Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit cb3684af authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

update project

parent 1f95cce8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
agent_based/cisco_vpn_tunnel.py 0 → 100644
+ 381
0
View file @ cb3684af
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2017-12-28
#
# Monitor status of Cisco VPN tunnel phase 1 and 2
#
# 2018-01-10: added handling for tunnel not found
# 2018-01-23: removed unnecessary counters
# 2018-02-15: removed ipsec tunnel status, changed ike ipv4 check
# 2018-02-16: readded tunnel alias
# 2018-07-11: added parameter for missing IPSec SA, changed 'parsed' to use peer ip as index
# 2021-08-03: rewritten for CMK 2.0
#
# snmpwalk sample
#
#
import time
from dataclasses import dataclass
from typing import List, Dict
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
register,
Service,
Result,
check_levels,
State,
SNMPTree,
contains,
OIDEnd,
get_rate,
GetRateError,
get_value_store,
IgnoreResultsError,
Metric,
render,
all_of,
exists,
)
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
CheckResult,
StringTable,
)
@dataclass
class IpsecSa:
sa_count: int
ike_tunnel_alive: int
active_time: int
hc_in_octets: int
in_pkts: int
in_drop_pkts: int
hc_out_octets: int
out_pkts: int
out_drop_pkts: int
@dataclass
class IkeSa:
# local_type: int
# local_value: str
local_addr: str
# local_name: str
# remote_type: int
# remote_value: str
remote_addr: str
# remote_name: str
active_time: int
in_octets: int
in_pkts: int
in_drop_pkts: int
out_octets: int
out_pkts: int
out_drop_pkts: int
status: int
nego_mode: int
ipsec_summary: IpsecSa
###########################################################################
#
# Helper functions
#
###########################################################################
def _ikepeertype(st: int) -> str:
name = {
1: 'ipAddrPeer',
2: 'namePeer',
}
return name.get(st, f'unknown ({st})')
def _ikenegomode(st: int) -> str:
name = {
1: 'main',
2: 'aggressive',
3: 'IKEv2 main([3]?)'
}
return name.get(st, f'unknown ({st})')
def _tunnelstatus(st: int) -> str:
name = {
1: 'active',
2: 'destroy',
}
return name.get(st, f'unknown ({st})')
def _cisco_vpn_tunnel_render_ipv4_address(bytestring):
return '.'.join([f'{ord(m)}' for m in bytestring])
###########################################################################
#
# DATA Parser function
#
###########################################################################
def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]:
ipsec_sa_summary: Dict[str, IpsecSa] = {}
vpntunnel = {}
ike_tunnel_entry, ipsec_tunnel_entry = string_table
# summarize IPSec SAs, ASSUMPTION: except for counters all SA attributes are identical per IKE index
for ike_tunnel_index, ike_tunnel_alive, active_time, hc_in_octets, in_pkts, in_drop_pkts, hc_out_octets, \
out_pkts, out_drop_pkts in ipsec_tunnel_entry:
if ike_tunnel_index.isdigit():
ipsec_sa = ipsec_sa_summary.setdefault(
ike_tunnel_index,
IpsecSa(0, 0, 0, 0, 0, 0, 0, 0, 0)
)
ipsec_sa.sa_count += 1
ipsec_sa.hc_in_octets += int(hc_in_octets)
ipsec_sa.in_pkts += int(in_pkts)
ipsec_sa.in_drop_pkts += int(in_drop_pkts)
ipsec_sa.hc_out_octets += int(hc_out_octets)
ipsec_sa.out_pkts += int(out_pkts)
ipsec_sa.out_drop_pkts += int(out_drop_pkts)
if int(active_time) // 100 > ipsec_sa.active_time:
ipsec_sa.active_time = int(active_time) // 100
# IKE SA
for index, local_type, local_value, local_addr, local_name, remote_type, remote_value, remote_addr, remote_name, \
active_time, in_octets, in_pkts, in_droppkts, out_octets, out_pkts, out_droppkts, status, \
nego_mode in ike_tunnel_entry:
if index.isdigit():
# if int(nego_mode) == 2: # drop agressive mode tunnel, likely Remote Access
remote_addr = _cisco_vpn_tunnel_render_ipv4_address(remote_addr)
if remote_addr.split('.') != 4:
remote_addr = remote_value
if len(remote_addr.split('.')) == 4:
ike_sa = IkeSa(
# local_type=int(local_type),
# local_value=local_value,
local_addr=_cisco_vpn_tunnel_render_ipv4_address(local_addr),
# local_name=local_name,
# remote_type=int(remote_type),
# remote_value=remote_value,
remote_addr=remote_addr,
# remote_name=remote_name,
active_time=int(active_time) // 100,
in_octets=int(in_octets),
in_pkts=int(in_pkts),
in_drop_pkts=int(in_droppkts),
out_octets=int(out_octets),
out_pkts=int(out_pkts),
out_drop_pkts=int(out_droppkts),
status=int(status),
nego_mode=int(nego_mode),
ipsec_summary=ipsec_sa_summary.get(index)
)
vpntunnel.update({remote_addr: ike_sa})
return vpntunnel
###########################################################################
#
# Inventory function
#
###########################################################################
def discovery_cisco_vpn_tunnel(params, section: Dict[str, IkeSa]) -> DiscoveryResult:
discover_aggressive_mode = params['discover_aggressive_mode']
for cikeTunRemoteAddr in section.keys():
if section[cikeTunRemoteAddr].nego_mode != 2:
yield Service(item=cikeTunRemoteAddr)
elif discover_aggressive_mode:
yield Service(item=cikeTunRemoteAddr)
###########################################################################
#
# Check function
#
###########################################################################
def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResult:
tunnel_not_found_state = params['state']
missing_ipsec_sa_state = params['missing_ipsec_sa_state']
for tunnel_ip, tunnel_alias, not_found_state, ipsec_sa_state in params['tunnels']:
if item == tunnel_ip:
yield Result(state=State.OK, summary=f'[{tunnel_alias}]')
tunnel_not_found_state = not_found_state
missing_ipsec_sa_state = ipsec_sa_state
try:
tunnel = section[item]
except KeyError:
yield Result(state=State(tunnel_not_found_state), summary='VPN Tunnel not found in SNMP data')
return
yield from check_levels(
value=tunnel.active_time,
label='IKE uptime',
render_func=render.timespan,
metric_name='cisco_vpn_tunnel_cikeTunActiveTime'
)
yield Result(state=State.OK, notice=f'IKE Status: {_tunnelstatus(tunnel.status)}')
yield Result(state=State.OK, notice=f'Tunnel address local: {tunnel.local_addr}')
yield Result(state=State.OK, notice=f'Tunnel address remote : {tunnel.remote_addr}')
yield Result(state=State.OK, notice=f'Negotiation mode : {_ikenegomode(tunnel.nego_mode)}')
now_time = time.time()
value_store = get_value_store()
rate_item = item.replace(' ', '_').replace(':', '_')
raise_ingore_res = False
# convert to octets/packets per second
for key, value in [
('cikeTunInOctets', tunnel.in_octets),
('cikeTunOutOctets', tunnel.out_octets),
('cikeTunInPkts', tunnel.in_pkts),
('cikeTunOutPkts', tunnel.out_pkts),
('cikeTunInDropPkts', tunnel.in_drop_pkts),
('cikeTunOutDropPkts', tunnel.out_drop_pkts),
]:
try:
value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}', now_time, value, raise_overflow=False)
except GetRateError:
raise_ingore_res = True
value = 0
yield Metric(name=f'cisco_vpn_tunnel_{key}', value=value, boundaries=(0, None))
if raise_ingore_res:
raise IgnoreResultsError('Initializing counters')
ipsecsummary: IpsecSa = tunnel.ipsec_summary
if ipsecsummary is not None:
yield from check_levels(
label='IPSec uptime',
value=ipsecsummary.active_time,
render_func=render.timespan,
metric_name='cisco_vpn_tunnel_cipSecTunActiveTime'
)
yield Result(state=State.OK, summary=f'SAs: {ipsecsummary.sa_count}')
ipsec_in_octets = 0
ipsec_out_octets = 0
# convert to octets/packets per second
for key, value in [
('cipSecTunHcInOctets', ipsecsummary.hc_in_octets),
('cipSecTunHcOutOctets', ipsecsummary.hc_out_octets),
('cipSecTunInPkts', ipsecsummary.in_pkts),
('cipSecTunOutPkts', ipsecsummary.out_pkts),
('cipSecTunInDropPkts', ipsecsummary.in_drop_pkts),
('cipSecTunOutDropPkts', ipsecsummary.out_drop_pkts),
]:
try:
value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}',
now_time, value, raise_overflow=False)
except GetRateError:
raise_ingore_res = True
value = 0
yield Metric(name=f'cisco_vpn_tunnel_{key}', value=value, boundaries=(0, None))
if key == 'cipSecTunHcInOctets':
ipsec_in_octets = value
elif key == 'cipSecTunHcOutOctets':
ipsec_out_octets = value
yield from check_levels(
label='In',
value=ipsec_in_octets,
render_func=render.networkbandwidth,
)
yield from check_levels(
label='Out',
value=ipsec_out_octets,
render_func=render.networkbandwidth,
)
if raise_ingore_res:
raise IgnoreResultsError('Initializing counters')
else:
yield Result(state=State(missing_ipsec_sa_state), notice='No IPSec sa found')
###########################################################################
#
# Check info
#
###########################################################################
register.snmp_section(
name='cisco_vpn_tunnel',
parse_function=parse_cisco_vpn_tunnel,
fetch=[
SNMPTree(
base='.1.3.6.1.4.1.9.9.171.1.2.3.1', #
oids=[
OIDEnd(), # TunnelIndex
'2', # cikeTunLocalType
'3', # cikeTunLocalValue
'4', # cikeTunLocalAddr
'5', # cikeTunLocalName
'6', # cikeTunRemoteType
'7', # cikeTunRemoteValue
'8', # cikeTunRemoteAddr
'9', # cikeTunRemoteName
'16', # cikeTunActiveTime
'19', # cikeTunInOctets
'20', # cikeTunInPkts
'21', # cikeTunInDropPkts
'27', # cikeTunOutOctets
'28', # cikeTunOutPkts
'29', # cikeTunOutDropPkts
'35', # cikeTunStatus
'10', # cikeTunNegoMode
]
),
SNMPTree(
base='.1.3.6.1.4.1.9.9.171.1.3.2.1', # CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecTunnelEntry
oids=[
'2', # ike tunnel index
'3', # cipSecTunIkeTunnelAlive
'10', # cipSecTunActiveTime
'27', # cipSecTunHcInOctets
'32', # cipSecTunInPkts
'33', # cipSecTunInDropPkts
'40', # cipSecTunHcOutOctets
'45', # cipSecTunOutPkts
'46', # cipSecTunOutDropPkts
]
),
],
detect=all_of(
contains('.1.3.6.1.2.1.1.1.0', 'Cisco'),
exists('.1.3.6.1.4.1.9.9.171.1.2.3.1.2.*') # CISCO-IPSEC-FLOW-MONITOR-MIB::cikeTunnelEntry
),
)
register.check_plugin(
name='cisco_vpn_tunnel',
service_name='VPN Tunnel %s',
discovery_function=discovery_cisco_vpn_tunnel,
discovery_ruleset_name='discovery_cisco_vpn_tunnel',
discovery_default_parameters={
'discover_aggressive_mode': False
},
check_function=check_cisco_vpn_tunnel,
check_default_parameters={
'state': 3, # default state for tunnel not found
'missing_ipsec_sa_state': 1,
'tunnels': [], # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>)
},
check_ruleset_name='cisco_vpn_tunnel',
)
cisco_vpn_tunnel.mkp
+ 0
0
View file @ cb3684af
No preview for this file type
packages/cisco_vpn_tunnel
+ 12
7
View file @ cb3684af
{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)', {'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
'description': u'Monitors Cisco VPN Tunnel. Complete rewrite of the original check.\nCreates one service for each VPN Tunnel.\nperfdata contains: IKE and IPSec statistics for uptime, in/out octets and packets.\n', 'description': 'Monitors Cisco VPN Tunnel. Complete rewrite of the original '
'check.\n'
'Creates one service for each VPN Tunnel.\n'
'perfdata contains: IKE and IPSec statistics for uptime, '
'in/out octets and packets.\n',
'download_url': 'https://thl-cmk.hopto.org', 'download_url': 'https://thl-cmk.hopto.org',
'files': {'checks': ['cisco_vpn_tunnel'], 'files': {'agent_based': ['cisco_vpn_tunnel.py'],
'web': ['plugins/metrics/cisco_vpn_tunnel.py', 'web': ['plugins/metrics/cisco_vpn_tunnel.py',
'plugins/wato/cisco_vpn_tunnel.py']}, 'plugins/wato/cisco_vpn_tunnel.py']},
'name': 'cisco_vpn_tunnel', 'name': 'cisco_vpn_tunnel',
'num_files': 3, 'num_files': 3,
'title': u'Monitor Cisco VPN Tunnel', 'title': 'Monitor Cisco VPN Tunnel',
'version': '20180806v.0.1g', 'version': '20210803v.0.2',
'version.min_required': '1.2.8b8', 'version.min_required': '2.0.0',
'version.packaged': '1.4.0p35'} 'version.packaged': '2021.07.14',
\ No newline at end of file 'version.usable_until': None}
\ No newline at end of file
web/plugins/metrics/cisco_vpn_tunnel.py
+ 60
192
View file @ cb3684af
#!/usr/bin/python #!/usr/bin/env python3
# -*- encoding: utf-8; py-indent-offset: 4 -*- # -*- coding: utf-8 -*-
# #
# Cisco VPN Tunnel metrics plugin # License: GNU General Public License v2
# #
# Author: Th.L. # Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2017-12-29 # Date : 2017-12-29
# #
# Cisco VPN Tunnel metrics plugin
# key a green 11/a 21/a 31/a 41/a 12/a 22/a 32/a 42/a
colors_a = ['#80F000', '#a500ff', '#ffc600', '#00ffb2', '#0075ff', '#cc00ff', '#ffd600', '#00ffff', '#0047ff',
# 13/a 23/a 33/a 43/a 14/a 24/a 34/a 44/a 15/a
'#f900ff', '#ffed00', '#00e8ff', '#000aff', '#ff4c00', '#e2ff00', '#00d1ff', '#4200ff', '#ff7a00',
# 25/a 35/a 45/a 16/a 26/a 36/a 46/a 51/a 52/a
'#bcff00', '#00b2ff', '#6000ff', '#ffa000', '#7fff00', '#0093ff', '#7f00ff', '#7f7f7f', '#7f4a26',
# 53/a
'#8c531c']
# key b green 11/b 21/b 31/b 41/b 12/b 22/b 32/b 42/b
colors_b = ['#80F000', '#c966ff', '#cc9f00', '#00cc8e', '#66acff', '#e066ff', '#ccab00', '#00cccc', '#6690ff',
# 13/b 23/b 33/b 43/b 14/b 24/b 34/b 44/b 15/b
'#fb66ff', '#ccbd00', '#00b9cc', '#666cff', '#ff9366', '#b5cc00', '#00a7cc', '#8d66ff', '#ffaf66',
# 25/b 35/b 45/b 16/b 26/b 36/b 46/b 51/b 52/b
'#96cc00', '#008ecc', '#a066ff', '#ffc666', '#66cc00', '#0076cc', '#b266ff', '#7f7f7f', '#7f5f49',
# 53/b
'#8c6a48']
def cisco_vpn_tunnel_render_uptime(uptime): # expects time in seconds
m, s = divmod(uptime, 60) # break in seconds / minutes
h, m = divmod(m, 60) # break in mintes / hours
if h >= 24: # more then one day
d, h = divmod(h, 24) # break in hours / days
else:
return '%02d:%02d:%02d' % (h, m, s)
if d >= 365: # more the one year
y, d = divmod(d, 365) # break in days / years
return '%dy %dd %02d:%02d:%02d' % (y, d, h, m, s)
else:
return '%dd %02d:%02d:%02d' % (d, h, m, s)
#####################################################################################################################
#
# define units for cisco_vpm_tunnel perfdata
# #
#####################################################################################################################
from cmk.gui.i18n import _
unit_info['active_time'] = { from cmk.gui.plugins.metrics import (
'title': _('Last update'), metric_info,
'description': _('SA active time'), graph_info,
'symbol': _(''), perfometer_info,
'render': lambda v: cisco_vpn_tunnel_render_uptime(v), unit_info,
'stepping': 'time', # for vertical graph labels )
}
##################################################################################################################### #####################################################################################################################
# #
...@@ -64,266 +29,216 @@ unit_info['active_time'] = { ...@@ -64,266 +29,216 @@ unit_info['active_time'] = {
metric_info['cisco_vpn_tunnel_cikeTunActiveTime'] = { metric_info['cisco_vpn_tunnel_cikeTunActiveTime'] = {
'title': _('IKE active time'), 'title': _('IKE active time'),
'help': _(''), 'help': _(''),
#'unit': 'active_time',
'unit': 's', 'unit': 's',
'color': colors_a[0], 'color': '26/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInOctets'] = { metric_info['cisco_vpn_tunnel_cikeTunInOctets'] = {
'title': _('IKE Bytes in'), 'title': _('IKE Bytes in'),
'unit': 'bytes/s', 'unit': 'bytes/s',
'color': colors_a[1], 'color': '11/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutOctets'] = { metric_info['cisco_vpn_tunnel_cikeTunOutOctets'] = {
'title': _('IKE Bytes out'), 'title': _('IKE Bytes out'),
'help': _(''), 'help': _(''),
'unit': 'bytes/s', 'unit': 'bytes/s',
'color': colors_a[2], 'color': '21/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInPkts'] = { metric_info['cisco_vpn_tunnel_cikeTunInPkts'] = {
'title': _('IKE packets in'), 'title': _('IKE packets in'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_a[3], 'color': '31/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutPkts'] = { metric_info['cisco_vpn_tunnel_cikeTunOutPkts'] = {
'title': _('IKE packets out'), 'title': _('IKE packets out'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_a[4], 'color': '41/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInDropPkts'] = { metric_info['cisco_vpn_tunnel_cikeTunInDropPkts'] = {
'title': _('IKE packets dropped in'), 'title': _('IKE packets dropped in'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_a[5], 'color': '12/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutDropPkts'] = { metric_info['cisco_vpn_tunnel_cikeTunOutDropPkts'] = {
'title': _('IKE packets dropped out'), 'title': _('IKE packets dropped out'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_a[6], 'color': '22/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInNotifys'] = { metric_info['cisco_vpn_tunnel_cikeTunInNotifys'] = {
'title': _('IKE in notifies'), 'title': _('IKE in notifies'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[7], 'color': '32/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutNotifys'] = { metric_info['cisco_vpn_tunnel_cikeTunOutNotifys'] = {
'title': _('IKE out notifies'), 'title': _('IKE out notifies'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[8], 'color': '42/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInP2Exchgs'] = { metric_info['cisco_vpn_tunnel_cikeTunInP2Exchgs'] = {
'title': _('IKE in phase 2 exchanges'), 'title': _('IKE in phase 2 exchanges'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[9], 'color': '13/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutP2Exchgs'] = { metric_info['cisco_vpn_tunnel_cikeTunOutP2Exchgs'] = {
'title': _('IKE out phase 2 exchanges'), 'title': _('IKE out phase 2 exchanges'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[10], 'color': '23/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'] = { metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'] = {
'title': _('IKE in phase 2 exchanges invalid'), 'title': _('IKE in phase 2 exchanges invalid'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[11], 'color': '33/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'] = { metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'] = {
'title': _('IKE out phase 2 exchanges invalid'), 'title': _('IKE out phase 2 exchanges invalid'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[12], 'color': '43/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgRejects'] = { metric_info['cisco_vpn_tunnel_cikeTunInP2ExchgRejects'] = {
'title': _('IKE in phase 2 exchanges rejected'), 'title': _('IKE in phase 2 exchanges rejected'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[13], 'color': '14/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'] = { metric_info['cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'] = {
'title': _('IKE out phase 2 exchanges rejected'), 'title': _('IKE out phase 2 exchanges rejected'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[14], 'color': '24/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunInP2SaDelRequests'] = { metric_info['cisco_vpn_tunnel_cikeTunInP2SaDelRequests'] = {
'title': _('IKE in phase 2 SA delete requests'), 'title': _('IKE in phase 2 SA delete requests'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[15], 'color': '34/a',
} }
metric_info['cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'] = { metric_info['cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'] = {
'title': _('IKE out phase 2 SA delete requests'), 'title': _('IKE out phase 2 SA delete requests'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_a[16], 'color': '44/a',
} }
# IPSec counter # IPSec counter
metric_info['cisco_vpn_tunnel_cipSecTunActiveTime'] = { metric_info['cisco_vpn_tunnel_cipSecTunActiveTime'] = {
'title': _('IPSec active time'), 'title': _('IPSec active time'),
'help': _(''), 'help': _(''),
'unit': 's', 'unit': 's',
'color': colors_b[0], 'color': '26/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunHcInOctets'] = { metric_info['cisco_vpn_tunnel_cipSecTunHcInOctets'] = {
'title': _('IPSec Bytes in'), 'title': _('IPSec Bytes in'),
'help': _(''), 'help': _(''),
'unit': 'bytes/s', 'unit': 'bytes/s',
'color': colors_b[1], 'color': '11/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunHcOutOctets'] = { metric_info['cisco_vpn_tunnel_cipSecTunHcOutOctets'] = {
'title': _('IPSec Bytes out'), 'title': _('IPSec Bytes out'),
'help': _(''), 'help': _(''),
'unit': 'bytes/s', 'unit': 'bytes/s',
'color': colors_b[2], 'color': '21/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInPkts'] = { metric_info['cisco_vpn_tunnel_cipSecTunInPkts'] = {
'title': _('IPSec packets in'), 'title': _('IPSec packets in'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[3], 'color': '31/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutPkts'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutPkts'] = {
'title': _('IPSec packets out'), 'title': _('IPSec packets out'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[4], 'color': '41/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInDropPkts'] = { metric_info['cisco_vpn_tunnel_cipSecTunInDropPkts'] = {
'title': _('IPSec packets dropped in'), 'title': _('IPSec packets dropped in'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[5], 'color': '11/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutDropPkts'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutDropPkts'] = {
'title': _('IPSec packets dropped out'), 'title': _('IPSec packets dropped out'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[6], 'color': '21/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunHcInDecompOctets'] = { metric_info['cisco_vpn_tunnel_cipSecTunHcInDecompOctets'] = {
'title': _('IPSec in decompressed octets'), 'title': _('IPSec in decompressed octets'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[7], 'color': '32/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'] = { metric_info['cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'] = {
'title': _('IPSec out compressed octets'), 'title': _('IPSec out compressed octets'),
'help': _(''), 'help': _(''),
'unit': '1/s', 'unit': '1/s',
'color': colors_b[8], 'color': '41/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInAuths'] = { metric_info['cisco_vpn_tunnel_cipSecTunInAuths'] = {
'title': _('IPSec in authentication\'s'), 'title': _('IPSec in authentication\'s'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[9], 'color': '13/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutAuths'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutAuths'] = {
'title': _('IPSec out authentication\'s'), 'title': _('IPSec out authentication\'s'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[10], 'color': '23/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInAuthFails'] = { metric_info['cisco_vpn_tunnel_cipSecTunInAuthFails'] = {
'title': _('IPSec in authentication\'s failed'), 'title': _('IPSec in authentication\'s failed'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[11], 'color': '33/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutAuthFails'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutAuthFails'] = {
'title': _('IPSec out authentication\'s failed'), 'title': _('IPSec out authentication\'s failed'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[12], 'color': '43/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInDecrypts'] = { metric_info['cisco_vpn_tunnel_cipSecTunInDecrypts'] = {
'title': _('IPSec in decryption\'s'), 'title': _('IPSec in decryption\'s'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[13], 'color': '15/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutEncrypts'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutEncrypts'] = {
'title': _('IPSec out encryption\'s'), 'title': _('IPSec out encryption\'s'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[14], 'color': '25/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInDecryptFails'] = { metric_info['cisco_vpn_tunnel_cipSecTunInDecryptFails'] = {
'title': _('IPSec in decryption\'s failed'), 'title': _('IPSec in decryption\'s failed'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[15], 'color': '35/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunOutEncryptFails'] = { metric_info['cisco_vpn_tunnel_cipSecTunOutEncryptFails'] = {
'title': _('IPSec out encryption\'s failed'), 'title': _('IPSec out encryption\'s failed'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[16], 'color': '45/b',
} }
metric_info['cisco_vpn_tunnel_cipSecTunInReplayDropPkts'] = { metric_info['cisco_vpn_tunnel_cipSecTunInReplayDropPkts'] = {
'title': _('IPSec in replay packets dropped'), 'title': _('IPSec in replay packets dropped'),
'help': _(''), 'help': _(''),
'unit': 'count', 'unit': 'count',
'color': colors_b[17], 'color': '16/b',
}
######################################################################################################################
#
# map bgp peer perfdata to metric, not really necessary but makes sure to use the right metrics
#
######################################################################################################################
check_metrics['check_mk-cisco_vpn_tunnel'] = {
'cikeTunInOctets': {'name': 'cisco_vpn_tunnel_cikeTunInOctets'},
'cikeTunOutOctets': {'name': 'cisco_vpn_tunnel_cikeTunOutOctets'},
'cikeTunInPkts': {'name': 'cisco_vpn_tunnel_cikeTunInPkts'},
'cikeTunOutPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutPkts'},
'cikeTunInDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunInDropPkts'},
'cikeTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cikeTunOutDropPkts'},
'cikeTunInNotifys': {'name': 'cisco_vpn_tunnel_cikeTunInNotifys'},
'cikeTunOutNotifys': {'name': 'cisco_vpn_tunnel_cikeTunOutNotifys'},
'cikeTunInP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunInP2Exchgs', 'auto_graph' : False},
'cikeTunOutP2Exchgs': {'name': 'cisco_vpn_tunnel_cikeTunOutP2Exchgs'},
'cikeTunInP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgInvalids'},
'cikeTunOutP2ExchgInvalids': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids'},
'cikeTunInP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunInP2ExchgRejects'},
'cikeTunOutP2ExchgRejects': {'name': 'cisco_vpn_tunnel_cikeTunOutP2ExchgRejects'},
'cikeTunInP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunInP2SaDelRequests'},
'cikeTunOutP2SaDelRequests': {'name': 'cisco_vpn_tunnel_cikeTunOutP2SaDelRequests'},
'cikeTunActiveTime': {'name': 'cisco_vpn_tunnel_cikeTunActiveTime'},
'cipSecTunHcInOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInOctets'},
'cipSecTunHcOutOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutOctets'},
'cipSecTunHcInDecompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcInDecompOctets'},
'cipSecTunHcOutUncompOctets': {'name': 'cisco_vpn_tunnel_cipSecTunHcOutUncompOctets'},
'cipSecTunInPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInPkts'},
'cipSecTunOutPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutPkts'},
'cipSecTunInDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInDropPkts'},
'cipSecTunOutDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunOutDropPkts'},
'cipSecTunInAuths': {'name': 'cisco_vpn_tunnel_cipSecTunInAuths'},
'cipSecTunOutAuths': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuths'},
'cipSecTunInAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunInAuthFails'},
'cipSecTunOutAuthFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutAuthFails'},
'cipSecTunInDecrypts': {'name': 'cisco_vpn_tunnel_cipSecTunInDecrypts'},
'cipSecTunOutEncrypts': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncrypts'},
'cipSecTunInDecryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunInDecryptFails'},
'cipSecTunOutEncryptFails': {'name': 'cisco_vpn_tunnel_cipSecTunOutEncryptFails'},
'cipSecTunInReplayDropPkts': {'name': 'cisco_vpn_tunnel_cipSecTunInReplayDropPkts'},
'cipSecTunActiveTime': {'name': 'cisco_vpn_tunnel_cipSecTunActiveTime'},
} }
###################################################################################################################### ######################################################################################################################
...@@ -333,20 +248,20 @@ check_metrics['check_mk-cisco_vpn_tunnel'] = { ...@@ -333,20 +248,20 @@ check_metrics['check_mk-cisco_vpn_tunnel'] = {
###################################################################################################################### ######################################################################################################################
graph_info.append({ graph_info['cisco_vpn_tunnel_ike_uptime'] = {
'title': _('IKE active time'), 'title': _('IKE active time'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cikeTunActiveTime', 'area'), ('cisco_vpn_tunnel_cikeTunActiveTime', 'area'),
], ],
}) }
graph_info.append({ graph_info['cisco_vpn_tunnel_ike_octets'] = {
'title': _('IKE Bytes/s'), 'title': _('IKE Bytes/s'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cikeTunOutOctets', '-area'), ('cisco_vpn_tunnel_cikeTunOutOctets', '-area'),
('cisco_vpn_tunnel_cikeTunInOctets', 'area'), ('cisco_vpn_tunnel_cikeTunInOctets', 'area'),
], ],
}) }
graph_info.append({ graph_info['cisco_vpn_tunnel_ike_packets'] = {
'title': _('IKE packets/s'), 'title': _('IKE packets/s'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cikeTunOutDropPkts', '-line'), ('cisco_vpn_tunnel_cikeTunOutDropPkts', '-line'),
...@@ -354,45 +269,22 @@ graph_info.append({ ...@@ -354,45 +269,22 @@ graph_info.append({
('cisco_vpn_tunnel_cikeTunOutPkts', '-line'), ('cisco_vpn_tunnel_cikeTunOutPkts', '-line'),
('cisco_vpn_tunnel_cikeTunInPkts', 'line'), ('cisco_vpn_tunnel_cikeTunInPkts', 'line'),
], ],
}) }
# graph_info.append({
# 'title': _('IKE in data'),
# 'metrics': [
# ('cisco_vpn_tunnel_cikeTunInNotifys', 'line'),
# # ('cisco_vpn_tunnel_cikeTunInP2Exchgs', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2ExchgInvalids', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2ExchgRejects', 'line'),
# ('cisco_vpn_tunnel_cikeTunInP2SaDelRequests', 'line'),
# ],
# })
#
# graph_info.append({
# 'title': _('IKE out data'),
# 'metrics': [
#
# ('cisco_vpn_tunnel_cikeTunOutNotifys', '-line'),
# # ('cisco_vpn_tunnel_cikeTunOutP2Exchgs', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2ExchgInvalids', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2ExchgRejects', '-line'),
# ('cisco_vpn_tunnel_cikeTunOutP2SaDelRequests', '-line'),
# ],
# })
graph_info.append({ graph_info['cisco_vpn_tunnel_ipsec_uptime'] = {
'title': _('IPSec active time'), 'title': _('IPSec active time'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cipSecTunActiveTime', 'area'), ('cisco_vpn_tunnel_cipSecTunActiveTime', 'area'),
], ],
}) }
graph_info.append({ graph_info['cisco_vpn_tunnel_ipsec_octets'] = {
'title': _('IPSec Bytes/s'), 'title': _('IPSec Bytes/s'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cipSecTunHcOutOctets', '-area'), ('cisco_vpn_tunnel_cipSecTunHcOutOctets', '-area'),
('cisco_vpn_tunnel_cipSecTunHcInOctets', 'area'), ('cisco_vpn_tunnel_cipSecTunHcInOctets', 'area'),
], ],
}) }
graph_info.append({ graph_info['cisco_vpn_tunnel_pckets'] = {
'title': _('IPSec packets/s'), 'title': _('IPSec packets/s'),
'metrics': [ 'metrics': [
('cisco_vpn_tunnel_cipSecTunOutDropPkts', '-stack'), ('cisco_vpn_tunnel_cipSecTunOutDropPkts', '-stack'),
...@@ -400,31 +292,7 @@ graph_info.append({ ...@@ -400,31 +292,7 @@ graph_info.append({
('cisco_vpn_tunnel_cipSecTunOutPkts', '-stack'), ('cisco_vpn_tunnel_cipSecTunOutPkts', '-stack'),
('cisco_vpn_tunnel_cipSecTunInPkts', 'stack'), ('cisco_vpn_tunnel_cipSecTunInPkts', 'stack'),
], ],
}) }
# graph_info.append({
# 'title': _('IPSec in data'),
# 'metrics': [
# # ('cisco_vpn_tunnel_cipSecTunHcInDecompOctets', 'line'),
# # ('cisco_vpn_tunnel_cipSecTunInAuths', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInAuthFails', 'line'),
# # ('cisco_vpn_tunnel_cipSecTunInDecrypts', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInDecryptFails', 'line'),
# ('cisco_vpn_tunnel_cipSecTunInReplayDropPkts', 'line'),
# ],
# })
#
# graph_info.append({
# 'title': _('IPSec out data'),
# 'metrics': [
# # ('cisco_vpn_tunnel_cipSecTunHcOutUncompOctets', '-line'),
# # ('cisco_vpn_tunnel_cipSecTunOutAuths', '-line'),
# ('cisco_vpn_tunnel_cipSecTunOutAuthFails', '-line'),
# # ('cisco_vpn_tunnel_cipSecTunOutEncrypts', '-line'),
# ('cisco_vpn_tunnel_cipSecTunOutEncryptFails', '-line'),
# ],
# })
###################################################################################################################### ######################################################################################################################
# #
......
web/plugins/wato/cisco_vpn_tunnel.py
+ 73
20
View file @ cb3684af
#!/usr/bin/python #!/usr/bin/env python3
# -*- encoding: utf-8; py-indent-offset: 4 -*- # -*- coding: utf-8 -*-
#
register_check_parameters( # License: GNU General Public License v2
subgroup_networking,
'vpn_tunnel', # Author: thl-cmk[at]outlook[dot]com
_('VPN Tunnel'), # URL : https://thl-cmk.hopto.org
Dictionary( # Date : 2017-12-28
from cmk.gui.i18n import _
from cmk.gui.valuespec import (
Dictionary,
TextAscii,
Tuple,
MonitoringState,
ListOf,
IPv4Address,
TextUnicode,
FixedValue,
)
from cmk.gui.plugins.wato import (
CheckParameterRulespecWithItem,
rulespec_registry,
RulespecGroupCheckParametersNetworking,
RulespecGroupCheckParametersDiscovery,
HostRulespec,
)
def _parameter_valuespec_cisco_vpn_tunnel():
return Dictionary(
elements=[ elements=[
('tunnels', ('tunnels',
ListOf( ListOf(
Tuple( Tuple(
title=('VPN Tunnel Endpoints'), title=_('VPN Tunnel Endpoints'),
elements=[ elements=[
IPv4Address( IPv4Address(
title=_('Peer IP-Address'), title=_('Peer IP-Address'),
help=_('The configured value must match a tunnel reported by the monitored ' help=_('The configured value must match a tunnel reported by the monitored '
'device.'), 'device.'),
allow_empty=False,
), ),
TextUnicode( TextUnicode(
title=_('Tunnel Alias'), title=_('Tunnel Alias'),
...@@ -28,7 +51,7 @@ register_check_parameters( ...@@ -28,7 +51,7 @@ register_check_parameters(
title=_('State if tunnel is not found'), title=_('State if tunnel is not found'),
), ),
MonitoringState( MonitoringState(
default_value=2, default_value=1,
title=_('State if tunnel has no active IPSec SA'), title=_('State if tunnel has no active IPSec SA'),
), ),
]), ]),
...@@ -41,19 +64,49 @@ register_check_parameters( ...@@ -41,19 +64,49 @@ register_check_parameters(
title=_('Default state to report when tunnel can not be found anymore'), title=_('Default state to report when tunnel can not be found anymore'),
help=_('Default state if a tunnel, which is not listed above in this rule, ' help=_('Default state if a tunnel, which is not listed above in this rule, '
'can no longer be found.'), 'can no longer be found.'),
default_value=3, default_value=2,
), )),
),
('missing_ipsec_sa_state', ('missing_ipsec_sa_state',
MonitoringState( MonitoringState(
title=_('Default state to report when tunnel has no active IPSec SA'), title=_('Default state to report when tunnel has no active IPSec SA'),
help=_('Default state if a tunnel, which is not listed above in this rule, ' help=_('Default state if a tunnel, which is not listed above in this rule, '
'has no active IPSec SA.'), 'has no active IPSec SA.'),
default_value=1, default_value=1,
), )),
),
], ],
), )
TextAscii(title=_('IP-Address of Tunnel Endpoint')),
match_type='dict',
) rulespec_registry.register(
CheckParameterRulespecWithItem(
check_group_name='cisco_vpn_tunnel',
group=RulespecGroupCheckParametersNetworking,
item_spec=lambda: TextAscii(title=_('IP-Address of Tunnel Endpoint'), ),
match_type='dict',
parameter_valuespec=_parameter_valuespec_cisco_vpn_tunnel,
title=lambda: _('Cisco VPN Tunnel'),
))
def _valuespec_discovery_cisco_vpn_tunnel():
return Dictionary(
title=_("VPN Tunnel discovery"),
elements=[(
'discover_aggressive_mode',
FixedValue(
True,
default_value=False,
title=_('Discover aggressive mode VPN Tunnel'),
totext=_('Discover aggressive mode VPN Tunnel'),
),
)],
)
rulespec_registry.register(
HostRulespec(
group=RulespecGroupCheckParametersDiscovery,
match_type="dict",
name="discovery_cisco_vpn_tunnel",
valuespec=_valuespec_discovery_cisco_vpn_tunnel,
))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com