LRPtU?-$`ENCwB3|Kk(?$y9O#AT8>{Oe5CORF@j)%1<{aVR5
zpwMHw<#Uhm8*U<_SQEnt7$ickJmoa(Wa;}#Xb~be&-%t1$@RzZC%Wd!OvKA*0wcdZ
zn13Lk6G>dTUB3BNbY@cdo?jpFL?aLV)9X-#Z!_}?Eq3UkC9Vt|Nb1F?ezdT(HnAFd
z7XbJ2`@3;pxFzA6hR}KxhD;EOoNM9~5fKv9&6H4Bn2%JnvcW8Rc#@EVN@ku5{>I4)
z#-0}}z~nIFwC58_m$XPyV0Y&gw-_CDfwmcc2l7)NLY6LHB{0=a$gO}a^b2s$&I&9!
zo3^cH3if+dycshTbO|A`R%ZM)lb7yH8q*k5JVOoH*oJ~H8#STIc)v|_e^)DB*L-Qd
zN+<7Y88zf&J>8XFfV)JStjpU?P-=Veg!O#M&|)~}XMAQUzf0Rlf87?D_O*eChDk#4
zI6uV+c&C}@Dg(8D4phRVdZRjisA7RlEO$?=Q6VWSyU75DBPu<Kg{G%tb0r^G$(!<~
zxhCc>Os`KZX(y8Vn;fflOFJ~>dVLr&?X;9lGU=(jf|P1iI2@qhGPX^FaGLq(dav0b
zCpxyL!=RR(q3^0jQn`nSS&2iKZtTc;HoaD`dNa96o^V2H&2hu>Bb3n|lAocAPZ?s@
z6^@HX_>@uH_J71WR%Ll>snF~O(sgph9y}QJqXPSvWwIIY2euS8TlE!7Y!F4&id`=S
zL$ycd67?Sj_rlTd9<+?%=aX#Chbq(FJ=J|B0iiL0@@m3&vSs7CAQ2h(Tq{@uLNFpQ
zyTDabT#&wQCCt$OdXtmq7m%Q8-db#j%#CH@`JF>in=boRI={y^r5*5L%NY@M6XwED
z4~``~XE5vcDf`WPY4UQuK+#`_E%^f&_uqKT<Ngqjc_9;7_iCC82TAbf@(Pygaqs$8
zdnV$Z*M%<p!yH)-DB&GJ9=gV}!Jm*Mi?n`a-I28U2ha;heEzI9=Vb2i<eEWrwWdxY
z;F*n-03k{zm5#R}m8;i{x4(XEQYzhBgwA-<X|L5e(lmDNw*O12%%>KcZ={d|nheQH
zSZdKYn|`dT8&p?<QMx%6>Qt^yh<TwN$q(vXkWarG$9u3jN3{hdrrxVN@{+&y9csF~
zjasX@BVJH5TaW3_lC^5Vg_{eiuMf<R5%&q%n{9rNU_Rxz$qvcKJHs2BL@ydRGOnS#
zhKLVdAEyaZ)otuKXIR#a=2_=2^b7eJ7>vJ}uHF4To8@ZT>K$6m8e1v}RWKTE>G<R@
z6XZCJGii|_o%g45$XKU}@Qq28%YVETP&+*96r<?Y!NxQYN853Ain@zvXS%M;lAjvo
zM)fZ)kCO0TB%G&e@c3vnK+`qsyLe}o(9Q~!w_tZPyK)s~-QJyN3dZ3I%9}hMKK{G(
zg48Qp_w-jR%pM;5iirUWKPW$T3M4>IWufldF4)H&*S;Nhiz{F`U*BuJJbu%JmHmf3
zd_ez&M=i336eSw=IwW=)7dbJREnB3IqI%Y*&Exj|ZAw+}{lqF$nsf|RzP%93!1-@@
zN2$(UR(}^FY$L`EjGM@$5~^FNRW#>lGNMWxz<@VH`zE%Jl~S-|eaMUZ<NoZ|{__eY
z3*z{9pXC;-<MYzU@>aFZ%>f;_-e#DTtsjYL(Dgl@Ivqds{fZ9Xj6bkJ1@bJ_-2JC7
zZ)g5zW>Bc3Y?lymZrqRXuRs3AmDAElRhPHZR3&O;&XNd!WncDqbZt`Kc<UGc1~bO#
zqcU*g4&VSIDzj|kqW;_PX}P3v6`ptQdPIy2Ch<{YJ~ACpKlh*+6c?`$svzpZ*%Hni
zs@&HW7OaKxOCVaTMAl{e-gdE~Gb(n-xED(8JM|3BCr2nPyAd`-srfYB{LaWmn8=0H
zdA|GFXy{ARV5rsRu0mcPWmq)A==PC3Z=0SFBek+k9|j{bEiisqZB0Tna?Re6S3TLA
zpc1g?MI-BtJ~oZpVJHISQAz=EvTHfJcQ2Z2Mj)$x*rK4}qs!Eddc2e8kalme<9#`<
z>oKFH9C%%BbKO6zk>kfe;IO8s;P>QQ|DCI-=I6SM_i~+@MU1h~WN)YZl+&k6i4X|q
zwQ|!Tl3$}H<U3L@w`oC(>Lb%yF(@l{-yfKf4mxNo<uoIIqvmamRQr$4UzRe3Phn^F
z^4pisL3%F<Kc<VF8|ReqS{6u8eBlB89H{OoIC-iKwNA~@AL){B)>F%RAB?#&6=c!S
zo9KBW6wtiWtisSzJKwJTkJW}HIz&fzgQM~lf4N0~p}ZZUY6$QOU=acZ5M%|j3mdPG
z*6vSrk6)rtKE80^3yLKeGXg1bwOhG%9qX#levomh>ekzL#bfUu@y>*?Nm-r09~ZX1
z4rxf!*#(Rh4}BAE-qx`4awMwMB@eS1O1qh^u`W(*7pNnXQ7|<cA<b^go(%}nYv@+A
YcKRQ4{r^#y|KHb|?^CLAhH!BH56>u{CjbBd
literal 0
HcmV?d00001
diff --git a/packages/checkpoint_vsx_system b/packages/checkpoint_vsx_system
new file mode 100644
index 0000000..3558a34
--- /dev/null
+++ b/packages/checkpoint_vsx_system
@@ -0,0 +1,21 @@
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitor status of virtual systems in Check Point vsx/vsls '
+ 'cluster.\n'
+ '\n'
+ ' - creates one check for every virtual system. \n'
+ ' - check goes critical if virtual system status is not '
+ "'Active' or 'Standby'\n"
+ ' - longoutput gives details for each virtual system.\n'
+ ' - monitors VSX virtual system counters '
+ '(connections/packets/bytes/logs).\n',
+ 'download_url': 'https://thl-cmk.hopto.org',
+ 'files': {'agent_based': ['checkpoint_vsx_system.py'],
+ 'web': ['plugins/metrics/checkpoint_vsx_system.py',
+ 'plugins/wato/checkpoint_vsx_system.py']},
+ 'name': 'checkpoint_vsx_system',
+ 'num_files': 3,
+ 'title': 'Check Point VSX system status and counter',
+ 'version': '20210907.v.0.3a',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_vsx_system.py b/web/plugins/metrics/checkpoint_vsx_system.py
new file mode 100644
index 0000000..1cc2923
--- /dev/null
+++ b/web/plugins/metrics/checkpoint_vsx_system.py
@@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-13
+#
+# Check Point VSX status metrics plugin
+# checkpoint_vsx
+#
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
+metric_info['checkpoint_vsx_connections'] = {
+ 'title': _('Connections active'),
+ 'unit': 'count',
+ 'color': '26/a',
+}
+metric_info['checkpoint_vsx_connections_peak'] = {
+ 'title': _('Connections peak'),
+ 'unit': 'count',
+ 'color': '21/a',
+}
+metric_info['checkpoint_vsx_connections_limit'] = {
+ 'title': _('Connections limit'),
+ 'unit': 'count',
+ 'color': '31/a',
+}
+
+metric_info['checkpoint_vsx_packets_processed'] = {
+ 'title': _('Packets processed'),
+ 'unit': '1/s',
+ 'color': '12/a',
+}
+metric_info['checkpoint_vsx_packets_dropped'] = {
+ 'title': _('Packets dropped'),
+ 'unit': '1/s',
+ 'color': '22/a',
+}
+metric_info['checkpoint_vsx_packets_accepted'] = {
+ 'title': _('Packets accepted'),
+ 'unit': '1/s',
+ 'color': '32/a',
+}
+metric_info['checkpoint_vsx_packets_rejected'] = {
+ 'title': _('Packets rejected'),
+ 'unit': '1/s',
+ 'color': '42/a',
+}
+
+metric_info['checkpoint_vsx_bytes_accepted'] = {
+ 'title': _('Bytes accepted'),
+ 'unit': 'bytes/s',
+ 'color': '13/a',
+}
+metric_info['checkpoint_vsx_bytes_dropped'] = {
+ 'title': _('Bytes dropped'),
+ 'unit': 'bytes/s',
+ 'color': '23/a',
+}
+metric_info['checkpoint_vsx_bytes_rejected'] = {
+ 'title': _('Bytes rejected'),
+ 'unit': 'bytes/s',
+ 'color': '33/a',
+}
+
+metric_info['checkpoint_vsx_loggs_send'] = {
+ 'title': _('Loggs send'),
+ 'unit': '1/s',
+ 'color': '14/a',
+}
+
+graph_info['checkpoint_vsx_connections'] = {
+ 'title': _('Check Point VSX: Connections'),
+ 'metrics': [
+ ('checkpoint_vsx_connections_limit', 'line'),
+ ('checkpoint_vsx_connections_peak', 'line'),
+ ('checkpoint_vsx_connections', 'area'),
+ ],
+ 'scalars': [
+ ('checkpoint_vsx_connections:crit', _('crit')),
+ ('checkpoint_vsx_connections:warn', _('warn')),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_vsx_connections_limit'
+ ],
+}
+
+graph_info['checkpoint_vsx_packets'] = {
+ 'title': _('Check Point VSX: Packets'),
+ 'metrics': [
+ ('checkpoint_vsx_packets_rejected', 'line'),
+ ('checkpoint_vsx_packets_dropped', 'line'),
+ ('checkpoint_vsx_packets_accepted', 'line'),
+ ('checkpoint_vsx_packets_processed', 'line'),
+ ]
+}
+
+graph_info['checkpoint_vsx_bytes'] = {
+ 'title': _('Check Point VSX: Bytes'),
+ 'metrics': [
+ ('checkpoint_vsx_bytes_rejected', 'line'),
+ ('checkpoint_vsx_bytes_dropped', 'line'),
+ ('checkpoint_vsx_bytes_accepted', 'line'),
+ ]
+}
+
+graph_info['checkpoint_vsx_logges_send'] = {
+ 'title': _('Check Point VSX: Logs'),
+ 'metrics': [
+ ('checkpoint_vsx_loggs_send', 'line'),
+ ]
+}
+
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_vsx_connections',
+ 'half_value': 50000.0,
+ 'exponent': 2,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_vsx_packets_processed',
+ 'half_value': 50000.0,
+ 'exponent': 2,
+ },
+]))
diff --git a/web/plugins/wato/checkpoint_vsx_system.py b/web/plugins/wato/checkpoint_vsx_system.py
new file mode 100644
index 0000000..b3625b8
--- /dev/null
+++ b/web/plugins/wato/checkpoint_vsx_system.py
@@ -0,0 +1,128 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2021-09-07
+#
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ TextAscii,
+ Tuple,
+ Integer,
+ MonitoringState,
+ Transform,
+ ListChoice,
+)
+
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+ RulespecGroupCheckParametersDiscovery,
+ HostRulespec,
+)
+
+
+def _parameter_valuespec_checkpoint_vsx_system():
+ return Transform(
+ Dictionary(
+ elements=[
+ ('levels_upper_absolute',
+ Tuple(
+ title=_('Maximum number of firewall connections'),
+ help=_('This rule sets upper limits to the current number of connections through '
+ 'a Checkpoint firewall.'),
+ elements=[
+ Integer(title=_('Warning at'), minvalue=0, unit=_('connections')),
+ Integer(title=_('Critical at'), minvalue=0, unit=_('connections')),
+ ])),
+ ('levels_lower_absolute',
+ Tuple(
+ title=_('Minimum number of firewall connections'),
+ help=_('This rule sets lower limits to the current number of connections through '
+ 'a Checkpoint firewall.'),
+ elements=[
+ Integer(title=_('Warning blow'), minvalue=0, unit=_('connections')),
+ Integer(title=_('Critical below'), minvalue=0, unit=_('connections')),
+ ])),
+ ('state_sic_not_established',
+ MonitoringState(
+ title=_('State if SIC is not established'),
+ help=_('Monitoring state if SIC is not established'),
+ default_value=2,
+ )),
+ ('state_ha_not_act_stb',
+ MonitoringState(
+ title=_('State if H/A state not active/standby'),
+ help=_('Monitoring state if H/A state not active or standby'),
+ default_value=2,
+ )),
+ ('state_policy_not_installed',
+ MonitoringState(
+ title=_('State if no policy is installed'),
+ help=_('Monitoring state if no policy is installed'),
+ default_value=2,
+ )),
+ ('state_policy_changed',
+ MonitoringState(
+ title=_('State on policy name change'),
+ help=_('Monitoring status on policy name change'),
+ default_value=1,
+ )),
+ ('state_ha_changed',
+ MonitoringState(
+ title=_('State on H/A state change'),
+ help=_('Monitoring status on H/A state change'),
+ default_value=1,
+ )),
+ ],
+ ))
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_vsx_system',
+ group=RulespecGroupCheckParametersNetworking,
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_vsx_system,
+ title=lambda: _('Check Point VSX system'),
+ item_spec=lambda: TextAscii(title=_('VSX System name'), ),
+ ))
+
+
+def _valuespec_discovery_checkpoint_vsx_system():
+ _vs_types = [
+ ('virtual system', 'Virtual system'),
+ ('vsx gateway', 'VSX gateway'),
+ ('virtual switch', 'Virtual switch'),
+ ('virtual router', 'Virtual router'),
+ ]
+ return Transform(
+ Dictionary(
+ title=_('Check Point VSX system'),
+ elements=[
+ ('vs_type',
+ ListChoice(
+ title=_('VS types to discover'),
+ help=_('Virtual system types to discover'),
+ choices=_vs_types,
+ default_value=[
+ 'virtual system',
+ 'vsx gateway',
+ ],
+ )),
+ ],
+ ))
+
+
+rulespec_registry.register(
+ HostRulespec(
+ group=RulespecGroupCheckParametersDiscovery,
+ match_type='dict',
+ name='discovery_checkpoint_vsx_system',
+ valuespec=_valuespec_discovery_checkpoint_vsx_system,
+ ))
--
GitLab