enh(fortinet): vpn snmp mode add counter for ip sec tunnels (#5449)

Refs:CTOR-1237

Co-authored-by: Patrick <jummo4@yahoo.de>
Co-authored-by: Lucie Dubrunfaut <ldubrunfaut@CNTR-PORT-A198>
This commit is contained in:
sfarouq-ext 2025-03-03 16:19:31 +01:00 committed by GitHub
parent 635401745c
commit ca9e07e13f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 95 additions and 4 deletions

View File

@ -69,6 +69,14 @@ sub set_counters {
{ label => 'active_tunnels', template => '%d', min => 0, unit => 'tunnels', label_extra_instance => 1 }
]
}
},
{ label => 'ipsec-tunnels-count', nlabel => 'vpn.ipsec.tunnels.state.count', set => {
key_values => [ { name => 'ipsec_tunnels_count' } ],
output_template => 'IPSec tunnels state up: %s',
perfdatas => [
{ label => 'ipsec-tunnels-count', template => '%d', min => 0, unit => 'tunnels', label_extra_instance => 1 }
]
}
}
];
@ -186,6 +194,7 @@ sub manage_selection {
$self->{vd} = {};
my $duplicated = {};
my $ipsec_tunnels_counter = 0;
foreach my $oid (keys %{$snmp_result->{ $oid_fgVdEntName }}) {
$oid =~ /^$oid_fgVdEntName\.(.*)$/;
my $vdom_instance = $1;
@ -203,7 +212,8 @@ sub manage_selection {
global => {
users => $result->{fgVpnSslStatsLoginUsers},
tunnels => $result->{fgVpnSslStatsActiveTunnels},
sessions => $result->{fgVpnSslStatsActiveWebSessions}
sessions => $result->{fgVpnSslStatsActiveWebSessions},
ipsec_tunnels_count => $ipsec_tunnels_counter
},
vpn => {},
};
@ -238,8 +248,13 @@ sub manage_selection {
traffic_in => $result->{fgVpnTunEntInOctets} * 8,
traffic_out => $result->{fgVpnTunEntOutOctets} * 8
};
# count tunnels in state up
if ($self->{vd}->{$vdomain_name}->{vpn}->{$name}->{state} eq "up") {
$ipsec_tunnels_counter++;
};
}
}
$self->{vd}->{$vdomain_name}->{global}->{ipsec_tunnels_count} = $ipsec_tunnels_counter;
}
}
1;
@ -258,11 +273,11 @@ Filter name with regexp. Can be ('vdomain', 'vpn')
=item B<--warning-*>
Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out')
Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out', 'ipsec-tunnels-count')
=item B<--critical-*>
Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out')
Critical on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out', 'ipsec-tunnels-count'))
=item B<--warning-status>

View File

@ -0,0 +1,38 @@
.1.3.6.1.4.1.12356.101.3.2.1.1.2.1 = STRING: Anonymized 220
.1.3.6.1.4.1.12356.101.12.2.2.1.3.1.1 = STRING: Anonymized 017
.1.3.6.1.4.1.12356.101.12.2.2.1.3.2.1 = STRING: Anonymized 217
.1.3.6.1.4.1.12356.101.12.2.2.1.3.11.1 = STRING: Anonymized 057
.1.3.6.1.4.1.12356.101.12.2.2.1.3.12.1 = STRING: Anonymized 209
.1.3.6.1.4.1.12356.101.12.2.2.1.3.13.1 = STRING: Anonymized 244
.1.3.6.1.4.1.12356.101.12.2.2.1.3.14.1 = STRING: Anonymized 027
.1.3.6.1.4.1.12356.101.12.2.2.1.18.1.1 = INTEGER: 116067
.1.3.6.1.4.1.12356.101.12.2.2.1.18.2.1 = INTEGER: 107197
.1.3.6.1.4.1.12356.101.12.2.2.1.18.11.1 = INTEGER: 1148670
.1.3.6.1.4.1.12356.101.12.2.2.1.18.12.1 = INTEGER: 1147720
.1.3.6.1.4.1.12356.101.12.2.2.1.18.13.1 = INTEGER: 437748426
.1.3.6.1.4.1.12356.101.12.2.2.1.18.14.1 = INTEGER: 46064826
.1.3.6.1.4.1.12356.101.12.2.2.1.19.1.1 = INTEGER: 85235
.1.3.6.1.4.1.12356.101.12.2.2.1.19.2.1 = INTEGER: 81019
.1.3.6.1.4.1.12356.101.12.2.2.1.19.11.1 = INTEGER: 914847
.1.3.6.1.4.1.12356.101.12.2.2.1.19.12.1 = INTEGER: 890656
.1.3.6.1.4.1.12356.101.12.2.2.1.19.13.1 = INTEGER: 951490605
.1.3.6.1.4.1.12356.101.12.2.2.1.19.14.1 = INTEGER: 39146041
.1.3.6.1.4.1.12356.101.12.2.2.1.20.1.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.20.2.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.20.11.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.20.12.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.20.13.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.20.14.1 = INTEGER: 2
.1.3.6.1.4.1.12356.101.12.2.2.1.21.1.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.2.1.21.2.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.2.1.21.11.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.2.1.21.12.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.2.1.21.13.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.2.1.21.14.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.3.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.12356.101.12.2.3.1.2.1 = INTEGER: 0
.1.3.6.1.4.1.12356.101.12.2.3.1.3.1 = INTEGER: 0
.1.3.6.1.4.1.12356.101.12.2.3.1.4.1 = INTEGER: 0
.1.3.6.1.4.1.12356.101.12.2.3.1.5.1 = INTEGER: 0
.1.3.6.1.4.1.12356.101.12.2.3.1.6.1 = INTEGER: 0
.1.3.6.1.4.1.12356.101.12.2.3.1.7.1 = INTEGER: 0

View File

@ -0,0 +1,35 @@
*** Settings ***
Documentation Check Vdomain statistics and VPN state and traffic.
Resource ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource
Suite Setup Ctn Generic Suite Setup
Test Timeout 120s
*** Variables ***
${CMD} ${CENTREON_PLUGINS} --plugin=network::fortinet::fortigate::snmp::plugin
*** Test Cases ***
vpn ${tc}
[Tags] network snmp vpn
${command} Catenate
... ${CMD}
... --mode=vpn
... --hostname=${HOSTNAME}
... --snmp-version=${SNMPVERSION}
... --snmp-port=${SNMPPORT}
... --snmp-community=network/fortinet/fortigate/snmp/fortigate-vpn
... --snmp-timeout=1
... ${extra_options}
Ctn Verify Command Output ${command} ${expected_result}
Examples: tc extra_options expected_result --
... 1 ${EMPTY} OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 6 - All vpn are ok | 'users'=0users;;;0; 'sessions'=0sessions;;;0; 'active_tunnels'=0tunnels;;;0; 'ipsec-tunnels-count'=6tunnels;;;0;
... 2 --filter-vdomain='Anonymized 220' OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 6 - All vpn are ok | 'users'=0users;;;0; 'sessions'=0sessions;;;0; 'active_tunnels'=0tunnels;;;0; 'ipsec-tunnels-count'=6tunnels;;;0;
... 3 --warning-status='\\\%{state} eq "up"' WARNING: Virtual domain 'Anonymized 220' Link 'Anonymized 017' state is 'up' - Link 'Anonymized 027' state is 'up' - Link 'Anonymized 057' state is 'up'
... 4 --critical-status='\\\%{state} eq "up"' CRITICAL: Virtual domain 'Anonymized 220' Link 'Anonymized 017' state is 'up' - Link 'Anonymized 027' state is 'up' - Link 'Anonymized 057' state is 'up'
... 5 --filter-vpn='500' --warning-sessions='@0:0' --critical-sessions='@2:2' --use-new-perfdata WARNING: Virtual domain 'Anonymized 220' Active web sessions: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;@0:0;@2:2;0; 'Anonymized 220#vpn.tunnels.active.count'=0tunnels;;;0; 'Anonymized 220#vpn.ipsec.tunnels.state.count'=0tunnels;;;0;
... 6 --warning-ipsec-tunnels-count='@1:1' --critical-ipsec-tunnels-count='@0:0' --use-new-perfdata --filter-vpn='_11' CRITICAL: Virtual domain 'Anonymized 220' IPSec tunnels state up: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;;;0; 'Anonymized 220#vpn.tunnels.active.count'=0tunnels;;;0; 'Anonymized 220#vpn.ipsec.tunnels.state.count'=0tunnels;@1:1;@0:0;0;
... 7 --critical-traffic-in='@0:0' --critical-traffic-out='@0:0' --use-new-perfdata --filter-vpn='_11' --filter-vdomain='Anonymized 220' OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;;;0;

View File

@ -114,6 +114,7 @@ IpAddr
ip-label
ipv4
ipv6
ipsec
ISAM
Iwsva
jmeter
@ -264,12 +265,14 @@ userpass
v1
v2
vdom
vdomain
VDSL2
Veeam
VeloCloud
VM
VMware
VPN
vpn
vSAN
Vserver
vSphere