Module: check_mk
Branch: master
Commit: b2594066c76e3437bdbd6182944ed515c7def36d
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b2594066c76e34…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Tue Apr 10 15:19:02 2018 +0200
5965 fortigate_signatures: Extended database signature of anti-virus and intrusion
prevention are configurable
Change-Id: Ifd8c5e778bacfaf63e423f94f88ad7d2748d5977
---
.werks/5965 | 10 +++++
checks/fortigate_signatures | 72 ++++++++++++++++++++----------------
web/plugins/wato/check_parameters.py | 72 ++++++++++++++++++++++++++++--------
3 files changed, 108 insertions(+), 46 deletions(-)
diff --git a/.werks/5965 b/.werks/5965
new file mode 100644
index 0000000..3facdc0
--- /dev/null
+++ b/.werks/5965
@@ -0,0 +1,10 @@
+Title: fortigate_signatures: Extended database signature of anti-virus and intrusion
prevention are configurable
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i4
+Date: 1523362627
+Class: feature
+
+
diff --git a/checks/fortigate_signatures b/checks/fortigate_signatures
index 93777b2..3085cad 100644
--- a/checks/fortigate_signatures
+++ b/checks/fortigate_signatures
@@ -32,17 +32,11 @@
# signature ages (defaults are 1/2 days)
factory_settings['fortigate_signature_default_levels'] = {
'av_age': (86400, 172800),
- 'ips_age': (86400, 172800)
+ 'ips_age': (86400, 172800),
}
-def inventory_fortigate_signatures(info):
- if info:
- return [(None, {})]
- else:
- return []
-
-def check_fortigate_signatures(_no_item, params, info):
+def parse_fortigate_signatures(info):
def parse_version(ver):
# sample: 27.00768(2015-09-01 15:10)
ver_regex = regex("([0-9.]*)\(([0-9-: ]*)\)")
@@ -54,39 +48,55 @@ def check_fortigate_signatures(_no_item, params, info):
ts = time.mktime(t)
return match.group(1), time.time() - ts
- def age_status(age, levels):
- if age >= levels[1]:
- return 2
- elif age >= levels[0]:
- return 1
- else:
- return 0
+ parsed = []
+ for (key, title), value in zip([
+ ("av_age", "AV"),
+ ("ips_age", "IPS"),
+ ("av_ext_age", "AV extended"),
+ ("ips_ext_age", "IPS extended")
+ ], info[0]):
+ version, age = parse_version(value)
+ parsed.append((key, title, version, age))
+ return parsed
- def output_status(typ, signature_info, levels):
- version, age = parse_version(signature_info)
- status = age_status(age, levels)
- if status != 0:
- return status, "%s Signature %s is %s old (warn/crit at %s/%s)" %\
- (typ, version,
- get_age_human_readable(age),
- get_age_human_readable(levels[0]),
- get_age_human_readable(levels[1]))
- else:
- return 0, "%s Signature %s is current" % (typ, version)
+def inventory_fortigate_signatures(parsed):
+ if parsed:
+ return [(None, {})]
- if info:
- yield output_status("AV", info[0][0], params['av_age'])
- yield output_status("IPS", info[0][1], params['ips_age'])
+
+def check_fortigate_signatures(_no_item, params, parsed):
+ for key, title, version, age in parsed:
+ if age is None:
+ continue
+ infotext = "[%s] %s age: %s" % (version, title,
get_age_human_readable(age))
+ state = 0
+ levels = params.get(key)
+ if levels is not None:
+ warn, crit = levels
+ if crit is not None and age >= crit:
+ state = 2
+ elif warn is not None and age >= warn:
+ state = 1
+ if state:
+ infotext += " (warn/crit at %s/%s)" % (
+ get_age_human_readable(warn),
+ get_age_human_readable(crit))
+ yield state, infotext
check_info['fortigate_signatures'] = {
+ 'parse_function' : parse_fortigate_signatures,
'inventory_function' : inventory_fortigate_signatures,
'check_function' : check_fortigate_signatures,
'service_description' : "Signatures",
'snmp_scan_function' : lambda oid: ".1.3.6.1.4.1.12356.101.1"
in oid(".1.3.6.1.2.1.1.2.0"),
- 'snmp_info' : (".1.3.6.1.4.1.12356.101.4.2", [1,
2]),
+ 'snmp_info' : (".1.3.6.1.4.1.12356.101.4.2", [
+ "1", #
FORTINET-FORTIGATE-MIB::fgSysVersionAv
+ "2", #
FORTINET-FORTIGATE-MIB::fgSysVersionIps
+ "3", #
FORTINET-FORTIGATE-MIB::fgSysVersionAvEt
+ "4", #
FORTINET-FORTIGATE-MIB::fgSysVersionIpsEt
+ ]),
'default_levels_variable' : "fortigate_signature_default_levels",
'group' : 'fortinet_signatures'
}
-
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index 4107a7e..2092288 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -96,26 +96,68 @@ register_check_parameters(
"dict"
)
+def transform_fortinet_signatures_to_gui(p):
+ for k in ["av_age", "av_ext_age", "ips_age",
"ips_ext_age"]:
+ p.setdefault(k, None)
+ return p
+
register_check_parameters(
subgroup_networking,
"fortinet_signatures",
"Fortigate Signatures",
- Dictionary(
+ Transform(Dictionary(
elements = [
- ('av_age',
- Tuple(title = "Age of Anti-Virus signature",
- elements = [
- Age(title=_("Warning at"), default_value = 86400),
- Age(title=_("Critical at"), default_value = 2*86400),
- ])),
- ('ips_age',
- Tuple(title = "Age of Intrusion Prevention signature",
- elements = [
- Age(title=_("Warning at"), default_value = 86400),
- Age(title=_("Critical at"), default_value = 2*86400),
- ])),
- ]
- ),
+ ('av_age', Alternative(
+ title=_("Age of Anti-Virus signature"),
+ style="dropdown",
+ elements=[
+ FixedValue(None, title=_("No levels"),
totext=""),
+ Tuple(title=_("Set levels"),
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value =
2*86400),
+ ]),
+ ]),
+ ),
+ ('av_ext_age', Alternative(
+ title=_("Age of Anti-Virus signature extended database"),
+ style="dropdown",
+ elements=[
+ FixedValue(None, title=_("No levels"),
totext=""),
+ Tuple(title=_("Set levels"),
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value =
2*86400),
+ ]),
+ ]),
+ ),
+ ('ips_age', Alternative(
+ title=_("Age of Intrusion Prevention signature"),
+ style="dropdown",
+ elements=[
+ FixedValue(None, title=_("No levels"),
totext=""),
+ Tuple(title=_("Set levels"),
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value =
2*86400),
+ ]),
+ ]),
+ ),
+ ('ips_ext_age', Alternative(
+ title=_("Age of Intrusion Prevention signature extended
database"),
+ style="dropdown",
+ elements=[
+ FixedValue(None, title=_("No levels"),
totext=""),
+ Tuple(title=_("Set levels"),
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value =
2*86400),
+ ]),
+ ]),
+ ),
+ ],
+ optional_keys=[],
+ ), forth=transform_fortinet_signatures_to_gui),
None,
"dict"
)