13 Apr
2016
13 Apr
'16
10:19 a.m.
Module: check_mk
Branch: master
Commit: 72cc639883b0f04c9fb75b8a306ab1c8b98cb016
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=72cc639883b0f0…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Wed Apr 13 17:19:11 2016 +0200
3407 cisco_mem_asa64: new check which monitors the used memory of Cisco Adaptive Security
Appliances
Cisco Adaptive Security Appliances Version 9 and higher provide wrong data given by 32-bit
counter.
This new check now uses 64-bit counter instead to monitor the used memory.
---
.werks/3407 | 10 ++++++++++
ChangeLog | 2 ++
checkman/cisco_mem_asa64 | 31 ++++++++++++++++++++++++++++++
checks/cisco_mem.include | 13 ++++++++++++-
checks/cisco_mem_asa | 10 ++++++----
checks/cisco_mem_asa64 | 47 ++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 108 insertions(+), 5 deletions(-)
diff --git a/.werks/3407 b/.werks/3407
new file mode 100644
index 0000000..0ea6254
--- /dev/null
+++ b/.werks/3407
@@ -0,0 +1,10 @@
+Title: cisco_mem_asa64: new check which monitors the used memory of Cisco Adaptive
Security Appliances
+Level: 1
+Component: checks
+Compatible: incomp
+Version: 1.2.9i1
+Date: 1460560557
+Class: feature
+
+Cisco Adaptive Security Appliances Version 9 and higher provide wrong data given by
32-bit counter.
+This new check now uses 64-bit counter instead to monitor the used memory.
diff --git a/ChangeLog b/ChangeLog
index 057b8e2..f2b6174 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -57,6 +57,8 @@
* 3404 fireeye_sys_status: new inventory plugin which gives information about serial
number and model of Fireeye Appliances which support the FE-FIREEYE-MIB
* 3405 cisco_fantray, cisco_fru_power: now these checks have readable item names
NOTE: Please refer to the migration notes!
+ * 3407 cisco_mem_asa64: new check which monitors the used memory of Cisco Adaptive
Security Appliances...
+ NOTE: Please refer to the migration notes!
* 3073 FIX: windows agent: relative paths to mrpe scripts are now treated as relative
to the agent installation directory...
* 3061 FIX: mk_jolokia: Fixed debugging of the agent plugin
* 3074 FIX: windows agent: fixed incorrect values for 32-bit performance counters
diff --git a/checkman/cisco_mem_asa64 b/checkman/cisco_mem_asa64
new file mode 100644
index 0000000..ebc3b90
--- /dev/null
+++ b/checkman/cisco_mem_asa64
@@ -0,0 +1,31 @@
+title: Cisco Adaptive Security Appliances Version 9.x: System Memory
+agents: snmp
+catalog: hw/network/cisco
+license: GPL
+distribution: check_mk
+description:
+ This Check does the same as the normal cisco_mem check. The only difference is
+ that this check only monitors the System memory. The reason is a
+ bug in the ASA firmware:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-g…
+
+ Moreover there are problems with newer ASA version 9.x: from cisco
+ Deprecate 32-bit SNMP OIDs for Memory UtilizationCSCuu46705DescriptionSymptom:
+ Currently the ASA has two ways to check memory via SNMP. 1.3.6.1.4.1.9.9.48 can be
polled
+ and the OIDs under that will dig into each individual memory pool, including DMA and
+ GLOBAL SHARED but all the counters are 32-bit which means that the information
contained
+ in them is wrong for some of the modern ASAs that run with more memory. Also, polling
some
+ of these OIDs will cause CPU-hogs on the ASA, as per CSCtx43501.
+ In recent codes, you can poll the CISCO-ENHANCED-MEMPOOL-MIB, 1.3.6.1.4.1.9.9.221, and
it
+ will provide overall system memory, but it does so with 64-bit counters as well. This
is
+ the only way to get valid memory numbers on platforms with more than 4GB of RAM.
+ Also, polling this MIB has not caused CPU-hogs for the SNMP process.
+ Conditions:
+ ASA 9.x
+ Monitoring memory via SNMP polling
+ 5500-x platform
+
+item:
+ The sytem memory.
+
+inventory:
+ One service is created.
diff --git a/checks/cisco_mem.include b/checks/cisco_mem.include
index f6f2148..2963a29 100644
--- a/checks/cisco_mem.include
+++ b/checks/cisco_mem.include
@@ -24,14 +24,25 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
+
+def scan_cisco_mem_asa64(oid):
+ version =
int((oid(".1.3.6.1.2.1.1.1.0").split("Version")[-1]).split(".")[0])
+ if version >= 9:
+ return True
+ else:
+ return False
+
+
cisco_mem_default_levels = (80.0, 90.0)
+
def inventory_cisco_mem(info):
return [
(line[0], "cisco_mem_default_levels")
for line in info
if line[0] != "Driver text" ]
+
def check_cisco_mem(item, params, info):
for line in info:
if line[0] == item:
@@ -39,7 +50,7 @@ def check_cisco_mem(item, params, info):
mem_used = saveint(line[1])
mem_total = mem_free + mem_used
return check_cisco_mem_sub(params, mem_used, mem_total)
- return 3, "Error getting information. Try a reinventory"
+
def check_cisco_mem_sub(params, mem_used, mem_total):
perc_used = 100 * (float(mem_used) / float(mem_total))
diff --git a/checks/cisco_mem_asa b/checks/cisco_mem_asa
index 2839b0b..b0754e2 100644
--- a/checks/cisco_mem_asa
+++ b/checks/cisco_mem_asa
@@ -27,19 +27,21 @@
# The reason for this check is a problem on ASA devices
# See:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-g…
+
def parse_cisco_mem_asa(info):
return [ info[0][0], info[1][0] ]
check_info["cisco_mem_asa"] = {
- "check_function" : check_cisco_mem,
+ "parse_function" : parse_cisco_mem_asa,
"inventory_function" : inventory_cisco_mem,
+ "check_function" : check_cisco_mem,
"service_description" : "Mem used %s",
"has_perfdata" : True,
"group" : "cisco_mem",
- "snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive
security"),
- "snmp_info" : [( ".1.3.6.1.4.1.9.9.48.1.1.1", [
"2.1", "5.1", "6.1" , "7.1" ]),
+ "snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive
security") \
+ and not scan_cisco_mem_asa64(oid),
+ "snmp_info" : [( ".1.3.6.1.4.1.9.9.48.1.1.1", [
"2.1", "5.1", "6.1" , "7.1" ]),
( ".1.3.6.1.4.1.9.9.48.1.1.1", [
"2.6", "5.6", "6.6" , "7.6" ])],
"includes" : ['cisco_mem.include'],
- "parse_function" : parse_cisco_mem_asa,
}
diff --git a/checks/cisco_mem_asa64 b/checks/cisco_mem_asa64
new file mode 100644
index 0000000..47df7e2
--- /dev/null
+++ b/checks/cisco_mem_asa64
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2014 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# .1.3.6.1.4.1.9.9.221.1.1.1.1.3.2.1 System memory -->
CISCO-ENHANCED-MEMPOOL-MIB::cempMemPoolName.2.1
+# .1.3.6.1.4.1.9.9.221.1.1.1.1.18.2.1 902008879 -->
CISCO-ENHANCED-MEMPOOL-MIB::cempMemPoolHCUsed.2.1
+# .1.3.6.1.4.1.9.9.221.1.1.1.1.20.2.1 3392957761 -->
CISCO-ENHANCED-MEMPOOL-MIB::cempMemPoolHCFree.2.1
+
+
+check_info["cisco_mem_asa64"] = {
+ "inventory_function" : inventory_cisco_mem,
+ "check_function" : check_cisco_mem,
+ "service_description" : "Mem used %s",
+ "has_perfdata" : True,
+ "snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive
security") \
+ and scan_cisco_mem_asa64(oid),
+ "snmp_info" : (".1.3.6.1.4.1.9.9.221.1.1.1.1", [
+ "3", # cempMemPoolName
+ "18", # cempMemPoolHCUsed
+ "20", # cempMemPoolHCFree
+ ]),
+ "group" : "cisco_mem",
+ "includes" : [ 'cisco_mem.include' ],
+}