[checkmk-commits] Check_MK Git: check_mk: #1778 FIX cisco_secure: do not warn for port where port security cannot be enabled

Module: check_mk Branch: master Commit: f0286782c6b8c21134ce87450a41855da14b03e1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f0286782c6b8c2… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Fri Dec 12 16:20:10 2014 +0100 #1778 FIX cisco_secure: do not warn for port where port security cannot be enabled --- .werks/1778 | 10 ++++++++++ ChangeLog | 1 + checkman/cisco_secure | 12 ++++-------- checks/cisco_secure | 6 +++--- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/.werks/1778 b/.werks/1778 new file mode 100644 index 0000000..7b063b1 --- /dev/null +++ b/.werks/1778 @@ -0,0 +1,10 @@ +Title: cisco_secure: do not warn for port where port security cannot be enabled +Level: 1 +Component: checks +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i1 +Date: 1418397595 + + diff --git a/ChangeLog b/ChangeLog index bc69ab6..5443180 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ * 1763 FIX: diskstat: Fixed error in config example of manpage * 1755 FIX: cisco_vpn_tunnel: fix exception in case tunnel is not OK * 1756 FIX: agent_ibmsvc: do not abort execution if one of the sections fail + * 1778 FIX: cisco_secure: do not warn for port where port security cannot be enabled Multisite: * 1758 Improved exception hander: Shows details without additional debug request, added mailto link for error report... diff --git a/checkman/cisco_secure b/checkman/cisco_secure index 90ef825..2ee2351 100644 --- a/checkman/cisco_secure +++ b/checkman/cisco_secure @@ -4,13 +4,9 @@ catalog: hw/network/cisco license: GPL distribution: check_mk description: - This check monitors the port Security feature of cisco_switches. It returns a {CRITICAL} state for - each port which is locked due a security isse. If is port security configured but cant be enabled - the check returns {WARNING}. - -item: - None + This check monitors the port Security feature of Cisco Switches. It returns a CRIT state if at + least one port has security violations. If port security is configured but can't be enabled then + no WARN is issued. inventory: - One summary check will be created - + One summary check will be created if for at least one port the port security is enabled. diff --git a/checks/cisco_secure b/checks/cisco_secure index 04317c6..e40f129 100644 --- a/checks/cisco_secure +++ b/checks/cisco_secure @@ -58,11 +58,11 @@ def check_cisco_secure(item, params, parsed): message = "Port %s: %s (Violation Count: %s, Last Mac: %s)" % \ ( name, secure_states[status], violationCount, lastmac ) - # If port cant be enabled and is up - if status == 2 and op_state == 1: + # If port cant be enabled and is up and has violations -> WARN + if status == 2 and op_state == 1 and int(violationCount) > 0: yield 1, message at_least_one_problem = True - # Security issue + # Security issue -> CEIT elif status == 3: yield 2, message at_least_one_problem = True