change vpn to ipsec mode for palo alto ssh
This commit is contained in:
parent
34375afa20
commit
04f358ee84
|
@ -18,7 +18,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
package network::paloalto::ssh::mode::vpn;
|
package network::paloalto::ssh::mode::ipsec;
|
||||||
|
|
||||||
use base qw(centreon::plugins::templates::counter);
|
use base qw(centreon::plugins::templates::counter);
|
||||||
|
|
||||||
|
@ -30,12 +30,12 @@ use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold
|
||||||
sub custom_status_output {
|
sub custom_status_output {
|
||||||
my ($self, %options) = @_;
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
my $msg = sprintf(
|
return sprintf(
|
||||||
'state: %s [type: %s]',
|
'state: %s [monitor status: %s][ike phase1 state: %s]',
|
||||||
$self->{result_values}->{state},
|
$self->{result_values}->{state},
|
||||||
$self->{result_values}->{type}
|
$self->{result_values}->{monitor_status},
|
||||||
|
$self->{result_values}->{ike_phase1_state}
|
||||||
);
|
);
|
||||||
return $msg;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub set_counters {
|
sub set_counters {
|
||||||
|
@ -43,36 +43,39 @@ sub set_counters {
|
||||||
|
|
||||||
$self->{maps_counters_type} = [
|
$self->{maps_counters_type} = [
|
||||||
{ name => 'global', type => 0 },
|
{ name => 'global', type => 0 },
|
||||||
{ name => 'vpn', type => 1, cb_prefix_output => 'prefix_vpn_output', message_multiple => 'All vpn are ok', skipped_code => { -10 => 1 } },
|
{ name => 'tunnels', type => 1, cb_prefix_output => 'prefix_ipsec_output', message_multiple => 'All ipsec tunnels are ok', skipped_code => { -10 => 1 } },
|
||||||
];
|
];
|
||||||
|
|
||||||
$self->{maps_counters}->{global} = [
|
$self->{maps_counters}->{global} = [
|
||||||
{ label => 'total-ipsec', nlabel => 'vpn.total.ipsec.count', display_ok => 0, set => {
|
{ label => 'ipsec-total', nlabel => 'tunnels.ipsec.total.count', display_ok => 0, set => {
|
||||||
key_values => [ { name => 'total_ipsec' } ],
|
key_values => [ { name => 'total_ipsec' } ],
|
||||||
output_template => 'total ipsec vpn: %s',
|
output_template => 'total ipsec tunnels: %s',
|
||||||
perfdatas => [
|
perfdatas => [
|
||||||
{ value => 'total_ipsec_absolute', template => '%s', min => 0 },
|
{ value => 'total_ipsec_absolute', template => '%s', min => 0 }
|
||||||
],
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
];
|
];
|
||||||
|
|
||||||
$self->{maps_counters}->{vpn} = [
|
$self->{maps_counters}->{tunnels} = [
|
||||||
{ label => 'status', threshold => 0, set => {
|
{ label => 'status', threshold => 0, set => {
|
||||||
key_values => [ { name => 'state' }, { name => 'type' }, { name => 'display' } ],
|
key_values => [
|
||||||
|
{ name => 'state' }, { name => 'ike_phase1_state' },
|
||||||
|
{ name => 'monitor_status' }, { name => 'display' }
|
||||||
|
],
|
||||||
closure_custom_calc => \&catalog_status_calc,
|
closure_custom_calc => \&catalog_status_calc,
|
||||||
closure_custom_output => $self->can('custom_status_output'),
|
closure_custom_output => $self->can('custom_status_output'),
|
||||||
closure_custom_perfdata => sub { return 0; },
|
closure_custom_perfdata => sub { return 0; },
|
||||||
closure_custom_threshold_check => \&catalog_status_threshold,
|
closure_custom_threshold_check => \&catalog_status_threshold
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
sub prefix_vpn_output {
|
sub prefix_ipsec_output {
|
||||||
my ($self, %options) = @_;
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
return "vpn '" . $options{instance_value}->{display} . "' ";
|
return "Tunnel ipsec '" . $options{instance_value}->{display} . "' ";
|
||||||
}
|
}
|
||||||
|
|
||||||
sub new {
|
sub new {
|
||||||
|
@ -83,7 +86,7 @@ sub new {
|
||||||
$options{options}->add_options(arguments => {
|
$options{options}->add_options(arguments => {
|
||||||
'unknown-status:s' => { name => 'unknown_status', default => '' },
|
'unknown-status:s' => { name => 'unknown_status', default => '' },
|
||||||
'warning-status:s' => { name => 'warning_status', default => '' },
|
'warning-status:s' => { name => 'warning_status', default => '' },
|
||||||
'critical-status:s' => { name => 'critical_status', default => '%{state} ne "active"' },
|
'critical-status:s' => { name => 'critical_status', default => '%{ike_phase1_state} eq "down" or %{state} ne "active"' }
|
||||||
});
|
});
|
||||||
|
|
||||||
return $self;
|
return $self;
|
||||||
|
@ -103,18 +106,26 @@ sub check_options {
|
||||||
sub manage_selection {
|
sub manage_selection {
|
||||||
my ($self, %options) = @_;
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
my $result = $options{custom}->execute_command(command => 'show vpn flow', ForceArray => ['entry']);
|
my $result = $options{custom}->execute_command(command => 'show vpn ike-sa', ForceArray => ['entry']);
|
||||||
|
|
||||||
$self->{global} = { total_ipsec => 0 };
|
$self->{global} = { total_ipsec => 0 };
|
||||||
$self->{vpn} = {};
|
$self->{tunnels} = {};
|
||||||
foreach (@{$result->{IPSec}->{entry}}) {
|
foreach (@{$result->{tunnels}}) {
|
||||||
$self->{vpn}->{$_->{name}} = {
|
$self->{tunnels}->{$_->{gwid}} = {
|
||||||
display => $_->{name},
|
display => $_->{name},
|
||||||
type => 'ipsec',
|
ike_phase1_state => defined($_->{created}) && $_->{created} ne '' ? 'up' : 'down',
|
||||||
state => $_->{state}
|
monitor_status => 'unknown', # could be 'up', 'down', 'off'
|
||||||
|
state => 'unknown'
|
||||||
};
|
};
|
||||||
|
|
||||||
$self->{global}->{total_ipsec}++;
|
$self->{global}->{total_ipsec}++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$result = $options{custom}->execute_command(command => 'show vpn flow', ForceArray => ['entry']);
|
||||||
|
foreach (@{$result->{IPSec}->{entry}}) {
|
||||||
|
$self->{tunnels}->{$_->{gwid}}->{state} = $_->{state};
|
||||||
|
$self->{tunnels}->{$_->{gwid}}->{monitor_status} = $_->{mon};
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
@ -123,29 +134,29 @@ __END__
|
||||||
|
|
||||||
=head1 MODE
|
=head1 MODE
|
||||||
|
|
||||||
Check vpn.
|
Check ipsec tunnels.
|
||||||
|
|
||||||
=over 8
|
=over 8
|
||||||
|
|
||||||
=item B<--unknown-status>
|
=item B<--unknown-status>
|
||||||
|
|
||||||
Set unknown threshold for status (Default: '').
|
Set unknown threshold for status.
|
||||||
Can used special variables like: %{state}, %{type}, %{display}
|
Can used special variables like: %{ike_phase1_state}, %{state}, %{monitor_status}, %{display}.
|
||||||
|
|
||||||
=item B<--warning-status>
|
=item B<--warning-status>
|
||||||
|
|
||||||
Set warning threshold for status (Default: '').
|
Set warning threshold for status.
|
||||||
Can used special variables like: %{state}, %{type}, %{display}
|
Can used special variables like: %{ike_phase1_state}, %{state}, %{monitor_status}, %{display}.
|
||||||
|
|
||||||
=item B<--critical-status>
|
=item B<--critical-status>
|
||||||
|
|
||||||
Set critical threshold for status (Default: '%{state} ne "active"').
|
Set critical threshold for status (Default: '%{ike_phase1_state} eq "down" or %{state} ne "active"').
|
||||||
Can used special variables like: %{state}, %{type}, %{display}
|
Can used special variables like: %{ike_phase1_state}, %{state}, %{monitor_status}, %{display}.
|
||||||
|
|
||||||
=item B<--warning-*> B<--critical-*>
|
=item B<--warning-*> B<--critical-*>
|
||||||
|
|
||||||
Thresholds.
|
Thresholds.
|
||||||
Can be: 'total-ipsec'.
|
Can be: 'ipsec-total'.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
|
@ -34,8 +34,8 @@ sub new {
|
||||||
'environment' => 'network::paloalto::ssh::mode::environment',
|
'environment' => 'network::paloalto::ssh::mode::environment',
|
||||||
'ha' => 'network::paloalto::ssh::mode::ha',
|
'ha' => 'network::paloalto::ssh::mode::ha',
|
||||||
'interfaces' => 'network::paloalto::ssh::mode::interfaces',
|
'interfaces' => 'network::paloalto::ssh::mode::interfaces',
|
||||||
'system' => 'network::paloalto::ssh::mode::system',
|
'ipsec' => 'network::paloalto::ssh::mode::ipsec',
|
||||||
'vpn' => 'network::paloalto::ssh::mode::vpn',
|
'system' => 'network::paloalto::ssh::mode::system'
|
||||||
);
|
);
|
||||||
|
|
||||||
$self->{custom_modes}{ssh} = 'network::paloalto::ssh::custom::cli';
|
$self->{custom_modes}{ssh} = 'network::paloalto::ssh::custom::cli';
|
||||||
|
|
Loading…
Reference in New Issue