diff --git a/agent_based/cisco_vpn_tunnel.py b/agent_based/cisco_vpn_tunnel.py
new file mode 100644
index 0000000000000000000000000000000000000000..9b49333fca1388e0eba5166461a13dbfc6468955
--- /dev/null
+++ b/agent_based/cisco_vpn_tunnel.py
@@ -0,0 +1,381 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-12-28
+#
+# Monitor status of Cisco VPN tunnel phase 1 and 2
+#
+# 2018-01-10: added handling for tunnel not found
+# 2018-01-23: removed unnecessary counters
+# 2018-02-15: removed ipsec tunnel status, changed ike ipv4 check
+# 2018-02-16: readded tunnel alias
+# 2018-07-11: added parameter for missing IPSec SA, changed 'parsed' to use peer ip as index
+# 2021-08-03: rewritten for CMK 2.0
+#
+# snmpwalk sample
+#
+#
+import time
+from dataclasses import dataclass
+from typing import List, Dict
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ check_levels,
+ State,
+ SNMPTree,
+ contains,
+ OIDEnd,
+ get_rate,
+ GetRateError,
+ get_value_store,
+ IgnoreResultsError,
+ Metric,
+ render,
+ all_of,
+ exists,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class IpsecSa:
+ sa_count: int
+ ike_tunnel_alive: int
+ active_time: int
+ hc_in_octets: int
+ in_pkts: int
+ in_drop_pkts: int
+ hc_out_octets: int
+ out_pkts: int
+ out_drop_pkts: int
+
+
+@dataclass
+class IkeSa:
+ # local_type: int
+ # local_value: str
+ local_addr: str
+ # local_name: str
+ # remote_type: int
+ # remote_value: str
+ remote_addr: str
+ # remote_name: str
+ active_time: int
+ in_octets: int
+ in_pkts: int
+ in_drop_pkts: int
+ out_octets: int
+ out_pkts: int
+ out_drop_pkts: int
+ status: int
+ nego_mode: int
+ ipsec_summary: IpsecSa
+
+
+###########################################################################
+#
+# Helper functions
+#
+###########################################################################
+
+def _ikepeertype(st: int) -> str:
+ name = {
+ 1: 'ipAddrPeer',
+ 2: 'namePeer',
+ }
+ return name.get(st, f'unknown ({st})')
+
+
+def _ikenegomode(st: int) -> str:
+ name = {
+ 1: 'main',
+ 2: 'aggressive',
+ 3: 'IKEv2 main([3]?)'
+ }
+ return name.get(st, f'unknown ({st})')
+
+
+def _tunnelstatus(st: int) -> str:
+ name = {
+ 1: 'active',
+ 2: 'destroy',
+ }
+ return name.get(st, f'unknown ({st})')
+
+
+def _cisco_vpn_tunnel_render_ipv4_address(bytestring):
+ return '.'.join([f'{ord(m)}' for m in bytestring])
+
+###########################################################################
+#
+# DATA Parser function
+#
+###########################################################################
+
+
+def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]:
+ ipsec_sa_summary: Dict[str, IpsecSa] = {}
+ vpntunnel = {}
+ ike_tunnel_entry, ipsec_tunnel_entry = string_table
+
+ # summarize IPSec SAs, ASSUMPTION: except for counters all SA attributes are identical per IKE index
+ for ike_tunnel_index, ike_tunnel_alive, active_time, hc_in_octets, in_pkts, in_drop_pkts, hc_out_octets, \
+ out_pkts, out_drop_pkts in ipsec_tunnel_entry:
+
+ if ike_tunnel_index.isdigit():
+ ipsec_sa = ipsec_sa_summary.setdefault(
+ ike_tunnel_index,
+ IpsecSa(0, 0, 0, 0, 0, 0, 0, 0, 0)
+ )
+ ipsec_sa.sa_count += 1
+ ipsec_sa.hc_in_octets += int(hc_in_octets)
+ ipsec_sa.in_pkts += int(in_pkts)
+ ipsec_sa.in_drop_pkts += int(in_drop_pkts)
+ ipsec_sa.hc_out_octets += int(hc_out_octets)
+ ipsec_sa.out_pkts += int(out_pkts)
+ ipsec_sa.out_drop_pkts += int(out_drop_pkts)
+ if int(active_time) // 100 > ipsec_sa.active_time:
+ ipsec_sa.active_time = int(active_time) // 100
+
+ # IKE SA
+ for index, local_type, local_value, local_addr, local_name, remote_type, remote_value, remote_addr, remote_name, \
+ active_time, in_octets, in_pkts, in_droppkts, out_octets, out_pkts, out_droppkts, status, \
+ nego_mode in ike_tunnel_entry:
+
+ if index.isdigit():
+ # if int(nego_mode) == 2: # drop agressive mode tunnel, likely Remote Access
+ remote_addr = _cisco_vpn_tunnel_render_ipv4_address(remote_addr)
+ if remote_addr.split('.') != 4:
+ remote_addr = remote_value
+ if len(remote_addr.split('.')) == 4:
+ ike_sa = IkeSa(
+ # local_type=int(local_type),
+ # local_value=local_value,
+ local_addr=_cisco_vpn_tunnel_render_ipv4_address(local_addr),
+ # local_name=local_name,
+ # remote_type=int(remote_type),
+ # remote_value=remote_value,
+ remote_addr=remote_addr,
+ # remote_name=remote_name,
+ active_time=int(active_time) // 100,
+ in_octets=int(in_octets),
+ in_pkts=int(in_pkts),
+ in_drop_pkts=int(in_droppkts),
+ out_octets=int(out_octets),
+ out_pkts=int(out_pkts),
+ out_drop_pkts=int(out_droppkts),
+ status=int(status),
+ nego_mode=int(nego_mode),
+ ipsec_summary=ipsec_sa_summary.get(index)
+ )
+ vpntunnel.update({remote_addr: ike_sa})
+
+ return vpntunnel
+
+###########################################################################
+#
+# Inventory function
+#
+###########################################################################
+
+
+def discovery_cisco_vpn_tunnel(params, section: Dict[str, IkeSa]) -> DiscoveryResult:
+ discover_aggressive_mode = params['discover_aggressive_mode']
+ for cikeTunRemoteAddr in section.keys():
+ if section[cikeTunRemoteAddr].nego_mode != 2:
+ yield Service(item=cikeTunRemoteAddr)
+ elif discover_aggressive_mode:
+ yield Service(item=cikeTunRemoteAddr)
+
+
+###########################################################################
+#
+# Check function
+#
+###########################################################################
+
+
+def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResult:
+ tunnel_not_found_state = params['state']
+ missing_ipsec_sa_state = params['missing_ipsec_sa_state']
+
+ for tunnel_ip, tunnel_alias, not_found_state, ipsec_sa_state in params['tunnels']:
+ if item == tunnel_ip:
+ yield Result(state=State.OK, summary=f'[{tunnel_alias}]')
+ tunnel_not_found_state = not_found_state
+ missing_ipsec_sa_state = ipsec_sa_state
+
+ try:
+ tunnel = section[item]
+ except KeyError:
+ yield Result(state=State(tunnel_not_found_state), summary='VPN Tunnel not found in SNMP data')
+ return
+
+ yield from check_levels(
+ value=tunnel.active_time,
+ label='IKE uptime',
+ render_func=render.timespan,
+ metric_name='cisco_vpn_tunnel_cikeTunActiveTime'
+ )
+
+ yield Result(state=State.OK, notice=f'IKE Status: {_tunnelstatus(tunnel.status)}')
+ yield Result(state=State.OK, notice=f'Tunnel address local: {tunnel.local_addr}')
+ yield Result(state=State.OK, notice=f'Tunnel address remote : {tunnel.remote_addr}')
+ yield Result(state=State.OK, notice=f'Negotiation mode : {_ikenegomode(tunnel.nego_mode)}')
+
+ now_time = time.time()
+ value_store = get_value_store()
+ rate_item = item.replace(' ', '_').replace(':', '_')
+ raise_ingore_res = False
+
+ # convert to octets/packets per second
+ for key, value in [
+ ('cikeTunInOctets', tunnel.in_octets),
+ ('cikeTunOutOctets', tunnel.out_octets),
+ ('cikeTunInPkts', tunnel.in_pkts),
+ ('cikeTunOutPkts', tunnel.out_pkts),
+ ('cikeTunInDropPkts', tunnel.in_drop_pkts),
+ ('cikeTunOutDropPkts', tunnel.out_drop_pkts),
+
+ ]:
+ try:
+ value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}', now_time, value, raise_overflow=False)
+ except GetRateError:
+ raise_ingore_res = True
+ value = 0
+ yield Metric(name=f'cisco_vpn_tunnel_{key}', value=value, boundaries=(0, None))
+
+ if raise_ingore_res:
+ raise IgnoreResultsError('Initializing counters')
+
+ ipsecsummary: IpsecSa = tunnel.ipsec_summary
+ if ipsecsummary is not None:
+
+ yield from check_levels(
+ label='IPSec uptime',
+ value=ipsecsummary.active_time,
+ render_func=render.timespan,
+ metric_name='cisco_vpn_tunnel_cipSecTunActiveTime'
+ )
+ yield Result(state=State.OK, summary=f'SAs: {ipsecsummary.sa_count}')
+ ipsec_in_octets = 0
+ ipsec_out_octets = 0
+ # convert to octets/packets per second
+ for key, value in [
+ ('cipSecTunHcInOctets', ipsecsummary.hc_in_octets),
+ ('cipSecTunHcOutOctets', ipsecsummary.hc_out_octets),
+ ('cipSecTunInPkts', ipsecsummary.in_pkts),
+ ('cipSecTunOutPkts', ipsecsummary.out_pkts),
+ ('cipSecTunInDropPkts', ipsecsummary.in_drop_pkts),
+ ('cipSecTunOutDropPkts', ipsecsummary.out_drop_pkts),
+ ]:
+ try:
+ value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}',
+ now_time, value, raise_overflow=False)
+ except GetRateError:
+ raise_ingore_res = True
+ value = 0
+ yield Metric(name=f'cisco_vpn_tunnel_{key}', value=value, boundaries=(0, None))
+ if key == 'cipSecTunHcInOctets':
+ ipsec_in_octets = value
+ elif key == 'cipSecTunHcOutOctets':
+ ipsec_out_octets = value
+
+ yield from check_levels(
+ label='In',
+ value=ipsec_in_octets,
+ render_func=render.networkbandwidth,
+ )
+ yield from check_levels(
+ label='Out',
+ value=ipsec_out_octets,
+ render_func=render.networkbandwidth,
+ )
+
+ if raise_ingore_res:
+ raise IgnoreResultsError('Initializing counters')
+ else:
+ yield Result(state=State(missing_ipsec_sa_state), notice='No IPSec sa found')
+
+###########################################################################
+#
+# Check info
+#
+###########################################################################
+
+
+register.snmp_section(
+ name='cisco_vpn_tunnel',
+ parse_function=parse_cisco_vpn_tunnel,
+ fetch=[
+ SNMPTree(
+ base='.1.3.6.1.4.1.9.9.171.1.2.3.1', #
+ oids=[
+ OIDEnd(), # TunnelIndex
+ '2', # cikeTunLocalType
+ '3', # cikeTunLocalValue
+ '4', # cikeTunLocalAddr
+ '5', # cikeTunLocalName
+ '6', # cikeTunRemoteType
+ '7', # cikeTunRemoteValue
+ '8', # cikeTunRemoteAddr
+ '9', # cikeTunRemoteName
+ '16', # cikeTunActiveTime
+ '19', # cikeTunInOctets
+ '20', # cikeTunInPkts
+ '21', # cikeTunInDropPkts
+ '27', # cikeTunOutOctets
+ '28', # cikeTunOutPkts
+ '29', # cikeTunOutDropPkts
+ '35', # cikeTunStatus
+ '10', # cikeTunNegoMode
+ ]
+ ),
+ SNMPTree(
+ base='.1.3.6.1.4.1.9.9.171.1.3.2.1', # CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecTunnelEntry
+ oids=[
+ '2', # ike tunnel index
+ '3', # cipSecTunIkeTunnelAlive
+ '10', # cipSecTunActiveTime
+ '27', # cipSecTunHcInOctets
+ '32', # cipSecTunInPkts
+ '33', # cipSecTunInDropPkts
+ '40', # cipSecTunHcOutOctets
+ '45', # cipSecTunOutPkts
+ '46', # cipSecTunOutDropPkts
+ ]
+ ),
+ ],
+ detect=all_of(
+ contains('.1.3.6.1.2.1.1.1.0', 'Cisco'),
+ exists('.1.3.6.1.4.1.9.9.171.1.2.3.1.2.*') # CISCO-IPSEC-FLOW-MONITOR-MIB::cikeTunnelEntry
+ ),
+)
+
+register.check_plugin(
+ name='cisco_vpn_tunnel',
+ service_name='VPN Tunnel %s',
+ discovery_function=discovery_cisco_vpn_tunnel,
+ discovery_ruleset_name='discovery_cisco_vpn_tunnel',
+ discovery_default_parameters={
+ 'discover_aggressive_mode': False
+ },
+ check_function=check_cisco_vpn_tunnel,
+ check_default_parameters={
+ 'state': 3, # default state for tunnel not found
+ 'missing_ipsec_sa_state': 1,
+ 'tunnels': [], # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>)
+ },
+ check_ruleset_name='cisco_vpn_tunnel',
+)
diff --git a/cisco_vpn_tunnel.mkp b/cisco_vpn_tunnel.mkp
index 09ab45a2793b925a5c45bec767a6113743ad6290..0398d590158d29b061508cfcb405ff3c613c9ed1 100644
Binary files a/cisco_vpn_tunnel.mkp and b/cisco_vpn_tunnel.mkp differ
diff --git a/packages/cisco_vpn_tunnel b/packages/cisco_vpn_tunnel
index 75801ea9efadf9f684dab851783ccb6ef4be99c4..cbca0d53473ea3e2807517ebae6f71f091cec43b 100644
--- a/packages/cisco_vpn_tunnel
+++ b/packages/cisco_vpn_tunnel
@@ -1,12 +1,17 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'Monitors Cisco VPN Tunnel. Complete rewrite of the original check.\nCreates one service for each VPN Tunnel.\nperfdata contains: IKE and IPSec statistics for uptime, in/out octets and packets.\n',
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitors Cisco VPN Tunnel. Complete rewrite of the original '
+ 'check.\n'
+ 'Creates one service for each VPN Tunnel.\n'
+ 'perfdata contains: IKE and IPSec statistics for uptime, '
+ 'in/out octets and packets.\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['cisco_vpn_tunnel'],
+ 'files': {'agent_based': ['cisco_vpn_tunnel.py'],
'web': ['plugins/metrics/cisco_vpn_tunnel.py',
'plugins/wato/cisco_vpn_tunnel.py']},
'name': 'cisco_vpn_tunnel',
'num_files': 3,
- 'title': u'Monitor Cisco VPN Tunnel',
- 'version': '20180806v.0.1g',
- 'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p35'}
\ No newline at end of file
+ 'title': 'Monitor Cisco VPN Tunnel',
+ 'version': '20210803v.0.2',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/cisco_vpn_tunnel.py b/web/plugins/metrics/cisco_vpn_tunnel.py
index ab5dc4ad5e407220db1b0871efb66f92b6777ffb..2fba64282e7cedc6ee9c1db65f3041284680ac61 100644
--- a/web/plugins/metrics/cisco_vpn_tunnel.py
+++ b/web/plugins/metrics/cisco_vpn_tunnel.py
@@ -1,58 +1,23 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
-# Cisco VPN Tunnel metrics plugin
+# License: GNU General Public License v2
#
-# Author: Th.L.
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
# Date : 2017-12-29
#
-
-# key a green 11/a 21/a 31/a 41/a 12/a 22/a 32/a 42/a
-colors_a = ['#80F000', '#a500ff', '#ffc600', '#00ffb2', '#0075ff', '#cc00ff', '#ffd600', '#00ffff', '#0047ff',
- # 13/a 23/a 33/a 43/a 14/a 24/a 34/a 44/a 15/a
- '#f900ff', '#ffed00', '#00e8ff', '#000aff', '#ff4c00', '#e2ff00', '#00d1ff', '#4200ff', '#ff7a00',
- # 25/a 35/a 45/a 16/a 26/a 36/a 46/a 51/a 52/a
- '#bcff00', '#00b2ff', '#6000ff', '#ffa000', '#7fff00', '#0093ff', '#7f00ff', '#7f7f7f', '#7f4a26',
- # 53/a
- '#8c531c']
-# key b green 11/b 21/b 31/b 41/b 12/b 22/b 32/b 42/b
-colors_b = ['#80F000', '#c966ff', '#cc9f00', '#00cc8e', '#66acff', '#e066ff', '#ccab00', '#00cccc', '#6690ff',
- # 13/b 23/b 33/b 43/b 14/b 24/b 34/b 44/b 15/b
- '#fb66ff', '#ccbd00', '#00b9cc', '#666cff', '#ff9366', '#b5cc00', '#00a7cc', '#8d66ff', '#ffaf66',
- # 25/b 35/b 45/b 16/b 26/b 36/b 46/b 51/b 52/b
- '#96cc00', '#008ecc', '#a066ff', '#ffc666', '#66cc00', '#0076cc', '#b266ff', '#7f7f7f', '#7f5f49',
- # 53/b
- '#8c6a48']
-
-
-def cisco_vpn_tunnel_render_uptime(uptime): # expects time in seconds
- m, s = divmod(uptime, 60) # break in seconds / minutes
- h, m = divmod(m, 60) # break in mintes / hours
- if h >= 24: # more then one day
- d, h = divmod(h, 24) # break in hours / days
- else:
- return '%02d:%02d:%02d' % (h, m, s)
- if d >= 365: # more the one year
- y, d = divmod(d, 365) # break in days / years
- return '%dy %dd %02d:%02d:%02d' % (y, d, h, m, s)
- else:
- return '%dd %02d:%02d:%02d' % (d, h, m, s)
-
-#####################################################################################################################
-#
-# define units for cisco_vpm_tunnel perfdata
+# Cisco VPN Tunnel metrics plugin
#
-#####################################################################################################################
+from cmk.gui.i18n import _
-unit_info['active_time'] = {
- 'title': _('Last update'),
- 'description': _('SA active time'),
- 'symbol': _(''),
- 'render': lambda v: cisco_vpn_tunnel_render_uptime(v),
- 'stepping': 'time', # for vertical graph labels
-}
-
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+ unit_info,
+)
#####################################################################################################################
#
@@ -64,266 +29,216 @@ unit_info['active_time'] = {
metric_info['cisco_vpn_tunnel_cikeTunActiveTime'] = {
'title': _('IKE active time'),
'help': _(''),
- #'unit': 'active_time',
'unit': 's',
- 'color': colors_a[0],
+ 'color': '26/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInOctets'] = {
'title': _('IKE Bytes in'),
'unit': 'bytes/s',
- 'color': colors_a[1],
+ 'color': '11/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutOctets'] = {
'title': _('IKE Bytes out'),
'help': _(''),
'unit': 'bytes/s',
- 'color': colors_a[2],
+ 'color': '21/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInPkts'] = {
'title': _('IKE packets in'),
'help': _(''),
'unit': '1/s',
- 'color': colors_a[3],
+ 'color': '31/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutPkts'] = {
'title': _('IKE packets out'),
'help': _(''),
'unit': '1/s',
- 'color': colors_a[4],
+ 'color': '41/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInDropPkts'] = {
'title': _('IKE packets dropped in'),
'help': _(''),
'unit': '1/s',
- 'color': colors_a[5],
+ 'color': '12/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutDropPkts'] = {
'title': _('IKE packets dropped out'),
'help': _(''),
'unit': '1/s',
- 'color': colors_a[6],
+ 'color': '22/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInNotifys'] = {
'title': _('IKE in notifies'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[7],
+ 'color': '32/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutNotifys'] = {
'title': _('IKE out notifies'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[8],
+ 'color': '42/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInP2Exchgs'] = {
'title': _('IKE in phase 2 exchanges'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[9],
+ 'color': '13/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2Exchgs'] = {
'title': _('IKE out phase 2 exchanges'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[10],
+ 'color': '23/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'] = {
'title': _('IKE in phase 2 exchanges invalid'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[11],
+ 'color': '33/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'] = {
'title': _('IKE out phase 2 exchanges invalid'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[12],
+ 'color': '43/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgRejects'] = {
'title': _('IKE in phase 2 exchanges rejected'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[13],
+ 'color': '14/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'] = {
'title': _('IKE out phase 2 exchanges rejected'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[14],
+ 'color': '24/a',
}
metric_info['cisco_vpn_tunnel_cikeTunInP2SaDelRequests'] = {
'title': _('IKE in phase 2 SA delete requests'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[15],
+ 'color': '34/a',
}
metric_info['cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'] = {
'title': _('IKE out phase 2 SA delete requests'),
'help': _(''),
'unit': 'count',
- 'color': colors_a[16],
+ 'color': '44/a',
}
-
# IPSec counter
metric_info['cisco_vpn_tunnel_cipSecTunActiveTime'] = {
'title': _('IPSec active time'),
'help': _(''),
'unit': 's',
- 'color': colors_b[0],
+ 'color': '26/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunHcInOctets'] = {
'title': _('IPSec Bytes in'),
'help': _(''),
'unit': 'bytes/s',
- 'color': colors_b[1],
+ 'color': '11/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunHcOutOctets'] = {
'title': _('IPSec Bytes out'),
'help': _(''),
'unit': 'bytes/s',
- 'color': colors_b[2],
+ 'color': '21/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInPkts'] = {
'title': _('IPSec packets in'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[3],
+ 'color': '31/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutPkts'] = {
'title': _('IPSec packets out'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[4],
+ 'color': '41/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInDropPkts'] = {
'title': _('IPSec packets dropped in'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[5],
+ 'color': '11/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutDropPkts'] = {
'title': _('IPSec packets dropped out'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[6],
+ 'color': '21/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunHcInDecompOctets'] = {
'title': _('IPSec in decompressed octets'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[7],
+ 'color': '32/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'] = {
'title': _('IPSec out compressed octets'),
'help': _(''),
'unit': '1/s',
- 'color': colors_b[8],
+ 'color': '41/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInAuths'] = {
'title': _('IPSec in authentication\'s'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[9],
+ 'color': '13/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutAuths'] = {
'title': _('IPSec out authentication\'s'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[10],
+ 'color': '23/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInAuthFails'] = {
'title': _('IPSec in authentication\'s failed'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[11],
+ 'color': '33/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutAuthFails'] = {
'title': _('IPSec out authentication\'s failed'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[12],
+ 'color': '43/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInDecrypts'] = {
'title': _('IPSec in decryption\'s'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[13],
+ 'color': '15/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutEncrypts'] = {
'title': _('IPSec out encryption\'s'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[14],
+ 'color': '25/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInDecryptFails'] = {
'title': _('IPSec in decryption\'s failed'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[15],
+ 'color': '35/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunOutEncryptFails'] = {
'title': _('IPSec out encryption\'s failed'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[16],
+ 'color': '45/b',
}
metric_info['cisco_vpn_tunnel_cipSecTunInReplayDropPkts'] = {
'title': _('IPSec in replay packets dropped'),
'help': _(''),
'unit': 'count',
- 'color': colors_b[17],
-}
-
-
-######################################################################################################################
-#
-# map bgp peer perfdata to metric, not really necessary but makes sure to use the right metrics
-#
-######################################################################################################################
-
-
-check_metrics['check_mk-cisco_vpn_tunnel'] = {
- 'cikeTunInOctets': {'name': 'cisco_vpn_tunnel_cikeTunInOctets'},
- 'cikeTunOutOctets': {'name': 'cisco_vpn_tunnel_cikeTunOutOctets'},
- 'cikeTunInPkts': {'name': 'cisco_vpn_tunnel_cikeTunInPkts'},
- 'cikeTunOutPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutPkts'},
- 'cikeTunInDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunInDropPkts'},
- 'cikeTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutDropPkts'},
- 'cikeTunInNotifys': {'name': 'cisco_vpn_tunnel_cikeTunInNotifys'},
- 'cikeTunOutNotifys': {'name': 'cisco_vpn_tunnel_cikeTunOutNotifys'},
- 'cikeTunInP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunInP2Exchgs', 'auto_graph' : False},
- 'cikeTunOutP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunOutP2Exchgs'},
- 'cikeTunInP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'},
- 'cikeTunOutP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'},
- 'cikeTunInP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgRejects'},
- 'cikeTunOutP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'},
- 'cikeTunInP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunInP2SaDelRequests'},
- 'cikeTunOutP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'},
- 'cikeTunActiveTime': {'name': 'cisco_vpn_tunnel_cikeTunActiveTime'},
-
- 'cipSecTunHcInOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInOctets'},
- 'cipSecTunHcOutOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutOctets'},
- 'cipSecTunHcInDecompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInDecompOctets'},
- 'cipSecTunHcOutUncompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'},
- 'cipSecTunInPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInPkts'},
- 'cipSecTunOutPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutPkts'},
- 'cipSecTunInDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInDropPkts'},
- 'cipSecTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutDropPkts'},
- 'cipSecTunInAuths': {'name': 'cisco_vpn_tunnel_cipSecTunInAuths'},
- 'cipSecTunOutAuths': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuths'},
- 'cipSecTunInAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunInAuthFails'},
- 'cipSecTunOutAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuthFails'},
- 'cipSecTunInDecrypts': {'name': 'cisco_vpn_tunnel_cipSecTunInDecrypts'},
- 'cipSecTunOutEncrypts': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncrypts'},
- 'cipSecTunInDecryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunInDecryptFails'},
- 'cipSecTunOutEncryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncryptFails'},
- 'cipSecTunInReplayDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInReplayDropPkts'},
- 'cipSecTunActiveTime': {'name': 'cisco_vpn_tunnel_cipSecTunActiveTime'},
-
+ 'color': '16/b',
}
######################################################################################################################
@@ -333,20 +248,20 @@ check_metrics['check_mk-cisco_vpn_tunnel'] = {
######################################################################################################################
-graph_info.append({
+graph_info['cisco_vpn_tunnel_ike_uptime'] = {
'title': _('IKE active time'),
'metrics': [
('cisco_vpn_tunnel_cikeTunActiveTime', 'area'),
],
-})
-graph_info.append({
+}
+graph_info['cisco_vpn_tunnel_ike_octets'] = {
'title': _('IKE Bytes/s'),
'metrics': [
('cisco_vpn_tunnel_cikeTunOutOctets', '-area'),
('cisco_vpn_tunnel_cikeTunInOctets', 'area'),
],
-})
-graph_info.append({
+}
+graph_info['cisco_vpn_tunnel_ike_packets'] = {
'title': _('IKE packets/s'),
'metrics': [
('cisco_vpn_tunnel_cikeTunOutDropPkts', '-line'),
@@ -354,45 +269,22 @@ graph_info.append({
('cisco_vpn_tunnel_cikeTunOutPkts', '-line'),
('cisco_vpn_tunnel_cikeTunInPkts', 'line'),
],
-})
-
-# graph_info.append({
-# 'title': _('IKE in data'),
-# 'metrics': [
-# ('cisco_vpn_tunnel_cikeTunInNotifys', 'line'),
-# # ('cisco_vpn_tunnel_cikeTunInP2Exchgs', 'line'),
-# ('cisco_vpn_tunnel_cikeTunInP2ExchgInvalids', 'line'),
-# ('cisco_vpn_tunnel_cikeTunInP2ExchgRejects', 'line'),
-# ('cisco_vpn_tunnel_cikeTunInP2SaDelRequests', 'line'),
-# ],
-# })
-#
-# graph_info.append({
-# 'title': _('IKE out data'),
-# 'metrics': [
-#
-# ('cisco_vpn_tunnel_cikeTunOutNotifys', '-line'),
-# # ('cisco_vpn_tunnel_cikeTunOutP2Exchgs', '-line'),
-# ('cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids', '-line'),
-# ('cisco_vpn_tunnel_cikeTunOutP2ExchgRejects', '-line'),
-# ('cisco_vpn_tunnel_cikeTunOutP2SaDelRequests', '-line'),
-# ],
-# })
+}
-graph_info.append({
+graph_info['cisco_vpn_tunnel_ipsec_uptime'] = {
'title': _('IPSec active time'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunActiveTime', 'area'),
],
-})
-graph_info.append({
+}
+graph_info['cisco_vpn_tunnel_ipsec_octets'] = {
'title': _('IPSec Bytes/s'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunHcOutOctets', '-area'),
('cisco_vpn_tunnel_cipSecTunHcInOctets', 'area'),
],
-})
-graph_info.append({
+}
+graph_info['cisco_vpn_tunnel_pckets'] = {
'title': _('IPSec packets/s'),
'metrics': [
('cisco_vpn_tunnel_cipSecTunOutDropPkts', '-stack'),
@@ -400,31 +292,7 @@ graph_info.append({
('cisco_vpn_tunnel_cipSecTunOutPkts', '-stack'),
('cisco_vpn_tunnel_cipSecTunInPkts', 'stack'),
],
-})
-
-# graph_info.append({
-# 'title': _('IPSec in data'),
-# 'metrics': [
-# # ('cisco_vpn_tunnel_cipSecTunHcInDecompOctets', 'line'),
-# # ('cisco_vpn_tunnel_cipSecTunInAuths', 'line'),
-# ('cisco_vpn_tunnel_cipSecTunInAuthFails', 'line'),
-# # ('cisco_vpn_tunnel_cipSecTunInDecrypts', 'line'),
-# ('cisco_vpn_tunnel_cipSecTunInDecryptFails', 'line'),
-# ('cisco_vpn_tunnel_cipSecTunInReplayDropPkts', 'line'),
-# ],
-# })
-#
-# graph_info.append({
-# 'title': _('IPSec out data'),
-# 'metrics': [
-# # ('cisco_vpn_tunnel_cipSecTunHcOutUncompOctets', '-line'),
-# # ('cisco_vpn_tunnel_cipSecTunOutAuths', '-line'),
-# ('cisco_vpn_tunnel_cipSecTunOutAuthFails', '-line'),
-# # ('cisco_vpn_tunnel_cipSecTunOutEncrypts', '-line'),
-# ('cisco_vpn_tunnel_cipSecTunOutEncryptFails', '-line'),
-# ],
-# })
-
+}
######################################################################################################################
#
diff --git a/web/plugins/wato/cisco_vpn_tunnel.py b/web/plugins/wato/cisco_vpn_tunnel.py
index ce6ed68bc29f282ed9b3c4213c2b795191d61d91..c298d92d0a8c1154693ce0178191a29fcace014e 100644
--- a/web/plugins/wato/cisco_vpn_tunnel.py
+++ b/web/plugins/wato/cisco_vpn_tunnel.py
@@ -1,22 +1,45 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
-
-register_check_parameters(
- subgroup_networking,
- 'vpn_tunnel',
- _('VPN Tunnel'),
- Dictionary(
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2017-12-28
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ TextAscii,
+ Tuple,
+ MonitoringState,
+ ListOf,
+ IPv4Address,
+ TextUnicode,
+ FixedValue,
+)
+
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+ RulespecGroupCheckParametersDiscovery,
+ HostRulespec,
+)
+
+
+def _parameter_valuespec_cisco_vpn_tunnel():
+ return Dictionary(
elements=[
('tunnels',
ListOf(
Tuple(
- title=('VPN Tunnel Endpoints'),
+ title=_('VPN Tunnel Endpoints'),
elements=[
IPv4Address(
title=_('Peer IP-Address'),
help=_('The configured value must match a tunnel reported by the monitored '
'device.'),
- allow_empty=False,
),
TextUnicode(
title=_('Tunnel Alias'),
@@ -28,7 +51,7 @@ register_check_parameters(
title=_('State if tunnel is not found'),
),
MonitoringState(
- default_value=2,
+ default_value=1,
title=_('State if tunnel has no active IPSec SA'),
),
]),
@@ -41,19 +64,49 @@ register_check_parameters(
title=_('Default state to report when tunnel can not be found anymore'),
help=_('Default state if a tunnel, which is not listed above in this rule, '
'can no longer be found.'),
- default_value=3,
- ),
- ),
+ default_value=2,
+ )),
('missing_ipsec_sa_state',
MonitoringState(
title=_('Default state to report when tunnel has no active IPSec SA'),
help=_('Default state if a tunnel, which is not listed above in this rule, '
'has no active IPSec SA.'),
default_value=1,
- ),
- ),
+ )),
],
- ),
- TextAscii(title=_('IP-Address of Tunnel Endpoint')),
- match_type='dict',
-)
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='cisco_vpn_tunnel',
+ group=RulespecGroupCheckParametersNetworking,
+ item_spec=lambda: TextAscii(title=_('IP-Address of Tunnel Endpoint'), ),
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_cisco_vpn_tunnel,
+ title=lambda: _('Cisco VPN Tunnel'),
+ ))
+
+
+def _valuespec_discovery_cisco_vpn_tunnel():
+ return Dictionary(
+ title=_("VPN Tunnel discovery"),
+ elements=[(
+ 'discover_aggressive_mode',
+ FixedValue(
+ True,
+ default_value=False,
+ title=_('Discover aggressive mode VPN Tunnel'),
+ totext=_('Discover aggressive mode VPN Tunnel'),
+ ),
+ )],
+ )
+
+
+rulespec_registry.register(
+ HostRulespec(
+ group=RulespecGroupCheckParametersDiscovery,
+ match_type="dict",
+ name="discovery_cisco_vpn_tunnel",
+ valuespec=_valuespec_discovery_cisco_vpn_tunnel,
+ ))