From ca9e07e13f0c591b25a21e1d09ef394429c7cd48 Mon Sep 17 00:00:00 2001 From: sfarouq-ext <116093375+sfarouq-ext@users.noreply.github.com> Date: Mon, 3 Mar 2025 16:19:31 +0100 Subject: [PATCH] enh(fortinet): vpn snmp mode add counter for ip sec tunnels (#5449) Refs:CTOR-1237 Co-authored-by: Patrick Co-authored-by: Lucie Dubrunfaut --- .../fortinet/fortigate/snmp/mode/vpn.pm | 23 +++++++++-- .../fortigate/snmp/fortigate-vpn.snmpwalk | 38 +++++++++++++++++++ .../network/fortinet/fortigate/snmp/vpn.robot | 35 +++++++++++++++++ tests/resources/spellcheck/stopwords.txt | 3 ++ 4 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 tests/network/fortinet/fortigate/snmp/fortigate-vpn.snmpwalk create mode 100644 tests/network/fortinet/fortigate/snmp/vpn.robot diff --git a/src/centreon/common/fortinet/fortigate/snmp/mode/vpn.pm b/src/centreon/common/fortinet/fortigate/snmp/mode/vpn.pm index ab87fb8a6..a1c7386f2 100644 --- a/src/centreon/common/fortinet/fortigate/snmp/mode/vpn.pm +++ b/src/centreon/common/fortinet/fortigate/snmp/mode/vpn.pm @@ -69,6 +69,14 @@ sub set_counters { { label => 'active_tunnels', template => '%d', min => 0, unit => 'tunnels', label_extra_instance => 1 } ] } + }, + { label => 'ipsec-tunnels-count', nlabel => 'vpn.ipsec.tunnels.state.count', set => { + key_values => [ { name => 'ipsec_tunnels_count' } ], + output_template => 'IPSec tunnels state up: %s', + perfdatas => [ + { label => 'ipsec-tunnels-count', template => '%d', min => 0, unit => 'tunnels', label_extra_instance => 1 } + ] + } } ]; @@ -186,6 +194,7 @@ sub manage_selection { $self->{vd} = {}; my $duplicated = {}; + my $ipsec_tunnels_counter = 0; foreach my $oid (keys %{$snmp_result->{ $oid_fgVdEntName }}) { $oid =~ /^$oid_fgVdEntName\.(.*)$/; my $vdom_instance = $1; @@ -203,7 +212,8 @@ sub manage_selection { global => { users => $result->{fgVpnSslStatsLoginUsers}, tunnels => $result->{fgVpnSslStatsActiveTunnels}, - sessions => $result->{fgVpnSslStatsActiveWebSessions} + sessions => $result->{fgVpnSslStatsActiveWebSessions}, + ipsec_tunnels_count => $ipsec_tunnels_counter }, vpn => {}, }; @@ -238,8 +248,13 @@ sub manage_selection { traffic_in => $result->{fgVpnTunEntInOctets} * 8, traffic_out => $result->{fgVpnTunEntOutOctets} * 8 }; + # count tunnels in state up + if ($self->{vd}->{$vdomain_name}->{vpn}->{$name}->{state} eq "up") { + $ipsec_tunnels_counter++; + }; } - } + $self->{vd}->{$vdomain_name}->{global}->{ipsec_tunnels_count} = $ipsec_tunnels_counter; + } } 1; @@ -258,11 +273,11 @@ Filter name with regexp. Can be ('vdomain', 'vpn') =item B<--warning-*> -Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out') +Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out', 'ipsec-tunnels-count') =item B<--critical-*> -Warning on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out') +Critical on counters. Can be ('users', 'sessions', 'tunnels', 'traffic-in', 'traffic-out', 'ipsec-tunnels-count')) =item B<--warning-status> diff --git a/tests/network/fortinet/fortigate/snmp/fortigate-vpn.snmpwalk b/tests/network/fortinet/fortigate/snmp/fortigate-vpn.snmpwalk new file mode 100644 index 000000000..90d5f8ba1 --- /dev/null +++ b/tests/network/fortinet/fortigate/snmp/fortigate-vpn.snmpwalk @@ -0,0 +1,38 @@ +.1.3.6.1.4.1.12356.101.3.2.1.1.2.1 = STRING: Anonymized 220 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.1.1 = STRING: Anonymized 017 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.2.1 = STRING: Anonymized 217 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.11.1 = STRING: Anonymized 057 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.12.1 = STRING: Anonymized 209 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.13.1 = STRING: Anonymized 244 +.1.3.6.1.4.1.12356.101.12.2.2.1.3.14.1 = STRING: Anonymized 027 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.1.1 = INTEGER: 116067 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.2.1 = INTEGER: 107197 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.11.1 = INTEGER: 1148670 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.12.1 = INTEGER: 1147720 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.13.1 = INTEGER: 437748426 +.1.3.6.1.4.1.12356.101.12.2.2.1.18.14.1 = INTEGER: 46064826 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.1.1 = INTEGER: 85235 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.2.1 = INTEGER: 81019 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.11.1 = INTEGER: 914847 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.12.1 = INTEGER: 890656 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.13.1 = INTEGER: 951490605 +.1.3.6.1.4.1.12356.101.12.2.2.1.19.14.1 = INTEGER: 39146041 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.1.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.2.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.11.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.12.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.13.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.20.14.1 = INTEGER: 2 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.1.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.2.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.11.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.12.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.13.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.2.1.21.14.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.3.1.1.1 = INTEGER: 1 +.1.3.6.1.4.1.12356.101.12.2.3.1.2.1 = INTEGER: 0 +.1.3.6.1.4.1.12356.101.12.2.3.1.3.1 = INTEGER: 0 +.1.3.6.1.4.1.12356.101.12.2.3.1.4.1 = INTEGER: 0 +.1.3.6.1.4.1.12356.101.12.2.3.1.5.1 = INTEGER: 0 +.1.3.6.1.4.1.12356.101.12.2.3.1.6.1 = INTEGER: 0 +.1.3.6.1.4.1.12356.101.12.2.3.1.7.1 = INTEGER: 0 diff --git a/tests/network/fortinet/fortigate/snmp/vpn.robot b/tests/network/fortinet/fortigate/snmp/vpn.robot new file mode 100644 index 000000000..ba6d86535 --- /dev/null +++ b/tests/network/fortinet/fortigate/snmp/vpn.robot @@ -0,0 +1,35 @@ +*** Settings *** +Documentation Check Vdomain statistics and VPN state and traffic. + +Resource ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource + +Suite Setup Ctn Generic Suite Setup +Test Timeout 120s + + +*** Variables *** +${CMD} ${CENTREON_PLUGINS} --plugin=network::fortinet::fortigate::snmp::plugin + +*** Test Cases *** +vpn ${tc} + [Tags] network snmp vpn + ${command} Catenate + ... ${CMD} + ... --mode=vpn + ... --hostname=${HOSTNAME} + ... --snmp-version=${SNMPVERSION} + ... --snmp-port=${SNMPPORT} + ... --snmp-community=network/fortinet/fortigate/snmp/fortigate-vpn + ... --snmp-timeout=1 + ... ${extra_options} + + Ctn Verify Command Output ${command} ${expected_result} + + Examples: tc extra_options expected_result -- + ... 1 ${EMPTY} OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 6 - All vpn are ok | 'users'=0users;;;0; 'sessions'=0sessions;;;0; 'active_tunnels'=0tunnels;;;0; 'ipsec-tunnels-count'=6tunnels;;;0; + ... 2 --filter-vdomain='Anonymized 220' OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 6 - All vpn are ok | 'users'=0users;;;0; 'sessions'=0sessions;;;0; 'active_tunnels'=0tunnels;;;0; 'ipsec-tunnels-count'=6tunnels;;;0; + ... 3 --warning-status='\\\%{state} eq "up"' WARNING: Virtual domain 'Anonymized 220' Link 'Anonymized 017' state is 'up' - Link 'Anonymized 027' state is 'up' - Link 'Anonymized 057' state is 'up' + ... 4 --critical-status='\\\%{state} eq "up"' CRITICAL: Virtual domain 'Anonymized 220' Link 'Anonymized 017' state is 'up' - Link 'Anonymized 027' state is 'up' - Link 'Anonymized 057' state is 'up' + ... 5 --filter-vpn='500' --warning-sessions='@0:0' --critical-sessions='@2:2' --use-new-perfdata WARNING: Virtual domain 'Anonymized 220' Active web sessions: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;@0:0;@2:2;0; 'Anonymized 220#vpn.tunnels.active.count'=0tunnels;;;0; 'Anonymized 220#vpn.ipsec.tunnels.state.count'=0tunnels;;;0; + ... 6 --warning-ipsec-tunnels-count='@1:1' --critical-ipsec-tunnels-count='@0:0' --use-new-perfdata --filter-vpn='_11' CRITICAL: Virtual domain 'Anonymized 220' IPSec tunnels state up: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;;;0; 'Anonymized 220#vpn.tunnels.active.count'=0tunnels;;;0; 'Anonymized 220#vpn.ipsec.tunnels.state.count'=0tunnels;@1:1;@0:0;0; + ... 7 --critical-traffic-in='@0:0' --critical-traffic-out='@0:0' --use-new-perfdata --filter-vpn='_11' --filter-vdomain='Anonymized 220' OK: Virtual domain 'Anonymized 220' Logged users: 0, Active web sessions: 0, Active tunnels: 0, IPSec tunnels state up: 0 | 'Anonymized 220#vpn.users.logged.count'=0users;;;0; 'Anonymized 220#vpn.websessions.active.count'=0sessions;;;0; \ No newline at end of file diff --git a/tests/resources/spellcheck/stopwords.txt b/tests/resources/spellcheck/stopwords.txt index 87cf6dbf9..850c3532f 100644 --- a/tests/resources/spellcheck/stopwords.txt +++ b/tests/resources/spellcheck/stopwords.txt @@ -114,6 +114,7 @@ IpAddr ip-label ipv4 ipv6 +ipsec ISAM Iwsva jmeter @@ -264,12 +265,14 @@ userpass v1 v2 vdom +vdomain VDSL2 Veeam VeloCloud VM VMware VPN +vpn vSAN Vserver vSphere