summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS2
-rwxr-xr-xplugins-scripts/check_ifoperstatus.pl362
-rwxr-xr-xplugins-scripts/check_ifstatus.pl170
-rw-r--r--plugins-scripts/t/check_ifoperstatus.t73
-rw-r--r--plugins-scripts/t/check_ifstatus.t63
5 files changed, 365 insertions, 305 deletions
diff --git a/NEWS b/NEWS
index ecfd67e2..451b6540 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,8 @@ This file documents the major additions and syntax changes between releases.
39 Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675) 39 Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
40 check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds 40 check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
41 check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster) 41 check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
42 Fixed SNMPv3 behaviour of check_ifoperstatus and check_ifstatus. Added -P to define privprotocol (#2343438 - Robin Schroeder)
43 check_ifoperstatus and check_ifstatus are now more user-friendly in case of missing arguments
42 44
431.4.13 25th Sept 2008 451.4.13 25th Sept 2008
44 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) 46 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl
index d0a1655a..588993be 100755
--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@@ -43,25 +43,26 @@ use Getopt::Long;
43 43
44my $PROGNAME = "check_ifoperstatus"; 44my $PROGNAME = "check_ifoperstatus";
45sub print_help (); 45sub print_help ();
46sub usage (); 46sub usage ($);
47sub print_usage ();
47sub process_arguments (); 48sub process_arguments ();
48 49
49my $timeout; 50my $timeout;
50my $status; 51my $status;
51my %ifOperStatus = ('1','up', 52my %ifOperStatus = ('1','up',
52 '2','down', 53 '2','down',
53 '3','testing', 54 '3','testing',
54 '4','unknown', 55 '4','unknown',
55 '5','dormant', 56 '5','dormant',
56 '6','notPresent', 57 '6','notPresent',
57 '7','lowerLayerDown'); # down due to the state of lower layer interface(s) 58 '7','lowerLayerDown'); # down due to the state of lower layer interface(s)
58 59
59my $state = "UNKNOWN"; 60my $state = "UNKNOWN";
60my $answer = ""; 61my $answer = "";
61my $snmpkey = 0; 62my $snmpkey = 0;
62my $community = "public"; 63my $community = "public";
63my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 64my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
64my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); 65my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
65my $port = 161; 66my $port = 161;
66my @snmpoids; 67my @snmpoids;
67my $sysUptime = '1.3.6.1.2.1.1.3.0'; 68my $sysUptime = '1.3.6.1.2.1.1.3.0';
@@ -89,6 +90,7 @@ my $lastc;
89my $dormantWarn; 90my $dormantWarn;
90my $adminWarn; 91my $adminWarn;
91my $name; 92my $name;
93my %session_opts;
92 94
93### Validate Arguments 95### Validate Arguments
94 96
@@ -97,19 +99,28 @@ $status = process_arguments();
97 99
98# Just in case of problems, let's not hang Nagios 100# Just in case of problems, let's not hang Nagios
99$SIG{'ALRM'} = sub { 101$SIG{'ALRM'} = sub {
100 print ("ERROR: No snmp response from $hostname (alarm)\n"); 102 print ("ERROR: No snmp response from $hostname (alarm)\n");
101 exit $ERRORS{"UNKNOWN"}; 103 exit $ERRORS{"UNKNOWN"};
102}; 104};
103 105
104alarm($timeout); 106alarm($timeout);
105 107
108($session, $error) = Net::SNMP->session(%session_opts);
109
110
111if (!defined($session)) {
112 $state='UNKNOWN';
113 $answer=$error;
114 print ("$state: $answer\n");
115 exit $ERRORS{$state};
116}
106 117
107## map ifdescr to ifindex - should look at being able to cache this value 118## map ifdescr to ifindex - should look at being able to cache this value
108 119
109if (defined $ifdescr || defined $iftype) { 120if (defined $ifdescr || defined $iftype) {
110 # escape "/" in ifdescr - very common in the Cisco world 121 # escape "/" in ifdescr - very common in the Cisco world
111 if (defined $iftype) { 122 if (defined $iftype) {
112 $status=fetch_ifindex($snmpIfType, $iftype); 123 $status=fetch_ifindex($snmpIfType, $iftype);
113 } else { 124 } else {
114 $ifdescr =~ s/\//\\\//g; 125 $ifdescr =~ s/\//\\\//g;
115 $status=fetch_ifindex($snmpIfDescr, $ifdescr); # if using on device with large number of interfaces 126 $status=fetch_ifindex($snmpIfDescr, $ifdescr); # if using on device with large number of interfaces
@@ -138,88 +149,86 @@ push(@snmpoids,$snmpIfDescr);
138push(@snmpoids,$snmpIfName) if (defined $ifXTable) ; 149push(@snmpoids,$snmpIfName) if (defined $ifXTable) ;
139push(@snmpoids,$snmpIfAlias) if (defined $ifXTable) ; 150push(@snmpoids,$snmpIfAlias) if (defined $ifXTable) ;
140 151
141 if (!defined($response = $session->get_request(@snmpoids))) { 152if (!defined($response = $session->get_request(@snmpoids))) {
142 $answer=$session->error; 153 $answer=$session->error;
143 $session->close; 154 $session->close;
144 $state = 'WARNING'; 155 $state = 'WARNING';
145 print ("$state: SNMP error: $answer\n"); 156 print ("$state: SNMP error: $answer\n");
146 exit $ERRORS{$state}; 157 exit $ERRORS{$state};
147 } 158}
148
149 $answer = sprintf("host '%s', %s(%s) is %s\n",
150 $hostname,
151 $response->{$snmpIfDescr},
152 $snmpkey,
153 $ifOperStatus{$response->{$snmpIfOperStatus}}
154 );
155
156
157 ## Check to see if ifName match is requested and it matches - exit if no match
158 ## not the interface we want to monitor
159 if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) {
160 $state = 'UNKNOWN';
161 $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)";
162 print ("$state: $answer\n");
163 exit $ERRORS{$state};
164 }
165
166 ## define the interface name
167 if (defined $ifXTable) {
168 $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ;
169 }else{
170 $name = $response->{$snmpIfDescr} ;
171 }
172
173 ## if AdminStatus is down - some one made a consious effort to change config
174 ##
175 if ( not ($response->{$snmpIfAdminStatus} == 1) ) {
176 $answer = "Interface $name (index $snmpkey) is administratively down.";
177 if ( not defined $adminWarn or $adminWarn eq "w" ) {
178 $state = 'WARNING';
179 } elsif ( $adminWarn eq "i" ) {
180 $state = 'OK';
181 } elsif ( $adminWarn eq "c" ) {
182 $state = 'CRITICAL';
183 } else { # If wrong value for -a, say warning
184 $state = 'WARNING';
185 }
186 }
187 ## Check operational status
188 elsif ( $response->{$snmpIfOperStatus} == 2 ) {
189 $state = 'CRITICAL';
190 $answer = "Interface $name (index $snmpkey) is down.";
191 } elsif ( $response->{$snmpIfOperStatus} == 5 ) {
192 if (defined $dormantWarn ) {
193 if ($dormantWarn eq "w") {
194 $state = 'WARNING';
195 $answer = "Interface $name (index $snmpkey) is dormant.";
196 }elsif($dormantWarn eq "c") {
197 $state = 'CRITICAL';
198 $answer = "Interface $name (index $snmpkey) is dormant.";
199 }elsif($dormantWarn eq "i") {
200 $state = 'OK';
201 $answer = "Interface $name (index $snmpkey) is dormant.";
202 }
203 }else{
204 # dormant interface - but warning/critical/ignore not requested
205 $state = 'CRITICAL';
206 $answer = "Interface $name (index $snmpkey) is dormant.";
207 }
208 } elsif ( $response->{$snmpIfOperStatus} == 6 ) {
209 $state = 'CRITICAL';
210 $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress.";
211 } elsif ( $response->{$snmpIfOperStatus} == 7 ) {
212 $state = 'CRITICAL';
213 $answer = "Interface $name (index $snmpkey) down due to lower layer being down.";
214 159
215 } elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) { 160$answer = sprintf("host '%s', %s(%s) is %s\n",
216 $state = 'CRITICAL'; 161 $hostname,
217 $answer = "Interface $name (index $snmpkey) down (testing/unknown)."; 162 $response->{$snmpIfDescr},
163 $snmpkey,
164 $ifOperStatus{$response->{$snmpIfOperStatus}}
165);
166
167
168## Check to see if ifName match is requested and it matches - exit if no match
169## not the interface we want to monitor
170if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) {
171 $state = 'UNKNOWN';
172 $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)";
173 print ("$state: $answer\n");
174 exit $ERRORS{$state};
175}
176
177## define the interface name
178if (defined $ifXTable) {
179 $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ;
180}else{
181 $name = $response->{$snmpIfDescr} ;
182}
218 183
219 } else { 184## if AdminStatus is down - some one made a consious effort to change config
220 $state = 'OK'; 185##
221 $answer = "Interface $name (index $snmpkey) is up."; 186if ( not ($response->{$snmpIfAdminStatus} == 1) ) {
222 } 187 $answer = "Interface $name (index $snmpkey) is administratively down.";
188 if ( not defined $adminWarn or $adminWarn eq "w" ) {
189 $state = 'WARNING';
190 } elsif ( $adminWarn eq "i" ) {
191 $state = 'OK';
192 } elsif ( $adminWarn eq "c" ) {
193 $state = 'CRITICAL';
194 } else { # If wrong value for -a, say warning
195 $state = 'WARNING';
196 }
197}
198## Check operational status
199elsif ( $response->{$snmpIfOperStatus} == 2 ) {
200 $state = 'CRITICAL';
201 $answer = "Interface $name (index $snmpkey) is down.";
202} elsif ( $response->{$snmpIfOperStatus} == 5 ) {
203 if (defined $dormantWarn ) {
204 if ($dormantWarn eq "w") {
205 $state = 'WARNING';
206 $answer = "Interface $name (index $snmpkey) is dormant.";
207 }elsif($dormantWarn eq "c") {
208 $state = 'CRITICAL';
209 $answer = "Interface $name (index $snmpkey) is dormant.";
210 }elsif($dormantWarn eq "i") {
211 $state = 'OK';
212 $answer = "Interface $name (index $snmpkey) is dormant.";
213 }
214 }else{
215 # dormant interface - but warning/critical/ignore not requested
216 $state = 'CRITICAL';
217 $answer = "Interface $name (index $snmpkey) is dormant.";
218 }
219} elsif ( $response->{$snmpIfOperStatus} == 6 ) {
220 $state = 'CRITICAL';
221 $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress.";
222} elsif ( $response->{$snmpIfOperStatus} == 7 ) {
223 $state = 'CRITICAL';
224 $answer = "Interface $name (index $snmpkey) down due to lower layer being down.";
225} elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) {
226 $state = 'CRITICAL';
227 $answer = "Interface $name (index $snmpkey) down (testing/unknown).";
228} else {
229 $state = 'OK';
230 $answer = "Interface $name (index $snmpkey) is up.";
231}
223 232
224 233
225 234
@@ -259,22 +268,28 @@ sub fetch_ifindex {
259 return $snmpkey; 268 return $snmpkey;
260} 269}
261 270
262sub usage() { 271sub usage($) {
263 printf "\nMissing arguments!\n"; 272 print "$_[0]\n";
264 printf "\n"; 273 print_usage();
265 printf "usage: \n"; 274 exit $ERRORS{"UNKNOWN"};
266 printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n"; 275}
267 printf "Copyright (C) 2000 Christoph Kron\n"; 276
268 printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n"; 277sub print_usage() {
269 printf "This programm is licensed under the terms of the "; 278 printf "\n";
270 printf "GNU General Public License\n(check source code for details)\n"; 279 printf "usage: \n";
271 printf "\n\n"; 280 printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n";
272 exit $ERRORS{"UNKNOWN"}; 281 printf "Copyright (C) 2000 Christoph Kron\n";
282 printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n";
283 printf "This programm is licensed under the terms of the ";
284 printf "GNU General Public License\n(check source code for details)\n";
285 printf "\n\n";
273} 286}
274 287
275sub print_help() { 288sub print_help() {
289 print_revision($PROGNAME, '@NP_VERSION@');
290 print_usage();
276 printf "check_ifoperstatus plugin for Nagios monitors operational \n"; 291 printf "check_ifoperstatus plugin for Nagios monitors operational \n";
277 printf "status of a particular network interface on the target host\n"; 292 printf "status of a particular network interface on the target host\n";
278 printf "\nUsage:\n"; 293 printf "\nUsage:\n";
279 printf " -H (--hostname) Hostname to query - (required)\n"; 294 printf " -H (--hostname) Hostname to query - (required)\n";
280 printf " -C (--community) SNMP read community (defaults to public,\n"; 295 printf " -C (--community) SNMP read community (defaults to public,\n";
@@ -285,19 +300,20 @@ sub print_help() {
285 printf " if monitoring with -d\n"; 300 printf " if monitoring with -d\n";
286 printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n"; 301 printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
287 printf " -U (--secname) username for SNMPv3 context\n"; 302 printf " -U (--secname) username for SNMPv3 context\n";
288 printf " -c (--context) SNMPv3 context name (default is empty string)"; 303 printf " -c (--context) SNMPv3 context name (default is empty string)\n";
289 printf " -A (--authpass) authentication password (cleartext ascii or localized key\n"; 304 printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
290 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 305 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
291 printf " auth password and authEngineID\n"; 306 printf " auth password and authEngineID\n";
292 printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n"; 307 printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
293 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; 308 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
294 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 309 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
295 printf " privacy password and authEngineID\n"; 310 printf " privacy password and authEngineID\n";
311 printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
296 printf " -k (--key) SNMP IfIndex value\n"; 312 printf " -k (--key) SNMP IfIndex value\n";
297 printf " -d (--descr) SNMP ifDescr value\n"; 313 printf " -d (--descr) SNMP ifDescr value\n";
298 printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; 314 printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
299 printf " -p (--port) SNMP port (default 161)\n"; 315 printf " -p (--port) SNMP port (default 161)\n";
300 printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n"; 316 printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n";
301 printf " you don't know what this is. \n"; 317 printf " you don't know what this is. \n";
302 printf " -n (--name) the value should match the returned ifName\n"; 318 printf " -n (--name) the value should match the returned ifName\n";
303 printf " (Implies the use of -I)\n"; 319 printf " (Implies the use of -I)\n";
@@ -312,7 +328,6 @@ sub print_help() {
312 printf "intensive. Use it sparingly or not at all. -n is used to match against\n"; 328 printf "intensive. Use it sparingly or not at all. -n is used to match against\n";
313 printf "a much more descriptive ifName value in the IfXTable to verify that the\n"; 329 printf "a much more descriptive ifName value in the IfXTable to verify that the\n";
314 printf "snmpkey has not changed to some other network interface after a reboot.\n\n"; 330 printf "snmpkey has not changed to some other network interface after a reboot.\n\n";
315 print_revision($PROGNAME, '@NP_VERSION@');
316 331
317} 332}
318 333
@@ -327,6 +342,7 @@ sub process_arguments() {
327 "U=s" => \$secname, "secname=s" => \$secname, 342 "U=s" => \$secname, "secname=s" => \$secname,
328 "A=s" => \$authpass, "authpass=s" => \$authpass, 343 "A=s" => \$authpass, "authpass=s" => \$authpass,
329 "X=s" => \$privpass, "privpass=s" => \$privpass, 344 "X=s" => \$privpass, "privpass=s" => \$privpass,
345 "P=s" => \$privproto, "privproto=s" => \$privproto,
330 "c=s" => \$context, "context=s" => \$context, 346 "c=s" => \$context, "context=s" => \$context,
331 "k=i" => \$snmpkey, "key=i",\$snmpkey, 347 "k=i" => \$snmpkey, "key=i",\$snmpkey,
332 "d=s" => \$ifdescr, "descr=s" => \$ifdescr, 348 "d=s" => \$ifdescr, "descr=s" => \$ifdescr,
@@ -343,12 +359,11 @@ sub process_arguments() {
343 ); 359 );
344 360
345 361
346
347 if ($status == 0){ 362 if ($status == 0){
348 print_help(); 363 print_help();
349 exit $ERRORS{'OK'}; 364 exit $ERRORS{'OK'};
350 } 365 }
351 366
352 if ($opt_V) { 367 if ($opt_V) {
353 print_revision($PROGNAME,'@NP_VERSION@'); 368 print_revision($PROGNAME,'@NP_VERSION@');
354 exit $ERRORS{'OK'}; 369 exit $ERRORS{'OK'};
@@ -360,19 +375,14 @@ sub process_arguments() {
360 } 375 }
361 376
362 if (! utils::is_hostname($hostname)){ 377 if (! utils::is_hostname($hostname)){
363 usage(); 378 usage("Hostname invalid or not given");
364 exit $ERRORS{"UNKNOWN"};
365 } 379 }
366 380
367
368 unless ($snmpkey > 0 || defined $ifdescr || defined $iftype){ 381 unless ($snmpkey > 0 || defined $ifdescr || defined $iftype){
369 printf "Either a valid snmpkey key (-k) or a ifDescr (-d) must be provided)\n"; 382 usage("Either a valid snmp key (-k) or a ifDescr (-d) must be provided");
370 usage();
371 exit $ERRORS{"UNKNOWN"};
372 } 383 }
373 384
374 385 if (defined $ifName) {
375 if (defined $name) {
376 $ifXTable=1; 386 $ifXTable=1;
377 } 387 }
378 388
@@ -387,128 +397,76 @@ sub process_arguments() {
387 $timeout = $TIMEOUT; 397 $timeout = $TIMEOUT;
388 } 398 }
389 399
400 if ($snmp_version !~ /[123]/){
401 $state='UNKNOWN';
402 print ("$state: No support for SNMP v$snmp_version yet\n");
403 exit $ERRORS{$state};
404 }
405
406 %session_opts = (
407 -hostname => $hostname,
408 -port => $port,
409 -version => $snmp_version,
410 -maxmsgsize => $maxmsgsize
411 );
412
413 $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
414
390 if ($snmp_version =~ /3/ ) { 415 if ($snmp_version =~ /3/ ) {
391 # Must define a security level even though default is noAuthNoPriv 416 # Must define a security level even though default is noAuthNoPriv
392 # v3 requires a security username 417 # v3 requires a security username
393 if (defined $seclevel && defined $secname) { 418 if (defined $seclevel && defined $secname) {
419 $session_opts{'-username'} = $secname;
394 420
395 # Must define a security level even though defualt is noAuthNoPriv 421 # Must define a security level even though defualt is noAuthNoPriv
396 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { 422 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
397 usage(); 423 usage("Must define a valid security level even though default is noAuthNoPriv");
398 exit $ERRORS{"UNKNOWN"};
399 } 424 }
400 425
401 # Authentication wanted 426 # Authentication wanted
402 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { 427 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
403 428 if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
404 unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { 429 usage("Auth protocol can be either MD5 or SHA1");
405 usage();
406 exit $ERRORS{"UNKNOWN"};
407 } 430 }
431 $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
408 432
409 if ( !defined $authpass) { 433 if ( !defined $authpass) {
410 usage(); 434 usage("Auth password/key is not defined");
411 exit $ERRORS{"UNKNOWN"};
412 }else{ 435 }else{
413 if ($authpass =~ /^0x/ ) { 436 if ($authpass =~ /^0x/ ) {
414 $auth = "-authkey => $authpass" ; 437 $session_opts{'-authkey'} = $authpass ;
415 }else{ 438 }else{
416 $auth = "-authpassword => $authpass"; 439 $session_opts{'-authpassword'} = $authpass ;
417 } 440 }
418 } 441 }
419
420 } 442 }
421 443
422 # Privacy (DES encryption) wanted 444 # Privacy (DES encryption) wanted
423 if ($seclevel eq 'authPriv' ) { 445 if ($seclevel eq 'authPriv' ) {
424 if (! defined $privpass) { 446 if (! defined $privpass) {
425 usage(); 447 usage("Privacy passphrase/key is not defined");
426 exit $ERRORS{"UNKNOWN"};
427 }else{ 448 }else{
428 if ($privpass =~ /^0x/){ 449 if ($privpass =~ /^0x/){
429 $priv = "-privkey => $privpass"; 450 $session_opts{'-privkey'} = $privpass;
430 }else{ 451 }else{
431 $priv = "-privpassword => $privpass"; 452 $session_opts{'-privpassword'} = $privpass;
432 } 453 }
433 } 454 }
455
456 $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
434 } 457 }
435 458
436 # Context name defined or default 459 # Context name defined or default
437
438 unless ( defined $context) { 460 unless ( defined $context) {
439 $context = ""; 461 $context = "";
440 } 462 }
441 463
442
443
444 }else { 464 }else {
445 usage(); 465 usage("Security level or name is not defined");
446 exit $ERRORS{'UNKNOWN'}; ;
447 } 466 }
448 } # end snmpv3 467 } # end snmpv3
449 468
450 469
451 if ( $snmp_version =~ /[12]/ ) {
452 ($session, $error) = Net::SNMP->session(
453 -hostname => $hostname,
454 -community => $community,
455 -port => $port,
456 -version => $snmp_version,
457 -maxmsgsize => $maxmsgsize
458 );
459
460 if (!defined($session)) {
461 $state='UNKNOWN';
462 $answer=$error;
463 print ("$state: $answer\n");
464 exit $ERRORS{$state};
465 }
466
467 }elsif ( $snmp_version =~ /3/ ) {
468
469 if ($seclevel eq 'noAuthNoPriv') {
470 ($session, $error) = Net::SNMP->session(
471 -hostname => $hostname,
472 -port => $port,
473 -version => $snmp_version,
474 -username => $secname,
475 );
476
477 }elsif ( $seclevel eq 'authNoPriv' ) {
478 ($session, $error) = Net::SNMP->session(
479 -hostname => $hostname,
480 -port => $port,
481 -version => $snmp_version,
482 -username => $secname,
483 $auth,
484 -authprotocol => $authproto,
485 );
486 }elsif ($seclevel eq 'authPriv' ) {
487 ($session, $error) = Net::SNMP->session(
488 -hostname => $hostname,
489 -port => $port,
490 -version => $snmp_version,
491 -username => $secname,
492 $auth,
493 -authprotocol => $authproto,
494 $priv
495 );
496 }
497
498
499 if (!defined($session)) {
500 $state='UNKNOWN';
501 $answer=$error;
502 print ("$state: $answer\n");
503 exit $ERRORS{$state};
504 }
505
506 }else{
507 $state='UNKNOWN';
508 print ("$state: No support for SNMP v$snmp_version yet\n");
509 exit $ERRORS{$state};
510 }
511
512} 470}
513## End validation 471## End validation
514 472
diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl
index bae3ffa7..22638234 100755
--- a/plugins-scripts/check_ifstatus.pl
+++ b/plugins-scripts/check_ifstatus.pl
@@ -42,7 +42,8 @@ Getopt::Long::Configure('bundling');
42my $PROGNAME = "check_ifstatus"; 42my $PROGNAME = "check_ifstatus";
43 43
44sub print_help (); 44sub print_help ();
45sub usage (); 45sub usage ($);
46sub print_usage ();
46sub process_arguments (); 47sub process_arguments ();
47 48
48 49
@@ -63,7 +64,7 @@ my $snmpoid=0;
63my $key=0; 64my $key=0;
64my $community = "public"; 65my $community = "public";
65my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 66my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
66my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); 67my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
67my $port = 161; 68my $port = 161;
68my @snmpoids; 69my @snmpoids;
69my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7'; 70my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7';
@@ -92,6 +93,7 @@ my $opt_u;
92my $opt_x ; 93my $opt_x ;
93my %excluded ; 94my %excluded ;
94my @unused_ports ; 95my @unused_ports ;
96my %session_opts;
95 97
96 98
97 99
@@ -115,6 +117,15 @@ if ($status != 0)
115 117
116 118
117alarm($timeout); 119alarm($timeout);
120($session, $error) = Net::SNMP->session(%session_opts);
121
122if (!defined($session)) {
123 $state='UNKNOWN';
124 $answer=$error;
125 print ("$state: $answer\n");
126 exit $ERRORS{$state};
127}
128
118 129
119push(@snmpoids,$snmpIfOperStatus); 130push(@snmpoids,$snmpIfOperStatus);
120push(@snmpoids,$snmpIfAdminStatus); 131push(@snmpoids,$snmpIfAdminStatus);
@@ -209,19 +220,25 @@ my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$i
209print ("$state: $answer |$perfdata\n"); 220print ("$state: $answer |$perfdata\n");
210exit $ERRORS{$state}; 221exit $ERRORS{$state};
211 222
223sub usage($) {
224 print "$_[0]\n";
225 print_usage();
226 exit $ERRORS{"UNKNOWN"};
227}
212 228
213sub usage (){ 229sub print_usage() {
214 printf "\nMissing arguments!\n";
215 printf "\n"; 230 printf "\n";
231 printf "usage: \n";
216 printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n"; 232 printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n";
217 printf "Copyright (C) 2000 Christoph Kron\n"; 233 printf "Copyright (C) 2000 Christoph Kron\n";
218 printf "Updates 5/2002 Subhendu Ghosh\n"; 234 printf "Updates 5/2002 Subhendu Ghosh\n";
219 printf "\n\n";
220 support(); 235 support();
221 exit $ERRORS{"UNKNOWN"}; 236 printf "\n\n";
222} 237}
223 238
224sub print_help (){ 239sub print_help() {
240 print_revision($PROGNAME, '@NP_VERSION@');
241 print_usage();
225 printf "check_ifstatus plugin for Nagios monitors operational \n"; 242 printf "check_ifstatus plugin for Nagios monitors operational \n";
226 printf "status of each network interface on the target host\n"; 243 printf "status of each network interface on the target host\n";
227 printf "\nUsage:\n"; 244 printf "\nUsage:\n";
@@ -242,14 +259,15 @@ sub print_help (){
242 printf " See the IANAifType-MIB for a list of interface types.\n"; 259 printf " See the IANAifType-MIB for a list of interface types.\n";
243 printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n"; 260 printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
244 printf " -U (--secname) username for SNMPv3 context\n"; 261 printf " -U (--secname) username for SNMPv3 context\n";
245 printf " -c (--context) SNMPv3 context name (default is empty string)"; 262 printf " -c (--context) SNMPv3 context name (default is empty string)\n";
246 printf " -A (--authpass) authentication password (cleartext ascii or localized key\n"; 263 printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
247 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 264 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
248 printf " auth password and authEngineID\n"; 265 printf " auth password and authEngineID\n";
249 printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n"; 266 printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
250 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; 267 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
251 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 268 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
252 printf " privacy password and authEngineID\n"; 269 printf " privacy password and authEngineID\n";
270 printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
253 printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n"; 271 printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
254 printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n"; 272 printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n";
255 printf " -V (--version) Plugin version\n"; 273 printf " -V (--version) Plugin version\n";
@@ -269,6 +287,7 @@ sub process_arguments() {
269 "U=s" => \$secname, "secname=s" => \$secname, 287 "U=s" => \$secname, "secname=s" => \$secname,
270 "A=s" => \$authpass, "authpass=s" => \$authpass, 288 "A=s" => \$authpass, "authpass=s" => \$authpass,
271 "X=s" => \$privpass, "privpass=s" => \$privpass, 289 "X=s" => \$privpass, "privpass=s" => \$privpass,
290 "P=s" => \$privproto, "privproto=s" => \$privproto,
272 "c=s" => \$context, "context=s" => \$context, 291 "c=s" => \$context, "context=s" => \$context,
273 "p=i" =>\$port, "port=i" => \$port, 292 "p=i" =>\$port, "port=i" => \$port,
274 "H=s" => \$hostname, "hostname=s" => \$hostname, 293 "H=s" => \$hostname, "hostname=s" => \$hostname,
@@ -280,9 +299,10 @@ sub process_arguments() {
280 ); 299 );
281 300
282 if ($status == 0){ 301 if ($status == 0){
283 print_help() ; 302 print_help();
284 exit $ERRORS{'OK'}; 303 exit $ERRORS{'OK'};
285 } 304 }
305
286 if ($opt_V) { 306 if ($opt_V) {
287 print_revision($PROGNAME,'@NP_VERSION@'); 307 print_revision($PROGNAME,'@NP_VERSION@');
288 exit $ERRORS{'OK'}; 308 exit $ERRORS{'OK'};
@@ -297,68 +317,75 @@ sub process_arguments() {
297 $timeout = $TIMEOUT; 317 $timeout = $TIMEOUT;
298 } 318 }
299 319
320 if ($snmp_version !~ /[123]/){
321 $state='UNKNOWN';
322 print ("$state: No support for SNMP v$snmp_version yet\n");
323 exit $ERRORS{$state};
324 }
325
326 %session_opts = (
327 -hostname => $hostname,
328 -port => $port,
329 -version => $snmp_version,
330 -maxmsgsize => $maxmsgsize
331 );
332
333 $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
334
300 if ($snmp_version =~ /3/ ) { 335 if ($snmp_version =~ /3/ ) {
301 # Must define a security level even though default is noAuthNoPriv 336 # Must define a security level even though default is noAuthNoPriv
302 # v3 requires a security username 337 # v3 requires a security username
303 if (defined $seclevel && defined $secname) { 338 if (defined $seclevel && defined $secname) {
339 $session_opts{'-username'} = $secname;
304 340
305 # Must define a security level even though defualt is noAuthNoPriv 341 # Must define a security level even though defualt is noAuthNoPriv
306 unless ($seclevel eq ('noAuthNoPriv' || 'authNoPriv' || 'authPriv' ) ) { 342 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
307 usage(); 343 usage("Must define a valid security level even though default is noAuthNoPriv");
308 exit $ERRORS{"UNKNOWN"};
309 } 344 }
310 345
311 # Authentication wanted 346 # Authentication wanted
312 if ($seclevel eq ('authNoPriv' || 'authPriv') ) { 347 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
313 348 if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
314 unless ($authproto eq ('MD5' || 'SHA1') ) { 349 usage("Auth protocol can be either MD5 or SHA1");
315 usage();
316 exit $ERRORS{"UNKNOWN"};
317 } 350 }
351 $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
318 352
319 if ( !defined $authpass) { 353 if ( !defined $authpass) {
320 usage(); 354 usage("Auth password/key is not defined");
321 exit $ERRORS{"UNKNOWN"};
322 }else{ 355 }else{
323 if ($authpass =~ /^0x/ ) { 356 if ($authpass =~ /^0x/ ) {
324 $auth = "-authkey => $authpass" ; 357 $session_opts{'-authkey'} = $authpass ;
325 }else{ 358 }else{
326 $auth = "-authpassword => $authpass"; 359 $session_opts{'-authpassword'} = $authpass ;
327 } 360 }
328 } 361 }
329
330 } 362 }
331 363
332 # Privacy (DES encryption) wanted 364 # Privacy (DES encryption) wanted
333 if ($seclevel eq 'authPriv' ) { 365 if ($seclevel eq 'authPriv' ) {
334 if (! defined $privpass) { 366 if (! defined $privpass) {
335 usage(); 367 usage("Privacy passphrase/key is not defined");
336 exit $ERRORS{"UNKNOWN"};
337 }else{ 368 }else{
338 if ($privpass =~ /^0x/){ 369 if ($privpass =~ /^0x/){
339 $priv = "-privkey => $privpass"; 370 $session_opts{'-privkey'} = $privpass;
340 }else{ 371 }else{
341 $priv = "-privpassword => $privpass"; 372 $session_opts{'-privpassword'} = $privpass;
342 } 373 }
343 } 374 }
375
376 $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
344 } 377 }
345 378
346 # Context name defined or default 379 # Context name defined or default
347
348 unless ( defined $context) { 380 unless ( defined $context) {
349 $context = ""; 381 $context = "";
350 } 382 }
351 383
352
353
354 }else { 384 }else {
355 usage(); 385 usage("Security level or name is not defined");
356 exit $ERRORS{'UNKNOWN'}; ;
357 } 386 }
358 } # end snmpv3 387 } # end snmpv3
359 388
360 # for snmp v1 & v2c we default to community = "public"
361
362 # Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces 389 # Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces
363 if (defined $opt_x) { 390 if (defined $opt_x) {
364 my @x = split(/,/, $opt_x); 391 my @x = split(/,/, $opt_x);
@@ -380,79 +407,16 @@ sub process_arguments() {
380 } 407 }
381 408
382 if (! utils::is_hostname($hostname)){ 409 if (! utils::is_hostname($hostname)){
383 usage(); 410 usage("Hostname invalid or not given");
384 exit $ERRORS{"UNKNOWN"}; 411 exit $ERRORS{"UNKNOWN"};
385 } 412 }
386 413
387 # create SNMP session handle based on options passed.
388
389 if ( ! $snmp_version ) {
390 $snmp_version =1 ;
391 }else{
392 if ( $snmp_version =~ /[12]/ ) {
393
394 ($session, $error) = Net::SNMP->session(
395 -hostname => $hostname,
396 -community => $community,
397 -port => $port,
398 -version => $snmp_version,
399 -maxmsgsize => $maxmsgsize
400 );
401
402 if (!defined($session)) {
403 $state='UNKNOWN';
404 $answer=$error;
405 print ("$state: $answer");
406 exit $ERRORS{$state};
407 }
408
409 414
410 }elsif ( $snmp_version =~ /3/ ) { 415 if ($snmp_version !~ /[123]/) {
411
412 if ($seclevel eq 'noAuthNoPriv') {
413 ($session, $error) = Net::SNMP->session(
414 -hostname => $hostname,
415 -port => $port,
416 -version => $snmp_version,
417 -username => $secname,
418 );
419
420 }elsif ( $seclevel eq 'authNoPriv' ) {
421 ($session, $error) = Net::SNMP->session(
422 -hostname => $hostname,
423 -port => $port,
424 -version => $snmp_version,
425 -username => $secname,
426 -authprotocol => $authproto,
427 $auth
428 );
429 }elsif ($seclevel eq 'authPriv' ) {
430 ($session, $error) = Net::SNMP->session(
431 -hostname => $hostname,
432 -port => $port,
433 -version => $snmp_version,
434 -username => $secname,
435 -authprotocol => $authproto,
436 $auth,
437 $priv
438 );
439 }
440
441
442 if (!defined($session)) {
443 $state='UNKNOWN';
444 $answer=$error;
445 print ("$state: $answer");
446 exit $ERRORS{$state};
447 }
448
449 }else{
450 $state='UNKNOWN'; 416 $state='UNKNOWN';
451 print ("$state: No support for SNMP v$snmp_version yet\n"); 417 print ("$state: No support for SNMP v$snmp_version yet\n");
452 exit $ERRORS{$state}; 418 exit $ERRORS{$state};
453 } 419 }
454}
455 420
456return $ERRORS{"OK"}; 421return $ERRORS{"OK"};
457
458} 422}
diff --git a/plugins-scripts/t/check_ifoperstatus.t b/plugins-scripts/t/check_ifoperstatus.t
new file mode 100644
index 00000000..1267f415
--- /dev/null
+++ b/plugins-scripts/t/check_ifoperstatus.t
@@ -0,0 +1,73 @@
1#! /usr/bin/perl -w -I ..
2#
3# SNMP Test via check_ifoperstatus
4#
5#
6
7use strict;
8use Test::More;
9use NPTest;
10
11my $tests = 15;
12plan tests => $tests;
13my $res;
14
15my $plugin = "check_ifoperstatus";
16SKIP: {
17 skip "$plugin is not created", $tests if ( ! -x $plugin );
18
19 my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost",
20 "A host providing an SNMP Service");
21
22 my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public",
23 "The SNMP Community string for SNMP Testing (assumes snmp v1)" );
24
25 my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
26 "The hostname of system not responsive to network requests" );
27
28 my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
29 "An invalid (not known to DNS) hostname" );
30
31 $res = NPTest->testCmd( "./$plugin" );
32 is( $res->return_code, 3, "No arguments" );
33 like( $res->output, '/usage/', "Output contains usage" );
34
35 $res = NPTest->testCmd( "./$plugin -H fakehostname" );
36 is( $res->return_code, 3, "No key/descr specified" );
37 like( $res->output, '/Either a valid snmp key/', "Output contains 'Either a valid snmp key'" );
38
39 $res = NPTest->testCmd( "./$plugin -H fakehost -k 1 -v 3 --seclevel rubbish --secname foobar" );
40 is( $res->return_code, 3, "invalid seclevel" );
41 like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" );
42
43 SKIP: {
44 skip "no snmp host defined", 6 if ( ! $host_snmp );
45
46 $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -k 1");
47 cmp_ok( $res->return_code, '==', 0, "Exit OK for ifindex 1" );
48 like($res->output, '/^OK.*Interface.*is up/', "String contains OK Interface is up");
49
50 $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -d lo");
51 cmp_ok( $res->return_code, '==', 0, "Exit OK for ifdescr lo" );
52 like($res->output, '/^OK.*Interface.*is up/', "String contains OK Interface is up");
53
54 $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -k 1 -n rubbish");
55 cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN if interface name doesn't match" );
56 like($res->output, '/doesn\'t match snmp value/', "String contains 'doesn't match snmp value'");
57
58 }
59
60 SKIP: {
61 skip "no non responsive host defined", 1 if ( ! $host_nonresponsive );
62 $res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community -k 1");
63 cmp_ok( $res->return_code, '==', 1, "Exit WARNING with non responsive host" );
64 }
65
66 SKIP: {
67 skip "no invalid host defined", 2 if ( ! $hostname_invalid );
68 $res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community -k 1");
69 cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" );
70 like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid");
71 }
72
73}
diff --git a/plugins-scripts/t/check_ifstatus.t b/plugins-scripts/t/check_ifstatus.t
new file mode 100644
index 00000000..c5169d90
--- /dev/null
+++ b/plugins-scripts/t/check_ifstatus.t
@@ -0,0 +1,63 @@
1#! /usr/bin/perl -w -I ..
2#
3# SNMP Test via check_ifoperstatus
4#
5#
6
7use strict;
8use Test::More;
9use NPTest;
10
11my $tests = 9;
12plan tests => $tests;
13my $res;
14
15my $plugin = "check_ifstatus";
16SKIP: {
17 skip "$plugin is not created", $tests if ( ! -x $plugin );
18
19 my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost",
20 "A host providing an SNMP Service");
21
22 my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public",
23 "The SNMP Community string for SNMP Testing (assumes snmp v1)" );
24
25 my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
26 "The hostname of system not responsive to network requests" );
27
28 my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
29 "An invalid (not known to DNS) hostname" );
30
31 $res = NPTest->testCmd( "./$plugin" );
32 is( $res->return_code, 3, "No arguments" );
33 like( $res->output, '/usage/', "Output contains usage" );
34
35 $res = NPTest->testCmd( "./$plugin -H fakehost -v 3 --seclevel rubbish --secname foobar" );
36 is( $res->return_code, 3, "invalid seclevel" );
37 like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" );
38
39 SKIP: {
40 skip "no snmp host defined", 2 if ( ! $host_snmp );
41
42 $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community ");
43 like($res->output, '/^.*host.*interfaces up/', "String contains host.*interfaces up");
44
45 $res = NPTest->testCmd( "./$plugin -H $host_snmp -C rubbish");
46 cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL for community 'rubbish'" );
47
48 }
49
50 SKIP: {
51 skip "no non responsive host defined", 1 if ( ! $host_nonresponsive );
52 $res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community");
53 cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
54 }
55
56 SKIP: {
57 skip "no invalid host defined", 2 if ( ! $hostname_invalid );
58 $res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community");
59 cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" );
60 like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid");
61 }
62
63}