diff --git a/check_snmp/check_snmp_cpfw.pl b/check_snmp/check_snmp_cpfw.pl index 2d740da..3297a6a 100755 --- a/check_snmp/check_snmp_cpfw.pl +++ b/check_snmp/check_snmp_cpfw.pl @@ -30,81 +30,81 @@ use utils qw(%ERRORS $TIMEOUT); ########### SNMP Datas ########### ###### FW data -my $policy_state = "1.3.6.1.4.1.2620.1.1.1.0"; # "Installed" -my $policy_name = "1.3.6.1.4.1.2620.1.1.2.0"; # Installed policy name -my $connections = "1.3.6.1.4.1.2620.1.1.25.3.0"; # number of connections -my $connectionsSR = "1.3.6.1.4.1.2620.1.1.26.11.6.0" ; # fwConnectionsStatConnectionRate aka connx/seg -my $connectionsPeak = "1.3.6.1.4.1.2620.1.1.25.4.0"; # peak number of connections -my @fw_checks = ($policy_state,$policy_name,$connections,$connectionsSR,$connectionsPeak); +my $policy_state = "1.3.6.1.4.1.2620.1.1.1.0"; # "Installed" +my $policy_name = "1.3.6.1.4.1.2620.1.1.2.0"; # Installed policy name +my $connections = "1.3.6.1.4.1.2620.1.1.25.3.0"; # number of connections +my $connectionsSR = "1.3.6.1.4.1.2620.1.1.26.11.6.0" ; # fwConnectionsStatConnectionRate aka connx/seg +my $connectionsPeak = "1.3.6.1.4.1.2620.1.1.25.4.0"; # peak number of connections +my @fw_checks = ($policy_state,$policy_name,$connections,$connectionsSR,$connectionsPeak); ###### SVN data -my $svn_status = "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status -my %svn_checks = ($svn_status,"OK"); -my %svn_checks_n = ($svn_status,"SVN status"); -my @svn_checks_oid = ($svn_status); +my $svn_status = "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status +my %svn_checks = ($svn_status,"OK"); +my %svn_checks_n = ($svn_status,"SVN status"); +my @svn_checks_oid = ($svn_status); ###### HA data -my $ha_active = "1.3.6.1.4.1.2620.1.5.5.0"; # "yes" -my $ha_state = "1.3.6.1.4.1.2620.1.5.6.0"; # "active" / "standby" -my $ha_block_state = "1.3.6.1.4.1.2620.1.5.7.0"; #"OK" : ha blocking state -my $ha_status = "1.3.6.1.4.1.2620.1.5.102.0"; # "OK" : ha status +my $ha_active = "1.3.6.1.4.1.2620.1.5.5.0"; # "yes" +my $ha_state = "1.3.6.1.4.1.2620.1.5.6.0"; # "active" / "standby" +my $ha_block_state = "1.3.6.1.4.1.2620.1.5.7.0"; #"OK" : ha blocking state +my $ha_status = "1.3.6.1.4.1.2620.1.5.102.0"; # "OK" : ha status -my %ha_checks =( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK"); -my %ha_checks_stand =( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK"); -my %ha_checks_n =( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status"); -my @ha_checks_oid =( $ha_active,$ha_state,$ha_block_state,$ha_status); +my %ha_checks =( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK"); +my %ha_checks_stand =( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK"); +my %ha_checks_n =( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status"); +my @ha_checks_oid =( $ha_active,$ha_state,$ha_block_state,$ha_status); -my $ha_mode = "1.3.6.1.4.1.2620.1.5.11.0"; # "Sync only"/"High Availability (Active Up)" : ha Working mode +my $ha_mode = "1.3.6.1.4.1.2620.1.5.11.0"; # "Sync only"/"High Availability (Active Up)" : ha Working mode -my $ha_tables = "1.3.6.1.4.1.2620.1.5.13.1"; # ha status table -my $ha_tables_index = ".1"; -my $ha_tables_name = ".2"; -my $ha_tables_state = ".3"; # "OK" -my $ha_tables_prbdesc = ".6"; # Description if state is != "OK" +my $ha_tables = "1.3.6.1.4.1.2620.1.5.13.1"; # ha status table +my $ha_tables_index = ".1"; +my $ha_tables_name = ".2"; +my $ha_tables_state = ".3"; # "OK" +my $ha_tables_prbdesc = ".6"; # Description if state is != "OK" -#my @ha_table_check = ("Synchronization","Filter","cphad","fwd"); # process to check +#my @ha_table_check = ("Synchronization","Filter","cphad","fwd"); # process to check ####### MGMT data -my $mgmt_status = "1.3.6.1.4.1.2620.1.7.5.0"; # "active" : management status -my $mgmt_alive = "1.3.6.1.4.1.2620.1.7.6.0"; # 1 : management is alive if 1 -my $mgmt_stat_desc = "1.3.6.1.4.1.2620.1.7.102.0"; # Management status description -my $mgmt_stats_desc_l = "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description +my $mgmt_status = "1.3.6.1.4.1.2620.1.7.5.0"; # "active" : management status +my $mgmt_alive = "1.3.6.1.4.1.2620.1.7.6.0"; # 1 : management is alive if 1 +my $mgmt_stat_desc = "1.3.6.1.4.1.2620.1.7.102.0"; # Management status description +my $mgmt_stats_desc_l = "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description -my %mgmt_checks = ($mgmt_status,"active",$mgmt_alive,"1"); -my %mgmt_checks_n = ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive"); -my @mgmt_checks_oid = ($mgmt_status,$mgmt_alive); +my %mgmt_checks = ($mgmt_status,"active",$mgmt_alive,"1"); +my %mgmt_checks_n = ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive"); +my @mgmt_checks_oid = ($mgmt_status,$mgmt_alive); #################################### Globals ##############################"" my $Version='1.2.1'; -my $o_host = undef; # hostname -my $o_community = undef; # community -my $o_version2 =undef; # Version 2 -my $o_port = 161; # port -my $o_help= undef; # wan't some help ? -my $o_verb= undef; # verbose mode -my $o_version= undef; # print version -my $o_timeout= 5; # Default 5s Timeout -my $o_warn= undef; # Warning for connections -my $o_crit= undef; # Crit for connections -my $o_svn= undef; # Check for SVN status -my $o_fw= undef; # Check for FW status -my $o_ha= undef; # Check for HA status -my $o_mgmt= undef; # Check for management status -my $o_policy= undef; # Check for policy name -my $o_conn= undef; # Check for connexions -my $o_perf= undef; # Performance data output +my $o_host = undef; # hostname +my $o_community = undef; # community +my $o_version2 =undef; # Version 2 +my $o_port = 161; # port +my $o_help= undef; # wan't some help ? +my $o_verb= undef; # verbose mode +my $o_version= undef; # print version +my $o_timeout= 5; # Default 5s Timeout +my $o_warn= undef; # Warning for connections +my $o_crit= undef; # Crit for connections +my $o_svn= undef; # Check for SVN status +my $o_fw= undef; # Check for FW status +my $o_ha= undef; # Check for HA status +my $o_mgmt= undef; # Check for management status +my $o_policy= undef; # Check for policy name +my $o_conn= undef; # Check for connexions +my $o_perf= undef; # Performance data output # SNMPv3 specific -my $o_login= undef; # Login for snmpv3 -my $o_passwd= undef; # Pass for snmpv3 -my $v3protocols=undef; # V3 protocol list. -my $o_authproto='md5'; # Auth protocol -my $o_privproto='des'; # Priv protocol -my $o_privpass= undef; # priv password +my $o_login= undef; # Login for snmpv3 +my $o_passwd= undef; # Pass for snmpv3 +my $v3protocols=undef; # V3 protocol list. +my $o_authproto='md5'; # Auth protocol +my $o_privproto='des'; # Priv protocol +my $o_privpass= undef; # priv password # functions @@ -173,69 +173,69 @@ sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; } sub check_options { Getopt::Long::Configure ("bundling"); GetOptions( - 'v' => \$o_verb, 'verbose' => \$o_verb, - 'h' => \$o_help, 'help' => \$o_help, - 'H:s' => \$o_host, 'hostname:s' => \$o_host, - 'P:i' => \$o_port, 'port:i' => \$o_port, - 'C:s' => \$o_community, 'community:s' => \$o_community, - '2' => \$o_version2, 'v2c' => \$o_version2, - 'l:s' => \$o_login, 'login:s' => \$o_login, - 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd, - 'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass, - 'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols, - 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, - 'V' => \$o_version, 'version' => \$o_version, - 's' => \$o_svn, 'svn' => \$o_svn, - 'w' => \$o_fw, 'fw' => \$o_fw, - 'a:s' => \$o_ha, 'ha:s' => \$o_ha, - 'm' => \$o_mgmt, 'mgmt' => \$o_mgmt, - 'p:s' => \$o_policy, 'policy:s' => \$o_policy, - 'c:s' => \$o_conn, 'connexions:s' => \$o_conn, - 'f' => \$o_perf, 'perfparse' => \$o_perf + 'v' => \$o_verb, 'verbose' => \$o_verb, + 'h' => \$o_help, 'help' => \$o_help, + 'H:s' => \$o_host, 'hostname:s' => \$o_host, + 'P:i' => \$o_port, 'port:i' => \$o_port, + 'C:s' => \$o_community, 'community:s' => \$o_community, + '2' => \$o_version2, 'v2c' => \$o_version2, + 'l:s' => \$o_login, 'login:s' => \$o_login, + 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd, + 'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass, + 'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols, + 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, + 'V' => \$o_version, 'version' => \$o_version, + 's' => \$o_svn, 'svn' => \$o_svn, + 'w' => \$o_fw, 'fw' => \$o_fw, + 'a:s' => \$o_ha, 'ha:s' => \$o_ha, + 'm' => \$o_mgmt, 'mgmt' => \$o_mgmt, + 'p:s' => \$o_policy, 'policy:s' => \$o_policy, + 'c:s' => \$o_conn, 'connexions:s' => \$o_conn, + 'f' => \$o_perf, 'perfparse' => \$o_perf ); if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}}; if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}}; if ( ! defined($o_host) ) # check host and filter - { print_usage(); exit $ERRORS{"UNKNOWN"}} + { print_usage(); exit $ERRORS{"UNKNOWN"}} # check snmp information if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) - { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) ) - { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - if (defined ($v3protocols)) { - if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - my @v3proto=split(/,/,$v3protocols); - if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0]; } # Auth protocol - if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv protocol - if ((defined ($v3proto[1])) && (!defined($o_privpass))) { - print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - } + { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) ) + { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + if (defined ($v3protocols)) { + if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + my @v3proto=split(/,/,$v3protocols); + if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0]; } # Auth protocol + if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv protocol + if ((defined ($v3proto[1])) && (!defined($o_privpass))) { + print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + } # Check firewall options if ( defined($o_conn)) { if ( ! defined($o_fw)) - { print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} my @warncrit=split(/,/ , $o_conn); if ( $#warncrit != 1 ) { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}} ($o_warn,$o_crit)=@warncrit; if ( isnnum($o_warn) || isnnum($o_crit) ) - { print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}} if ($o_warn >= $o_crit) - { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}} } if ( defined($o_policy)) { if (! defined($o_fw)) - { print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} if ($o_policy eq "") { print "Put a policy name !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} } if (defined($o_perf) && ! defined ($o_conn)) - { print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} if (!defined($o_fw) && !defined($o_ha) && !defined($o_mgmt) && !defined($o_svn)) - { print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} + { print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} if (defined ($o_ha) && ($o_ha ne "") && ($o_ha ne "standby")) - { print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} - + { print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}} + } ########## MAIN ####### @@ -264,49 +264,49 @@ if ( defined($o_login) && defined($o_passwd)) { if (!defined ($o_privpass)) { verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto"); ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => '3', - -username => $o_login, - -port => $o_port, - -authpassword => $o_passwd, - -authprotocol => $o_authproto, + -hostname => $o_host, + -version => '3', + -username => $o_login, + -port => $o_port, + -authpassword => $o_passwd, + -authprotocol => $o_authproto, -timeout => $o_timeout ); } else { verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto"); ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => '3', - -username => $o_login, - -port => $o_port, - -authpassword => $o_passwd, - -authprotocol => $o_authproto, - -privpassword => $o_privpass, - -privprotocol => $o_privproto, + -hostname => $o_host, + -version => '3', + -username => $o_login, + -port => $o_port, + -authpassword => $o_passwd, + -authprotocol => $o_authproto, + -privpassword => $o_privpass, + -privprotocol => $o_privproto, -timeout => $o_timeout ); } } else { - if (defined ($o_version2)) { - # SNMPv2 Login - verb("SNMP v2c login"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => 2, - -community => $o_community, - -port => $o_port, - -timeout => $o_timeout - ); - } else { - # SNMPV1 login - verb("SNMP v1 login"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -community => $o_community, - -port => $o_port, - -timeout => $o_timeout - ); - } + if (defined ($o_version2)) { + # SNMPv2 Login + verb("SNMP v2c login"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -version => 2, + -community => $o_community, + -port => $o_port, + -timeout => $o_timeout + ); + } else { + # SNMPV1 login + verb("SNMP v1 login"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -community => $o_community, + -port => $o_port, + -timeout => $o_timeout + ); + } } if (!defined($session)) { printf("ERROR opening session: %s.\n", $error); @@ -332,8 +332,8 @@ $resultat = $session->get_request( foreach $key ( keys %svn_checks) { verb("$svn_checks_n{$key} : $svn_checks{$key} / $$resultat{$key}"); if ( $$resultat{$key} ne $svn_checks{$key} ) { - $svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " "; - $svn_state=2; + $svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " "; + $svn_state=2; } } } else { @@ -410,20 +410,20 @@ if (defined ($o_fw)) { if (defined($o_policy)) { if ($$resultat{$policy_name} ne $o_policy) { - $fw_state=2; - $fw_print .= "Policy installed : $$resultat{$policy_name}"; + $fw_state=2; + $fw_print .= "Policy installed : $$resultat{$policy_name}"; } } if (defined($o_conn)) { if ($$resultat{$connections} > $o_crit) { - $fw_state=2; + $fw_state=2; $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_crit." "; } else { - if ($$resultat{$connections} > $o_warn) { - if ($fw_state!=2) {$fw_state=1;} - $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." "; - } + if ($$resultat{$connections} > $o_warn) { + if ($fw_state!=2) {$fw_state=1;} + $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." "; + } } $perf_conn=$$resultat{$connections}; $perf_connSR=$$resultat{$connectionsSR}; @@ -459,17 +459,17 @@ if (defined ($o_ha)) { verb("$ha_checks_n{$key} : $ha_checks{$key} / $$resultat{$key}"); if ( $o_ha eq "standby" ) { if ( $$resultat{$key} ne $ha_checks_stand{$key} ) { - $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; - $ha_state_n=2; + $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; + $ha_state_n=2; } } else { if ( $$resultat{$key} ne $ha_checks{$key} ) { - $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; - $ha_state_n=2; + $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; + $ha_state_n=2; } } } - #my $ha_mode = "1.3.6.1.4.1.2620.1.5.11.0"; # "Sync only" : ha Working mode + #my $ha_mode = "1.3.6.1.4.1.2620.1.5.11.0"; # "Sync only" : ha Working mode } else { $ha_print .= "cannot find oids"; #Critical state if not found because it means soft is not activated @@ -478,7 +478,7 @@ if (defined ($o_ha)) { # get ha status table $resultat = $session->get_table( - Baseoid => $ha_tables + Baseoid => $ha_tables ); my %status; my (@index,@oid) = (undef,undef); @@ -488,10 +488,10 @@ if (defined ($o_ha)) { if (defined($resultat)) { foreach $key ( keys %$resultat) { if ( $key =~ /$index_search/) { - @oid=split (/\./,$key); - pop(@oid); - $index[$nindex]=pop(@oid); - $nindex++; + @oid=split (/\./,$key); + pop(@oid); + $index[$nindex]=pop(@oid); + $nindex++; } } } else { @@ -514,10 +514,10 @@ if (defined ($o_ha)) { $key=$ha_tables . $ha_tables_state . "." . $index[$i] . ".0"; if (($status{$ha_soft_name} = $$resultat{$key}) ne "OK") { - $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0"; - $status{$ha_soft_name} = $$resultat{$key}; - $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " "; - $ha_state_n=2 + $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0"; + $status{$ha_soft_name} = $$resultat{$key}; + $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " "; + $ha_state_n=2 } verb ("$ha_soft_name : $status{$ha_soft_name}"); }