From b05fd3a1d500f64d6c16007bca78f08319047934 Mon Sep 17 00:00:00 2001 From: garnier-quentin Date: Mon, 24 Jun 2019 18:14:03 +0200 Subject: [PATCH] Fix #273 --- centreon/plugins/values.pm | 2 +- .../juniper/common/junos/mode/ipsectunnel.pm | 272 ++++++++++++++++++ network/juniper/srx/plugin.pm | 25 +- 3 files changed, 286 insertions(+), 13 deletions(-) create mode 100644 network/juniper/common/junos/mode/ipsectunnel.pm diff --git a/centreon/plugins/values.pm b/centreon/plugins/values.pm index ecb947677..b509edf40 100644 --- a/centreon/plugins/values.pm +++ b/centreon/plugins/values.pm @@ -113,7 +113,7 @@ sub threshold_check { my $warn = defined($self->{threshold_warn}) ? $self->{threshold_warn} : 'warning-' . $self->{thlabel}; my $crit = defined($self->{threshold_crit}) ? $self->{threshold_crit} : 'critical-' . $self->{thlabel}; - my $first = ${${$self->{key_values}}[0]}{name}; + my $first = defined($self->{key_values}->[0]) ? $self->{key_values}->[0]->{name} : ''; my $value; if (!defined($self->{threshold_use})) { diff --git a/network/juniper/common/junos/mode/ipsectunnel.pm b/network/juniper/common/junos/mode/ipsectunnel.pm new file mode 100644 index 000000000..a40a50192 --- /dev/null +++ b/network/juniper/common/junos/mode/ipsectunnel.pm @@ -0,0 +1,272 @@ +# +# Copyright 2019 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package network::juniper::common::junos::mode::ipsectunnel; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use Digest::MD5 qw(md5_hex); +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc); + +sub custom_status_output { + my ($self, %options) = @_; + + my $msg = 'ike state: ' . $self->{result_values}->{ike_state}; + return $msg; +} + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0 }, + { name => 'tunnel', type => 1, cb_prefix_output => 'prefix_tunnel_output', message_multiple => 'All tunnels are ok' }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'tunnels-total', nlabel => 'ipsec.tunnels.total.count', set => { + key_values => [ { name => 'total' } ], + output_template => 'Total Tunnels: %s', + perfdatas => [ + { label => 'total_tunnels', value => 'total_absolute', template => '%s', + min => 0 }, + ], + } + }, + ]; + $self->{maps_counters}->{tunnel} = [ + { label => 'status', threshold => 0, set => { + key_values => [ { name => 'ike_state' }, { name => 'display' } ], + closure_custom_calc => \&catalog_status_calc, + closure_custom_output => $self->can('custom_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + { label => 'tunnel-traffic-in', nlabel => 'ipsec.tunnel.traffic.in.bitspersecond', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'in' }, + closure_custom_output => $self->can('custom_traffic_output'), + threshold_use => 'traffic_per_second', + perfdatas => [ + { value => 'traffic_per_second', template => '%s', + min => 0, unit => 'b/s', label_extra_instance => 1, instance_use => 'display' }, + ], + } + }, + { label => 'tunnel-traffic-out', nlabel => 'ipsec.tunnel.traffic.out.bitspersecond', set => { + key_values => [], + per_second => 1, manual_keys => 1, + closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'out' }, + closure_custom_output => $self->can('custom_traffic_output'), + threshold_use => 'traffic_per_second', + perfdatas => [ + { value => 'traffic_per_second', template => '%s', + min => 0, unit => 'b/s', label_extra_instance => 1, instance_use => 'display' }, + ], + } + }, + ]; +} + +sub custom_traffic_output { + my ($self, %options) = @_; + + my ($traffic_value, $traffic_unit) = $self->{perfdata}->change_bytes(value => $self->{result_values}->{traffic_per_second}, network => 1); + my $msg = sprintf("traffic %s: %s/s", + $self->{result_values}->{label}, + $traffic_value . $traffic_unit + ); + return $msg; +} + +sub custom_traffic_calc { + my ($self, %options) = @_; + + my ($checked, $total_bits) = (0, 0); + foreach (keys %{$options{new_datas}}) { + if (/$self->{instance}_traffic_$options{extra_options}->{label_ref}_(\d+)/) { + $checked |= 1; + my $new_bits = $options{new_datas}->{$_}; + next if (!defined($options{old_datas}->{$_})); + my $old_bits = $options{old_datas}->{$_}; + + $checked |= 2; + my $diff_bits = $new_bits - $old_bits; + if ($diff_bits < 0) { + $total_bits += $new_bits; + } else { + $total_bits += $diff_bits; + } + } + } + + if ($checked == 0) { + $self->{error_msg} = 'skipped (no value)'; + return -10; + } + if ($checked == 1) { + $self->{error_msg} = 'buffer creation'; + return -1; + } + + $self->{result_values}->{display} = $options{new_datas}->{$self->{instance} . '_display'}; + $self->{result_values}->{traffic_per_second} = $total_bits / $options{delta_time}; + $self->{result_values}->{label} = $options{extra_options}->{label_ref}; + return 0; +} + +sub prefix_tunnel_output { + my ($self, %options) = @_; + + return "Tunnel '" . $options{instance_value}->{display} . "' "; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1, force_new_perfdata => 1); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => { + 'filter-name:s' => { name => 'filter_name' }, + 'unknown-status:s' => { name => 'unknown_status', default => '' }, + 'warning-status:s' => { name => 'warning_status', default => '' }, + 'critical-status:s' => { name => 'critical_status', default => '%{ike_state} eq "down"' }, + }); + + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::check_options(%options); + + $self->change_macros(macros => ['warning_status', 'critical_status', 'unknown_status']); +} + +my $map_ike_state = { 1 => 'up', 2 => 'down' }; + +my $mapping = { + jnxIkeTunMonState => { oid => '.1.3.6.1.4.1.2636.3.52.1.1.2.1.6', map => $map_ike_state }, + jnxIkeTunMonRemoteIdValue => { oid => '.1.3.6.1.4.1.2636.3.52.1.1.2.1.14' }, +}; +my $mapping2 = { + jnxIpSecTunMonOutEncryptedBytes => { oid => '.1.3.6.1.4.1.2636.3.52.1.2.2.1.10' }, + jnxIpSecTunMonInDecryptedBytes => { oid => '.1.3.6.1.4.1.2636.3.52.1.2.2.1.12' }, +}; + +sub manage_selection { + my ($self, %options) = @_; + + $self->{tunnel} = {}; + my $request_oids = [ + { oid => $mapping->{jnxIkeTunMonState}->{oid} }, + { oid => $mapping->{jnxIkeTunMonRemoteIdValue}->{oid} }, + ]; + my $snmp_result = $options{snmp}->get_multiple_table(oids => $request_oids, return_type => 1, nothing_quit => 1); + my $snmp_result2 = $options{snmp}->get_multiple_table( + oids => [ + { oid => $mapping2->{jnxIpSecTunMonOutEncryptedBytes}->{oid} }, + { oid => $mapping2->{jnxIpSecTunMonInDecryptedBytes}->{oid} }, + ], + return_type => 1 + ); + + foreach (keys %$snmp_result) { + next if (!/$mapping->{jnxIkeTunMonRemoteIdValue}->{oid}\.(\d+\.\d+)\.(\d+\.\d+\.\d+\.\d+)\.(\d+)/); + my $instance = $1 . '.' . $2 . '.' . $3; + my ($remote_type, $remote_addr, $tun_index) = ($1, $2, $3); + my $result = $options{snmp}->map_instance(mapping => $mapping, results => $snmp_result, instance => $instance); + + if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' && + $result->{jnxIkeTunMonRemoteIdValue} !~ /$self->{option_results}->{filter_name}/) { + $self->{output}->output_add(long_msg => "skipping '" . $result->{jnxIkeTunMonRemoteIdValue} . "': no matching filter name.", debug => 1); + next; + } + + $self->{tunnel}->{$instance} = { + display => $result->{jnxIkeTunMonRemoteIdValue}, + ike_state => $result->{jnxIkeTunMonState}, + }; + + foreach my $key (keys %$snmp_result2) { + next if ($key !~ /^$mapping2->{jnxIpSecTunMonInDecryptedBytes}->{oid}\.$remote_type\.$remote_addr\.(\d+)/); + + my $instance2 = $remote_type . '.' . $remote_addr . '.' . $1; + my $result2 = $options{snmp}->map_instance(mapping => $mapping2, results => $snmp_result2, instance => $instance2); + + $self->{tunnel}->{$instance}->{'traffic_in_' . $instance2} = $result2->{jnxIpSecTunMonInDecryptedBytes} * 8; + $self->{tunnel}->{$instance}->{'traffic_out_' . $instance2} = $result2->{jnxIpSecTunMonOutEncryptedBytes} * 8; + } + } + + $self->{cache_name} = "juniper_junos_" . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' . $self->{mode} . '_' . + (defined($self->{option_results}->{filter_name}) ? md5_hex($self->{option_results}->{filter_name}) : md5_hex('all')) . '_' . + (defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all')); + + $self->{global} = { total => scalar(keys %{$self->{tunnel}}) }; +} + +1; + +__END__ + +=head1 MODE + +Check ipsec tunnels. + +=over 8 + +=item B<--filter-name> + +Filter name (can be a regexp). + +=item B<--filter-counters> + +Only display some counters (regexp can be used). +Example: --filter-counters='tunnels-total' + +=item B<--unknown-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{ike_state}, %{display} + +=item B<--warning-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{ike_state}, %{display} + +=item B<--critical-status> + +Set critical threshold for status (Default: '%{ike_state} eq "down"'). +Can used special variables like: %{ike_state}, %{display} + +=item B<--warning-*> B<--critical-*> + +Thresholds. +Can be: 'tunnels-total', 'tunnel-traffic-in', 'tunnel-traffic-out'. + +=back + +=cut diff --git a/network/juniper/srx/plugin.pm b/network/juniper/srx/plugin.pm index 985234adc..e09cf27ad 100644 --- a/network/juniper/srx/plugin.pm +++ b/network/juniper/srx/plugin.pm @@ -31,18 +31,19 @@ sub new { $self->{version} = '1.0'; %{$self->{modes}} = ( - 'hardware' => 'network::juniper::common::junos::mode::hardware', - 'cpu-routing' => 'network::juniper::common::junos::mode::cpurouting', # routing engine - 'cpu-forwarding' => 'network::juniper::common::junos::mode::cpuforwarding', # packet forwarding engine - 'memory-routing' => 'network::juniper::common::junos::mode::memoryrouting', # routing engine - 'memory-forwarding' => 'network::juniper::common::junos::mode::memoryforwarding', # packet forwarding engine - 'cp-sessions' => 'network::juniper::common::junos::mode::cpsessions', # CP = 'central point' - 'flow-sessions' => 'network::juniper::common::junos::mode::flowsessions', - 'interfaces' => 'network::juniper::common::junos::mode::interfaces', - 'list-interfaces' => 'snmp_standard::mode::listinterfaces', - 'list-storages' => 'snmp_standard::mode::liststorages', - 'storage' => 'snmp_standard::mode::storage', - ); + 'hardware' => 'network::juniper::common::junos::mode::hardware', + 'cpu-routing' => 'network::juniper::common::junos::mode::cpurouting', # routing engine + 'cpu-forwarding' => 'network::juniper::common::junos::mode::cpuforwarding', # packet forwarding engine + 'memory-routing' => 'network::juniper::common::junos::mode::memoryrouting', # routing engine + 'memory-forwarding' => 'network::juniper::common::junos::mode::memoryforwarding', # packet forwarding engine + 'cp-sessions' => 'network::juniper::common::junos::mode::cpsessions', # CP = 'central point' + 'flow-sessions' => 'network::juniper::common::junos::mode::flowsessions', + 'interfaces' => 'network::juniper::common::junos::mode::interfaces', + 'ipsec-tunnel' => 'network::juniper::common::junos::mode::ipsectunnel', + 'list-interfaces' => 'snmp_standard::mode::listinterfaces', + 'list-storages' => 'snmp_standard::mode::liststorages', + 'storage' => 'snmp_standard::mode::storage', + ); return $self; }