Module: check_mk
Branch: master
Commit: bae23df68bce226fa3a659e65da8aa3c8cc45249
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bae23df68bce22…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Tue Feb 21 09:57:27 2017 +0100
4362 fileinfo.groups, logwatch.groups: now group pattern matching is allowed in service description
The service description may contain one or more occurances of %s. If you do this,
then the pattern must be a regular expression and be prefixed with ~. For each %s
in the description, the expression has to contain one "group". A group is a
subexpression enclosed in brackets, for example (.*) or ([a-zA-Z]+) or (...).
Change-Id: I69ec4a51ebd18e766aa116cefcfaae03e4805f9f
---
.werks/4362 | 12 ++++
checks/fileinfo | 209 ++++++++++++++++++++++++++++++++++----------------------
checks/logwatch | 201 ++++++++++++++++++++++++++++++++++-------------------
3 files changed, 267 insertions(+), 155 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=bae23df68b…
Module: check_mk
Branch: master
Commit: 233cf90d25fb07300774ce6da562fc6da91a51b3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=233cf90d25fb07…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Tue Jun 6 11:59:52 2017 +0200
4768 cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices
Change-Id: I9639f5888f51e9161a76a1d6254004b2fab282cd
---
.werks/4768 | 10 ++++++
checkman/cisco_asa_connections | 15 ++++++++
checks/cisco_asa_connections | 70 ++++++++++++++++++++++++++++++++++++
web/plugins/wato/check_parameters.py | 20 +++++++++++
4 files changed, 115 insertions(+)
diff --git a/.werks/4768 b/.werks/4768
new file mode 100644
index 0000000..a1ecd54
--- /dev/null
+++ b/.werks/4768
@@ -0,0 +1,10 @@
+Title: cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1496743160
+Class: feature
+
+
diff --git a/checkman/cisco_asa_connections b/checkman/cisco_asa_connections
new file mode 100644
index 0000000..aefffcd4
--- /dev/null
+++ b/checkman/cisco_asa_connections
@@ -0,0 +1,15 @@
+title: Cisco ASA Connections
+agents: snmp
+catalog: hw/network/cisco
+distribution: check_mk
+license: GPLv3
+description:
+ This check monitors the number of connections currently in use by the entire firewall and
+ the highest number of connections in use at any one time since system startup of Cisco ASA
+ devices.
+
+ Upper levels for currently connections can be set. There are no default levels.
+
+inventory:
+ One service will be created.
+
diff --git a/checks/cisco_asa_connections b/checks/cisco_asa_connections
new file mode 100644
index 0000000..e65b21d
--- /dev/null
+++ b/checks/cisco_asa_connections
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.6 "number of connections currently in use by the entire firewall"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.7 "highest number of connections in use at any one time since system startup"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 1045
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 2816
+
+
+def inventory_cisco_asa_connections(info):
+ return [(None, {})]
+
+
+def check_cisco_asa_connections(_no_item, params, info):
+ used_conns = int(info[0][0])
+ overall_used_conns = info[1][0]
+ infotext = "Currently used: %s" % used_conns
+ state = 0
+
+ if params.get("connections"):
+ warn, crit = params["connections"]
+ perfdata = [("fw_connections_active", used_conns, warn, crit)]
+ if used_conns >= crit:
+ state = 2
+ elif used_conns >= warn:
+ state = 1
+ if state > 0:
+ infotext += " (warn/crit at %s/%s)" % (warn, crit)
+ else:
+ perfdata = [("fw_connections_active", used_conns)]
+
+ return state, "%s, Max. since system startup: %s" % (infotext, overall_used_conns), perfdata
+
+
+check_info['cisco_asa_connections'] = {
+ 'inventory_function' : inventory_cisco_asa_connections,
+ 'check_function' : check_cisco_asa_connections,
+ 'service_description' : 'Connections',
+ 'snmp_info' : ('.1.3.6.1.4.1.9.9.147.1.2.2.2.1', [
+ '5', # CISCO-FIREWALL-MIB::cfwConnectionStatValue
+ ]),
+ "snmp_scan_function" : lambda oid: oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive security") \
+ or "cisco pix security" in oid(".1.3.6.1.2.1.1.1.0").lower(),
+ "group" : "cisco_fw_connections",
+ "has_perfdata" : True,
+}
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index 6889265..0966319 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -9741,6 +9741,26 @@ register_check_parameters(
register_check_parameters(
subgroup_applications,
+ "cisco_fw_connections",
+ _("Cisco ASA Firewall Connections"),
+ Dictionary(
+ elements = [
+ ("connections", Tuple(
+ help = _("This rule sets limits to the current number of connections through "
+ "a Cisco ASA firewall."),
+ title = _("Maximum number of firewall connections"),
+ elements = [
+ Integer(title=_("Warning at")),
+ Integer(title=_("Critical at")),
+ ],
+ )),
+ ]),
+ None,
+ "dict",
+)
+
+register_check_parameters(
+ subgroup_applications,
"checkpoint_connections",
_("Checkpoint Firewall Connections"),
Tuple(
Module: check_mk
Branch: master
Commit: d4b598d58d902949f6c61e9f14589ed3333d9eec
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d4b598d58d9029…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 20 12:46:33 2017 +0200
4765 FIX Liveproxyd: Fixed possible exception in case of temporary load issues
When the connection to livestatus is not possible with "Resource temporarily unavailable" error,
which can happen in high load situations, then the error was not handled correctly.
Change-Id: Ia37d1f9d33f9d732c5ad75918911df9b1a89e9f2
---
.werks/4765 | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/.werks/4765 b/.werks/4765
new file mode 100644
index 0000000..05b6813
--- /dev/null
+++ b/.werks/4765
@@ -0,0 +1,13 @@
+Title: Liveproxyd: Fixed possible exception in case of temporary load issues
+Level: 1
+Component: liveproxy
+Class: fix
+Compatible: compat
+Edition: cee
+State: unknown
+Version: 1.5.0i1
+Date: 1497955452
+
+When the connection to livestatus is not possible with "Resource temporarily unavailable" error,
+which can happen in high load situations, then the error was not handled correctly.
+
Module: check_mk
Branch: master
Commit: 95741b2fecd3043eadb4c09a2efe818be3986f32
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=95741b2fecd304…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Tue May 30 12:28:28 2017 +0200
4766 snmp_extended_info: Inventorizes all available physical components except ports in more robust way
Note: Some bogus devices such as Cisco 2500 Series WLC or
Cisco Wide Area Application Services do not have exactly
one entry == "0" which means device itself or do not provide
any information about physical class.
In the first case {{Hardware > System}} will be omitted.
In the second case we inventorize these components below physical
components table {{Unknown entities}}.
In all cases ports are ignored because we have an extra view
for them.
Change-Id: I5bbb7337b95036a66cda0095aa4413f7e3243bd9
---
.werks/4766 | 18 +++++++++++
inventory/snmp_extended_info | 27 +++++++++++++---
web/plugins/views/inventory.py | 73 ++++++++++++++++++++++++++++++++++--------
3 files changed, 100 insertions(+), 18 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=95741b2fec…
Module: check_mk
Branch: master
Commit: b8346d971e58f2c6cb8a949f57ae651dca3897b9
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b8346d971e58f2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 19 17:21:14 2017 +0200
4764 FIX Fixed internal automation error handling when syncing with 1.2.8 or older
Some "internal automation error" messages were not displayed correctly in the
activation dialog when an error occured.
Change-Id: I6ed1ffb7525a6349c882120fa759b4df14c5db66
---
.werks/4764 | 12 ++++++++++++
web/htdocs/watolib.py | 6 ++++++
2 files changed, 18 insertions(+)
diff --git a/.werks/4764 b/.werks/4764
new file mode 100644
index 0000000..23fc765
--- /dev/null
+++ b/.werks/4764
@@ -0,0 +1,12 @@
+Title: Fixed internal automation error handling when syncing with 1.2.8 or older
+Level: 1
+Component: wato
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1497885615
+
+Some "internal automation error" messages were not displayed correctly in the
+activation dialog when an error occured.
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index bddd9f7..ef8aed4 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -5213,6 +5213,12 @@ class ActivateChangesSite(multiprocessing.Process, ActivateChanges):
try:
cmk_configuration_warnings = ast.literal_eval(response_text)
+
+ # In case of an exception it returns a str/unicode message. Wrap the
+ # message in a list to be compatible to regular response
+ if type(cmk_configuration_warnings) in [ str, unicode ]:
+ cmk_configuration_warnings = [ cmk_configuration_warnings ]
+
return {
"check_mk": cmk_configuration_warnings
}