Module: check_mk
Branch: master
Commit: f0286782c6b8c21134ce87450a41855da14b03e1
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f0286782c6b8c2…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Fri Dec 12 16:20:10 2014 +0100
#1778 FIX cisco_secure: do not warn for port where port security cannot be enabled
---
.werks/1778 | 10 ++++++++++
ChangeLog | 1 +
checkman/cisco_secure | 12 ++++--------
checks/cisco_secure | 6 +++---
4 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/.werks/1778 b/.werks/1778
new file mode 100644
index 0000000..7b063b1
--- /dev/null
+++ b/.werks/1778
@@ -0,0 +1,10 @@
+Title: cisco_secure: do not warn for port where port security cannot be enabled
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i1
+Date: 1418397595
+
+
diff --git a/ChangeLog b/ChangeLog
index bc69ab6..5443180 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@
* 1763 FIX: diskstat: Fixed error in config example of manpage
* 1755 FIX: cisco_vpn_tunnel: fix exception in case tunnel is not OK
* 1756 FIX: agent_ibmsvc: do not abort execution if one of the sections fail
+ * 1778 FIX: cisco_secure: do not warn for port where port security cannot be enabled
Multisite:
* 1758 Improved exception hander: Shows details without additional debug request,
added mailto link for error report...
diff --git a/checkman/cisco_secure b/checkman/cisco_secure
index 90ef825..2ee2351 100644
--- a/checkman/cisco_secure
+++ b/checkman/cisco_secure
@@ -4,13 +4,9 @@ catalog: hw/network/cisco
license: GPL
distribution: check_mk
description:
- This check monitors the port Security feature of cisco_switches. It returns a {CRITICAL}
state for
- each port which is locked due a security isse. If is port security configured but cant
be enabled
- the check returns {WARNING}.
-
-item:
- None
+ This check monitors the port Security feature of Cisco Switches. It returns a CRIT state
if at
+ least one port has security violations. If port security is configured but can't be
enabled then
+ no WARN is issued.
inventory:
- One summary check will be created
-
+ One summary check will be created if for at least one port the port security is
enabled.
diff --git a/checks/cisco_secure b/checks/cisco_secure
index 04317c6..e40f129 100644
--- a/checks/cisco_secure
+++ b/checks/cisco_secure
@@ -58,11 +58,11 @@ def check_cisco_secure(item, params, parsed):
message = "Port %s: %s (Violation Count: %s, Last Mac: %s)" % \
( name, secure_states[status], violationCount, lastmac )
- # If port cant be enabled and is up
- if status == 2 and op_state == 1:
+ # If port cant be enabled and is up and has violations -> WARN
+ if status == 2 and op_state == 1 and int(violationCount) > 0:
yield 1, message
at_least_one_problem = True
- # Security issue
+ # Security issue -> CEIT
elif status == 3:
yield 2, message
at_least_one_problem = True