diff --git a/centreon/common/cisco/standard/snmp/mode/ipsectunnel.pm b/centreon/common/cisco/standard/snmp/mode/ipsectunnel.pm new file mode 100644 index 000000000..30700875a --- /dev/null +++ b/centreon/common/cisco/standard/snmp/mode/ipsectunnel.pm @@ -0,0 +1,363 @@ +# +# Copyright 2016 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package centreon::common::cisco::standard::snmp::mode::ipsectunnel; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use Digest::MD5 qw(md5_hex); +use Socket; + +my $instance_mode; + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0 }, + { name => 'tunnel', type => 1, cb_prefix_output => 'prefix_tunnel_output', message_multiple => 'All tunnels are ok' }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'tunnels-total', set => { + key_values => [ { name => 'total' } ], + output_template => 'Total Tunnels : %s', + perfdatas => [ + { label => 'total_tunnels', value => 'total_absolute', template => '%s', + min => 0 }, + ], + } + }, + ]; + $self->{maps_counters}->{tunnel} = [ + { label => 'traffic-in', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'In' }, + closure_custom_output => $self->can('custom_traffic_output'), + closure_custom_perfdata => $self->can('custom_traffic_perfdata'), + closure_custom_threshold_check => $self->can('custom_traffic_threshold'), + } + }, + { label => 'traffic-out', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'Out' }, + closure_custom_output => $self->can('custom_traffic_output'), + closure_custom_perfdata => $self->can('custom_traffic_perfdata'), + closure_custom_threshold_check => $self->can('custom_traffic_threshold'), + } + }, + { label => 'drop-in', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_drop_calc'), closure_custom_calc_extra_options => { label_ref => 'In' }, + closure_custom_output => $self->can('custom_drop_output'), + closure_custom_perfdata => $self->can('custom_drop_perfdata'), + closure_custom_threshold_check => $self->can('custom_drop_threshold'), + } + }, + { label => 'drop-out', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_drop_calc'), closure_custom_calc_extra_options => { label_ref => 'Out' }, + closure_custom_output => $self->can('custom_drop_output'), + closure_custom_perfdata => $self->can('custom_drop_perfdata'), + closure_custom_threshold_check => $self->can('custom_drop_threshold'), + } + }, + { label => 'sa-total', set => { + key_values => [ { name => 'sa' }, { name => 'display' } ], + output_template => 'Total SA : %s', + perfdatas => [ + { label => 'total_sa', value => 'sa_absolute', template => '%s', + min => 0, label_extra_instance => 1, instance_use => 'display_absolute' }, + ], + } + }, + ]; +} + +sub custom_traffic_perfdata { + my ($self, %options) = @_; + + my $extra_label = ''; + if (!defined($options{extra_instance}) || $options{extra_instance} != 0) { + $extra_label .= '_' . $self->{result_values}->{display}; + } + + my $warning = $self->{perfdata}->get_perfdata_for_output(label => 'warning-' . $self->{label}); + my $critical = $self->{perfdata}->get_perfdata_for_output(label => 'critical-' . $self->{label}); + + $self->{output}->perfdata_add(label => 'traffic_' . lc($self->{result_values}->{label}) . $extra_label, unit => 'b/s', + value => sprintf("%.2f", $self->{result_values}->{traffic_per_seconds}), + warning => $warning, + critical => $critical, + min => 0); +} + +sub custom_traffic_threshold { + my ($self, %options) = @_; + + my $exit = $self->{perfdata}->threshold_check(value => $self->{result_values}->{traffic_per_seconds}, threshold => [ { label => 'critical-' . $self->{label}, exit_litteral => 'critical' }, { label => 'warning-' . $self->{label}, exit_litteral => 'warning' } ]); + return $exit; +} + +sub custom_traffic_output { + my ($self, %options) = @_; + + my ($traffic_value, $traffic_unit) = $self->{perfdata}->change_bytes(value => $self->{result_values}->{traffic_per_seconds}, network => 1); + my $msg = sprintf("Traffic %s : %s/s", + $self->{result_values}->{label}, + $traffic_value . $traffic_unit); + return $msg; +} + +sub custom_traffic_calc { + my ($self, %options) = @_; + + my $total_bytes = 0; + foreach (keys %{$options{new_datas}}) { + if (/$self->{instance}_cipSecTun$options{extra_options}->{label_ref}Octets_(\d+)/) { + my $new_bytes = $options{new_datas}->{$_}; + my $new_wraps = $options{new_datas}->{$self->{instance} . '_cipSecTun' . $options{extra_options}->{label_ref} . 'OctWraps_' . $1}; + next if (!defined($options{old_datas}->{$_})); + my ($old_bytes, $old_wraps) = ($options{old_datas}->{$_}, $options{old_datas}->{$self->{instance} . '_cipSecTun' . $options{extra_options}->{label_ref} . 'OctWraps_' . $1}); + + $total_bytes += $new_bytes - $old_bytes + (($new_wraps - $old_wraps) * (2**32)); + } + } + + $self->{result_values}->{display} = $options{new_datas}->{$self->{instance} . '_display'}; + $self->{result_values}->{traffic_per_seconds} = $total_bytes / $options{delta_time}; + $self->{result_values}->{label} = $options{extra_options}->{label_ref}; + + return 0; +} + +sub custom_drop_perfdata { + my ($self, %options) = @_; + + my $extra_label = ''; + if (!defined($options{extra_instance}) || $options{extra_instance} != 0) { + $extra_label .= '_' . $self->{result_values}->{display}; + } + + my $warning = $self->{perfdata}->get_perfdata_for_output(label => 'warning-' . $self->{label}); + my $critical = $self->{perfdata}->get_perfdata_for_output(label => 'critical-' . $self->{label}); + + $self->{output}->perfdata_add(label => 'drop_' . lc($self->{result_values}->{label}) . $extra_label, unit => 'pkts/s', + value => sprintf("%.2f", $self->{result_values}->{pkts_per_seconds}), + warning => $warning, + critical => $critical, + min => 0); +} + +sub custom_drop_threshold { + my ($self, %options) = @_; + + my $exit = $self->{perfdata}->threshold_check(value => $self->{result_values}->{pkts_per_seconds}, threshold => [ { label => 'critical-' . $self->{label}, exit_litteral => 'critical' }, { label => 'warning-' . $self->{label}, exit_litteral => 'warning' } ]); + return $exit; +} + +sub custom_drop_output { + my ($self, %options) = @_; + + my $msg = sprintf("Drop %s : %s pkts/s", + $self->{result_values}->{label}, $self->{result_values}->{pkts_per_seconds}); + return $msg; +} + +sub custom_drop_calc { + my ($self, %options) = @_; + + my $total_pkts = 0; + foreach (keys %{$options{new_datas}}) { + if (/$self->{instance}_cipSecTun$options{extra_options}->{label_ref}DropPkts_(\d+)/) { + my $new_pkts = $options{new_datas}->{$_}; + next if (!defined($options{old_datas}->{$_})); + my $old_pkts = $options{old_datas}->{$_}; + + $old_pkts = 0 if ($old_pkts > $new_pkts); + $total_pkts += $new_pkts - $old_pkts; + } + } + + $self->{result_values}->{display} = $options{new_datas}->{$self->{instance} . '_display'}; + $self->{result_values}->{pkts_per_seconds} = $total_pkts / $options{delta_time}; + $self->{result_values}->{label} = $options{extra_options}->{label_ref}; + + return 0; +} + +sub prefix_tunnel_output { + my ($self, %options) = @_; + + return "Tunnel '" . $options{instance_value}->{display} . "' "; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => + { + "filter-name:s" => { name => 'filter_name' }, + "filter-sa:s" => { name => 'filter_sa' }, + }); + + return $self; +} + +my $mapping = { + cikeTunLocalValue => { oid => '.1.3.6.1.4.1.9.9.171.1.2.3.1.3' }, + cikeTunRemoteValue => { oid => '.1.3.6.1.4.1.9.9.171.1.2.3.1.7' }, + cikeTunActiveTime => { oid => '.1.3.6.1.4.1.9.9.171.1.2.3.1.16' }, +}; +my $mapping2 = { + cipSecTunInOctets => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.26' }, + cipSecTunInOctWraps => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.28' }, + cipSecTunInDropPkts => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.33' }, + cipSecTunOutOctets => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.39' }, + cipSecTunOutOctWraps => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.41' }, + cipSecTunOutDropPkts => { oid => '.1.3.6.1.4.1.9.9.171.1.3.2.1.46' }, +}; +my $mapping3 = { + cipSecEndPtLocalAddr1 => { oid => '.1.3.6.1.4.1.9.9.171.1.3.3.1.4' }, + cipSecEndPtLocalAddr2 => { oid => '.1.3.6.1.4.1.9.9.171.1.3.3.1.5' }, + cipSecEndPtRemoteAddr1 => { oid => '.1.3.6.1.4.1.9.9.171.1.3.3.1.10' }, + cipSecEndPtRemoteAddr2 => { oid => '.1.3.6.1.4.1.9.9.171.1.3.3.1.11' }, +}; + +my $oid_cikeTunnelEntry = '.1.3.6.1.4.1.9.9.171.1.2.3.1'; +my $oid_cipSecTunnelEntry = '.1.3.6.1.4.1.9.9.171.1.3.2.1'; +my $oid_cipSecEndPtEntry = '.1.3.6.1.4.1.9.9.171.1.3.3.1'; +my $oid_cipSecTunIkeTunnelIndex = '.1.3.6.1.4.1.9.9.171.1.3.2.1.2'; + +sub manage_selection { + my ($self, %options) = @_; + + $self->{tunnel} = {}; + my $request_oids = [ + { oid => $oid_cikeTunnelEntry, end => $mapping->{cikeTunActiveTime}->{oid} }, + { oid => $oid_cipSecTunnelEntry, begin => $mapping2->{cipSecTunInOctets}->{oid} }, + { oid => $oid_cipSecEndPtEntry }, + { oid => $oid_cipSecTunIkeTunnelIndex }, + ]; + my $results = $options{snmp}->get_multiple_table(oids => $request_oids); + + # The MIB doesn't give IPSec tunnel type (site-to-site or dynamic client) + # You surely need to filter on SA. Dynamic client usually doesn't push local routes. + foreach (keys %{$results->{$oid_cikeTunnelEntry}}) { + next if (!/$mapping->{cikeTunRemoteValue}->{oid}\.(\d+)/); + + my $cike_tun_index = $1; + my $result = $options{snmp}->map_instance(mapping => $mapping, results => $results->{$oid_cikeTunnelEntry}, instance => $cike_tun_index); + + my $name = $result->{cikeTunLocalValue} . '_' . $result->{cikeTunRemoteValue}; + if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' && + $name !~ /$self->{option_results}->{filter_name}/) { + $self->{output}->output_add(long_msg => "skipping '" . $name . "': no matching filter name.", debug => 1); + next; + } + + foreach my $key (keys %{$results->{$oid_cipSecTunIkeTunnelIndex}}) { + next if ($results->{$oid_cipSecTunIkeTunnelIndex}->{$key} != $cike_tun_index); + $key =~ /^$oid_cipSecTunIkeTunnelIndex\.(\d+)/; + my $cip_tun_index = $1; + + my $result2 = $options{snmp}->map_instance(mapping => $mapping2, results => $results->{$oid_cipSecTunnelEntry}, instance => $cip_tun_index); + my $sa_name = ''; + foreach my $key2 (keys %{$results->{$oid_cipSecEndPtEntry}}) { + if ($key2 =~ /^$mapping3->{cipSecEndPtLocalAddr1}->{oid}\.$cip_tun_index\.(\d+)/) { + my $result3 = $options{snmp}->map_instance(mapping => $mapping3, results => $results->{$oid_cipSecEndPtEntry}, instance => $cip_tun_index . '.' . $1); + $sa_name = inet_ntoa($result3->{cipSecEndPtLocalAddr1}) . ':' . inet_ntoa($result3->{cipSecEndPtLocalAddr2}) . '_' . inet_ntoa($result3->{cipSecEndPtRemoteAddr1}) . ':' . inet_ntoa($result3->{cipSecEndPtRemoteAddr2}); + last; + } + } + + if (defined($self->{option_results}->{filter_sa}) && $self->{option_results}->{filter_sa} ne '' && + $sa_name !~ /$self->{option_results}->{filter_sa}/) { + $self->{output}->output_add(long_msg => "skipping '" . $sa_name . "': no matching filter sa.", debug => 1); + next; + } + + $self->{tunnel}->{$name} = { display => $name, sa => 0 } + if (!defined($self->{tunnel}->{$name})); + foreach my $oid_name (keys %{$mapping2}) { + $self->{tunnel}->{$name}->{$oid_name . '_' . $cip_tun_index} = $result2->{$oid_name}; + } + $self->{tunnel}->{$name}->{cikeTunActiveTime} = $result->{cikeTunActiveTime}; + $self->{tunnel}->{$name}->{sa}++; + } + } + + $self->{cache_name} = "cisco_ipsectunnel_" . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' . $self->{mode} . '_' . + (defined($self->{option_results}->{filter_name}) ? md5_hex($self->{option_results}->{filter_name}) : md5_hex('all')) . '_' . + (defined($self->{option_results}->{filter_sa}) ? md5_hex($self->{option_results}->{filter_sa}) : md5_hex('all')) . '_' . + (defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all')); + + $self->{global} = { total => scalar(keys %{$self->{tunnel}}) }; +} + +1; + +__END__ + +=head1 MODE + +Check IPsec tunnels. + +=over 8 + +=item B<--filter-name> + +Filter name (can be a regexp). +Example (format localaddr_remoteaddr): + +=item B<--filter-sa> + +Filter IPSec Security Associations (can be a regexp). +Example (format localaddr:localmask_remoteaddr:remotemask): + +=item B<--filter-counters> + +Only display some counters (regexp can be used). +Example: --filter-counters='^(tunnels-total)$' + +=item B<--warning-*> + +Threshold warning. +Can be: 'tunnels-total', 'traffic-in', +'traffic-out', 'drop-in', 'drop-out', 'sa-total'. + +=item B<--critical-*> + +Threshold critical. +Can be: 'tunnels-total', 'traffic-in', +'traffic-out', 'drop-in', 'drop-out', 'sa-total'. + +=back + +=cut diff --git a/centreon/plugins/values.pm b/centreon/plugins/values.pm index a0bddcd01..6eb3f073e 100644 --- a/centreon/plugins/values.pm +++ b/centreon/plugins/values.pm @@ -51,6 +51,7 @@ sub new { $self->{threshold_crit} = undef; $self->{per_second} = 0; + $self->{manual_keys} = 0; $self->{last_timestamp} = undef; $self->{result_values} = {}; @@ -238,6 +239,16 @@ sub execute { } } } + + # Very manual + if ($self->{manual_keys} == 1) { + foreach my $name (keys %{$options{values}}) { + $options{new_datas}->{$self->{instance} . '_' . $name} = $options{values}->{$name}; + if (defined($self->{statefile})) { + $old_datas->{$self->{instance} . '_' . $name} = $self->{statefile}->get(name => $self->{instance} . '_' . $name); + } + } + } if ($quit == 2) { $self->{error_msg} = "skipped (no value(s))"; diff --git a/network/cisco/asa/plugin.pm b/network/cisco/asa/plugin.pm index cabf77f22..a9193b2ab 100644 --- a/network/cisco/asa/plugin.pm +++ b/network/cisco/asa/plugin.pm @@ -33,7 +33,8 @@ sub new { %{$self->{modes}} = ( 'cpu' => 'centreon::common::cisco::standard::snmp::mode::cpu', 'failover' => 'network::cisco::asa::mode::failover', - 'interfaces' => 'snmp_standard::mode::interfaces', + 'interfaces' => 'snmp_standard::mode::interfaces', + 'ipsec-tunnel' => 'centreon::common::cisco::standard::snmp::mode::ipsectunnel', 'list-interfaces' => 'snmp_standard::mode::listinterfaces', 'memory' => 'centreon::common::cisco::standard::snmp::mode::memory', 'sessions' => 'centreon::common::cisco::standard::snmp::mode::sessions',