[checkmk-commits] Check_MK Git: check_mk: New check genua_pfstate for testing the state and number of used states

Module: check_mk Branch: master Commit: b338de4e6feee1e0aee903eed477b4f23525e124 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b338de4e6feee1… Author: Götz Golla <gg(a)mathias-kettner.de> Date: Thu Oct 24 14:50:03 2013 +0200 New check genua_pfstate for testing the state and number of used states of the OpenBSD PF engine in genuscreen firewalls --- checkman/genua_pfstate | 37 +++++++++++++++ checks/genua_pfstate | 85 ++++++++++++++++++++++++++++++++++ web/plugins/wato/check_parameters.py | 21 +++++++++ 3 files changed, 143 insertions(+) diff --git a/checkman/genua_pfstate b/checkman/genua_pfstate new file mode 100644 index 0000000..dfd5ee9 --- /dev/null +++ b/checkman/genua_pfstate @@ -0,0 +1,37 @@ +title: State of packetfilter engine for genuscreen firewalls +agents: snmp +catalog: hw/network/genua +license: GPL +distribution: check_mk +description: + This check monitors the state of the packetfilter engine of genuscreen + firewalls. It evaluates the pf status, number of used pf states and the + maximum number of pf states set for the engine. Warningn and critical + limits for the number of used states can be given. If the critical level + is not set, the maximum number of states defined for the engine will be + assumed. + + The check is known to run with genuscreen version 3.0 and 4.1, and supports + genuas regular enterprise id 3717 as well as the id 3137 which was + introduced in a bug in some versions of genuscreen. + +perfdata: + The number of used PF states + +inventory: + The inventory process checks if the device has a system description OID + of .1.3.6.1.2.1.1.2.0 and if the name of this OID contains "genuscreen" + (case insensitive). If it also contains valid pf state output, the device is + inventorized. + +[parameters] +parameters(dict): parameters is a dictionary with one key + + {"used"}: a tuple of lower warning and critical values for the number +of used PF states + +[configuration] +genua_pfstate_default_levels(dict): This variable is preset to + + {{ "used": ( None, None) }} + diff --git a/checks/genua_pfstate b/checks/genua_pfstate new file mode 100644 index 0000000..ed3c18c --- /dev/null +++ b/checks/genua_pfstate @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- + +# Example Agent Output: +# GENUA-MIB: +# .1.3.6.1.4.1.3717.2.1.1.6.1 = INTEGER: 300000 +# .1.3.6.1.4.1.3717.2.1.1.6.2 = INTEGER: 1268 +# .1.3.6.1.4.1.3717.2.1.1.6.3 = INTEGER: 1 + +genua_pfstate_default_levels = { "used": ( None , None ) } + +def inventory_genua_pfstate(info): + # remove empty elements due to alternative enterprise id in snmp_info + info = filter(None, info) + + if info[0]: + if len(info[0][0]) == 3: + return [ (None, genua_pfstate_default_levels) ] + else: + return [] + + +def pfstate(st): + names = { + '0' : 'notOK', + '1' : 'OK', + '2' : 'unknown', + } + return names.get(st, st) + + +def check_genua_pfstate(item, params, info): + # remove empty elements due to alternative enterprise id in snmp_info + info = filter(None, info) + + if info[0]: + if len(info[0][0]) == 3: + pfstateMax = saveint(info[0][0][0]) + pfstateUsed = saveint(info[0][0][1]) + pfstateStatus = info[0][0][2] + else: + return(3, "Invalid Output from Agent") + + warn,crit = params.get("used") + if crit == None: + crit = pfstateMax + + state = 0 + usedsym = "" + statussym = "" + if pfstateStatus != "1": + state = 1 + statussym = "(!)" + + if crit and pfstateUsed > crit: + state = 2 + usedsym = "(!!)" + elif warn and pfstateUsed > warn: + state = 1 + usedsym = "(!)" + + pfstatus = pfstate(str(pfstateStatus)) + infotext = "PF State: %s%s States used: %d%s States max: %d" \ + % (pfstatus, statussym, pfstateUsed, usedsym, pfstateMax ) + perfdata = [ ( "statesused", pfstateUsed, None, pfstateMax ) ] + return (state, infotext, perfdata) + +check_info['genua_pfstate'] = { + "inventory_function" : inventory_genua_pfstate, + "check_function" : check_genua_pfstate, + "service_description": "Paketfilter Status", + "has_perfdata" : True, + "group" : "pf_used_states", + "snmp_info" : [( ".1.3.6.1.4.1.3717.2.1.1.6",[ + 1, # "pfstateMax" + 2, # "pfstateUsed" + 3, # "pfstateStatus" + ]), + ( ".1.3.6.1.4.1.3137.2.1.1.6",[ + 1, # "pfstateMax" + 2, # "pfstateUsed" + 3, # "pfstateStatus" + ])], + "snmp_scan_function" : lambda oid: "genuscreen" in oid(".1.3.6.1.2.1.1.1.0").lower() +} diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py index c8759b0..b9d91bd 100644 --- a/web/plugins/wato/check_parameters.py +++ b/web/plugins/wato/check_parameters.py @@ -3173,6 +3173,27 @@ register_check_parameters( ) register_check_parameters( + subgroup_os, + "pf_used_states", + _("Number of used states of OpenBSD PF engine"), + Dictionary( + elements = [ + ("used", + Tuple( + title = _("Limits for the number of used states"), + elements = [ + Integer(title = _("warning if above")), + Integer(title = _("critical if above")), + ]), + ), + ], + optional_keys = [None], + ), + None, + "first" +) + +register_check_parameters( subgroup_environment, "pdu_gude", _("Levels for Gude PDU Devices"),