# Cisco TrustSec Collection of plugins to monitor the Cisco TrustSec status * _cisco_trustsec_pac_: monitors the TustSec PAC status * _cisco_trustsec_environment_: monitors the TrustSec environment status * _cisco_trustsec_sxp_peer_: monitors the status of TrustSec SXP peers * _cisco_trustsec_server_: monitors the status of TrustSec download servers --- ### Download * [cisco_trustsec.mkp](https://thl-cmk.hopto.org/gitlab/checkmk/cisco/cisco_trustsec/-/raw/master/cisco_trustsec.mkp "Download the MKP file") --- ### Installation You can install the package by uploading it to your CheckMK site and as site user run `mkp install cisco_trustsec.mkp`. In the Enterprise/Free edition of CheckMK you can use the GUI to install the package (_Setup_ -> _Extension Packages_ -> _Upload package_) --- ### Want to Contribute? Nice ;-) Have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing") --- ### Check Info *cisco_trustsec_pac*: * _service_: this check creates the service **_TrustSec PAC**_ for each PAC entry with the PAC index as item * _state_: * **critical**: if the PAC is expired * **critical**/**warning** if outside the configured levels for PAC expiration * _wato_: * Monitoring state for expired PAC * Levels for to PAC expiration * _perfdata_: time to expire in seconds Sample output ![sample output](/doc/sample_trustsec_pac.png?raw=true "sample trustsec pac") --- ### Check Info *cisco_trustsec_environment*: * _service_: this check creates the service **_TrustSec environment_** * _state_: * **critical** if environment download status is failed, incomplete or timed out * **warning** if environment download status is other, inprogress or cleared * **critical**/**warning** if refresh overdue outside the configured levels * _wato_: * Levels for refresh overdue in hours * Monitoring states for environment download status * _perfdata_: time to refresh in seconds Sample output ![sample output](/doc/sample_trustsec_env.png?raw=true "sample output trustsec environment") --- ### Check Info *cisco_trustsec_sxp_peer*: * _service_: this check creates the service **_TrustSec SXP peer_** for each SXP peer with the peer IP-address as item * _state_: * **critical** if peer status is off * **warning** if peer status is other, pending on* or delete hold down * **critical**/**warning** if uptime less than the configured levels * _wato_: * Monitoring state for SXP peer status and SXP peer not found in SNMP data * Levels for minimal uptime in minutes * Alias for each SXP peer * _perfdata_: uptime Sample output ![sample output](/doc/sample_trustsec_sxp_peer.png?raw=true "sample trustsec scp peer") --- ### Check Info *cisco_trustsec_server*: + _service_: this check creates the service **_TrustSec server_** for each download server with the server IP-address as item * _state_: * **critical** if the server status is not alive * **warning** if server is not provisioned or server tests are not enabled * _wato_: * Monitoring state for Server status, Server provision, Server test enabled, Server not found in SNMP data * Alias for each server * _perfdata_: none Sample output ![sample output](/doc/sample_trustsec_server.png?raw=true "sample trustsec server")