#!/usr/bin/env perl ##################################### ##################################### ### ______ _ =) ### ### | ___ \ | | ### ### | |_/ / __ _ _ __ | | ### ### | / / _` || '_ \ | | ### ### | |\ \| (_| || | | || |____ ### ### \_| \_|\__,_||_| |_|\_____/ ### ##################################### ##################################### ## Original version written by ## ran.leibman@gmail.com ## Additionial checks code written ## by laurent.dufour@havas.com ## ## the following parameters has ## been tested against a PA5050 ## ## cpu|firmware|ha|model| ## sessions|udp_sessions|tcp_sessions ## |icmp_sessions ## ##################################### ##################################### use strict; use lib "/usr/lib/nagios/plugins/"; use Net::SNMP; my $stat; my $msg; my $perf; my $script_name = "check-paloalto-A500.pl"; my $script_version = 1.1; ### SNMP OIDs ############### my $s_cpu_mgmt = '.'; my $s_cpu_data = '.'; my $s_firmware = '.'; my $s_firmware_version = '.'; my $s_ha_mode = '.'; my $s_ha_local_state = '.'; my $s_ha_peer_state = '.'; my $s_pa_model = '.'; my $s_pa_max_sessions = '.'; my $s_pa_total_active_sessions = '.'; my $s_pa_total_tcp_active_sessions = '.'; my $s_pa_total_udp_active_sessions = '.'; my $s_pa_total_icmp_active_sessions = '.'; my $s_mgmt_max_mem = '.'; my $s_mgmt_used_mem = '.'; ### Functions ############### sub _create_session { my ($server, $comm) = @_; my $snmp_version = 2; my ($sess, $err) = Net::SNMP->session( -hostname => $server, -version => $snmp_version, -community => $comm); if (!defined($sess)) { print "Can't create SNMP session to $server\n"; exit(1); } return $sess; } sub FSyntaxError { print "Syntax Error !\n"; # print "$0 -H [ip|dnsname] -C [snmp community] -t [temp|fan|ps|cpu|mem|module|freeint|firmware|ha|model|sessions|udp_sessions|tcp_sessions|icmp_sessions] -w [warning value] -c [critical value] -d [days]\n"; print "$script_name\n"; print "Version : $script_version\n"; print "-H = Ip/Dns Name of the FW\n"; print "-C = SNMP Community\n"; print "-t = Check type (currently only cpu/firmware/model/ha/sessions/icmp_sessions/tcp_sessions/udp_sessions/mgmt_used_mem)\n"; print "-w = Warning Value\n"; print "-c = Critical Value\n"; exit(3); } if($#ARGV != 9) { FSyntaxError; } ### Gather input from user ############################# my $switch; my $community; my $check_type; my $warn = 0; my $crit = 0; my $int; while(@ARGV) { my $temp = shift(@ARGV); if("$temp" eq '-H') { $switch = shift(@ARGV); } elsif("$temp" eq '-C') { $community = shift(@ARGV); } elsif("$temp" eq '-t') { $check_type = shift(@ARGV); } elsif("$temp" eq '-w') { $warn = shift(@ARGV); } elsif("$temp" eq '-c') { $crit = shift(@ARGV); } else { FSyntaxError(); } } # Validate Warning if($warn > $crit) { print "Warning can't be larger then Critical: $warn > $crit\n"; FSyntaxError(); } # Establish SNMP Session our $snmp_session = _create_session($switch,$community); ### model ### if($check_type eq "model") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_model]); my $palo_model = "$R_firm->{$s_pa_model}"; $msg = "OK: Palo Alto $palo_model"; $perf=""; $stat = 0; } ### HA MODE ### elsif($check_type eq "ha") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_ha_mode]); my $ha_mode = "$R_firm->{$s_ha_mode}"; my $R_firm = $snmp_session->get_request(-varbindlist => [$s_ha_local_state]); my $ha_local_state = "$R_firm->{$s_ha_local_state}"; my $R_firm = $snmp_session->get_request(-varbindlist => [$s_ha_peer_state]); my $ha_peer_state = "$R_firm->{$s_ha_peer_state}"; $msg = "OK: High Availablity Mode: $ha_mode, Local: $ha_local_state, Peer: $ha_peer_state\n"; $perf=""; $stat = 0; } ### SESSIONS ### elsif($check_type eq "sessions") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_max_sessions]); my $pa_max_sessions = "$R_firm->{$s_pa_max_sessions}"; my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_total_active_sessions]); my $pa_total_active_sessions = "$R_firm->{$s_pa_total_active_sessions}"; $perf=" - Max Active Sessions : $pa_max_sessions"; if($pa_total_active_sessions > $crit ) { $msg = "CRITICAL: Total Active Sessions: $pa_total_active_sessions".$perf; $stat = 2; } elsif($pa_total_active_sessions > $warn ) { $msg = "WARNING: Total Active Sessions: $pa_total_active_sessions".$perf; $stat = 1; } else { $msg = "OK: Total Active Sessions: $pa_total_active_sessions".$perf; $stat = 0; } $perf=""; } ### TCP SESSIONS ### elsif($check_type eq "tcp_sessions") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_total_tcp_active_sessions]); my $pa_total_tcp_active_sessions = "$R_firm->{$s_pa_total_tcp_active_sessions}"; if($pa_total_tcp_active_sessions > $crit ) { $msg = "CRITICAL: TCP Active Sessions: $pa_total_tcp_active_sessions"; $stat = 2; } elsif($pa_total_tcp_active_sessions > $warn ) { $msg = "WARNING: TCP Active Sessions: $pa_total_tcp_active_sessions"; $stat = 1; } else { $msg = "OK: TCP Active Sessions: $pa_total_tcp_active_sessions"; $stat = 0; } $perf=""; } ### UDP SESSIONS ### elsif($check_type eq "udp_sessions") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_total_udp_active_sessions]); my $pa_total_udp_active_sessions = "$R_firm->{$s_pa_total_udp_active_sessions}"; if($pa_total_udp_active_sessions > $crit ) { $msg = "CRITICAL: UDP Active Sessions: $pa_total_udp_active_sessions"; $stat = 2; } elsif($pa_total_udp_active_sessions > $warn ) { $msg = "WARNING: UDP Active Sessions: $pa_total_udp_active_sessions"; $stat = 1; } else { $msg = "OK: UDP Active Sessions: $pa_total_udp_active_sessions"; $stat = 0; } $perf=""; } ### ICMP SESSIONS ### elsif($check_type eq "icmp_sessions") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_pa_total_icmp_active_sessions]); my $pa_total_icmp_active_sessions = "$R_firm->{$s_pa_total_icmp_active_sessions}"; if($pa_total_icmp_active_sessions > $crit ) { $msg = "CRITICAL: ICMP Active Sessions: $pa_total_icmp_active_sessions"; $stat = 2; } elsif($pa_total_icmp_active_sessions > $warn ) { $msg = "WARNING: ICMP Active Sessions: $pa_total_icmp_active_sessions"; $stat = 1; } else { $msg = "OK: ICMP Active Sessions: $pa_total_icmp_active_sessions"; $stat = 0; } $perf=""; } ### management used memory ### elsif($check_type eq "mgmt_used_mem") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_mgmt_used_mem]); my $mgmt_used_mem = "$R_firm->{$s_mgmt_used_mem}"; my $R_firm = $snmp_session->get_request(-varbindlist => [$s_mgmt_max_mem]); my $mgmt_max_mem = "$R_firm->{$s_mgmt_max_mem}"; if($mgmt_used_mem > $crit ) { $msg = "CRITICAL: Management Used Memory: $mgmt_used_mem"; $stat = 2; } elsif($mgmt_used_mem > $warn ) { $msg = "WARNING: Management Used Memory: $mgmt_used_mem"; $stat = 1; } else { $msg = "OK: Management Used Memory: $mgmt_used_mem"; $stat = 0; } $msg .= " - Max Management Memory: $mgmt_max_mem"; $perf=""; } ### firmware ### elsif($check_type eq "firmware") { my $R_firm = $snmp_session->get_request(-varbindlist => [$s_firmware_version]); my $palo_os_ver = "$R_firm->{$s_firmware_version}"; $msg = "OK: Firmware $palo_os_ver"; $perf=""; $stat = 0; } ### CPU ### elsif($check_type eq "cpu") { my $R_mgmt = $snmp_session->get_request(-varbindlist => [$s_cpu_mgmt]); my $mgmt = "$R_mgmt->{$s_cpu_mgmt}"; my $R_data = $snmp_session->get_request(-varbindlist => [$s_cpu_data]); my $data = "$R_data->{$s_cpu_data}"; if($mgmt > $crit or $data > $crit) { $msg = "CRITICAL: Mgmt: $mgmt, Data: $data"; $stat = 2; } elsif($mgmt > $warn or $data > $warn) { $msg = "WARNING: Mgmt: $mgmt, Data: $data"; $stat = 1; } else { $msg = "OK: Mgmt: $mgmt, Data: $data"; $stat = 0; } $perf = "mgmt=$mgmt;data=$data;$warn;$crit"; ### Bad Syntax ### } else { FSyntaxError(); } if ($perf eq "") { print "$msg\n"; } else { print "$msg | $perf\n"; } exit($stat);