Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit dbe7673c authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

update project

parent cb3684af
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
agent_based/cisco_vpn_tunnel.py
+ 11
4
View file @ dbe7673c
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
# 2018-02-16: readded tunnel alias # 2018-02-16: readded tunnel alias
# 2018-07-11: added parameter for missing IPSec SA, changed 'parsed' to use peer ip as index # 2018-07-11: added parameter for missing IPSec SA, changed 'parsed' to use peer ip as index
# 2021-08-03: rewritten for CMK 2.0 # 2021-08-03: rewritten for CMK 2.0
# 2021-11-03: fix negative vpn active tine
# #
# snmpwalk sample # snmpwalk sample
# #
...@@ -117,6 +118,7 @@ def _tunnelstatus(st: int) -> str: ...@@ -117,6 +118,7 @@ def _tunnelstatus(st: int) -> str:
def _cisco_vpn_tunnel_render_ipv4_address(bytestring): def _cisco_vpn_tunnel_render_ipv4_address(bytestring):
return '.'.join([f'{ord(m)}' for m in bytestring]) return '.'.join([f'{ord(m)}' for m in bytestring])
########################################################################### ###########################################################################
# #
# DATA Parser function # DATA Parser function
...@@ -132,7 +134,7 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]: ...@@ -132,7 +134,7 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]:
# summarize IPSec SAs, ASSUMPTION: except for counters all SA attributes are identical per IKE index # summarize IPSec SAs, ASSUMPTION: except for counters all SA attributes are identical per IKE index
for ike_tunnel_index, ike_tunnel_alive, active_time, hc_in_octets, in_pkts, in_drop_pkts, hc_out_octets, \ for ike_tunnel_index, ike_tunnel_alive, active_time, hc_in_octets, in_pkts, in_drop_pkts, hc_out_octets, \
out_pkts, out_drop_pkts in ipsec_tunnel_entry: out_pkts, out_drop_pkts in ipsec_tunnel_entry:
if ike_tunnel_index.isdigit(): if ike_tunnel_index.isdigit():
ipsec_sa = ipsec_sa_summary.setdefault( ipsec_sa = ipsec_sa_summary.setdefault(
ike_tunnel_index, ike_tunnel_index,
...@@ -154,7 +156,6 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]: ...@@ -154,7 +156,6 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]:
nego_mode in ike_tunnel_entry: nego_mode in ike_tunnel_entry:
if index.isdigit(): if index.isdigit():
# if int(nego_mode) == 2: # drop agressive mode tunnel, likely Remote Access
remote_addr = _cisco_vpn_tunnel_render_ipv4_address(remote_addr) remote_addr = _cisco_vpn_tunnel_render_ipv4_address(remote_addr)
if remote_addr.split('.') != 4: if remote_addr.split('.') != 4:
remote_addr = remote_value remote_addr = remote_value
...@@ -183,6 +184,7 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]: ...@@ -183,6 +184,7 @@ def parse_cisco_vpn_tunnel(string_table: List[StringTable]) -> Dict[str, IkeSa]:
return vpntunnel return vpntunnel
########################################################################### ###########################################################################
# #
# Inventory function # Inventory function
...@@ -222,6 +224,10 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu ...@@ -222,6 +224,10 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu
yield Result(state=State(tunnel_not_found_state), summary='VPN Tunnel not found in SNMP data') yield Result(state=State(tunnel_not_found_state), summary='VPN Tunnel not found in SNMP data')
return return
# check if tunnel lifetime < 0, happens on asa failover
if tunnel.active_time < 0:
tunnel.active_time = tunnel.active_time * -1
yield from check_levels( yield from check_levels(
value=tunnel.active_time, value=tunnel.active_time,
label='IKE uptime', label='IKE uptime',
...@@ -250,7 +256,7 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu ...@@ -250,7 +256,7 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu
]: ]:
try: try:
value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}', now_time, value, raise_overflow=False) value = get_rate(value_store, f'cisco_vpn_tunnel.{key}.{rate_item}', now_time, value, raise_overflow=False)
except GetRateError: except GetRateError:
raise_ingore_res = True raise_ingore_res = True
value = 0 value = 0
...@@ -308,6 +314,7 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu ...@@ -308,6 +314,7 @@ def check_cisco_vpn_tunnel(item, params, section: Dict[str, IkeSa]) -> CheckResu
else: else:
yield Result(state=State(missing_ipsec_sa_state), notice='No IPSec sa found') yield Result(state=State(missing_ipsec_sa_state), notice='No IPSec sa found')
########################################################################### ###########################################################################
# #
# Check info # Check info
...@@ -373,7 +380,7 @@ register.check_plugin( ...@@ -373,7 +380,7 @@ register.check_plugin(
}, },
check_function=check_cisco_vpn_tunnel, check_function=check_cisco_vpn_tunnel,
check_default_parameters={ check_default_parameters={
'state': 3, # default state for tunnel not found 'state': 3, # default state for tunnel not found
'missing_ipsec_sa_state': 1, 'missing_ipsec_sa_state': 1,
'tunnels': [], # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>) 'tunnels': [], # list of tunnel specific not found states ('<ip-address>', '<alias>', <state>)
}, },
......
cisco_vpn_tunnel.mkp
+ 0
0
View file @ dbe7673c
No preview for this file type
packages/cisco_vpn_tunnel
+ 2
2
View file @ dbe7673c
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
'name': 'cisco_vpn_tunnel', 'name': 'cisco_vpn_tunnel',
'num_files': 3, 'num_files': 3,
'title': 'Monitor Cisco VPN Tunnel', 'title': 'Monitor Cisco VPN Tunnel',
'version': '20210803v.0.2', 'version': '20210803.v0.2',
'version.min_required': '2.0.0', 'version.min_required': '2.0.0',
'version.packaged': '2021.07.14', 'version.packaged': '2021.09.20',
'version.usable_until': None} 'version.usable_until': None}
\ No newline at end of file
web/plugins/wato/cisco_vpn_tunnel.py
+ 3
3
View file @ dbe7673c
...@@ -90,7 +90,7 @@ rulespec_registry.register( ...@@ -90,7 +90,7 @@ rulespec_registry.register(
def _valuespec_discovery_cisco_vpn_tunnel(): def _valuespec_discovery_cisco_vpn_tunnel():
return Dictionary( return Dictionary(
title=_("VPN Tunnel discovery"), title=_('VPN Tunnel discovery'),
elements=[( elements=[(
'discover_aggressive_mode', 'discover_aggressive_mode',
FixedValue( FixedValue(
...@@ -106,7 +106,7 @@ def _valuespec_discovery_cisco_vpn_tunnel(): ...@@ -106,7 +106,7 @@ def _valuespec_discovery_cisco_vpn_tunnel():
rulespec_registry.register( rulespec_registry.register(
HostRulespec( HostRulespec(
group=RulespecGroupCheckParametersDiscovery, group=RulespecGroupCheckParametersDiscovery,
match_type="dict", match_type='dict',
name="discovery_cisco_vpn_tunnel", name='discovery_cisco_vpn_tunnel',
valuespec=_valuespec_discovery_cisco_vpn_tunnel, valuespec=_valuespec_discovery_cisco_vpn_tunnel,
)) ))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com