Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit b5a92c24 authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

cleanup

parents
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md 0 → 100644
+ 56
0
View file @ b5a92c24
# Cisco IPSec VPN tunnel
Monitors the status of Cisco IPSec VPN tunnels. Tis is a complete rewrite of the original check
Check Info:
* *service*: this check creates on service vor eah IPSec VPN tunnel
* *state*:
* **warning** if VPN tunnel has no IPSec infromation (missing phase 2))
* **unkown** if VPN tunnel missing
* *wato*:
* you can configure the state for missing VPN tunnels and for missing IPSec information. This states can be configured globaly or per tunnel.
* you can configure an tunnel alias
* *perfdata*:\
**IKE counter**
* IKE active time (s)
* IKE Bytes in (bytes/s)
* IKE Bytes out (byte/s)
* IKE packets in (/s)
* IKE packets out (/s)
* IKE packets dropped in (/s)
* IKE packets dropped out (/s)
* IKE in notifies (count)
* IKE out notifies (count)
* IKE in phase 2 exchanges (count)
* IKE out phase 2 exchanges (count)
* IKE in phase 2 exchanges invalid (count)
* IKE out phase 2 exchanges invalid (count)
* IKE in phase 2 exchanges rejected (count)
* IKE out phase 2 exchanges rejected (count)
* IKE in phase 2 SA delete requests (count)
* IKE out phase 2 SA delete requests (count)
**IPSec counter**
* IPSec active time (s)
* IPSec Bytes in (byte/s)
* IPSec Bytes out (byte/s)
* IPSec packets in (/s)
* IPSec packets out (/s)
* IPSec packets dropped in (/s)
* IPSec packets dropped out (/s)
* IPSec in decompressed octets (/s)
* IPSec out compressed octets (/s)
* IPSec in authentication\'s (count)
* IPSec out authentication\'s (count)
* IPSec in authentication\'s failed (count)
* IPSec out authentication\'s failed (count)
* IPSec in decryption\'s (count)
* IPSec out encryption\'s (count)
* IPSec in decryption\'s failed (count)
* IPSec out encryption\'s failed (count)
* IPSec in replay packets dropped (count)
Sample output
![sample output](/doc/sample.png?raw=true "sample [SHORT TITLE]")
checks/cisco_vpn_tunnel 0 → 100644
+ 403
0
View file @ b5a92c24
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
#
#
# Cisco VPN tunnel rewrite
#
# Author: Th.L.
# Date : 2017-12-28
#
# Monitor status of Cisco VPN tunnel phase 1 and 2
#
# 10.01.2018: Th.L.: added handling for tunnel not found
# 23.01.2018: Th.L.: removed unnecessary counters
# 15.02.2018: Th.L.: removed ipsec tunnel status, changed ike ipv4 check
# 16.02.2018: Th.L.: readded tunnel alias
# 11.07.2018: Th.L.: added parameter for missing IPSec SA, changed 'parsed' to use peer ip as index
#
# snmpwalk sample
#
#
# {'state': 0, 'tunnels': [('192.168.1.2', u'tnnel-aliias', 1)]}
factory_settings['vpn_tunnel_defaults'] = {
# 'state': 3, # default state for tunnel not found
# 'tunnels': [] # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>)
}
###########################################################################
#
# DATA Parser function
#
###########################################################################
def parse_cisco_vpn_tunnel(info):
ipsectunnelsummary = {}
vpntunnel = {}
cikeTunnelEntry, cipSecTunnelEntry = info
def cisco_vpn_tunnel_render_ipv4_address(bytestring):
return ".".join(["%s" % ord(m) for m in bytestring])
# summarize IPSec SAs, ASSUMPTION: except for counters all SA attributes are identical per IKE index
for entry in cipSecTunnelEntry:
if not saveint(entry[0]) == 0:
if int(entry[0]) in ipsectunnelsummary.keys(): # summarize IPSec SA values for IKE tunnel index
ipsecsa = ipsectunnelsummary.get(int(entry[0]))
ipsecsa.update({'ipsecsacount': ipsecsa.get('ipsecsacount') + 1})
ipsecsa.update({'cipSecTunHcInOctets': ipsecsa.get('cipSecTunHcInOctets') + int(entry[3])})
ipsecsa.update({'cipSecTunInPkts': ipsecsa.get('cipSecTunInPkts') + int(entry[4])})
ipsecsa.update({'cipSecTunInDropPkts': ipsecsa.get('cipSecTunInDropPkts') + int(entry[5])})
ipsecsa.update({'cipSecTunHcOutOctets': ipsecsa.get('cipSecTunHcOutOctets') + int(entry[6])})
ipsecsa.update({'cipSecTunOutPkts': ipsecsa.get('cipSecTunOutPkts') + int(entry[7])})
ipsecsa.update({'cipSecTunOutDropPkts': ipsecsa.get('cipSecTunOutDropPkts') + int(entry[8])})
if int(entry[2]) / 100 > ipsecsa.get('cipSecTunActiveTime'):
ipsecsa.update({'cipSecTunActiveTime': int(entry[2]) / 100})
else: # new IKE tunnel index
ipsecsa = {}
ipsecsa.update({'ipsecsacount': 1})
ipsecsa.update({'cipSecTunIkeTunnelAlive': entry[1]})
ipsecsa.update({'cipSecTunActiveTime': int(entry[2]) / 100})
ipsecsa.update({'cipSecTunHcInOctets': int(entry[3])})
ipsecsa.update({'cipSecTunInPkts': int(entry[4])})
ipsecsa.update({'cipSecTunInDropPkts': int(entry[5])})
ipsecsa.update({'cipSecTunHcOutOctets': int(entry[6])})
ipsecsa.update({'cipSecTunOutPkts': int(entry[7])})
ipsecsa.update({'cipSecTunOutDropPkts': int(entry[8])})
ipsectunnelsummary.update({int(entry[0]): ipsecsa})
# IKE tunnel index
for entry in cikeTunnelEntry:
tunnel = {}
if not saveint(entry[0]) == 0:
# if int(entry[17]) == 2: # drop agressive mode tunnel, likely Remote Access
tunnel.update({'cikeTunRemoteAddr': cisco_vpn_tunnel_render_ipv4_address(entry[7])})
if len(tunnel.get('cikeTunRemoteAddr').split('.')) != 4:
tunnel.update({'cikeTunRemoteAddr': entry[6]}) # IP address (hopefully)
if len(tunnel.get('cikeTunRemoteAddr').split('.')) == 4:
tunnel.update({'cikeTunIndex': int(entry[0])})
tunnel.update({'cikeTunLocalType': int (entry[1])})
tunnel.update({'cikeTunLocalValue': entry[2]})
tunnel.update({'cikeTunLocalAddr': cisco_vpn_tunnel_render_ipv4_address(entry[3])})
tunnel.update({'cikeTunLocalName': entry[4]})
tunnel.update({'cikeTunRemoteType': int(entry[5])})
tunnel.update({'cikeTunRemoteValue': entry[6]})
tunnel.update({'cikeTunRemoteName': entry[8]})
tunnel.update({'cikeTunActiveTime': int(entry[9]) / 100})
tunnel.update({'cikeTunInOctets': int(entry[10])})
tunnel.update({'cikeTunInPkts': int(entry[11])})
tunnel.update({'cikeTunInDropPkts': int(entry[12])})
tunnel.update({'cikeTunOutOctets': int(entry[13])})
tunnel.update({'cikeTunOutPkts': int(entry[14])})
tunnel.update({'cikeTunOutDropPkts': int(entry[15])})
tunnel.update({'cikeTunStatus': int(entry[16])})
# add IPSec SA summary for IKE tunnel index
tunnel.update({'ipsecsummary': ipsectunnelsummary.get(tunnel.get('cikeTunIndex'))})
vpntunnel.update({tunnel.get('cikeTunRemoteAddr'):tunnel})
return vpntunnel
###########################################################################
#
# Inventory function
#
###########################################################################
def inventory_cisco_vpn_tunnel(parsed):
for cikeTunRemoteAddr in parsed.keys():
yield cikeTunRemoteAddr, {}
###########################################################################
#
# Check function
#
###########################################################################
def check_cisco_vpn_tunnel(item, params, parsed):
infotext = ''
longoutput = ''
alias = ''
tunnel_not_found_state = params.get('state', 3)
missing_ipsec_sa_state = params.get('missing_ipsec_sa_state', 1)
perfdata = []
state = 0
def ikepeertype(type):
name = {
1: 'ipAddrPeer',
2: 'namePeer',
}
if type in name.keys():
return name.get(type)
else:
return 'unknown (%s)' % type
def ikenegomode(mode):
name = {1: 'main',
2: 'aggressive',
3: 'IKEv2 main([3]?)'
}
if mode in name.keys():
return name.get(mode)
else:
return 'unknown (%s)' % mode
def diffhellmangrp(group):
name = {1: 'none',
2: 'DH1 (768bit)',
3: 'DH2 (1024bit)',
4: 'DH5 (1536bit) [4]?',
5: 'DH14 (2048bit)[5]?',
6: 'DH15 (3072bit) [6]?',
7: 'DH16 (4096bit) [7]?',
8: 'ECDH19 (256bit) [8]?',
9: 'ECDH20 (384bit) [9]?',
10: 'DH/DSA24 (2048bit) [10]?',
}
if group in name.keys():
return name.get(group)
else:
return 'unknown (%s)' % group
def encryptalgo(algo):
name = {1: 'none',
2: 'des',
3: 'des3',
4: 'aes-128 [4]?',
5: 'aes-192 [5]?',
6: 'aes-256 [6]?',
7: 'aes-gcm-128 [7]?',
8: 'aes-gcm-191 [8]?',
9: 'aes-gcm-256 [9]?',
}
if algo in name.keys():
return name.get(algo)
else:
return 'unknown (%s)' % algo
def ikehashalgo(algo):
name = {
1: 'none',
2: 'md5',
3: 'sha',
7: 'sha2-256 [7]?',
8: 'sha2-384 [8]?',
9: 'sha2-512 [9]?',
}
if algo in name.keys():
return name.get(algo)
else:
return 'unknown (%s)' % algo
def ikeauthmethod(method):
name = {
1: 'none',
2: 'preSharedKey',
3: 'rsaSig',
4: 'rsaEncrypt',
5: 'revPublicKey',
}
if method in name.keys():
return name.get(method)
else:
return 'unknown (%s)' % method
def tunnelstatus(status):
name = {
1: 'active',
2: 'destroy',
}
if status in name.keys():
return name.get(status)
else:
return 'unknown (%s)' % status
def ipsec_keytype(type):
name = {
1: 'ike',
2: 'manual',
}
if type in name.keys():
return name.get(type)
else:
return 'unknown (%s)' % type
def ipsec_encapmode(mode):
name = {
1: 'tunnel',
2: 'transport',
}
if mode in name.keys():
return name.get(mode)
else:
return 'unknown (%s)' % mode
def ipsec_authalgo(algo):
name = {
1: 'none',
2: 'hmacMd5',
3: 'hmacSha',
}
if algo in name.keys():
return name.get(algo)
else:
return 'unknown (%s)' % algo
def ipsec_compalgo(algo):
name = {
1: 'none',
2: 'ldf',
}
if algo in name.keys():
return name.get(algo)
else:
return 'unknown (%s)' % algo
def cisco_vpn_tunnel_time(uptime): # expects time in seconds
m, s = divmod(uptime, 60) # break in seconds / minutes
h, m = divmod(m, 60) # break in mintes / hours
if h >= 24: # more then one day
d, h = divmod(h, 24) # break in hours / days
else:
return '%02d:%02d:%02d' % (h, m, s)
if d >= 365: # more the one year
y, d = divmod(d, 365) # break in days / years
return '%dy %dd %02d:%02d:%02d' % (y, d, h, m, s)
else:
return '%dd %02d:%02d:%02d' % (d, h, m, s)
for tunnel_ip, tunnel_alias, not_found_state, ipsec_sa_state in params.get('tunnels', []):
if item == tunnel_ip:
alias = tunnel_alias
tunnel_not_found_state = not_found_state
missing_ipsec_sa_state = ipsec_sa_state
if item in parsed.keys():
tunnel = parsed.get(item)
if item == tunnel.get('cikeTunRemoteAddr'):
state = 0
ipsecsummary = tunnel.get('ipsecsummary')
if alias != '':
infotext = 'Alias: %s: ' % alias
infotext += 'IKE active time: %s' % (cisco_vpn_tunnel_time(tunnel.get('cikeTunActiveTime')))
now_time = time.time()
# convert to octets/packets per second
tunnel.update({'cikeTunInOctets' : get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunInOctets', item), now_time, tunnel.get('cikeTunInOctets'), onwrap=SKIP)})
tunnel.update({'cikeTunOutOctets' : get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunOutOctets', item), now_time, tunnel.get('cikeTunInPkts'), onwrap=SKIP)})
tunnel.update({'cikeTunInPkts' : get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunInPkts', item), now_time, tunnel.get('cikeTunOutOctets'), onwrap=SKIP)})
tunnel.update({'cikeTunOutPkts' : get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunOutPkts', item), now_time, tunnel.get('cikeTunOutPkts'), onwrap=SKIP)})
tunnel.update({'cikeTunInDropPkts' : get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunInDropPkts', item), now_time, tunnel.get('cikeTunInDropPkts'), onwrap=SKIP)})
tunnel.update({'cikeTunOutDropPkts': get_rate('cisco_vpn_tunnel.%s.%s' % ('cikeTunOutDropPkts', item), now_time, tunnel.get('cikeTunOutDropPkts'), onwrap=SKIP)})
longoutput += '\nIKE Status : %s' % tunnelstatus(tunnel.get('cikeTunStatus'))
longoutput += '\nTunnel address local : %s' % tunnel.get('cikeTunLocalAddr')
longoutput += '\nTunnel address remote : %s' % tunnel.get('cikeTunRemoteAddr')
# 'unit', <value>, <warn-at>, <crit-at>, <min value>, <max value>
perfdata.append(('cikeTunInOctets', tunnel.get('cikeTunInOctets')))
perfdata.append(('cikeTunOutOctets', tunnel.get('cikeTunOutOctets')))
perfdata.append(('cikeTunInPkts', tunnel.get('cikeTunInPkts')))
perfdata.append(('cikeTunOutPkts', tunnel.get('cikeTunOutPkts')))
perfdata.append(('cikeTunInDropPkts', tunnel.get('cikeTunInDropPkts')))
perfdata.append(('cikeTunOutDropPkts', tunnel.get('cikeTunOutDropPkts')))
perfdata.append(('cikeTunActiveTime', tunnel.get('cikeTunActiveTime')))
if not ipsecsummary == None:
# convert to octets/packets per second
ipsecsummary.update({'cipSecTunHcInOctets': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunHcInOctets', item), now_time, ipsecsummary.get('cipSecTunHcInOctets'), onwrap=SKIP)})
ipsecsummary.update({'cipSecTunHcOutOctets': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunHcOutOctets', item), now_time, ipsecsummary.get('cipSecTunHcOutOctets'), onwrap=SKIP)})
ipsecsummary.update({'cipSecTunInPkts': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunInPkts', item), now_time, ipsecsummary.get('cipSecTunInPkts'), onwrap=SKIP)})
ipsecsummary.update({'cipSecTunOutPkts': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunOutPkts', item), now_time, ipsecsummary.get('cipSecTunOutPkts'), onwrap=SKIP)})
ipsecsummary.update({'cipSecTunInDropPkts': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunInDropPkts', item), now_time, ipsecsummary.get('cipSecTunInDropPkts'), onwrap=SKIP)})
ipsecsummary.update({'cipSecTunOutDropPkts': get_rate('cisco_vpn_tunnel.%s.%s' % ('cipSecTunOutDropPkts', item), now_time, ipsecsummary.get('cipSecTunOutDropPkts'), onwrap=SKIP)})
infotext += ', IPSec active time: %s, IPSec SAs: %s, IPSec (in/out) %01.0d/%01.0d bytes/s' \
% (cisco_vpn_tunnel_time(ipsecsummary.get('cipSecTunActiveTime')),
ipsecsummary.get('ipsecsacount'),
ipsecsummary.get('cipSecTunHcInOctets'),
ipsecsummary.get('cipSecTunHcOutOctets'))
# 'unit', <value>, <warn-at>, <crit-at>, <min value>, <max value>
perfdata.append(('cipSecTunHcInOctets', ipsecsummary.get('cipSecTunHcInOctets')))
perfdata.append(('cipSecTunHcOutOctets', ipsecsummary.get('cipSecTunHcOutOctets')))
perfdata.append(('cipSecTunInPkts', ipsecsummary.get('cipSecTunInPkts')))
perfdata.append(('cipSecTunOutPkts', ipsecsummary.get('cipSecTunOutPkts')))
perfdata.append(('cipSecTunInDropPkts', ipsecsummary.get('cipSecTunInDropPkts')))
perfdata.append(('cipSecTunOutDropPkts', ipsecsummary.get('cipSecTunOutDropPkts')))
perfdata.append(('cipSecTunActiveTime', ipsecsummary.get('cipSecTunActiveTime')))
else:
yield missing_ipsec_sa_state, 'No IPSec sa found'
# tunnel not found
else:
yield tunnel_not_found_state, 'VPN Tunnel %s not found' % alias
state = tunnel_not_found_state
yield state, infotext + longoutput, perfdata
###########################################################################
#
# Check info
#
###########################################################################
check_info['cisco_vpn_tunnel'] = {
'check_function' : check_cisco_vpn_tunnel,
'inventory_function' : inventory_cisco_vpn_tunnel,
'service_description' : 'VPN Tunnel %s',
'group' : 'vpn_tunnel',
'default_levels_variable': 'vpn_tunnel_defaults',
'has_perfdata' : True,
'parse_function' : parse_cisco_vpn_tunnel,
'snmp_scan_function' : lambda oid: oid('.1.3.6.1.2.1.1.1.0').lower().find('cisco') != -1 and
oid('.1.3.6.1.4.1.9.9.171.1.2.3.1.*'), # CISCO-IPSEC-FLOW-MONITOR-MIB::cikeTunnelEntry
'snmp_info' : [
('.1.3.6.1.4.1.9.9.171.1.2.3.1', [
OID_END, # TunnelIndex (0)
'2', # cikeTunLocalType (1)
'3', # cikeTunLocalValue (2)
'4', # cikeTunLocalAddr (3)
'5', # cikeTunLocalName (4)
'6', # cikeTunRemoteType (5)
'7', # cikeTunRemoteValue (6)
'8', # cikeTunRemoteAddr (7)
'9', # cikeTunRemoteName (8)
'16', # cikeTunActiveTime (9)
'19', # cikeTunInOctets (10)
'20', # cikeTunInPkts (11)
'21', # cikeTunInDropPkts (12)
'27', # cikeTunOutOctets (13)
'28', # cikeTunOutPkts (14)
'29', # cikeTunOutDropPkts (15)
'35', # cikeTunStatus (16)
'10', # cikeTunNegoMode (17)
]),
('.1.3.6.1.4.1.9.9.171.1.3.2.1', [ # CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecTunnelEntry
'2', # cipSecTunIkeTunnelIndex (0)
'3', # cipSecTunIkeTunnelAlive (1)
'10', # cipSecTunActiveTime (2)
'27', # cipSecTunHcInOctets (3)
'32', # cipSecTunInPkts (4)
'33', # cipSecTunInDropPkts (5)
'40', # cipSecTunHcOutOctets (6)
'45', # cipSecTunOutPkts (7)
'46', # cipSecTunOutDropPkts (8)
]),
],
}
cisco_vpn_tunnel.mkp 0 → 100644
+ 0
0
View file @ b5a92c24
File added
doc/sample.png 0 → 100644
+ 0
0
View file @ b5a92c24
doc/sample.png

126 KiB

packages/cisco_vpn_tunnel 0 → 100644
+ 13
0
View file @ b5a92c24
{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': u'Monitors Cisco VPN Tunnel. Complete rewrite of the original check.\nCreates one service for each VPN Tunnel.\nperfdata contains: IKE and IPSec statistics for uptime, in/out octets and packets.\n',
'download_url': 'https://thl-cmk.hopto.org',
'files': {'checks': ['cisco_vpn_tunnel'],
'web': ['plugins/metrics/cisco_vpn_tunnel.py',
'plugins/wato/cisco_vpn_tunnel.py']},
'name': 'cisco_vpn_tunnel',
'num_files': 3,
'title': u'Monitor Cisco VPN Tunnel',
'version': '20180806v.0.1g',
'version.min_required': '1.2.8b8',
'version.packaged': '1.4.0p35'}
\ No newline at end of file
web/plugins/metrics/cisco_vpn_tunnel.py 0 → 100644
+ 448
0
View file @ b5a92c24
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
#
# Cisco VPN Tunnel metrics plugin
#
# Author: Th.L.
# Date : 2017-12-29
#
# key a green 11/a 21/a 31/a 41/a 12/a 22/a 32/a 42/a
colors_a = ['#80F000', '#a500ff', '#ffc600', '#00ffb2', '#0075ff', '#cc00ff', '#ffd600', '#00ffff', '#0047ff',
# 13/a 23/a 33/a 43/a 14/a 24/a 34/a 44/a 15/a
'#f900ff', '#ffed00', '#00e8ff', '#000aff', '#ff4c00', '#e2ff00', '#00d1ff', '#4200ff', '#ff7a00',
# 25/a 35/a 45/a 16/a 26/a 36/a 46/a 51/a 52/a
'#bcff00', '#00b2ff', '#6000ff', '#ffa000', '#7fff00', '#0093ff', '#7f00ff', '#7f7f7f', '#7f4a26',
# 53/a
'#8c531c']
# key b green 11/b 21/b 31/b 41/b 12/b 22/b 32/b 42/b
colors_b = ['#80F000', '#c966ff', '#cc9f00', '#00cc8e', '#66acff', '#e066ff', '#ccab00', '#00cccc', '#6690ff',
# 13/b 23/b 33/b 43/b 14/b 24/b 34/b 44/b 15/b
'#fb66ff', '#ccbd00', '#00b9cc', '#666cff', '#ff9366', '#b5cc00', '#00a7cc', '#8d66ff', '#ffaf66',
# 25/b 35/b 45/b 16/b 26/b 36/b 46/b 51/b 52/b
'#96cc00', '#008ecc', '#a066ff', '#ffc666', '#66cc00', '#0076cc', '#b266ff', '#7f7f7f', '#7f5f49',
# 53/b
'#8c6a48']
def cisco_vpn_tunnel_render_uptime(uptime): # expects time in seconds
m, s = divmod(uptime, 60) # break in seconds / minutes
h, m = divmod(m, 60) # break in mintes / hours
if h >= 24: # more then one day
d, h = divmod(h, 24) # break in hours / days
else:
return '%02d:%02d:%02d' % (h, m, s)
if d >= 365: # more the one year
y, d = divmod(d, 365) # break in days / years
return '%dy %dd %02d:%02d:%02d' % (y, d, h, m, s)
else:
return '%dd %02d:%02d:%02d' % (d, h, m, s)
#####################################################################################################################
#
# define units for cisco_vpm_tunnel perfdata
#
#####################################################################################################################
unit_info['active_time'] = {
'title': _('Last update'),
'description': _('SA active time'),
'symbol': _(''),
'render': lambda v: cisco_vpn_tunnel_render_uptime(v),
'stepping': 'time', # for vertical graph labels
}
#####################################################################################################################
#
# define metrics for bgp peer perfdata
#
#####################################################################################################################
metric_info['cisco_vpn_tunnel_cikeTunActiveTime'] = {
'title': _('IKE active time'),
'help': _(''),
#'unit': 'active_time',
'unit': 's',
'color': colors_a[0],
}
metric_info['cisco_vpn_tunnel_cikeTunInOctets'] = {
'title': _('IKE Bytes in'),
'unit': 'bytes/s',
'color': colors_a[1],
}
metric_info['cisco_vpn_tunnel_cikeTunOutOctets'] = {
'title': _('IKE Bytes out'),
'help': _(''),
'unit': 'bytes/s',
'color': colors_a[2],
}
metric_info['cisco_vpn_tunnel_cikeTunInPkts'] = {
'title': _('IKE packets in'),
'help': _(''),
'unit': '1/s',
'color': colors_a[3],
}
metric_info['cisco_vpn_tunnel_cikeTunOutPkts'] = {
'title': _('IKE packets out'),
'help': _(''),
'unit': '1/s',
'color': colors_a[4],
}
metric_info['cisco_vpn_tunnel_cikeTunInDropPkts'] = {
'title': _('IKE packets dropped in'),
'help': _(''),
'unit': '1/s',
'color': colors_a[5],
}
metric_info['cisco_vpn_tunnel_cikeTunOutDropPkts'] = {
'title': _('IKE packets dropped out'),
'help': _(''),
'unit': '1/s',
'color': colors_a[6],
}
metric_info['cisco_vpn_tunnel_cikeTunInNotifys'] = {
'title': _('IKE in notifies'),
'help': _(''),
'unit': 'count',
'color': colors_a[7],
}
metric_info['cisco_vpn_tunnel_cikeTunOutNotifys'] = {
'title': _('IKE out notifies'),
'help': _(''),
'unit': 'count',
'color': colors_a[8],
}
metric_info['cisco_vpn_tunnel_cikeTunInP2Exchgs'] = {
'title': _('IKE in phase 2 exchanges'),
'help': _(''),
'unit': 'count',
'color': colors_a[9],
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2Exchgs'] = {
'title': _('IKE out phase 2 exchanges'),
'help': _(''),
'unit': 'count',
'color': colors_a[10],
}
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'] = {
'title': _('IKE in phase 2 exchanges invalid'),
'help': _(''),
'unit': 'count',
'color': colors_a[11],
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'] = {
'title': _('IKE out phase 2 exchanges invalid'),
'help': _(''),
'unit': 'count',
'color': colors_a[12],
}
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgRejects'] = {
'title': _('IKE in phase 2 exchanges rejected'),
'help': _(''),
'unit': 'count',
'color': colors_a[13],
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'] = {
'title': _('IKE out phase 2 exchanges rejected'),
'help': _(''),
'unit': 'count',
'color': colors_a[14],
}
metric_info['cisco_vpn_tunnel_cikeTunInP2SaDelRequests'] = {
'title': _('IKE in phase 2 SA delete requests'),
'help': _(''),
'unit': 'count',
'color': colors_a[15],
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'] = {
'title': _('IKE out phase 2 SA delete requests'),
'help': _(''),
'unit': 'count',
'color': colors_a[16],
}
# IPSec counter
metric_info['cisco_vpn_tunnel_cipSecTunActiveTime'] = {
'title': _('IPSec active time'),
'help': _(''),
'unit': 's',
'color': colors_b[0],
}
metric_info['cisco_vpn_tunnel_cipSecTunHcInOctets'] = {
'title': _('IPSec Bytes in'),
'help': _(''),
'unit': 'bytes/s',
'color': colors_b[1],
}
metric_info['cisco_vpn_tunnel_cipSecTunHcOutOctets'] = {
'title': _('IPSec Bytes out'),
'help': _(''),
'unit': 'bytes/s',
'color': colors_b[2],
}
metric_info['cisco_vpn_tunnel_cipSecTunInPkts'] = {
'title': _('IPSec packets in'),
'help': _(''),
'unit': '1/s',
'color': colors_b[3],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutPkts'] = {
'title': _('IPSec packets out'),
'help': _(''),
'unit': '1/s',
'color': colors_b[4],
}
metric_info['cisco_vpn_tunnel_cipSecTunInDropPkts'] = {
'title': _('IPSec packets dropped in'),
'help': _(''),
'unit': '1/s',
'color': colors_b[5],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutDropPkts'] = {
'title': _('IPSec packets dropped out'),
'help': _(''),
'unit': '1/s',
'color': colors_b[6],
}
metric_info['cisco_vpn_tunnel_cipSecTunHcInDecompOctets'] = {
'title': _('IPSec in decompressed octets'),
'help': _(''),
'unit': '1/s',
'color': colors_b[7],
}
metric_info['cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'] = {
'title': _('IPSec out compressed octets'),
'help': _(''),
'unit': '1/s',
'color': colors_b[8],
}
metric_info['cisco_vpn_tunnel_cipSecTunInAuths'] = {
'title': _('IPSec in authentication\'s'),
'help': _(''),
'unit': 'count',
'color': colors_b[9],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutAuths'] = {
'title': _('IPSec out authentication\'s'),
'help': _(''),
'unit': 'count',
'color': colors_b[10],
}
metric_info['cisco_vpn_tunnel_cipSecTunInAuthFails'] = {
'title': _('IPSec in authentication\'s failed'),
'help': _(''),
'unit': 'count',
'color': colors_b[11],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutAuthFails'] = {
'title': _('IPSec out authentication\'s failed'),
'help': _(''),
'unit': 'count',
'color': colors_b[12],
}
metric_info['cisco_vpn_tunnel_cipSecTunInDecrypts'] = {
'title': _('IPSec in decryption\'s'),
'help': _(''),
'unit': 'count',
'color': colors_b[13],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutEncrypts'] = {
'title': _('IPSec out encryption\'s'),
'help': _(''),
'unit': 'count',
'color': colors_b[14],
}
metric_info['cisco_vpn_tunnel_cipSecTunInDecryptFails'] = {
'title': _('IPSec in decryption\'s failed'),
'help': _(''),
'unit': 'count',
'color': colors_b[15],
}
metric_info['cisco_vpn_tunnel_cipSecTunOutEncryptFails'] = {
'title': _('IPSec out encryption\'s failed'),
'help': _(''),
'unit': 'count',
'color': colors_b[16],
}
metric_info['cisco_vpn_tunnel_cipSecTunInReplayDropPkts'] = {
'title': _('IPSec in replay packets dropped'),
'help': _(''),
'unit': 'count',
'color': colors_b[17],
}
######################################################################################################################
#
# map bgp peer perfdata to metric, not really necessary but makes sure to use the right metrics
#
######################################################################################################################
check_metrics['check_mk-cisco_vpn_tunnel'] = {
'cikeTunInOctets': {'name': 'cisco_vpn_tunnel_cikeTunInOctets'},
'cikeTunOutOctets': {'name': 'cisco_vpn_tunnel_cikeTunOutOctets'},
'cikeTunInPkts': {'name': 'cisco_vpn_tunnel_cikeTunInPkts'},
'cikeTunOutPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutPkts'},
'cikeTunInDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunInDropPkts'},
'cikeTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutDropPkts'},
'cikeTunInNotifys': {'name': 'cisco_vpn_tunnel_cikeTunInNotifys'},
'cikeTunOutNotifys': {'name': 'cisco_vpn_tunnel_cikeTunOutNotifys'},
'cikeTunInP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunInP2Exchgs', 'auto_graph' : False},
'cikeTunOutP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunOutP2Exchgs'},
'cikeTunInP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'},
'cikeTunOutP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'},
'cikeTunInP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgRejects'},
'cikeTunOutP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'},
'cikeTunInP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunInP2SaDelRequests'},
'cikeTunOutP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'},
'cikeTunActiveTime': {'name': 'cisco_vpn_tunnel_cikeTunActiveTime'},
'cipSecTunHcInOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInOctets'},
'cipSecTunHcOutOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutOctets'},
'cipSecTunHcInDecompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInDecompOctets'},
'cipSecTunHcOutUncompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'},
'cipSecTunInPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInPkts'},
'cipSecTunOutPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutPkts'},
'cipSecTunInDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInDropPkts'},
'cipSecTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutDropPkts'},
'cipSecTunInAuths': {'name': 'cisco_vpn_tunnel_cipSecTunInAuths'},
'cipSecTunOutAuths': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuths'},
'cipSecTunInAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunInAuthFails'},
'cipSecTunOutAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuthFails'},
'cipSecTunInDecrypts': {'name': 'cisco_vpn_tunnel_cipSecTunInDecrypts'},
'cipSecTunOutEncrypts': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncrypts'},
'cipSecTunInDecryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunInDecryptFails'},
'cipSecTunOutEncryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncryptFails'},
'cipSecTunInReplayDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInReplayDropPkts'},
'cipSecTunActiveTime': {'name': 'cisco_vpn_tunnel_cipSecTunActiveTime'},
}
######################################################################################################################
#
# how to graph perdata for cisco_vpn_tunnel
#
######################################################################################################################
graph_info.append({
'title': _('IKE active time'),
'metrics': [
('cisco_vpn_tunnel_cikeTunActiveTime', 'area'),
],
})
graph_info.append({
'title': _('IKE Bytes/s'),
'metrics': [
('cisco_vpn_tunnel_cikeTunOutOctets', '-area'),
('cisco_vpn_tunnel_cikeTunInOctets', 'area'),
],
})
graph_info.append({
'title': _('IKE packets/s'),
'metrics': [
('cisco_vpn_tunnel_cikeTunOutDropPkts', '-line'),
('cisco_vpn_tunnel_cikeTunInDropPkts', 'line'),
('cisco_vpn_tunnel_cikeTunOutPkts', '-line'),
('cisco_vpn_tunnel_cikeTunInPkts', 'line'),
],
})
# graph_info.append({
# 'title': _('IKE in data'),
# 'metrics': [
# ('cisco_vpn_tunnel_cikeTunInNotifys', 'line'),
# # ('cisco_vpn_tunnel_cikeTunInP2Exchgs', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2ExchgInvalids', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2ExchgRejects', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2SaDelRequests', 'line'),
# ],
# })
#
# graph_info.append({
# 'title': _('IKE out data'),
# 'metrics': [
#
# ('cisco_vpn_tunnel_cikeTunOutNotifys', '-line'),
# # ('cisco_vpn_tunnel_cikeTunOutP2Exchgs', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2ExchgRejects', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2SaDelRequests', '-line'),
# ],
# })
graph_info.append({
'title': _('IPSec active time'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunActiveTime', 'area'),
],
})
graph_info.append({
'title': _('IPSec Bytes/s'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunHcOutOctets', '-area'),
('cisco_vpn_tunnel_cipSecTunHcInOctets', 'area'),
],
})
graph_info.append({
'title': _('IPSec packets/s'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunOutDropPkts', '-stack'),
('cisco_vpn_tunnel_cipSecTunInDropPkts', 'stack'),
('cisco_vpn_tunnel_cipSecTunOutPkts', '-stack'),
('cisco_vpn_tunnel_cipSecTunInPkts', 'stack'),
],
})
# graph_info.append({
# 'title': _('IPSec in data'),
# 'metrics': [
# # ('cisco_vpn_tunnel_cipSecTunHcInDecompOctets', 'line'),
# # ('cisco_vpn_tunnel_cipSecTunInAuths', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInAuthFails', 'line'),
# # ('cisco_vpn_tunnel_cipSecTunInDecrypts', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInDecryptFails', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInReplayDropPkts', 'line'),
# ],
# })
#
# graph_info.append({
# 'title': _('IPSec out data'),
# 'metrics': [
# # ('cisco_vpn_tunnel_cipSecTunHcOutUncompOctets', '-line'),
# # ('cisco_vpn_tunnel_cipSecTunOutAuths', '-line'),
# ('cisco_vpn_tunnel_cipSecTunOutAuthFails', '-line'),
# # ('cisco_vpn_tunnel_cipSecTunOutEncrypts', '-line'),
# ('cisco_vpn_tunnel_cipSecTunOutEncryptFails', '-line'),
# ],
# })
######################################################################################################################
#
# define perf-o-meter for cisco_vpn_tunnel uptime active time
#
######################################################################################################################
perfometer_info.append(('stacked', [
{
'type': 'logarithmic',
'metric': 'cisco_vpn_tunnel_cikeTunActiveTime',
'half_value': 2592000.0,
'exponent': 2,
},
{
'type': 'logarithmic',
'metric': 'cisco_vpn_tunnel_cipSecTunActiveTime',
'half_value': 2592000.0,
'exponent': 2,
},
]))
web/plugins/wato/cisco_vpn_tunnel.py 0 → 100644
+ 59
0
View file @ b5a92c24
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
register_check_parameters(
subgroup_networking,
'vpn_tunnel',
_('VPN Tunnel'),
Dictionary(
elements=[
('tunnels',
ListOf(
Tuple(
title=('VPN Tunnel Endpoints'),
elements=[
IPv4Address(
title=_('Peer IP-Address'),
help=_('The configured value must match a tunnel reported by the monitored '
'device.'),
allow_empty=False,
),
TextUnicode(
title=_('Tunnel Alias'),
help=_('You can configure an individual alias here for the tunnel matching '
'the IP-Address or Name configured in the field above.'),
),
MonitoringState(
default_value=2,
title=_('State if tunnel is not found'),
),
MonitoringState(
default_value=2,
title=_('State if tunnel has no active IPSec SA'),
),
]),
add_label=_('Add tunnel'),
movable=False,
title=_('VPN tunnel specific configuration'),
)),
('state',
MonitoringState(
title=_('Default state to report when tunnel can not be found anymore'),
help=_('Default state if a tunnel, which is not listed above in this rule, '
'can no longer be found.'),
default_value=3,
),
),
('missing_ipsec_sa_state',
MonitoringState(
title=_('Default state to report when tunnel has no active IPSec SA'),
help=_('Default state if a tunnel, which is not listed above in this rule, '
'has no active IPSec SA.'),
default_value=1,
),
),
],
),
TextAscii(title=_('IP-Address of Tunnel Endpoint')),
match_type='dict',
)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com