From 6300058b73f75777e80f8521081bf7de55fdb7c6 Mon Sep 17 00:00:00 2001 From: qgarnier Date: Fri, 29 Jan 2021 14:09:52 +0100 Subject: [PATCH] add cisco aaa servers standard snmp (#2552) --- .../cisco/standard/snmp/mode/aaaservers.pm | 328 ++++++++++++++++++ .../standard/snmp/mode/listaaaservers.pm | 125 +++++++ network/cisco/standard/snmp/plugin.pm | 2 + 3 files changed, 455 insertions(+) create mode 100644 centreon/common/cisco/standard/snmp/mode/aaaservers.pm create mode 100644 centreon/common/cisco/standard/snmp/mode/listaaaservers.pm diff --git a/centreon/common/cisco/standard/snmp/mode/aaaservers.pm b/centreon/common/cisco/standard/snmp/mode/aaaservers.pm new file mode 100644 index 000000000..180157c45 --- /dev/null +++ b/centreon/common/cisco/standard/snmp/mode/aaaservers.pm @@ -0,0 +1,328 @@ +# +# Copyright 2020 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package centreon::common::cisco::standard::snmp::mode::aaaservers; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng); +use Digest::MD5 qw(md5_hex); + +sub custom_status_output { + my ($self, %options) = @_; + + return sprintf( + 'status: %s', + $self->{result_values}->{status} + ); +} + +sub prefix_aaa_output { + my ($self, %options) = @_; + + return sprintf( + "checking server '%s' [protocol: %s] ", + $options{instance_value}->{name}, + $options{instance_value}->{protocol} + ); +} + +sub aaa_long_output { + my ($self, %options) = @_; + + return sprintf( + "checking server '%s' [protocol: %s]", + $options{instance_value}->{name}, + $options{instance_value}->{protocol} + ); +} + +sub prefix_auth_output { + my ($self, %options) = @_; + + return 'authentication '; +} + +sub prefix_acc_output { + my ($self, %options) = @_; + + return 'accounting '; +} + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0 }, + { name => 'aaa', type => 3, cb_prefix_output => 'prefix_aaa_output', cb_long_output => 'aaa_long_output', indent_long_output => ' ', message_multiple => 'All AAA servers are ok', + group => [ + { name => 'global_status', type => 0, skipped_code => { -10 => 1 } }, + { name => 'global_auth', type => 0, cb_prefix_output => 'prefix_auth_output', skipped_code => { -10 => 1 } }, + { name => 'global_acc', type => 0, cb_prefix_output => 'prefix_acc_output', skipped_code => { -10 => 1 } } + ] + } + ]; + + $self->{maps_counters}->{global} = [ + { label => 'total', nlabel => 'aaa_servers.total.count', display_ok => 0, set => { + key_values => [ { name => 'total' } ], + output_template => 'total servers: %s', + perfdatas => [ + { template => '%s', min => 0 } + ] + } + } + ]; + + $self->{maps_counters}->{global_status} = [ + { + label => 'status', type => 2, critical_default => '%{status} =~ /dead/i', + set => { + key_values => [ { name => 'status' }, { name => 'name' } ], + closure_custom_output => $self->can('custom_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold_ng + } + } + ]; + + $self->{maps_counters}->{global_auth} = [ + { label => 'auth-requests', nlabel => 'aaa_server.authentication.requests.persecond', set => { + key_values => [ { name => 'auth_requests', per_second => 1 } ], + output_template => 'requests: %.2f/s', + perfdatas => [ + { template => '%.2f', min => 0, unit => '/s', label_extra_instance => 1 } + ] + } + }, + { label => 'auth-requests-timeout', nlabel => 'aaa_server.authentication.requests.timeout.count', set => { + key_values => [ { name => 'auth_timeouts', diff => 1 } ], + output_template => 'requests timeout: %s', + perfdatas => [ + { template => '%s', min => 0, label_extra_instance => 1 } + ] + } + }, + { label => 'auth-transactions-suceeded', nlabel => 'aaa_server.authentication.transactions.succeeded.persecond', set => { + key_values => [ { name => 'auth_trans_success', per_second => 1 } ], + output_template => 'transactions succeeded: %.2f/s', + perfdatas => [ + { template => '%.2f', min => 0, unit => '/s', label_extra_instance => 1 } + ] + } + }, + { label => 'auth-roundtrip-time', nlabel => 'aaa_server.authentication.roundtrip.time.milliseconds', set => { + key_values => [ { name => 'auth_reponse_time' } ], + output_template => 'round trip time: %s ms', + perfdatas => [ + { template => '%s', min => 0, unit => 'ms', label_extra_instance => 1 } + ] + } + } + ]; + + $self->{maps_counters}->{global_acc} = [ + { label => 'acc-requests', nlabel => 'aaa_server.accounting.requests.persecond', set => { + key_values => [ { name => 'acc_requests', per_second => 1 } ], + output_template => 'requests: %.2f/s', + perfdatas => [ + { template => '%.2f', min => 0, unit => '/s', label_extra_instance => 1 } + ] + } + }, + { label => 'acc-requests-timeout', nlabel => 'aaa_server.accounting.requests.timeout.count', set => { + key_values => [ { name => 'acc_timeouts', diff => 1 } ], + output_template => 'requests timeout: %s', + perfdatas => [ + { template => '%s', min => 0, label_extra_instance => 1 } + ] + } + }, + { label => 'acc-transactions-suceeded', nlabel => 'aaa_server.accounting.transactions.succeeded.persecond', set => { + key_values => [ { name => 'acc_trans_success', per_second => 1 } ], + output_template => 'transactions succeeded: %.2f/s', + perfdatas => [ + { template => '%.2f', min => 0, unit => '/s', label_extra_instance => 1 } + ] + } + }, + { label => 'acc-roundtrip-time', nlabel => 'aaa_server.accounting.roundtrip.time.milliseconds', set => { + key_values => [ { name => 'acc_reponse_time' } ], + output_template => 'round trip time: %s ms', + perfdatas => [ + { template => '%s', min => 0, unit => 'ms', label_extra_instance => 1 } + ] + } + } + ]; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1, force_new_perfdata => 1); + bless $self, $class; + + $options{options}->add_options(arguments => { + 'filter-name:s' => { name => 'filter_name' } + }); + + return $self; +} + +my $map_protocol = { + 1 => 'tacacsplus', 2 => 'radius', 3 => 'ldap', + 4 => 'kerberos', 5 => 'ntlm', 6 => 'sdi', + 7 => 'other' +}; +my $map_status = { 1 => 'up', 2 => 'dead' }; + +my $mapping = { + auth_requests => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.1' }, # casAuthenRequests + auth_timeouts => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.2' }, # casAuthenRequestTimeouts + auth_reponse_time => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.6' }, # casAuthenResponseTime (unit 0.01 of sec) + auth_trans_success => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.7' }, # casAuthenTransactionSuccesses + acc_requests => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.17' }, # casAcctRequests + acc_timeouts => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.18' }, # casAcctRequestTimeouts + acc_reponse_time => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.22' }, # casAcctResponseTime (unit 0.01 of sec) + acc_trans_success => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.23' }, # casAcctTransactionSuccesses + status => { oid => '.1.3.6.1.4.1.9.10.56.1.2.1.1.25', map => $map_status } # casState +}; +my $mapping_name = { + address => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.3' }, # casAddress + authen_port => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.4' }, # casAuthenPort + acc_port => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.5' } # casAcctPort +}; + +sub manage_selection { + my ($self, %options) = @_; + + $self->{cache_name} = 'cisco_standard_' . $self->{mode} . '_' . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' . + (defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all')) . '_' . + (defined($self->{option_results}->{filter_name}) ? md5_hex($self->{option_results}->{filter_name}) : md5_hex('all')); + + my $oid_casConfigEntry = '.1.3.6.1.4.1.9.10.56.1.1.2.1'; + my $snmp_result = $options{snmp}->get_table( + oid => $oid_casConfigEntry, + start => $mapping_name->{address}->{oid}, + end => $mapping_name->{acc_port}->{oid}, + nothing_quit => 1 + ); + + $self->{aaa} = {}; + foreach (keys %$snmp_result) { + next if (! /^$mapping_name->{address}->{oid}\.((\d+).*)$/); + my ($instance, $protocol) = ($1, $map_protocol->{$2}); + my $result = $options{snmp}->map_instance(mapping => $mapping_name, results => $snmp_result, instance => $instance); + + my $name = $result->{address} . ':' . $result->{authen_port} . ':' . $result->{acc_port}; + if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' && + $name !~ /$self->{option_results}->{filter_name}/) { + $self->{output}->output_add(long_msg => "skipping '" . $name . "': no matching filter.", debug => 1); + next; + } + + $self->{aaa}->{$name} = { + %$result, + name => $name, + protocol => $protocol, + instance => $instance + }; + } + + $self->{global} = { total => scalar(keys %{$self->{aaa}}) }; + + return if (scalar(keys %{$self->{aaa}}) <= 0); + + $options{snmp}->load(oids => [ + map($_->{oid}, values(%$mapping)) + ], + instances => [map($_->{instance}, values(%{$self->{aaa}}))], + instance_regexp => '^(.*)$' + ); + $snmp_result = $options{snmp}->get_leef(nothing_quit => 1); + + foreach (keys %{$self->{aaa}}) { + my $result = $options{snmp}->map_instance(mapping => $mapping, results => $snmp_result, instance => $self->{aaa}->{$_}->{instance}); + + $self->{aaa}->{$_}->{global_status} = { + name => $self->{aaa}->{$_}->{name}, + status => $result->{status} + }; + $self->{aaa}->{$_}->{global_auth} = { + auth_requests => $result->{auth_requests}, + auth_timeouts => $result->{auth_timeouts}, + auth_trans_success => $result->{auth_trans_success}, + auth_reponse_time => $result->{auth_reponse_time} * 10 + }; + $self->{aaa}->{$_}->{global_acc} = { + acc_requests => $result->{acc_requests}, + acc_timeouts => $result->{acc_timeouts}, + acc_trans_success => $result->{acc_trans_success}, + acc_reponse_time => $result->{acc_reponse_time} * 10 + }; + } +} + +1; + +__END__ + +=head1 MODE + +Check AAA servers. + +=over 8 + +=item B<--filter-counters> + +Only display some counters (regexp can be used). +Example: --filter-counters='auth' + +=item B<--filter-name> + +Filter AAA server by name (E.g.: 10.199.126.100:1812:1813. Format: [address]:[authPort]:[accPort]). + +=item B<--unknown-status> + +Set unknown threshold for status. +Can used special variables like: %{status}, %{name} + +=item B<--warning-status> + +Set warning threshold for status. +Can used special variables like: %{status}, %{name} + +=item B<--critical-status> + +Set critical threshold for status (Default: '%{status} =~ /dead/i'). +Can used special variables like: %{status}, %{name} + +=item B<--warning-*> B<--critical-*> + +Thresholds. +Can be: 'total', +'auth-requests', 'auth-requests-timeout', 'auth-transactions-suceeded', 'auth-roundtrip-time', +'acc-requests', 'acc-requests-timeout', 'acc-transactions-suceeded', 'acc-roundtrip-time'. + +=back + +=cut diff --git a/centreon/common/cisco/standard/snmp/mode/listaaaservers.pm b/centreon/common/cisco/standard/snmp/mode/listaaaservers.pm new file mode 100644 index 000000000..0ad1bacfd --- /dev/null +++ b/centreon/common/cisco/standard/snmp/mode/listaaaservers.pm @@ -0,0 +1,125 @@ +# +# Copyright 2020 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package centreon::common::cisco::standard::snmp::mode::listaaaservers; + +use base qw(centreon::plugins::mode); + +use strict; +use warnings; + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $options{options}->add_options(arguments => { + }); + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::init(%options); +} + +my $map_protocol = { + 1 => 'tacacsplus', 2 => 'radius', 3 => 'ldap', + 4 => 'kerberos', 5 => 'ntlm', 6 => 'sdi', + 7 => 'other' +}; + +my $mapping = { + address => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.3' }, # casAddress + authen_port => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.4' }, # casAuthenPort + acc_port => { oid => '.1.3.6.1.4.1.9.10.56.1.1.2.1.5' } # casAcctPort +}; +my $oid_casConfigEntry = '.1.3.6.1.4.1.9.10.56.1.1.2.1'; + +sub manage_selection { + my ($self, %options) = @_; + + my $snmp_result = $options{snmp}->get_table( + oid => $oid_casConfigEntry, + start => $mapping->{address}->{oid}, + end => $mapping->{acc_port}->{oid}, + nothing_quit => 1 + ); + + my $results = {}; + foreach (keys %$snmp_result) { + next if (! /^$mapping->{address}->{oid}\.((\d+).*)$/); + my ($instance, $protocol) = ($1, $map_protocol->{$2}); + + $results->{$instance} = $options{snmp}->map_instance(mapping => $mapping, results => $snmp_result, instance => $instance); + $results->{$instance}->{protocol} = $protocol; + } + + return $results; +} + +sub run { + my ($self, %options) = @_; + + my $results = $self->manage_selection(snmp => $options{snmp}); + foreach my $name (sort keys %$results) { + $self->{output}->output_add(long_msg => + join('', map("[$_ = " . $results->{$name}->{$_} . ']', keys(%$mapping))) . '[protocol = ' . $results->{$name}->{protocol} . ']' + ); + } + + $self->{output}->output_add( + severity => 'OK', + short_msg => 'List AAA servers:' + ); + $self->{output}->display(nolabel => 1, force_ignore_perfdata => 1, force_long_output => 1); + $self->{output}->exit(); +} + +sub disco_format { + my ($self, %options) = @_; + + $self->{output}->add_disco_format(elements => ['protocol', keys %$mapping]); +} + +sub disco_show { + my ($self, %options) = @_; + + my $results = $self->manage_selection(snmp => $options{snmp}); + foreach (sort keys %$results) { + $self->{output}->add_disco_entry( + %{$results->{$_}} + ); + } +} + +1; + +__END__ + +=head1 MODE + +List AAA servers. + +=over 8 + +=back + +=cut diff --git a/network/cisco/standard/snmp/plugin.pm b/network/cisco/standard/snmp/plugin.pm index 0db90855c..54d60c8ca 100644 --- a/network/cisco/standard/snmp/plugin.pm +++ b/network/cisco/standard/snmp/plugin.pm @@ -31,6 +31,7 @@ sub new { $self->{version} = '1.0'; $self->{modes} = { + 'aaa-servers' => 'centreon::common::cisco::standard::snmp::mode::aaaservers', 'arp' => 'snmp_standard::mode::arp', 'configuration' => 'centreon::common::cisco::standard::snmp::mode::configuration', 'cpu' => 'centreon::common::cisco::standard::snmp::mode::cpu', @@ -38,6 +39,7 @@ sub new { 'hsrp' => 'centreon::common::cisco::standard::snmp::mode::hsrp', 'interfaces' => 'centreon::common::cisco::standard::snmp::mode::interfaces', 'ipsla' => 'centreon::common::cisco::standard::snmp::mode::ipsla', + 'list-aaa-servers' => 'centreon::common::cisco::standard::snmp::mode::listaaaservers', 'list-interfaces' => 'snmp_standard::mode::listinterfaces', 'list-spanning-trees' => 'snmp_standard::mode::listspanningtrees', 'load' => 'centreon::common::cisco::standard::snmp::mode::load',