20 Nov
2014
20 Nov
'14
10:54 a.m.
Module: check_mk
Branch: master
Commit: ab3e02ea981247bf11c940d4b44ac312e79b9d23
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ab3e02ea981247…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Nov 20 16:54:40 2014 +0100
#1515 FIX cisco_secure: fix service description, fix OK state in case of no violation
---
.werks/1515 | 9 +++++++++
ChangeLog | 1 +
checks/cisco_secure | 36 ++++++++++++++++++++++--------------
3 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/.werks/1515 b/.werks/1515
new file mode 100644
index 0000000..e9caca3
--- /dev/null
+++ b/.werks/1515
@@ -0,0 +1,9 @@
+Title: cisco_secure: fix service description, fix OK state in case of no violation
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.5i7
+Date: 1416498840
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 74f6c3f..86433f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,7 @@
* 1511 FIX: oracle_jobs: avoid broken checks, make compatible with old version...
* 1513 FIX: Handle broken SNMP bulk walk implementation of Mikrotik Router firmware
RouterOS v6.22...
* 1503 FIX: Fixed monitoring of multiple SAP instances with one mk_sap plugin...
+ * 1515 FIX: cisco_secure: fix service description, fix OK state in case of no
violation
Multisite:
* 1508 Allow input of plugin output and perfdata when faking check results...
diff --git a/checks/cisco_secure b/checks/cisco_secure
index e333f7e..898082d 100644
--- a/checks/cisco_secure
+++ b/checks/cisco_secure
@@ -24,48 +24,56 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
-def cisco_secure_convert(info):
- data = []
+
+def parse_cisco_secure(info):
+ parsed = []
# l[1] = Name, l[2] = Portstate
names = dict([ (l[0], ( l[1], l[2] )) for l in info[0]] )
for num, enabled, status, violationCount, lastmac in info[1]:
mac = ":".join(["%02s" % hex(ord(m))[2:] for m in
lastmac]).replace(' ', '0')
- data.append(( names[num][0], int(names[num][1]), int(enabled), int(status),
int(violationCount), mac ))
- return data
+ parsed.append(( names[num][0], int(names[num][1]), int(enabled), int(status),
int(violationCount), mac ))
+ return parsed
+
-def inventory_cisco_secure(info):
- info = cisco_secure_convert(info)
+def inventory_cisco_secure(parsed):
# search for at least one port with security
- for name, op_state, enabled, status, violationCount, lastmac in info:
- #if portsecurity enabled and port up OR currently there is sercurity issue`
+ for name, op_state, enabled, status, violationCount, lastmac in parsed:
+ # if portsecurity enabled and port up OR currently there is sercurity issue`
if ( enabled == 1 and op_state == 1) or status == 3:
return [ (None, None) ]
- return []
-def check_cisco_secure(item, params, info):
+
+def check_cisco_secure(item, params, parsed):
secure_states = {
1 : "full Operational",
2 : "could not be enabled due to certain reasons",
3 : "shutdown due to security violation"
- }
+ }
- info = cisco_secure_convert(info)
failed = []
- for name, op_state, enabled, status, violationCount, lastmac in info:
+ at_least_one_problem = False
+ for name, op_state, enabled, status, violationCount, lastmac in parsed:
message = "Port %s: %s (Violation Count: %s, Last Mac: %s)" % \
( name, secure_states[status], violationCount, lastmac )
# If port cant be enabled and is up
if status == 2 and op_state == 1:
yield 1, message
+ at_least_one_problem = True
# Security issue
elif status == 3:
yield 2, message
+ at_least_one_problem = True
+
+ if not at_least_one_problem:
+ yield 0, "No port security violation"
+
check_info["cisco_secure"] = {
+ "parse_function" : parse_cisco_secure,
"check_function" : check_cisco_secure,
"inventory_function" : inventory_cisco_secure,
- "service_description" : "Security Port %s",
+ "service_description" : "Port Security",
"snmp_scan_function" : lambda oid: "cisco" in
oid(".1.3.6.1.2.1.1.1.0").lower() and \
oid(".1.3.6.1.4.1.9.9.315.1.2.1.1.1.*"),
"snmp_info" : [ (".1.3.6.1.2.1.2.2.1", [OID_END, 2, 8 ] ),