[checkmk-commits] 4768 cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices

Simon Betz si at mathias-kettner.de
Tue Jun 20 13:41:08 CEST 2017


Module: check_mk
Branch: master
Commit: 233cf90d25fb07300774ce6da562fc6da91a51b3
URL:    http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=233cf90d25fb07300774ce6da562fc6da91a51b3

Author: Simon Betz <si at mathias-kettner.de>
Date:   Tue Jun  6 11:59:52 2017 +0200

4768 cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices

Change-Id: I9639f5888f51e9161a76a1d6254004b2fab282cd

---

 .werks/4768                          | 10 ++++++
 checkman/cisco_asa_connections       | 15 ++++++++
 checks/cisco_asa_connections         | 70 ++++++++++++++++++++++++++++++++++++
 web/plugins/wato/check_parameters.py | 20 +++++++++++
 4 files changed, 115 insertions(+)

diff --git a/.werks/4768 b/.werks/4768
new file mode 100644
index 0000000..a1ecd54
--- /dev/null
+++ b/.werks/4768
@@ -0,0 +1,10 @@
+Title: cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1496743160
+Class: feature
+
+
diff --git a/checkman/cisco_asa_connections b/checkman/cisco_asa_connections
new file mode 100644
index 0000000..aefffcd4
--- /dev/null
+++ b/checkman/cisco_asa_connections
@@ -0,0 +1,15 @@
+title: Cisco ASA Connections
+agents: snmp
+catalog: hw/network/cisco
+distribution: check_mk
+license: GPLv3
+description:
+ This check monitors the number of connections currently in use by the entire firewall and
+ the highest number of connections in use at any one time since system startup of Cisco ASA
+ devices.
+
+ Upper levels for currently connections can be set. There are no default levels.
+
+inventory:
+ One service will be created.
+
diff --git a/checks/cisco_asa_connections b/checks/cisco_asa_connections
new file mode 100644
index 0000000..e65b21d
--- /dev/null
+++ b/checks/cisco_asa_connections
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# |             ____ _               _        __  __ _  __           |
+# |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
+# |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
+# |           | |___| | | |  __/ (__|   <    | |  | | . \            |
+# |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
+# |                                                                  |
+# | Copyright Mathias Kettner 2017             mk at mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software;  you can redistribute it and/or modify it
+# under the  terms of the  GNU General Public License  as published by
+# the Free Software Foundation in version 2.  check_mk is  distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
+# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
+# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
+# tails. You should have  received  a copy of the  GNU  General Public
+# License along with GNU Make; see the file  COPYING.  If  not,  write
+# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.6  "number of connections currently in use by the entire firewall"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.7  "highest number of connections in use at any one time since system startup"
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6  1045
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7  2816
+
+
+def inventory_cisco_asa_connections(info):
+    return [(None, {})]
+
+
+def check_cisco_asa_connections(_no_item, params, info):
+    used_conns = int(info[0][0])
+    overall_used_conns = info[1][0]
+    infotext = "Currently used: %s" % used_conns
+    state = 0
+
+    if params.get("connections"):
+        warn, crit = params["connections"]
+        perfdata = [("fw_connections_active", used_conns, warn, crit)]
+        if used_conns >= crit:
+            state = 2
+        elif used_conns >= warn:
+            state = 1
+        if state > 0:
+            infotext += " (warn/crit at %s/%s)" % (warn, crit)
+    else:
+        perfdata = [("fw_connections_active", used_conns)]
+
+    return state, "%s, Max. since system startup: %s" % (infotext, overall_used_conns), perfdata
+
+
+check_info['cisco_asa_connections'] = {
+    'inventory_function'    : inventory_cisco_asa_connections,
+    'check_function'        : check_cisco_asa_connections,
+    'service_description'   : 'Connections',
+    'snmp_info'             : ('.1.3.6.1.4.1.9.9.147.1.2.2.2.1', [
+                                '5', # CISCO-FIREWALL-MIB::cfwConnectionStatValue
+                              ]),
+    "snmp_scan_function"    : lambda oid: oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive security") \
+                                          or "cisco pix security" in oid(".1.3.6.1.2.1.1.1.0").lower(),
+    "group"                 : "cisco_fw_connections",
+    "has_perfdata"          : True,
+}
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index 6889265..0966319 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -9741,6 +9741,26 @@ register_check_parameters(
 
 register_check_parameters(
     subgroup_applications,
+    "cisco_fw_connections",
+    _("Cisco ASA Firewall Connections"),
+    Dictionary(
+        elements = [
+            ("connections", Tuple(
+                help = _("This rule sets limits to the current number of connections through "
+                         "a Cisco ASA firewall."),
+                title = _("Maximum number of firewall connections"),
+                elements = [
+                    Integer(title=_("Warning at")),
+                    Integer(title=_("Critical at")),
+                ],
+            )),
+    ]),
+    None,
+    "dict",
+)
+
+register_check_parameters(
+    subgroup_applications,
     "checkpoint_connections",
     _("Checkpoint Firewall Connections"),
     Tuple(



More information about the checkmk-commits mailing list