tyler.durden
/
centreon-plugins
mirror of https://github.com/centreon/centreon-plugins.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(plugin) network::stormshield::snmp - handle vpn new mib (#3680)

This commit is contained in:
qgarnier 2022-05-23 10:11:39 +02:00 committed by GitHub
parent 113f11424c
commit c87d52913e
1 changed files with 159 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

278
centreon-plugins/network/stormshield/snmp/mode/vpnstatus.pm
View File

@ -24,184 +24,206 @@ use base qw(centreon::plugins::templates::counter);
use strict; use strict;
use warnings; use warnings;
use centreon::plugins::misc;
use Digest::MD5 qw(md5_hex); use Digest::MD5 qw(md5_hex);
sub custom_threshold_output { sub custom_traffic_perfdata {
my ($self, %options) = @_; my ($self, %options) = @_;
return $self->{instance_mode}->get_severity(section => 'vpn', value => $self->{result_values}->{ntqVPNState}); $self->{output}->perfdata_add(
nlabel => $self->{nlabel},
unit => 'b/s',
instances => [$self->{result_values}->{num}, $self->{result_values}->{ipSrc}, $self->{result_values}->{ipDst}],
value => sprintf('%d', $self->{result_values}->{ $self->{key_values}->[0]->{name} }),
warning => $self->{perfdata}->get_perfdata_for_output(label => 'warning-' . $self->{thlabel}),
critical => $self->{perfdata}->get_perfdata_for_output(label => 'critical-' . $self->{thlabel}),
min => 0
);
} }
sub custom_status_calc { sub prefix_vpn_output {
my ($self, %options) = @_; my ($self, %options) = @_;
$self->{result_values}->{ntqVPNState} = $options{new_datas}->{$self->{instance} . '_ntqVPNState'}; return sprintf(
return 0; "VPN '%s/%s/%s' ",
$options{instance_value}->{num},
$options{instance_value}->{ipSrc},
$options{instance_value}->{ipDst}
);
}
sub prefix_global_output {
my ($self, %options) = @_;
return 'VPN ';
} }
sub set_counters { sub set_counters {
my ($self, %options) = @_; my ($self, %options) = @_;
$self->{maps_counters_type} = [ $self->{maps_counters_type} = [
{ name => 'vpn', type => 1, cb_prefix_output => 'prefix_vpn_output', message_multiple => 'All vpn are ok' } { name => 'global', type => 0, cb_prefix_output => 'prefix_global_output' },
{ name => 'vpn', type => 1, cb_prefix_output => 'prefix_vpn_output', message_multiple => 'All vpn are ok', skipped_code => { -10 => 1 } }
];
$self->{maps_counters}->{global} = [
{ label => 'vpn-detected', display_ok => 0, nlabel => 'vpn.detected.count', set => {
key_values => [ { name => 'detected' } ],
output_template => 'detected: %s',
perfdatas => [
{ template => '%s', min => 0 }
]
}
}
]; ];
$self->{maps_counters}->{vpn} = [ $self->{maps_counters}->{vpn} = [
{ label => 'status', threshold => 0, set => { {
key_values => [ { name => 'ntqVPNState' } ], label => 'status',
type => 2,
warning_default => '%{state} eq "dead"',
set => {
key_values => [
{ name => 'state' }, { name => 'ipSrc' }, { name => 'ipDst' }
],
closure_custom_calc => $self->can('custom_status_calc'), closure_custom_calc => $self->can('custom_status_calc'),
output_template => 'status: %s', output_error_template => 'Status : %s', output_template => 'state: %s',
closure_custom_perfdata => sub { return 0; }, closure_custom_perfdata => sub { return 0; },
closure_custom_threshold_check => $self->can('custom_threshold_output') closure_custom_threshold_check => $self->can('custom_threshold_output')
} }
}, },
{ label => 'traffic', nlabel => 'vpn.traffic.bitspersecond', set => { { label => 'traffic', nlabel => 'vpn.traffic.bitspersecond', set => {
key_values => [ { name => 'ntqVPNBytes', per_second => 1 }, { name => 'num' } ], key_values => [ { name => 'traffic', per_second => 1 }, { name => 'ipSrc' }, { name => 'ipDst' }, { name => 'num' } ],
output_template => 'traffic: %s %s/s', output_template => 'traffic: %s %s/s',
output_change_bytes => 2, output_change_bytes => 2,
perfdatas => [ closure_custom_perfdata => $self->can('custom_traffic_perfdata')
{ label => 'traffic', template => '%s', }
unit => 'b/s', min => 0, label_extra_instance => 1, cast_int => 1, instance_use => 'num' } },
] { label => 'traffic-in', nlabel => 'vpn.traffic.in.bitspersecond', set => {
key_values => [ { name => 'traffic_in', per_second => 1 }, { name => 'ipSrc' }, { name => 'ipDst' }, { name => 'num' } ],
output_template => 'traffic in: %s %s/s',
output_change_bytes => 2,
closure_custom_perfdata => $self->can('custom_traffic_perfdata')
}
},
{ label => 'traffic-out', nlabel => 'vpn.traffic.out.bitspersecond', set => {
key_values => [ { name => 'traffic_out', per_second => 1 }, { name => 'ipSrc' }, { name => 'ipDst' }, { name => 'num' } ],
output_template => 'traffic out: %s %s/s',
output_change_bytes => 2,
closure_custom_perfdata => $self->can('custom_traffic_perfdata')
} }
} }
]; ];
} }
sub prefix_vpn_output {
my ($self, %options) = @_;
return "VPN '$options{instance_value}->{num}/$options{instance_value}->{ntqVPNIPSrc}/$options{instance_value}->{ntqVPNIPDst}' ";
}
my $thresholds = {
vpn => [
['larval', 'WARNING'],
['mature', 'OK'],
['dying', 'CRITICAL'],
['dead', 'CRITICAL']
]
};
sub new { sub new {
my ($class, %options) = @_; my ($class, %options) = @_;
my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1); my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1, force_new_perfdata => 1);
bless $self, $class; bless $self, $class;
$options{options}->add_options(arguments => { $options{options}->add_options(arguments => {
'filter-id:s' => { name => 'filter_id' }, 'filter-id:s' => { name => 'filter_id' },
'filter-src-ip:s' => { name => 'filter_src_ip' }, 'filter-src-ip:s' => { name => 'filter_src_ip' },
'filter-dst-ip:s' => { name => 'filter_dst_ip' }, 'filter-dst-ip:s' => { name => 'filter_dst_ip' }
'threshold-overload:s@' => { name => 'threshold_overload' },
}); });
return $self; return $self;
} }
sub check_options { my $map_state = {
my ($self, %options) = @_; 0 => 'larval', 1 => 'mature',
$self->SUPER::check_options(%options); 2 => 'dying', 3 => 'dead'
};
$self->{overload_th} = {};
foreach my $val (@{$self->{option_results}->{threshold_overload}}) {
if ($val !~ /^(.*?),(.*?),(.*)$/) {
$self->{output}->add_option_msg(short_msg => "Wrong threshold-overload option '" . $val . "'.");
$self->{output}->option_exit();
}
my ($section, $status, $filter) = ($1, $2, $3);
if ($self->{output}->is_litteral_status(status => $status) == 0) {
$self->{output}->add_option_msg(short_msg => "Wrong threshold-overload status '" . $val . "'.");
$self->{output}->option_exit();
}
$self->{overload_th}->{$section} = [] if (!defined($self->{overload_th}->{$section}));
push @{$self->{overload_th}->{$section}}, {filter => $filter, status => $status};
}
}
sub get_severity {
my ($self, %options) = @_;
my $status = 'UNKNOWN'; # default
if (defined($self->{overload_th}->{$options{section}})) {
foreach (@{$self->{overload_th}->{$options{section}}}) {
if ($options{value} =~ /$_->{filter}/i) {
$status = $_->{status};
return $status;
}
}
}
foreach (@{$thresholds->{$options{section}}}) {
if ($options{value} =~ /$$_[0]/i) {
$status = $$_[1];
return $status;
}
}
return $status;
}
my %map_state = (
0 => 'larval',
1 => 'mature',
2 => 'dying',
3 => 'dead',
);
my $mapping = { my $mapping = {
ntqVPNIPSrc => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.2' }, legacy => {
ntqVPNIPDst => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.3' }, state => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.11', map => $map_state },
ntqVPNState => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.11', map => \%map_state }, traffic => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.13' }
ntqVPNBytes => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.13' }, },
current => {
state => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.18' }, # snsVPNSAState
traffic_in => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.19' }, # snsVPNSABytesIn
traffic_out => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.20' } # snsVPNSABytesOut
}
}; };
sub manage_selection { sub manage_selection {
my ($self, %options) = @_; my ($self, %options) = @_;
my $snmp_result = $options{snmp}->get_multiple_table( $self->{cache_name} = 'stormshield_' . $self->{mode} . '_' . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' .
oids => [ md5_hex(
{ oid => $mapping->{ntqVPNIPSrc}->{oid} }, (defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : '') . '_' .
{ oid => $mapping->{ntqVPNIPDst}->{oid} }, (defined($self->{option_results}->{filter_id}) ? md5_hex($self->{option_results}->{filter_id}) : '') . '_' .
{ oid => $mapping->{ntqVPNState}->{oid} }, (defined($self->{option_results}->{filter_src_ip}) ? md5_hex($self->{option_results}->{filter_src_ip}) : '') . '_' .
{ oid => $mapping->{ntqVPNBytes}->{oid} }, (defined($self->{option_results}->{filter_dst_ip}) ? md5_hex($self->{option_results}->{filter_dst_ip}) : '')
],
return_type => 1, nothing_quit => 1
); );
$self->{vpn} = {}; my $os_version = '.1.3.6.1.4.1.11256.1.0.2.0';
my $snmp_result = $options{snmp}->get_leef(oids => [ $os_version ], nothing_quit => 1);
my $version = 'legacy';
my $mapping_filter = {
ipSrc => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.2' },
ipDst => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.3' },
};
if (centreon::plugins::misc::minimal_version($snmp_result->{$os_version}, '4.2.1')) {
$version = 'current';
$mapping_filter = {
ipSrc => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.5' }, # snsVPNSAIPSrc
ipDst => { oid => '.1.3.6.1.4.1.11256.1.1.1.1.6' } # snsVPNSAIPDst
};
}
$snmp_result = $options{snmp}->get_table(
oid => '.1.3.6.1.4.1.11256.1.1.1.1', # snsVPNSAEntry
start => $mapping_filter->{ipSrc}->{oid},
end => $mapping_filter->{ipDst}->{oid}
);
$self->{global} = { detected => 0 };
foreach my $oid (keys %$snmp_result) { foreach my $oid (keys %$snmp_result) {
next if ($oid !~ /^$mapping->{ntqVPNState}->{oid}\.(.*)$/); next if ($oid !~ /^$mapping_filter->{ipSrc}->{oid}\.(.*)$/);
my $instance = $1; my $instance = $1;
my $result = $options{snmp}->map_instance(mapping => $mapping, results => $snmp_result, instance => $instance); my $result = $options{snmp}->map_instance(mapping => $mapping_filter, results => $snmp_result, instance => $instance);
if (defined($self->{option_results}->{filter_id}) && $self->{option_results}->{filter_id} ne '' && if (defined($self->{option_results}->{filter_id}) && $self->{option_results}->{filter_id} ne '' &&
$instance !~ /$self->{option_results}->{filter_id}/) { $instance !~ /$self->{option_results}->{filter_id}/) {
$self->{output}->output_add(long_msg => "skipping '" . $instance . "': no matching filter id."); $self->{output}->output_add(long_msg => "skipping '" . $instance . "': no matching filter id.", debug => 1);
next; next;
} }
if (defined($self->{option_results}->{filter_src_ip}) && $self->{option_results}->{filter_src_ip} ne '' && if (defined($self->{option_results}->{filter_src_ip}) && $self->{option_results}->{filter_src_ip} ne '' &&
$result->{ntqVPNIPSrc} !~ /$self->{option_results}->{filter_src_ip}/) { $result->{ipSrc} !~ /$self->{option_results}->{filter_src_ip}/) {
$self->{output}->output_add(long_msg => "skipping '" . $result->{ntqVPNIPSrc} . "': no matching filter src-ip."); $self->{output}->output_add(long_msg => "skipping '" . $result->{ipSrc} . "': no matching filter src-ip.", debug => 1);
next; next;
} }
if (defined($self->{option_results}->{filter_dst_ip}) && $self->{option_results}->{filter_dst_ip} ne '' && if (defined($self->{option_results}->{filter_dst_ip}) && $self->{option_results}->{filter_dst_ip} ne '' &&
$result->{ntqVPNIPDst} !~ /$self->{option_results}->{filter_dst_ip}/) { $result->{ipDst} !~ /$self->{option_results}->{filter_dst_ip}/) {
$self->{output}->output_add(long_msg => "skipping '" . $result->{ntqVPNIPDst} . "': no matching filter dst-ip."); $self->{output}->output_add(long_msg => "skipping '" . $result->{ipDst} . "': no matching filter dst-ip.", debug => 1);
next; next;
} }
$self->{vpn}->{$instance} = { num => $instance, %$result }; $self->{global}->{detected}++;
$self->{vpn}->{$instance}->{ntqVPNBytes} *= 8 if (defined($self->{vpn}->{$instance}->{ntqVPNBytes})); $self->{vpn}->{$instance} = $result;
$self->{vpn}->{$instance}->{num} = $instance;
} }
if (scalar(keys %{$self->{vpn}}) <= 0) { return if (scalar(keys %{$self->{vpn}}) <= 0);
$self->{output}->add_option_msg(short_msg => "No vpn found.");
$self->{output}->option_exit();
}
$self->{cache_name} = "stormshield_" . $self->{mode} . '_' . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' . $options{snmp}->load(
(defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all')) . '_' . oids => [
(defined($self->{option_results}->{filter_id}) ? md5_hex($self->{option_results}->{filter_id}) : md5_hex('all')) . '_' . map($_->{oid}, values(%{$mapping->{$version}}))
(defined($self->{option_results}->{filter_src_ip}) ? md5_hex($self->{option_results}->{filter_src_ip}) : md5_hex('all')) . '_' . ],
(defined($self->{option_results}->{filter_dst_ip}) ? md5_hex($self->{option_results}->{filter_dst_ip}) : md5_hex('all')); instances => [ map($_, keys %{$self->{vpn}}) ],
instance_regexp => '^(.*)$'
);
$snmp_result = $options{snmp}->get_leef();
foreach (keys %{$self->{vpn}}) {
my $result = $options{snmp}->map_instance(mapping => $mapping->{$version}, results => $snmp_result, instance => $_);
$self->{vpn}->{$_}->{state} = $result->{state};
$self->{vpn}->{$_}->{traffic} = $result->{traffic} * 8 if (defined($result->{traffic}));
$self->{vpn}->{$_}->{traffic_out} = $result->{traffic_out} * 8 if (defined($result->{traffic_out}));
$self->{vpn}->{$_}->{traffic_in} = $result->{traffic_in} * 8 if (defined($result->{traffic_in}));
}
} }
1; 1;
@ -210,20 +232,10 @@ __END__
=head1 MODE =head1 MODE
Check VPN states. Check vpn.
=over 8 =over 8
=item B<--warning-*>
Threshold warning.
Can be: 'traffic'.
=item B<--critical-*>
Threshold critical.
Can be: 'traffic'.
=item B<--filter-id> =item B<--filter-id>
Filter by id (regexp can be used). Filter by id (regexp can be used).
@ -236,11 +248,25 @@ Filter by src ip (regexp can be used).
Filter by dst ip (regexp can be used). Filter by dst ip (regexp can be used).
=item B<--threshold-overload> =item B<--unknown-status>
Set to overload default threshold values (syntax: section,status,regexp) Set unknown threshold for status.
It used before default thresholds (order stays). Can used special variables like: %{state}, %{srcIp}, %{dstIp}
Example: --threshold-overload='vpn,CRITICAL,^(?!(mature)$)'
=item B<--warning-status>
Set warning threshold for status (Default: '%{state} eq "dead"').
Can used special variables like: %{state}, %{srcIp}, %{dstIp}
=item B<--critical-status>
Set critical threshold for status.
Can used special variables like: %{state}, %{srcIp}, %{dstIp}
=item B<--warning-*> B<--critical-*>
Thresholds.
Can be: 'vpn-detected', 'traffic', 'traffic-in', 'traffic-out'.
=back =back