272 lines
9.8 KiB
Perl
272 lines
9.8 KiB
Perl
#
|
|
# Copyright 2021 Centreon (http://www.centreon.com/)
|
|
#
|
|
# Centreon is a full-fledged industry-strength solution that meets
|
|
# the needs in IT infrastructure and application monitoring for
|
|
# service performance.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
package network::juniper::common::junos::mode::ipsectunnel;
|
|
|
|
use base qw(centreon::plugins::templates::counter);
|
|
|
|
use strict;
|
|
use warnings;
|
|
use Digest::MD5 qw(md5_hex);
|
|
use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc);
|
|
|
|
sub custom_status_output {
|
|
my ($self, %options) = @_;
|
|
|
|
my $msg = 'ike state: ' . $self->{result_values}->{ike_state};
|
|
return $msg;
|
|
}
|
|
|
|
sub set_counters {
|
|
my ($self, %options) = @_;
|
|
|
|
$self->{maps_counters_type} = [
|
|
{ name => 'global', type => 0 },
|
|
{ name => 'tunnel', type => 1, cb_prefix_output => 'prefix_tunnel_output', message_multiple => 'All tunnels are ok' },
|
|
];
|
|
|
|
$self->{maps_counters}->{global} = [
|
|
{ label => 'tunnels-total', nlabel => 'ipsec.tunnels.total.count', set => {
|
|
key_values => [ { name => 'total' } ],
|
|
output_template => 'Total Tunnels: %s',
|
|
perfdatas => [
|
|
{ label => 'total_tunnels', template => '%s', min => 0 }
|
|
]
|
|
}
|
|
}
|
|
];
|
|
|
|
$self->{maps_counters}->{tunnel} = [
|
|
{ label => 'status', threshold => 0, set => {
|
|
key_values => [ { name => 'ike_state' }, { name => 'display' } ],
|
|
closure_custom_calc => \&catalog_status_calc,
|
|
closure_custom_output => $self->can('custom_status_output'),
|
|
closure_custom_perfdata => sub { return 0; },
|
|
closure_custom_threshold_check => \&catalog_status_threshold,
|
|
}
|
|
},
|
|
{ label => 'tunnel-traffic-in', nlabel => 'ipsec.tunnel.traffic.in.bitspersecond', set => {
|
|
key_values => [],
|
|
manual_keys => 1,
|
|
closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'in' },
|
|
closure_custom_output => $self->can('custom_traffic_output'),
|
|
threshold_use => 'traffic_per_second',
|
|
perfdatas => [
|
|
{ value => 'traffic_per_second', template => '%s',
|
|
min => 0, unit => 'b/s', label_extra_instance => 1, instance_use => 'display' },
|
|
],
|
|
}
|
|
},
|
|
{ label => 'tunnel-traffic-out', nlabel => 'ipsec.tunnel.traffic.out.bitspersecond', set => {
|
|
key_values => [],
|
|
manual_keys => 1,
|
|
closure_custom_calc => $self->can('custom_traffic_calc'), closure_custom_calc_extra_options => { label_ref => 'out' },
|
|
closure_custom_output => $self->can('custom_traffic_output'),
|
|
threshold_use => 'traffic_per_second',
|
|
perfdatas => [
|
|
{ value => 'traffic_per_second', template => '%s',
|
|
min => 0, unit => 'b/s', label_extra_instance => 1, instance_use => 'display' },
|
|
],
|
|
}
|
|
}
|
|
];
|
|
}
|
|
|
|
sub custom_traffic_output {
|
|
my ($self, %options) = @_;
|
|
|
|
my ($traffic_value, $traffic_unit) = $self->{perfdata}->change_bytes(value => $self->{result_values}->{traffic_per_second}, network => 1);
|
|
my $msg = sprintf("traffic %s: %s/s",
|
|
$self->{result_values}->{label},
|
|
$traffic_value . $traffic_unit
|
|
);
|
|
return $msg;
|
|
}
|
|
|
|
sub custom_traffic_calc {
|
|
my ($self, %options) = @_;
|
|
|
|
my ($checked, $total_bits) = (0, 0);
|
|
foreach (keys %{$options{new_datas}}) {
|
|
if (/$self->{instance}_traffic_$options{extra_options}->{label_ref}_(\d+)/) {
|
|
$checked |= 1;
|
|
my $new_bits = $options{new_datas}->{$_};
|
|
next if (!defined($options{old_datas}->{$_}));
|
|
my $old_bits = $options{old_datas}->{$_};
|
|
|
|
$checked |= 2;
|
|
my $diff_bits = $new_bits - $old_bits;
|
|
if ($diff_bits < 0) {
|
|
$total_bits += $new_bits;
|
|
} else {
|
|
$total_bits += $diff_bits;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($checked == 0) {
|
|
$self->{error_msg} = 'skipped (no value)';
|
|
return -10;
|
|
}
|
|
if ($checked == 1) {
|
|
$self->{error_msg} = 'buffer creation';
|
|
return -1;
|
|
}
|
|
|
|
$self->{result_values}->{display} = $options{new_datas}->{$self->{instance} . '_display'};
|
|
$self->{result_values}->{traffic_per_second} = $total_bits / $options{delta_time};
|
|
$self->{result_values}->{label} = $options{extra_options}->{label_ref};
|
|
return 0;
|
|
}
|
|
|
|
sub prefix_tunnel_output {
|
|
my ($self, %options) = @_;
|
|
|
|
return "Tunnel '" . $options{instance_value}->{display} . "' ";
|
|
}
|
|
|
|
sub new {
|
|
my ($class, %options) = @_;
|
|
my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1, force_new_perfdata => 1);
|
|
bless $self, $class;
|
|
|
|
$options{options}->add_options(arguments => {
|
|
'filter-name:s' => { name => 'filter_name' },
|
|
'unknown-status:s' => { name => 'unknown_status', default => '' },
|
|
'warning-status:s' => { name => 'warning_status', default => '' },
|
|
'critical-status:s' => { name => 'critical_status', default => '%{ike_state} eq "down"' },
|
|
});
|
|
|
|
return $self;
|
|
}
|
|
|
|
sub check_options {
|
|
my ($self, %options) = @_;
|
|
$self->SUPER::check_options(%options);
|
|
|
|
$self->change_macros(macros => ['warning_status', 'critical_status', 'unknown_status']);
|
|
}
|
|
|
|
my $map_ike_state = { 1 => 'up', 2 => 'down' };
|
|
|
|
my $mapping = {
|
|
jnxIkeTunMonState => { oid => '.1.3.6.1.4.1.2636.3.52.1.1.2.1.6', map => $map_ike_state },
|
|
jnxIkeTunMonRemoteIdValue => { oid => '.1.3.6.1.4.1.2636.3.52.1.1.2.1.14' },
|
|
};
|
|
my $mapping2 = {
|
|
jnxIpSecTunMonOutEncryptedBytes => { oid => '.1.3.6.1.4.1.2636.3.52.1.2.2.1.10' },
|
|
jnxIpSecTunMonInDecryptedBytes => { oid => '.1.3.6.1.4.1.2636.3.52.1.2.2.1.12' },
|
|
};
|
|
|
|
sub manage_selection {
|
|
my ($self, %options) = @_;
|
|
|
|
$self->{tunnel} = {};
|
|
my $request_oids = [
|
|
{ oid => $mapping->{jnxIkeTunMonState}->{oid} },
|
|
{ oid => $mapping->{jnxIkeTunMonRemoteIdValue}->{oid} },
|
|
];
|
|
my $snmp_result = $options{snmp}->get_multiple_table(oids => $request_oids, return_type => 1, nothing_quit => 1);
|
|
my $snmp_result2 = $options{snmp}->get_multiple_table(
|
|
oids => [
|
|
{ oid => $mapping2->{jnxIpSecTunMonOutEncryptedBytes}->{oid} },
|
|
{ oid => $mapping2->{jnxIpSecTunMonInDecryptedBytes}->{oid} },
|
|
],
|
|
return_type => 1
|
|
);
|
|
|
|
foreach (keys %$snmp_result) {
|
|
next if (!/$mapping->{jnxIkeTunMonRemoteIdValue}->{oid}\.(\d+\.\d+)\.(\d+\.\d+\.\d+\.\d+)\.(\d+)/);
|
|
my $instance = $1 . '.' . $2 . '.' . $3;
|
|
my ($remote_type, $remote_addr, $tun_index) = ($1, $2, $3);
|
|
my $result = $options{snmp}->map_instance(mapping => $mapping, results => $snmp_result, instance => $instance);
|
|
|
|
if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' &&
|
|
$result->{jnxIkeTunMonRemoteIdValue} !~ /$self->{option_results}->{filter_name}/) {
|
|
$self->{output}->output_add(long_msg => "skipping '" . $result->{jnxIkeTunMonRemoteIdValue} . "': no matching filter name.", debug => 1);
|
|
next;
|
|
}
|
|
|
|
$self->{tunnel}->{$instance} = {
|
|
display => $result->{jnxIkeTunMonRemoteIdValue},
|
|
ike_state => $result->{jnxIkeTunMonState},
|
|
};
|
|
|
|
foreach my $key (keys %$snmp_result2) {
|
|
next if ($key !~ /^$mapping2->{jnxIpSecTunMonInDecryptedBytes}->{oid}\.$remote_type\.$remote_addr\.(\d+)/);
|
|
|
|
my $instance2 = $remote_type . '.' . $remote_addr . '.' . $1;
|
|
my $result2 = $options{snmp}->map_instance(mapping => $mapping2, results => $snmp_result2, instance => $instance2);
|
|
|
|
$self->{tunnel}->{$instance}->{'traffic_in_' . $instance2} = $result2->{jnxIpSecTunMonInDecryptedBytes} * 8;
|
|
$self->{tunnel}->{$instance}->{'traffic_out_' . $instance2} = $result2->{jnxIpSecTunMonOutEncryptedBytes} * 8;
|
|
}
|
|
}
|
|
|
|
$self->{cache_name} = "juniper_junos_" . $options{snmp}->get_hostname() . '_' . $options{snmp}->get_port() . '_' . $self->{mode} . '_' .
|
|
(defined($self->{option_results}->{filter_name}) ? md5_hex($self->{option_results}->{filter_name}) : md5_hex('all')) . '_' .
|
|
(defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all'));
|
|
|
|
$self->{global} = { total => scalar(keys %{$self->{tunnel}}) };
|
|
}
|
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
=head1 MODE
|
|
|
|
Check ipsec tunnels.
|
|
|
|
=over 8
|
|
|
|
=item B<--filter-name>
|
|
|
|
Filter name (can be a regexp).
|
|
|
|
=item B<--filter-counters>
|
|
|
|
Only display some counters (regexp can be used).
|
|
Example: --filter-counters='tunnels-total'
|
|
|
|
=item B<--unknown-status>
|
|
|
|
Set warning threshold for status (Default: '').
|
|
Can used special variables like: %{ike_state}, %{display}
|
|
|
|
=item B<--warning-status>
|
|
|
|
Set warning threshold for status (Default: '').
|
|
Can used special variables like: %{ike_state}, %{display}
|
|
|
|
=item B<--critical-status>
|
|
|
|
Set critical threshold for status (Default: '%{ike_state} eq "down"').
|
|
Can used special variables like: %{ike_state}, %{display}
|
|
|
|
=item B<--warning-*> B<--critical-*>
|
|
|
|
Thresholds.
|
|
Can be: 'tunnels-total', 'tunnel-traffic-in', 'tunnel-traffic-out'.
|
|
|
|
=back
|
|
|
|
=cut
|