diff --git a/agent_based/checkpoint_vsx.py b/agent_based/checkpoint_vsx.py
new file mode 100644
index 0000000000000000000000000000000000000000..c0ad057b3ac9b66e49a23711740a0a2e4fbecbf6
--- /dev/null
+++ b/agent_based/checkpoint_vsx.py
@@ -0,0 +1,257 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-17-05
+#
+# Check Point vsx Cluster status
+#
+# Monitor status of virtual systems in Check Point vsx/vsls cluster
+#
+# 2018-08-03: changed snmp scan function
+# 2018-08-13: code cleanup, add metrics
+# 2020-06-08: changed snmp-scan function
+# 2021-09-06: rewritten for CMK 2.0
+#
+# snmpwalk sample
+#
+# .1.3.6.1.4.1.2620.1.16.22.1.1.1.3.0 = Gauge32: 2
+# .1.3.6.1.4.1.2620.1.16.22.1.1.2.3.0 = Gauge32: 2
+# .1.3.6.1.4.1.2620.1.16.22.1.1.3.3.0 = STRING: "HRI"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.4.3.0 = STRING: "Virtual System"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.5.3.0 = STRING: "10.140.1.3"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.6.3.0 = STRING: "Standard"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.7.3.0 = STRING: "Active"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.8.3.0 = STRING: "Trust established"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.9.3.0 = STRING: "Standby"
+# .1.3.6.1.4.1.2620.1.16.22.1.1.10.3.0 = Gauge32: 0
+#
+# .1.3.6.1.4.1.2620.1.16.23.1.1.2.3.0 = Gauge32: 40
+# .1.3.6.1.4.1.2620.1.16.23.1.1.3.3.0 = Gauge32: 864
+# .1.3.6.1.4.1.2620.1.16.23.1.1.4.3.0 = Gauge32: 14900
+# .1.3.6.1.4.1.2620.1.16.23.1.1.5.3.0 = STRING: "69459"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.6.3.0 = STRING: "2405"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.7.3.0 = STRING: "67054"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.8.3.0 = STRING: "0"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.9.3.0 = STRING: "4228862"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.10.3.0 = STRING: "72445"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.11.3.0 = STRING: "0"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.12.3.0 = STRING: "7074"
+# .1.3.6.1.4.1.2620.1.16.23.1.1.13.3.0 = INTEGER: 0
+#
+import time
+from dataclasses import dataclass
+from typing import List, Dict, Optional, Tuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+ get_value_store,
+ get_rate,
+ GetRateError,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointVsx:
+ vsxStatusVSId: str
+ vsxStatusVsType: str
+ vsxStatusMainIP: str
+ vsxStatusPolicyName: str
+ vsxStatusVsPolicyType: str
+ vsxStatusSicTrustState: str
+ vsxStatusHAState: str
+ vsxStatusVSWeight: str
+ vsxCountersConnNum: int
+ vsxCountersConnPeakNum: int
+ vsxCountersConnTableLimit: int
+ vsxCountersIsDataValid: str
+ metrics_rate: List[Tuple[str, int]]
+
+
+def parse_checkpoint_vsx_system(string_table: StringTable) -> Optional[Dict[str, CheckpointVsx]]:
+ vsx_systems = {}
+ for entry in string_table:
+ try:
+ vsxStatusVSId, vsxStatusVsName, vsxStatusVsType, vsxStatusMainIP, vsxStatusPolicyName, vsxStatusVsPolicyType, \
+ vsxStatusSicTrustState, vsxStatusHAState, vsxStatusVSWeight, vsxCountersConnNum, vsxCountersConnPeakNum, \
+ vsxCountersConnTableLimit, vsxCountersPackets, vsxCountersDroppedTotal, vsxCountersAcceptedTotal, \
+ vsxCountersRejectedTotal, vsxCountersBytesAcceptedTotal, vsxCountersBytesDroppedTotal, \
+ vsxCountersBytesRejectedTotal, vsxCountersLoggedTotal, vsxCountersIsDataValid = entry
+ except ValueError:
+ return
+ if vsxStatusVsType.lower() in ['virtual system']: # , 'vsx gateway', 'virtual switch', 'virtual router'
+ vsx_systems[vsxStatusVsName] = CheckpointVsx(
+ vsxStatusVSId=vsxStatusVSId,
+ vsxStatusVsType=vsxStatusVsType,
+ vsxStatusMainIP=vsxStatusMainIP,
+ vsxStatusPolicyName=vsxStatusPolicyName,
+ vsxStatusVsPolicyType=vsxStatusVsPolicyType,
+ vsxStatusSicTrustState=vsxStatusSicTrustState,
+ vsxStatusHAState=vsxStatusHAState,
+ vsxStatusVSWeight=vsxStatusVSWeight,
+ vsxCountersConnNum=int(vsxCountersConnNum),
+ vsxCountersConnPeakNum=int(vsxCountersConnPeakNum),
+ vsxCountersConnTableLimit=int(vsxCountersConnTableLimit),
+ vsxCountersIsDataValid=vsxCountersIsDataValid,
+ metrics_rate=[
+ ('packets_processed', int(vsxCountersPackets)),
+ ('packets_dropped', int(vsxCountersDroppedTotal)),
+ ('packets_accepted', int(vsxCountersAcceptedTotal)),
+ ('packets_rejected', int(vsxCountersRejectedTotal)),
+ ('bytes_accepted', int(vsxCountersBytesAcceptedTotal)),
+ ('bytes_dropped', int(vsxCountersBytesDroppedTotal)),
+ ('bytes_rejected', int(vsxCountersBytesRejectedTotal)),
+ ('loggs_send', int(vsxCountersLoggedTotal)),
+ ],
+ )
+ return vsx_systems
+
+
+def discovery_checkpoint_vsx_system(section: Dict[str, CheckpointVsx]) -> DiscoveryResult:
+ for key in section.keys():
+ yield Service(
+ item=key,
+ parameters={'policyname': section[key].vsxStatusPolicyName, 'ha_state': section[key].vsxStatusHAState}
+ )
+
+
+def check_checkpoint_vsx_system(item, params, section: Dict[str, CheckpointVsx]) -> CheckResult:
+ try:
+ vsx = section[item]
+ except KeyError:
+ yield Result(state=State.UNKNOWN, notice='Item not found in SNMP data')
+ return
+
+ now_time = time.time()
+ value_store = get_value_store()
+ metrics_prefix = 'checkpoint_vsx_'
+
+ for key, value in vsx.metrics_rate:
+ try:
+ value = get_rate(value_store, f'{metrics_prefix}{key}', now_time, int(value), raise_overflow=True)
+ except GetRateError:
+ value = 0
+ yield Metric(name=f'checkpoint_vsx_{key}', value=value, boundaries=(0, None))
+
+ # system information
+ yield Result(state=State.OK, summary=f'Main IP: {vsx.vsxStatusMainIP}, VS ID: {vsx.vsxStatusVSId}', details=' ')
+ # Counters
+ # infotext = f'Connections: {vsx.vsxCountersConnNum:.0f}, ' \
+ # f'Packets prosessed: {vsx.vsxCountersPackets:.0f}/s, ' \
+ # f'Logs send: {vsx.vsxCountersLoggedTotal:0.2f}/s')
+
+ yield Result(state=State.OK, notice=f'System name: {item}')
+ yield Result(state=State.OK, notice=f'Virtual system ID: {vsx.vsxStatusVSId}')
+ yield Result(state=State.OK, notice=f'Type: {vsx.vsxStatusVsType}')
+ yield Result(state=State.OK, notice=f'Weight: {vsx.vsxStatusVSWeight}')
+ yield Result(state=State.OK, notice=f'Main IP: {vsx.vsxStatusMainIP}')
+ yield Result(state=State.OK, notice=f'Policy name: {vsx.vsxStatusPolicyName}')
+ yield Result(state=State.OK, notice=f'Policy type: {vsx.vsxStatusVsPolicyType}')
+ yield Result(state=State.OK, notice=f'SIC status: {vsx.vsxStatusSicTrustState}')
+
+ yield Result(state=State.OK, notice=f'Conn table limit: {vsx.vsxCountersConnTableLimit}')
+ yield Result(state=State.OK, notice=f'Is data valid: {vsx.vsxCountersIsDataValid}')
+
+ if vsx.vsxCountersConnTableLimit > 0:
+ yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections',
+ boundaries=(0, vsx.vsxCountersConnTableLimit),
+ levels=(None, vsx.vsxCountersConnTableLimit))
+ else:
+ yield Metric(value=vsx.vsxCountersConnNum, name=f'{metrics_prefix}connections')
+ yield Metric(value=vsx.vsxCountersConnPeakNum, name=f'{metrics_prefix}connections_peak')
+
+ if not vsx.vsxStatusHAState.lower() in ['active', 'standby']:
+ yield Result(state=State.WARN, summary=f'H/A Status: {vsx.vsxStatusHAState}')
+ else:
+ yield Result(state=State.OK, summary=f'H/A Status: {vsx.vsxStatusHAState}')
+
+ if not vsx.vsxStatusSicTrustState.lower() in ['trust established']:
+ yield Result(state=State.WARN, notice='SIC not established')
+
+ if not vsx.vsxStatusVsPolicyType.lower() in ['active']:
+ yield Result(state=State.CRIT, notice='No policy installed')
+
+ if params['policyname'] != vsx.vsxStatusPolicyName: # policy changed
+ yield Result(
+ state=State.WARN,
+ notice=f'Policy name changed: expected {params["policyname"]}, found {vsx.vsxStatusPolicyName}'
+ )
+
+ if params['ha_state'] != vsx.vsxStatusHAState: # H/A state changed
+ yield Result(
+ state=State.WARN,
+ notice=f'State changed: expected/found {params["ha_state"]}/{vsx.vsxStatusHAState}'
+ )
+
+
+register.snmp_section(
+ name='checkpoint_vsx_system',
+ parse_function=parse_checkpoint_vsx_system,
+ supersedes=[
+ 'checkpoint_vsx',
+ 'checkpoint_vsx_connections',
+ 'checkpoint_vsx_traffic',
+ 'checkpoint_vsx_packets',
+ 'checkpoint_vsx_status',
+ ],
+ fetch=SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.16', # CHECKPOINT-MIB::vsx
+ oids=[
+ '22.1.1.1', # vsxStatusVSId
+ '22.1.1.3', # vsxStatusVsName
+ '22.1.1.4', # vsxStatusVsType
+ '22.1.1.5', # vsxStatusMainIP
+ '22.1.1.6', # vsxStatusPolicyName
+ '22.1.1.7', # vsxStatusVsPolicyType
+ '22.1.1.8', # vsxStatusSicTrustState
+ '22.1.1.9', # vsxStatusHAState
+ '22.1.1.10', # vsxStatusVSWeight
+ '23.1.1.2', # vsxCountersConnNum
+ '23.1.1.3', # vsxCountersConnPeakNum
+ '23.1.1.4', # vsxCountersConnTableLimit
+ '23.1.1.5', # vsxCountersPackets
+ '23.1.1.6', # vsxCountersDroppedTotal
+ '23.1.1.7', # vsxCountersAcceptedTotal
+ '23.1.1.8', # vsxCountersRejectedTotal
+ '23.1.1.9', # vsxCountersBytesAcceptedTotal
+ '23.1.1.10', # vsxCountersBytesDroppedTotal
+ '23.1.1.11', # vsxCountersBytesRejectedTotal
+ '23.1.1.12', # vsxCountersLoggedTotal
+ '23.1.1.13', # vsxCountersIsDataValid
+ ]),
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_vsx_system',
+ service_name='VSX System %s',
+ discovery_function=discovery_checkpoint_vsx_system,
+ check_function=check_checkpoint_vsx_system,
+ check_ruleset_name='checkpoint_vsx_system',
+ check_default_parameters={
+ 'vsType': ['virtual system', 'vsx gateway', 'virtual switch', 'virtual router']
+ },
+)
diff --git a/checkpoint_vsx.mkp b/checkpoint_vsx.mkp
index bad2a15f09c29ce110000d7df390deac591fef16..daaecabfd99fbd0ffe02b7a9a423efb61f5cefc4 100644
Binary files a/checkpoint_vsx.mkp and b/checkpoint_vsx.mkp differ
diff --git a/packages/checkpoint_vsx b/packages/checkpoint_vsx
index cd48699ef83e9edc5d0aa557dc56ebb7aba6a6ec..078afc867fb475910206f65caffd143d2d5bcbe4 100644
--- a/packages/checkpoint_vsx
+++ b/packages/checkpoint_vsx
@@ -9,7 +9,7 @@
' - monitors VSX virtual system counters '
'(connections/packets/bytes/logs).\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'agent_based': ['checkpoint_vsx.ps'],
+ 'files': {'agent_based': ['checkpoint_vsx.py'],
'web': ['plugins/metrics/checkpoint_vsx.py']},
'name': 'checkpoint_vsx',
'num_files': 2,
diff --git a/web/plugins/metrics/checkpoint_vsx.py b/web/plugins/metrics/checkpoint_vsx.py
index a4700f234b74cdafe138e328c9a719ea0b516747..d423fd967109977d7106c2ef5c727669b968cfe2 100644
--- a/web/plugins/metrics/checkpoint_vsx.py
+++ b/web/plugins/metrics/checkpoint_vsx.py
@@ -17,6 +17,7 @@ from cmk.gui.plugins.metrics import (
graph_info,
perfometer_info,
)
+
metric_info['checkpoint_vsx_connections'] = {
'title': _('Connections active'),
'unit': 'count',
@@ -70,35 +71,25 @@ metric_info['checkpoint_vsx_bytes_rejected'] = {
'color': '33/a',
}
-metric_info['checkpoint_vsx_logges_send'] = {
+metric_info['checkpoint_vsx_loggs_send'] = {
'title': _('Loggs send'),
'unit': '1/s',
'color': '14/a',
}
-check_metrics['check_mk-checkpoint_vsx'] = {
- 'connections': {'name': 'checkpoint_vsx_connections', },
- 'connections_peak': {'name': 'checkpoint_vsx_connections_peak', },
- 'connections_limit': {'name': 'checkpoint_vsx_connections_limit', },
- 'packets_processed': {'name': 'checkpoint_vsx_packets_processed', },
- 'packets_dropped': {'name': 'checkpoint_vsx_packets_dropped', },
- 'packets_accepted': {'name': 'checkpoint_vsx_packets_accepted', },
- 'packets_rejected': {'name': 'checkpoint_vsx_packets_rejected', },
- 'bytes_accepted': {'name': 'checkpoint_vsx_bytes_accepted', },
- 'bytes_dropped': {'name': 'checkpoint_vsx_bytes_dropped', },
- 'bytes_rejected': {'name': 'checkpoint_vsx_bytes_rejected', },
- 'logges_send': {'name': 'checkpoint_vsx_logges_send', },
-}
-
-graph_info['checkpoint_vsx_connections']={
+graph_info['checkpoint_vsx_connections'] = {
'title': _('Check Point VSX: Connections'),
'metrics': [
('checkpoint_vsx_connections_peak', 'line'),
('checkpoint_vsx_connections', 'area'),
- ]
+ ],
+ 'scalars': [
+ ('checkpoint_vsx_connections:crit', _('crit')),
+ # ('checkpoint_vsx_connections:warn', _('warn')),
+ ],
}
-graph_info['checkpoint_vsx_packets']={
+graph_info['checkpoint_vsx_packets'] = {
'title': _('Check Point VSX: Packets'),
'metrics': [
('checkpoint_vsx_packets_rejected', 'line'),
@@ -108,7 +99,7 @@ graph_info['checkpoint_vsx_packets']={
]
}
-graph_info['checkpoint_vsx_bytes']={
+graph_info['checkpoint_vsx_bytes'] = {
'title': _('Check Point VSX: Bytes'),
'metrics': [
('checkpoint_vsx_bytes_rejected', 'line'),
@@ -117,7 +108,7 @@ graph_info['checkpoint_vsx_bytes']={
]
}
-graph_info['checkpoint_vsx_logges_send']={
+graph_info['checkpoint_vsx_logges_send'] = {
'title': _('Check Point VSX: Logs'),
'metrics': [
('checkpoint_vsx_logges_send', 'line'),
@@ -128,14 +119,13 @@ perfometer_info.append(('stacked', [
{
'type': 'logarithmic',
'metric': 'checkpoint_vsx_connections',
- 'half_value': 259200.0,
+ 'half_value': 50000.0,
'exponent': 2,
},
{
'type': 'logarithmic',
'metric': 'checkpoint_vsx_packets_processed',
- 'half_value': 25920.0,
+ 'half_value': 50000.0,
'exponent': 2,
},
]))
-