[checkmk-commits] 5028 fortigate_sync_status, fortigate_sensors

Module: check_mk Branch: master Commit: fbc7bd421ca12f0eac9e7516b06ee9e513f0a917 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=fbc7bd421ca12f… Author: Jukka Aro &lt;ja(a)mathias-kettner.de&gt; Date: Fri Jul 14 13:52:44 2017 +0200 5028 fortigate_sync_status, fortigate_sensors Add two new checks for Fortigate firewall devices: * Check sync status of FortiGate cluster. * Check the combined alarm status of sensors of a Fortigate firewall device. Change-Id: I577f4c0cf7d91749c337f2da53f0a67aed65f593 --- .werks/5028 | 13 ++++++++ checkman/fortigate_sensors | 10 +++++++ checkman/fortigate_sync_status | 10 +++++++ checks/fortigate_sensors | 67 ++++++++++++++++++++++++++++++++++++++++++ checks/fortigate_sync_status | 53 +++++++++++++++++++++++++++++++++ 5 files changed, 153 insertions(+) diff --git a/.werks/5028 b/.werks/5028 new file mode 100644 index 0000000..e168ace --- /dev/null +++ b/.werks/5028 @@ -0,0 +1,13 @@ +Title: fortigate_sync_status, fortigate_sensors: New checks +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1500033135 +Class: feature + +Two new checks were added for Fortigate Firewall devices. The first +check monitors the synchronization statuses of Fortigate High-Availabity +Clusters. The second check monitors the overall alarm statuses of +sensors of Fortigate Firewall devices. diff --git a/checkman/fortigate_sensors b/checkman/fortigate_sensors new file mode 100644 index 0000000..85fe83e --- /dev/null +++ b/checkman/fortigate_sensors @@ -0,0 +1,10 @@ +title: FortiGate firewalls: Sensor Summary +agents: snmp +catalog: hw/network/fortinet +license: GPL +distribution: check_mk +description: + This check monitors the overall alarm status of sensors of a FortiGate Firewall device. The status of the check is OK if all of the sensors have the alarm status 'false' (0) and CRIT if at least one sensor has the alarm status 'true' (1). + +inventory: + One service will be created. diff --git a/checkman/fortigate_sync_status b/checkman/fortigate_sync_status new file mode 100644 index 0000000..09497fd --- /dev/null +++ b/checkman/fortigate_sync_status @@ -0,0 +1,10 @@ +title: FortiGate firewall cluster monitoring: Sync Status +agents: snmp +catalog: hw/network/fortinet +license: GPL +distribution: check_mk +description: + This check monitors the synchronization status of a FortiGate High-Availability cluster. The status 'synchronized' is considered OK and the status 'unsynchronized' CRIT. + +inventory: + One service per cluster (a master and a slave node together) will be created. No service will be created for standalone firewalls (if only a master node is present). diff --git a/checks/fortigate_sensors b/checks/fortigate_sensors new file mode 100644 index 0000000..bb0149e --- /dev/null +++ b/checks/fortigate_sensors @@ -0,0 +1,67 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + + +def inventory_fortigate_sensors(info): + return [(None, None)] + + +def check_fortigate_sensors(item, params, info): + sensors_in_alarm = [] + infotexts = ["%s sensors" % len(info)] + + for name, value, dev_status in info: + if value != "0" and dev_status == "1": + sensors_in_alarm.append(name) + + count_ok_sensors = len(info) - len(sensors_in_alarm) + if count_ok_sensors: + infotexts.append("%s OK" % count_ok_sensors) + + state = 0 + if sensors_in_alarm: + infotexts.append("%s with alarm: %s" % \ + (len(sensors_in_alarm), + ", ".join(sensors_in_alarm))) + state = 2 + + return state, " - ".join(infotexts) + + +check_info['fortigate_sensors'] = { + 'inventory_function' : inventory_fortigate_sensors, + 'check_function' : check_fortigate_sensors, + 'service_description' : 'Sensor Summary', + 'snmp_info' : ('.1.3.6.1.4.1.12356.101.4.3.2.1', [ + '2', # FORTINET-FORTIGATE-MIB::fgHwSensorEntName + '3', # FORTINET-FORTIGATE-MIB::fgHwSensorEntValue + '4', # FORTINET-FORTIGATE-MIB::fgHwSensorEntAlarmStatus + ]), + 'snmp_scan_function' : lambda oid: oid(".1.3.6.1.2.1.1.2.0") in [ + '.1.3.6.1.4.1.12356.101.1.5004', + '.1.3.6.1.4.1.12356.101.1.10004', + ], +} diff --git a/checks/fortigate_sync_status b/checks/fortigate_sync_status new file mode 100644 index 0000000..22f3d60 --- /dev/null +++ b/checks/fortigate_sync_status @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# ails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + + +def inventory_fortigate_sync_status(info): + return [(None, None)] if len(info) > 1 else [] + + +def check_fortigate_sync_status(_no_item, _no_params, info): + map_statuses = { + "0": (2, "unsynchronized"), + "1": (0, "synchronized") + } + + for name, dev_status in info: + status, status_readable = map_statuses[dev_status] + yield status, "%s: %s" % (name, status_readable) + + +check_info["fortigate_sync_status"] = { + "check_function" : check_fortigate_sync_status, + "inventory_function" : inventory_fortigate_sync_status, + "service_description" : "Sync Status", + "snmp_scan_function" : lambda oid: ( + oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.12356.101.1") and + oid(".1.3.6.1.4.1.12356.101.13.2.1.1.12.1") is not None), + "snmp_info" : ( + ".1.3.6.1.4.1.12356.101.13.2.1.1", + [ "11", "12" ]), # fgHaStatsHostname, fgHaStatsSyncStatus +}