20 Jun
2017
20 Jun
'17
6:41 a.m.
Module: check_mk
Branch: master
Commit: 233cf90d25fb07300774ce6da562fc6da91a51b3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=233cf90d25fb07…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Tue Jun 6 11:59:52 2017 +0200
4768 cisco_asa_connections: New check which monitors number of connections currently in
use by Cisco ASA devices
Change-Id: I9639f5888f51e9161a76a1d6254004b2fab282cd
---
.werks/4768 | 10 ++++++
checkman/cisco_asa_connections | 15 ++++++++
checks/cisco_asa_connections | 70 ++++++++++++++++++++++++++++++++++++
web/plugins/wato/check_parameters.py | 20 +++++++++++
4 files changed, 115 insertions(+)
diff --git a/.werks/4768 b/.werks/4768
new file mode 100644
index 0000000..a1ecd54
--- /dev/null
+++ b/.werks/4768
@@ -0,0 +1,10 @@
+Title: cisco_asa_connections: New check which monitors number of connections currently in
use by Cisco ASA devices
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1496743160
+Class: feature
+
+
diff --git a/checkman/cisco_asa_connections b/checkman/cisco_asa_connections
new file mode 100644
index 0000000..aefffcd4
--- /dev/null
+++ b/checkman/cisco_asa_connections
@@ -0,0 +1,15 @@
+title: Cisco ASA Connections
+agents: snmp
+catalog: hw/network/cisco
+distribution: check_mk
+license: GPLv3
+description:
+ This check monitors the number of connections currently in use by the entire firewall
and
+ the highest number of connections in use at any one time since system startup of Cisco
ASA
+ devices.
+
+ Upper levels for currently connections can be set. There are no default levels.
+
+inventory:
+ One service will be created.
+
diff --git a/checks/cisco_asa_connections b/checks/cisco_asa_connections
new file mode 100644
index 0000000..e65b21d
--- /dev/null
+++ b/checks/cisco_asa_connections
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.6 "number of connections currently in use by
the entire firewall"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.7 "highest number of connections in use at
any one time since system startup"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 1045
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 2816
+
+
+def inventory_cisco_asa_connections(info):
+ return [(None, {})]
+
+
+def check_cisco_asa_connections(_no_item, params, info):
+ used_conns = int(info[0][0])
+ overall_used_conns = info[1][0]
+ infotext = "Currently used: %s" % used_conns
+ state = 0
+
+ if params.get("connections"):
+ warn, crit = params["connections"]
+ perfdata = [("fw_connections_active", used_conns, warn, crit)]
+ if used_conns >= crit:
+ state = 2
+ elif used_conns >= warn:
+ state = 1
+ if state > 0:
+ infotext += " (warn/crit at %s/%s)" % (warn, crit)
+ else:
+ perfdata = [("fw_connections_active", used_conns)]
+
+ return state, "%s, Max. since system startup: %s" % (infotext,
overall_used_conns), perfdata
+
+
+check_info['cisco_asa_connections'] = {
+ 'inventory_function' : inventory_cisco_asa_connections,
+ 'check_function' : check_cisco_asa_connections,
+ 'service_description' : 'Connections',
+ 'snmp_info' : ('.1.3.6.1.4.1.9.9.147.1.2.2.2.1', [
+ '5', #
CISCO-FIREWALL-MIB::cfwConnectionStatValue
+ ]),
+ "snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive
security") \
+ or "cisco pix security" in
oid(".1.3.6.1.2.1.1.1.0").lower(),
+ "group" : "cisco_fw_connections",
+ "has_perfdata" : True,
+}
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index 6889265..0966319 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -9741,6 +9741,26 @@ register_check_parameters(
register_check_parameters(
subgroup_applications,
+ "cisco_fw_connections",
+ _("Cisco ASA Firewall Connections"),
+ Dictionary(
+ elements = [
+ ("connections", Tuple(
+ help = _("This rule sets limits to the current number of connections
through "
+ "a Cisco ASA firewall."),
+ title = _("Maximum number of firewall connections"),
+ elements = [
+ Integer(title=_("Warning at")),
+ Integer(title=_("Critical at")),
+ ],
+ )),
+ ]),
+ None,
+ "dict",
+)
+
+register_check_parameters(
+ subgroup_applications,
"checkpoint_connections",
_("Checkpoint Firewall Connections"),
Tuple(