#!/usr/bin/perl -w
############################## check_snmp_cpfw ##############
# Version : 0.7
# Date : Oct 02 2004
# Author  : Patrick Proy (patrick at proy.org)
# Help : http://www.manubulon.com/nagios/
# Licence : GPL - http://www.fsf.org/licenses/gpl.txt
# TODO :
# - check sync method
#################################################################
#
# Help : ./check_snmp_cpfw.pl -h
#

use strict;
use Net::SNMP;
use Getopt::Long;

# Nagios specific

use lib "@NAGIOS_PLUGINS@";
use utils qw(%ERRORS $TIMEOUT);
#my $TIMEOUT = 15;
#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);

# Oreon specific

if (eval "require centreon" ) {
  use centreon qw(get_parameters &is_valid_serviceid);
  use vars qw($VERSION %centreon);
  %centreon=get_parameters();
} else {
  print "Unable to load centreon perl module\n";
    exit $ERRORS{'UNKNOWN'};
}

my $pathtorrdbase = $centreon{GLOBAL}{DIR_RRDTOOL};


########### SNMP Datas ###########

###### FW data
my $policy_state	= "1.3.6.1.4.1.2620.1.1.1.0"; # "Installed"
my $policy_name		= "1.3.6.1.4.1.2620.1.1.2.0"; # Installed policy name
my $connections		= "1.3.6.1.4.1.2620.1.1.25.3.0"; # number of connections
#my $connections_peak	= "1.3.6.1.4.1.2620.1.1.25.4.0"; # peak number of connections
my @fw_checks 		= ($policy_state,$policy_name,$connections);

###### SVN data
my $svn_status		= "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status
my %svn_checks		= ($svn_status,"OK");
my %svn_checks_n	= ($svn_status,"SVN status");
my @svn_checks_oid	= ($svn_status);

###### HA data

my $ha_active		= "1.3.6.1.4.1.2620.1.5.5.0"; 	# "yes"
my $ha_state		= "1.3.6.1.4.1.2620.1.5.6.0"; 	# "active"
my $ha_block_state	= "1.3.6.1.4.1.2620.1.5.7.0"; 	#"OK" : ha blocking state
my $ha_status		= "1.3.6.1.4.1.2620.1.5.102.0"; # "OK" : ha status

my %ha_checks		=( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK");
my %ha_checks_n		=( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status");
my @ha_checks_oid	=( $ha_active,$ha_state,$ha_block_state,$ha_status);

my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode

my $ha_tables		= "1.3.6.1.4.1.2620.1.5.13.1"; 	# ha status table
my $ha_tables_index	= ".1";
my $ha_tables_name	= ".2";
my $ha_tables_state	= ".3"; # "OK"
my $ha_tables_prbdesc	= ".6"; # Description if state is != "OK"

#my @ha_table_check	= ("Synchronization","Filter","cphad","fwd"); # process to check

####### MGMT data

my $mgmt_status		= "1.3.6.1.4.1.2620.1.7.5.0";	# "active" : management status
my $mgmt_alive		= "1.3.6.1.4.1.2620.1.7.6.0";   # 1 : management is alive if 1
my $mgmt_stat_desc	= "1.3.6.1.4.1.2620.1.7.102.0"; # Management status description
my $mgmt_stats_desc_l	= "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description

my %mgmt_checks		= ($mgmt_status,"active",$mgmt_alive,"1");
my %mgmt_checks_n	= ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive");
my @mgmt_checks_oid	= ($mgmt_status,$mgmt_alive);

#################################### Globals ##############################""

my $Version='0.7';

my $o_host = 	undef; 		# hostname
my $o_community = undef; 	# community
my $o_port = 	161; 		# port
my $o_help=	undef; 		# wan't some help ?
my $o_verb=	undef;		# verbose mode
my $o_version=	undef;		# print version
my $o_warn=	undef;		# Warning for connections
my $o_crit=	undef;		# Crit for connections
my $o_svn=	undef;		# Check for SVN status
my $o_fw=	undef;		# Check for FW status
my $o_ha=	undef;		# Check for HA status
my $o_mgmt=	undef;		# Check for management status
my $o_policy=	undef;		# Check for policy name
my $o_conn=	undef;		# Check for connexions
my $o_perf=	undef;		# Performance data output

# SNMPv3 specific
my $o_login=	undef;		# Login for snmpv3
my $o_passwd=	undef;		# Pass for snmpv3

# centreon specific
my $o_step=	undef;
my $o_g=	undef;
my $o_S=	undef;
my $step=	undef;
my $rrd=	undef;
my $start=	undef;
my $ServiceId=	undef;
my @rrd_data= undef;


# functions

sub p_version { print "check_snmp_cpfw version : $Version\n"; }

sub print_usage {
    print "Usage: $0 [-v] -H <host> -C <snmp_community> | (-l login -x passwd) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-m] [-a] [-f] [-p <port>] [-t <timeout>] [-V]\n";
}

sub isnnum { # Return true if arg is not a number
  my $num = shift;
  if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
  return 1;
}

sub help {
   print "\nSNMP Checkpoint FW-1 Monitor for Nagios version ",$Version,"\n";
   print "(c)2004 - to my cat Ratoune\n\n";
   print_usage();
   print <<EOT;
-v, --verbose
   print extra debugging information (including interface list on the system)
-h, --help
   print this help message
-H, --hostname=HOST
   name or IP address of host to check
-C, --community=COMMUNITY NAME
   community name for the host's SNMP agent (implies v1 protocol)
-s, --svn
   check for svn status
-w, --fw
   check for fw status
-a, --ha
   check for ha status
-m, --mgmt
   check for management status
-p, --policy=POLICY_NAME
   check if installed policy is POLICY_NAME (must have -w)
-c, --connexions=WARN,CRIT
   check warn and critical number of connexions (must have -w)
-f, --perfparse
   perfparse output (only works with -c)
-l, --login=LOGIN
   Login for snmpv3 authentication (implies v3 protocol with MD5)
-x, --passwd=PASSWD
   Password for snmpv3 authentication
-P, --port=PORT
   SNMP port (Default 161)
-t, --timeout=INTEGER
   timeout for SNMP (Default: Nagios default)
-V, --version
   prints version number
-g (--rrdgraph)   Create a rrd base if necessary and add datas into this one
--rrd_step	     Specifies the base interval in seconds with which data will be fed into the RRD (300 by default)
-S (--ServiceId)  centreon Service Id

EOT
}

# For verbose output
sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; }

sub check_options {
    Getopt::Long::Configure ("bundling");
    GetOptions(
   	'v'	=> \$o_verb,		'verbose'	=> \$o_verb,
        'h'     => \$o_help,    	'help'        	=> \$o_help,
        'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
        'P:i'   => \$o_port,   		'port:i'	=> \$o_port,
        'C:s'   => \$o_community,	'community:s'	=> \$o_community,
	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
        't:i'   => \$TIMEOUT,    	'timeout:i'	=> \$TIMEOUT,
	'V'	=> \$o_version,		'version'	=> \$o_version,
	's'	=> \$o_svn,		'svn'		=> \$o_svn,
	'w'	=> \$o_fw,		'fw'		=> \$o_fw,
	'a'	=> \$o_ha,		'ha'		=> \$o_ha,
	'm'	=> \$o_mgmt,		'mgmt'		=> \$o_mgmt,
	'p:s'	=> \$o_policy,		'policy:s'	=> \$o_policy,
	'c:s'	=> \$o_conn,		'connexions:s'	=> \$o_conn,
	'f'	=> \$o_perf,		'perfparse'	=> \$o_perf,
	# For centreon rrdtool graph
  "rrd_step:s" => \$o_step,
  "g"   => \$o_g, "rrdgraph"     => \$o_g,
  "S=s" => \$o_S, "ServiceId=s"  => \$o_S
    );
    if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
    if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
    if ( ! defined($o_host) ) # check host and filter
	{ print_usage(); exit $ERRORS{"UNKNOWN"}}
    # check snmp information
    if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
	{ print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    # Check firewall options
    if ( defined($o_conn)) {
      if ( ! defined($o_fw))
 	{ print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
      my @warncrit=split(/,/ , $o_conn);
      if ( $#warncrit != 1 )
        { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
      ($o_warn,$o_crit)=@warncrit;
      if ( isnnum($o_warn) || isnnum($o_crit) )
	{ print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
      if ($o_warn >= $o_crit)
	{ print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
    }
    if ( defined($o_policy)) {
      if (! defined($o_fw))
	{ print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
      if ($o_policy eq "")
        { print "Put a policy name !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    }
    if (defined($o_perf) && ! defined ($o_conn))
	{ print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
    if (!defined($o_fw) && !defined($o_ha) && !defined($o_mgmt) && !defined($o_svn))
	{ print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}

	###### centreon #######

	if (!defined($o_S)) { $o_S="1_1" }
	$ServiceId = is_valid_serviceid($o_S);

	if (!defined($o_step)) { $o_step="300" }
	$step = $1 if ($o_step =~ /(\d+)/);

}

########## MAIN #######

check_options();

$start=time;

# Check gobal timeout if snmp screws up
alarm($TIMEOUT+15);

# Connect to host
my ($session,$error);
if ( defined($o_login) && defined($o_passwd)) {
  # SNMPv3 login
  verb("SNMPv3 login");
  ($session, $error) = Net::SNMP->session(
      -hostname   	=> $o_host,
      -version		=> '3',
      -username		=> $o_login,
      -authpassword	=> $o_passwd,
      -authprotocol	=> 'md5',
      -privpassword	=> $o_passwd
   );
} else {
  # SNMPV1 login
  ($session, $error) = Net::SNMP->session(
     -hostname  => $o_host,
     -community => $o_community,
     -port      => $o_port,
     -timeout   => $TIMEOUT
  );
}
if (!defined($session)) {
   printf("ERROR opening session: %s.\n", $error);
   exit $ERRORS{"UNKNOWN"};
}

########### Global checks #################

my $global_status=0; # global status : 0=OK, 1=Warn, 2=Crit
my ($resultat,$key)=(undef,undef);

##########  Check SVN status #############
my $svn_print="";
my $svn_state=0;

if (defined ($o_svn)) {

$resultat = $session->get_request(
    Varbindlist => \@svn_checks_oid
);

  if (defined($resultat)) {
    foreach $key ( keys %svn_checks) {
      verb("$svn_checks_n{$key} : $svn_checks{$key} / $$resultat{$key}");
      if ( $$resultat{$key} ne $svn_checks{$key} ) {
	$svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " ";
	$svn_state=2;
      }
    }
  } else {
    $svn_print .= "cannot find oids";
    #Critical state if not found because it means soft is not activated
    $svn_state=2;
  }

  if ($svn_state == 0) {
    $svn_print="SVN : OK";
  } else {
    $svn_print="SVN : " . $svn_print;
  }
  verb("$svn_print");
}
##########  Check mgmt status #############
my $mgmt_state=0;
my $mgmt_print="";

if (defined ($o_mgmt)) {
# Check all states
  $resultat=undef;
  $resultat = $session->get_request(
      Varbindlist => \@mgmt_checks_oid
  );
  if (defined($resultat)) {
    foreach $key ( keys %mgmt_checks) {
      verb("$mgmt_checks_n{$key} : $mgmt_checks{$key} / $$resultat{$key}");
      if ( $$resultat{$key} ne $mgmt_checks{$key} ) {
        $mgmt_print .= $mgmt_checks_n{$key} . ":" . $$resultat{$key} . " ";
        $mgmt_state=2;
      }
    }
  } else {
    $mgmt_print .= "cannot find oids";
    #Critical state if not found because it means soft is not activated
    $mgmt_state=2;
  }
  if ($mgmt_state == 0) {
    $mgmt_print="MGMT : OK";
  } else {
    $mgmt_print="MGMT : " . $mgmt_print;
  }
  verb("$svn_print");
}

########### Check fw status  ##############

my $fw_state=0;
my $fw_print="";
my $perf_conn=undef;

if (defined ($o_fw)) {

# Check all states

  $resultat = $session->get_request(
      Varbindlist => \@fw_checks
  );
  if (defined($resultat)) {
    verb("State : $$resultat{$policy_state}");
    verb("Name : $$resultat{$policy_name}");
    verb("connections : $$resultat{$connections}");

    if ($$resultat{$policy_state} ne "Installed") {
      $fw_state=2;
      $fw_print .= "Policy:". $$resultat{$policy_state}." ";
      verb("Policy state not installed");
    }

    if (defined($o_policy)) {
      if ($$resultat{$policy_name} ne $o_policy) {
	$fw_state=2;
	$fw_print .= "Policy installed : $$resultat{$policy_name}";
      }
    }

    if (defined($o_conn)) {
      if ($$resultat{$connections} > $o_crit) {
	$fw_state=2;
    $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_crit." ";
      } else {
	if ($$resultat{$connections} > $o_warn) {
	  $fw_state=1;
	  $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." ";
	}
      }
      $perf_conn=$$resultat{$connections};
    }
  } else {
    $fw_print .= "cannot find oids";
    #Critical state if not found because it means soft is not activated
    $fw_state=2;
  }

  if ($fw_state==0) {
    $fw_print="FW : OK";
  } else {
    $fw_print="FW : " . $fw_print;
  }

}
########### Check ha status  ##############

my $ha_state_n=0;
my $ha_print="";

if (defined ($o_ha)) {
  # Check all states

  $resultat = $session->get_request(
      Varbindlist => \@ha_checks_oid
  );

  if (defined($resultat)) {
    foreach $key ( keys %ha_checks) {
      verb("$ha_checks_n{$key} : $ha_checks{$key} / $$resultat{$key}");
      if ( $$resultat{$key} ne $ha_checks{$key} ) {
	$ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " ";
	$ha_state_n=2;
      }
    }
    #my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode
  } else {
    $ha_print .= "cannot find oids";
    #Critical state if not found because it means soft is not activated
    $ha_state_n=2;
  }

  # get ha status table
  $resultat = $session->get_table(
	  Baseoid => $ha_tables
  );
  my %status;
  my (@index,@oid) = (undef,undef);
  my $nindex=0;
  my $index_search= $ha_tables . $ha_tables_index;

  if (defined($resultat)) {
    foreach $key ( keys %$resultat) {
      if ( $key =~ /$index_search/) {
	@oid=split (/\./,$key);
	pop(@oid);
	$index[$nindex]=pop(@oid);
	$nindex++;
      }
    }
  } else {
    $ha_print .= "cannot find oids" if ($ha_state_n ==0);
    #Critical state if not found because it means soft is not activated
    $ha_state_n=2;
  }
  verb ("found $nindex ha softs");
  if ( $nindex == 0 )
  {
    $ha_print .= " no ha soft found" if ($ha_state_n ==0);
    $ha_state_n=2;
  } else {
    my $ha_soft_name=undef;

    for (my $i=0;$i<$nindex;$i++) {

      $key=$ha_tables . $ha_tables_name . "." . $index[$i] . ".0";
      $ha_soft_name= $$resultat{$key};

      $key=$ha_tables . $ha_tables_state . "." . $index[$i] . ".0";
      if (($status{$ha_soft_name} = $$resultat{$key}) ne "OK") {
	    $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0";
	    $status{$ha_soft_name} = $$resultat{$key};
	    $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " ";
	    $ha_state_n=2
      }
      verb ("$ha_soft_name : $status{$ha_soft_name}");
    }
  }

  if ($ha_state_n == 0) {
    $ha_print = "HA : OK";
  } else {
    $ha_print = "HA : " . $ha_print;
  }

}

$session->close;

########## print results and exit

my $f_print=undef;

if (defined ($o_fw)) { $f_print = $fw_print }
if (defined ($o_svn)) { $f_print = (defined ($f_print)) ? $f_print . " / ". $svn_print : $svn_print }
if (defined ($o_ha)) { $f_print = (defined ($f_print)) ? $f_print . " / ". $ha_print : $ha_print }
if (defined ($o_mgmt)) { $f_print = (defined ($f_print)) ? $f_print . " / ". $mgmt_print : $mgmt_print }

my $exit_status=undef;
$f_print .= " / CPFW Status : ";
if (($ha_state_n+$svn_state+$fw_state+$mgmt_state) == 0 ) {
  $f_print .= "OK";
  $exit_status= $ERRORS{"OK"};
} else {
  if (($fw_state==1) || ($ha_state_n==1) || ($svn_state==1) || ($mgmt_state==1)) {
    $f_print .= "WARNING";
    $exit_status= $ERRORS{"WARNING"};
  } else {
    $f_print .= "CRITICAL";
    $exit_status=$ERRORS{"CRITICAL"};
  }
}

if (defined($o_perf) && defined ($perf_conn)) {
  $f_print .= " | fw_connexions=" . $perf_conn;
}

print "$f_print\n";
exit $exit_status;