407 lines
14 KiB
Perl
407 lines
14 KiB
Perl
|
#!/usr/bin/perl -w
|
||
|
############################## check_snmp_nsbox #################
|
||
|
# Version : 1.0
|
||
|
# Date : Jan 16 2007
|
||
|
# Author : Patrick Proy ( patrick at proy.org)
|
||
|
# Help : http://www.manubulon.com/nagios/
|
||
|
# License : GPL - http://www.fsf.org/licenses/gpl.txt
|
||
|
# Changelog :
|
||
|
# Contributors :
|
||
|
#################################################################
|
||
|
#
|
||
|
# Help : ./check_snmp_nsbox.pl -h
|
||
|
#
|
||
|
|
||
|
use strict;
|
||
|
use Net::SNMP;
|
||
|
use Getopt::Long;
|
||
|
|
||
|
# Icinga specific
|
||
|
my $TIMEOUT = 15;
|
||
|
my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3, 'DEPENDENT' => 4);
|
||
|
|
||
|
# SNMP Datas
|
||
|
my $ns_service_status = "1.3.6.1.4.1.14020.2.2.1.3.0"; # service status 1= ok ??
|
||
|
|
||
|
my $ns_service_table = "1.3.6.1.4.1.14020.2.3"; # vhost & diode table
|
||
|
my $ns_vhost_table = "1.3.6.1.4.1.14020.2.3.1"; # vhost table
|
||
|
my $ns_vhost_name = "1.0"; # GUI Vhost Name
|
||
|
my $ns_vhost_requests = "2.0"; # Instant Vhost Requests per Second : NOT POPULATED IN V 2.0.8
|
||
|
my $ns_vhost_Trequests = "2.0"; # Total Vhost Requests : NOT POPULATED IN V 2.0.8
|
||
|
my $ns_diode_table = "1.3.6.1.4.1.14020.2.3.2"; # diode table
|
||
|
my $ns_diode_name = "1.0"; # GUI Diode Name
|
||
|
my $ns_diode_status = "2.0"; # Last diode Status (" " = OK?) (undocumented)
|
||
|
|
||
|
my $ns_rsa_prct_usage = ".1.3.6.1.4.1.14020.1.1.1.3.0"; # % usage of RSA operations. (undocumented)
|
||
|
my $ns_rsa_oper_second = ".1.3.6.1.4.1.14020.1.1.3.4.0;"; # number of RSA operations/s (undocumented)
|
||
|
|
||
|
# Globals
|
||
|
|
||
|
my $VERSION = "2.0.0";
|
||
|
|
||
|
my $o_host = undef; # hostname
|
||
|
my $o_community = undef; # community
|
||
|
my $o_port = 161; # port
|
||
|
my $o_help = undef; # wan't some help ?
|
||
|
my $o_verb = undef; # verbose mode
|
||
|
my $o_version = undef; # print version
|
||
|
my $o_timeout = undef; # Timeout (Default 5)
|
||
|
my $o_perf = undef; # Output performance data
|
||
|
my $o_version2 = undef; # use snmp v2c
|
||
|
|
||
|
# specific
|
||
|
my $o_vhost = undef; # vhost regexp
|
||
|
my $o_diode = undef; # diode regexp
|
||
|
my $o_nvhost = undef; # vhost number
|
||
|
my $o_ndiode = undef; # diode number
|
||
|
|
||
|
# SNMPv3 specific
|
||
|
my $o_login = undef; # Login for snmpv3
|
||
|
my $o_passwd = undef; # Pass for snmpv3
|
||
|
my $v3protocols = undef; # V3 protocol list.
|
||
|
my $o_authproto = 'md5'; # Auth protocol
|
||
|
my $o_privproto = 'des'; # Priv protocol
|
||
|
my $o_privpass = undef; # priv password
|
||
|
|
||
|
# functions
|
||
|
|
||
|
sub p_version { print "check_snmp_nsbox version : $VERSION\n"; }
|
||
|
|
||
|
sub print_usage {
|
||
|
print
|
||
|
"Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) -d <diode> -s <vhost> -n <ndiode>,<nvhost> [-p <port>] [-f] [-t <timeout>] [-V]\n";
|
||
|
}
|
||
|
|
||
|
sub isnnum { # Return true if arg is not a number
|
||
|
my $num = shift;
|
||
|
if ($num =~ /^(\d+\.?\d*)|(^\.\d+)$/) { return 0; }
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
sub set_status { # return worst status with this order : OK, unknwonw, warning, critical
|
||
|
my $new_status = shift;
|
||
|
my $cur_status = shift;
|
||
|
if (($cur_status == 0) || ($new_status == $cur_status)) { return $new_status; }
|
||
|
if ($new_status == 3) { return $cur_status; }
|
||
|
if ($new_status > $cur_status) { return $new_status; }
|
||
|
return $cur_status;
|
||
|
}
|
||
|
|
||
|
sub is_pattern_valid { # Test for things like "<I\s*[^>" or "+5-i"
|
||
|
my $pat = shift;
|
||
|
if (!defined($pat)) { $pat = " "; } # Just to get rid of compilation time warnings
|
||
|
return eval { "" =~ /$pat/; 1 } || 0;
|
||
|
}
|
||
|
|
||
|
sub help {
|
||
|
print "\nSNMP NetSecureOne Netbox monitor for Icinga/Nagios/Naemon/Shinken, Version ", $VERSION, "\n";
|
||
|
print "(c)2004-2006 Patrick Proy\n\n";
|
||
|
print_usage();
|
||
|
print <<EOT;
|
||
|
Check that diode and vhost selected by regexp are active.
|
||
|
-v, --verbose
|
||
|
print extra debugging information
|
||
|
-h, --help
|
||
|
print this help message
|
||
|
-H, --hostname=HOST
|
||
|
name or IP address of host to check
|
||
|
-C, --community=COMMUNITY NAME
|
||
|
community name for the host's SNMP agent (implies v1 protocol)
|
||
|
-2, --v2c
|
||
|
Use snmp v2c
|
||
|
-l, --login=LOGIN ; -x, --passwd=PASSWD
|
||
|
Login and auth password for snmpv3 authentication
|
||
|
If no priv password exists, implies AuthNoPriv
|
||
|
-X, --privpass=PASSWD
|
||
|
Priv password for snmpv3 (AuthPriv protocol)
|
||
|
-L, --protocols=<authproto>,<privproto>
|
||
|
<authproto> : Authentication protocol (md5|sha : default md5)
|
||
|
<privproto> : Priv protocole (des|aes : default des)
|
||
|
-d, --diode=<diode>
|
||
|
Diode selection by regexp
|
||
|
-s, --vhost=<vhost>
|
||
|
Vhost selection by regexp
|
||
|
-n, --number=<ndiode>,<nvhost>
|
||
|
number of diode and vhost that must be up.
|
||
|
-P, --port=PORT
|
||
|
SNMP port (Default 161)
|
||
|
-f, --perfparse, --perfdata
|
||
|
Performance data output
|
||
|
-t, --timeout=INTEGER
|
||
|
timeout for SNMP in seconds (Default: 5)
|
||
|
-V, --version
|
||
|
prints version number
|
||
|
EOT
|
||
|
}
|
||
|
|
||
|
# For verbose output
|
||
|
sub verb { my $t = shift; print $t, "\n" if defined($o_verb); }
|
||
|
|
||
|
sub check_options {
|
||
|
Getopt::Long::Configure("bundling");
|
||
|
GetOptions(
|
||
|
'v' => \$o_verb,
|
||
|
'verbose' => \$o_verb,
|
||
|
'h' => \$o_help,
|
||
|
'help' => \$o_help,
|
||
|
'H:s' => \$o_host,
|
||
|
'hostname:s' => \$o_host,
|
||
|
'p:i' => \$o_port,
|
||
|
'port:i' => \$o_port,
|
||
|
'C:s' => \$o_community,
|
||
|
'community:s' => \$o_community,
|
||
|
'l:s' => \$o_login,
|
||
|
'login:s' => \$o_login,
|
||
|
'x:s' => \$o_passwd,
|
||
|
'passwd:s' => \$o_passwd,
|
||
|
'X:s' => \$o_privpass,
|
||
|
'privpass:s' => \$o_privpass,
|
||
|
'L:s' => \$v3protocols,
|
||
|
'protocols:s' => \$v3protocols,
|
||
|
't:i' => \$o_timeout,
|
||
|
'timeout:i' => \$o_timeout,
|
||
|
'V' => \$o_version,
|
||
|
'version' => \$o_version,
|
||
|
'2' => \$o_version2,
|
||
|
'v2c' => \$o_version2,
|
||
|
'f' => \$o_perf,
|
||
|
'perfparse' => \$o_perf,
|
||
|
'perfdata' => \$o_perf,
|
||
|
'd:s' => \$o_diode,
|
||
|
'diode:s' => \$o_diode,
|
||
|
's:s' => \$o_vhost,
|
||
|
'vhost:s' => \$o_vhost,
|
||
|
'n:s' => \$o_nvhost,
|
||
|
'number:s' => \$o_nvhost
|
||
|
);
|
||
|
|
||
|
# Basic checks
|
||
|
if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) {
|
||
|
print "Timeout must be >1 and <60 !\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
if (!defined($o_timeout)) { $o_timeout = 5; }
|
||
|
if (defined($o_help)) { help(); exit $ERRORS{"UNKNOWN"} }
|
||
|
if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"} }
|
||
|
if (!defined($o_host)) # check host and filter
|
||
|
{
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
|
||
|
# check snmp information
|
||
|
if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd))) {
|
||
|
print "Put snmp login info!\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2))) {
|
||
|
print "Can't mix snmp v1,2c,3 protocols!\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
if (defined($v3protocols)) {
|
||
|
if (!defined($o_login)) {
|
||
|
print "Put snmp V3 login info with protocols!\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
my @v3proto = split(/,/, $v3protocols);
|
||
|
if ((defined($v3proto[0])) && ($v3proto[0] ne "")) { $o_authproto = $v3proto[0]; } # Auth protocol
|
||
|
if (defined($v3proto[1])) { $o_privproto = $v3proto[1]; } # Priv protocol
|
||
|
if ((defined($v3proto[1])) && (!defined($o_privpass))) {
|
||
|
print "Put snmp V3 priv login info with priv protocols!\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
}
|
||
|
if (!defined($o_vhost) || !(is_pattern_valid($o_vhost))) {
|
||
|
print "Vhost selection must be set and be a valid regexp (-s)\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
if (!defined($o_diode) || !(is_pattern_valid($o_diode))) {
|
||
|
print "Diode selection must be set and be a valid regexp (-d)\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
if (!defined($o_nvhost)) {
|
||
|
print "Diode and vhost number must be set (-n)\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
my @nsbox_number = split(/,/, $o_nvhost);
|
||
|
if ($#nsbox_number != 1) { print "2 numbers must be set with -n option\n"; print_usage(); exit $ERRORS{"UNKNOWN"} }
|
||
|
if (isnnum($nsbox_number[0]) || isnnum($nsbox_number[1])) {
|
||
|
print "2 numbers must be set with -n option\n";
|
||
|
print_usage();
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
$o_ndiode = $nsbox_number[0];
|
||
|
$o_nvhost = $nsbox_number[1];
|
||
|
}
|
||
|
|
||
|
########## MAIN #######
|
||
|
|
||
|
check_options();
|
||
|
|
||
|
# Check gobal timeout if snmp screws up
|
||
|
if (defined($TIMEOUT)) {
|
||
|
verb("Alarm at $TIMEOUT + 5");
|
||
|
alarm($TIMEOUT + 5);
|
||
|
} else {
|
||
|
verb("no global timeout defined : $o_timeout + 10");
|
||
|
alarm($o_timeout + 10);
|
||
|
}
|
||
|
|
||
|
# Connect to host
|
||
|
my ($session, $error);
|
||
|
if (defined($o_login) && defined($o_passwd)) {
|
||
|
|
||
|
# SNMPv3 login
|
||
|
verb("SNMPv3 login");
|
||
|
if (!defined($o_privpass)) {
|
||
|
verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
|
||
|
($session, $error) = Net::SNMP->session(
|
||
|
-hostname => $o_host,
|
||
|
-version => '3',
|
||
|
-username => $o_login,
|
||
|
-authpassword => $o_passwd,
|
||
|
-authprotocol => $o_authproto,
|
||
|
-timeout => $o_timeout
|
||
|
);
|
||
|
} else {
|
||
|
verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
|
||
|
($session, $error) = Net::SNMP->session(
|
||
|
-hostname => $o_host,
|
||
|
-version => '3',
|
||
|
-username => $o_login,
|
||
|
-authpassword => $o_passwd,
|
||
|
-authprotocol => $o_authproto,
|
||
|
-privpassword => $o_privpass,
|
||
|
-privprotocol => $o_privproto,
|
||
|
-timeout => $o_timeout
|
||
|
);
|
||
|
}
|
||
|
} else {
|
||
|
if (defined($o_version2)) {
|
||
|
|
||
|
# SNMPv2 Login
|
||
|
verb("SNMP v2c login");
|
||
|
($session, $error) = Net::SNMP->session(
|
||
|
-hostname => $o_host,
|
||
|
-version => 2,
|
||
|
-community => $o_community,
|
||
|
-port => $o_port,
|
||
|
-timeout => $o_timeout
|
||
|
);
|
||
|
} else {
|
||
|
|
||
|
# SNMPV1 login
|
||
|
verb("SNMP v1 login");
|
||
|
($session, $error) = Net::SNMP->session(
|
||
|
-hostname => $o_host,
|
||
|
-community => $o_community,
|
||
|
-port => $o_port,
|
||
|
-timeout => $o_timeout
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
if (!defined($session)) {
|
||
|
printf("ERROR opening session: %s.\n", $error);
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
|
||
|
########### check global status ##############
|
||
|
my @oidlist = ($ns_service_status);
|
||
|
my $resultat
|
||
|
= (version->parse(Net::SNMP->VERSION) < 4)
|
||
|
? $session->get_request(@oidlist)
|
||
|
: $session->get_request(-varbindlist => \@oidlist);
|
||
|
|
||
|
if (!defined($resultat) || ($$resultat{$ns_service_status} eq "noSuchObject")) {
|
||
|
printf("ERROR: Global status oid not found : %s.\n", $session->error);
|
||
|
$session->close;
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
|
||
|
if ($$resultat{$ns_service_status} != 1) {
|
||
|
print "Global service is in state ", $$resultat{$ns_service_status}, " : CRITICAL\n";
|
||
|
exit $ERRORS{"CRITICAL"};
|
||
|
}
|
||
|
|
||
|
########### check vhost & diode status ##############
|
||
|
$resultat = undef;
|
||
|
$resultat
|
||
|
= (version->parse(Net::SNMP->VERSION) < 4)
|
||
|
? $session->get_table($ns_service_table)
|
||
|
: $session->get_table(Baseoid => $ns_service_table);
|
||
|
|
||
|
if (!defined($resultat)) {
|
||
|
printf("ERROR: vhost and diode status table : %s.\n", $session->error);
|
||
|
$session->close;
|
||
|
exit $ERRORS{"UNKNOWN"};
|
||
|
}
|
||
|
$session->close;
|
||
|
|
||
|
my $output = "";
|
||
|
my $output_perf = "";
|
||
|
my ($index, $name) = undef;
|
||
|
my ($nvhost, $ndiode) = (0, 0);
|
||
|
my (@found_vhost, @found_diode) = (undef, undef);
|
||
|
|
||
|
foreach my $key (keys %$resultat) {
|
||
|
verb("OID : $key, Desc : $$resultat{$key}");
|
||
|
if ($key =~ /($ns_vhost_table)\.(\d+)\.($ns_vhost_name)/) { # Get index of vhost with name
|
||
|
$index = $2;
|
||
|
$name = $$resultat{$key};
|
||
|
if ($name =~ /$o_vhost/) {
|
||
|
$found_vhost[$nvhost++] = $name;
|
||
|
verb("found vhost $name");
|
||
|
}
|
||
|
}
|
||
|
if ($key =~ /($ns_diode_table)\.(\d+)\.($ns_diode_name)/) { # Get index of diode with name
|
||
|
$index = $2;
|
||
|
$name = $$resultat{$key};
|
||
|
if ($name =~ /$o_diode/) {
|
||
|
|
||
|
# TODO Check diode status : undocumented for now.
|
||
|
$found_diode[$ndiode++] = $name;
|
||
|
verb("found diode $name");
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (($ndiode < $o_ndiode) || ($nvhost < $o_nvhost)) {
|
||
|
$output = "Diode";
|
||
|
if ($ndiode == 0) { $output .= ": none "; }
|
||
|
else {
|
||
|
$output .= "(" . $ndiode . "): :";
|
||
|
for (my $i = 0; $i < $ndiode; $i++) {
|
||
|
$output .= $found_diode[$i] . " ";
|
||
|
}
|
||
|
}
|
||
|
$output .= "Vhost";
|
||
|
if ($nvhost == 0) { $output .= ": none "; }
|
||
|
else {
|
||
|
$output .= "(" . $nvhost . "): :";
|
||
|
for (my $i = 0; $i < $nvhost; $i++) {
|
||
|
$output .= $found_vhost[$i] . " ";
|
||
|
}
|
||
|
}
|
||
|
$output .= " < " . $o_ndiode . "," . $o_nvhost . " : CRITICAL";
|
||
|
print $output, "\n";
|
||
|
exit $ERRORS{"CRITICAL"};
|
||
|
}
|
||
|
|
||
|
$output = $ndiode . " diodes, " . $nvhost . " vhosts :";
|
||
|
if (($ndiode > $o_ndiode) || ($nvhost > $o_nvhost)) {
|
||
|
$output .= " > " . $o_ndiode . "," . $o_nvhost . " : WARNING";
|
||
|
} else {
|
||
|
$output .= " OK";
|
||
|
}
|
||
|
print $output, "\n";
|
||
|
exit $ERRORS{"OK"};
|
||
|
|