summaryrefslogtreecommitdiffstats
path: root/Monitoring/nagios/plugins/check_ifoperstatus
diff options
context:
space:
mode:
Diffstat (limited to 'Monitoring/nagios/plugins/check_ifoperstatus')
-rwxr-xr-xMonitoring/nagios/plugins/check_ifoperstatus472
1 files changed, 472 insertions, 0 deletions
diff --git a/Monitoring/nagios/plugins/check_ifoperstatus b/Monitoring/nagios/plugins/check_ifoperstatus
new file mode 100755
index 00000000..23b25d5d
--- /dev/null
+++ b/Monitoring/nagios/plugins/check_ifoperstatus
@@ -0,0 +1,472 @@
+#! /usr/bin/perl -w
+#
+# check_ifoperstatus.pl - nagios plugin
+#
+# Copyright (C) 2000 Christoph Kron,
+# Modified 5/2002 to conform to updated Nagios Plugin Guidelines
+# Added support for named interfaces per Valdimir Ivaschenko (S. Ghosh)
+# Added SNMPv3 support (10/2003)
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+#
+# Report bugs to: nagiosplug-help@lists.sourceforge.net
+#
+# 11.01.2000 Version 1.0
+#
+# Patches from Guy Van Den Bergh to warn on ifadminstatus down interfaces
+# instead of critical.
+#
+# Primary MIB reference - RFC 2863
+
+
+use POSIX;
+use strict;
+use lib "/usr/lib/nagios/plugins" ;
+use utils qw($TIMEOUT %ERRORS &print_revision &support);
+
+use Net::SNMP;
+use Getopt::Long;
+&Getopt::Long::config('bundling');
+
+my $PROGNAME = "check_ifoperstatus";
+sub print_help ();
+sub usage ($);
+sub print_usage ();
+sub process_arguments ();
+
+my $timeout;
+my $status;
+my %ifOperStatus = ('1','up',
+ '2','down',
+ '3','testing',
+ '4','unknown',
+ '5','dormant',
+ '6','notPresent',
+ '7','lowerLayerDown'); # down due to the state of lower layer interface(s)
+
+my $state = "UNKNOWN";
+my $answer = "";
+my $snmpkey = 0;
+my $community = "public";
+my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
+my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
+my $port = 161;
+my @snmpoids;
+my $sysUptime = '1.3.6.1.2.1.1.3.0';
+my $snmpIfDescr = '1.3.6.1.2.1.2.2.1.2';
+my $snmpIfType = '1.3.6.1.2.1.2.2.1.3';
+my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7';
+my $snmpIfOperStatus = '1.3.6.1.2.1.2.2.1.8';
+my $snmpIfName = '1.3.6.1.2.1.31.1.1.1.1';
+my $snmpIfLastChange = '1.3.6.1.2.1.2.2.1.9';
+my $snmpIfAlias = '1.3.6.1.2.1.31.1.1.1.18';
+my $snmpLocIfDescr = '1.3.6.1.4.1.9.2.2.1.1.28';
+my $hostname;
+my $ifName;
+my $session;
+my $error;
+my $response;
+my $snmp_version = 1 ;
+my $ifXTable;
+my $opt_h ;
+my $opt_V ;
+my $ifdescr;
+my $iftype;
+my $key;
+my $lastc;
+my $dormantWarn;
+my $adminWarn;
+my $name;
+my %session_opts;
+
+### Validate Arguments
+
+$status = process_arguments();
+
+
+# Just in case of problems, let's not hang Nagios
+$SIG{'ALRM'} = sub {
+ print ("ERROR: No snmp response from $hostname (alarm)\n");
+ exit $ERRORS{"UNKNOWN"};
+};
+
+alarm($timeout);
+
+($session, $error) = Net::SNMP->session(%session_opts);
+
+
+if (!defined($session)) {
+ $state='UNKNOWN';
+ $answer=$error;
+ print ("$state: $answer\n");
+ exit $ERRORS{$state};
+}
+
+## map ifdescr to ifindex - should look at being able to cache this value
+
+if (defined $ifdescr || defined $iftype) {
+ # escape "/" in ifdescr - very common in the Cisco world
+ if (defined $iftype) {
+ $status=fetch_ifindex($snmpIfType, $iftype);
+ } else {
+ $ifdescr =~ s/\//\\\//g;
+ $status=fetch_ifindex($snmpIfDescr, $ifdescr); # if using on device with large number of interfaces
+ # recommend use of SNMP v2 (get-bulk)
+ }
+ if ($status==0) {
+ $state = "UNKNOWN";
+ printf "$state: could not retrive ifdescr/iftype snmpkey - $status-$snmpkey\n";
+ $session->close;
+ exit $ERRORS{$state};
+ }
+}
+
+
+## Main function
+
+$snmpIfAdminStatus = $snmpIfAdminStatus . "." . $snmpkey;
+$snmpIfOperStatus = $snmpIfOperStatus . "." . $snmpkey;
+$snmpIfDescr = $snmpIfDescr . "." . $snmpkey;
+$snmpIfName = $snmpIfName . "." . $snmpkey ;
+$snmpIfAlias = $snmpIfAlias . "." . $snmpkey ;
+
+push(@snmpoids,$snmpIfAdminStatus);
+push(@snmpoids,$snmpIfOperStatus);
+push(@snmpoids,$snmpIfDescr);
+push(@snmpoids,$snmpIfName) if (defined $ifXTable) ;
+push(@snmpoids,$snmpIfAlias) if (defined $ifXTable) ;
+
+if (!defined($response = $session->get_request(@snmpoids))) {
+ $answer=$session->error;
+ $session->close;
+ $state = 'WARNING';
+ print ("$state: SNMP error: $answer\n");
+ exit $ERRORS{$state};
+}
+
+$answer = sprintf("host '%s', %s(%s) is %s\n",
+ $hostname,
+ $response->{$snmpIfDescr},
+ $snmpkey,
+ $ifOperStatus{$response->{$snmpIfOperStatus}}
+);
+
+
+## Check to see if ifName match is requested and it matches - exit if no match
+## not the interface we want to monitor
+if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) {
+ $state = 'UNKNOWN';
+ $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)";
+ print ("$state: $answer\n");
+ exit $ERRORS{$state};
+}
+
+## define the interface name
+if (defined $ifXTable) {
+ $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ;
+}else{
+ $name = $response->{$snmpIfDescr} ;
+}
+
+## if AdminStatus is down - some one made a consious effort to change config
+##
+if ( not ($response->{$snmpIfAdminStatus} == 1) ) {
+ $answer = "Interface $name (index $snmpkey) is administratively down.";
+ if ( not defined $adminWarn or $adminWarn eq "w" ) {
+ $state = 'WARNING';
+ } elsif ( $adminWarn eq "i" ) {
+ $state = 'OK';
+ } elsif ( $adminWarn eq "c" ) {
+ $state = 'CRITICAL';
+ } else { # If wrong value for -a, say warning
+ $state = 'WARNING';
+ }
+}
+## Check operational status
+elsif ( $response->{$snmpIfOperStatus} == 2 ) {
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) is down.";
+} elsif ( $response->{$snmpIfOperStatus} == 5 ) {
+ if (defined $dormantWarn ) {
+ if ($dormantWarn eq "w") {
+ $state = 'WARNING';
+ $answer = "Interface $name (index $snmpkey) is dormant.";
+ }elsif($dormantWarn eq "c") {
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) is dormant.";
+ }elsif($dormantWarn eq "i") {
+ $state = 'OK';
+ $answer = "Interface $name (index $snmpkey) is dormant.";
+ }
+ }else{
+ # dormant interface - but warning/critical/ignore not requested
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) is dormant.";
+ }
+} elsif ( $response->{$snmpIfOperStatus} == 6 ) {
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress.";
+} elsif ( $response->{$snmpIfOperStatus} == 7 ) {
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) down due to lower layer being down.";
+} elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) {
+ $state = 'CRITICAL';
+ $answer = "Interface $name (index $snmpkey) down (testing/unknown).";
+} else {
+ $state = 'OK';
+ $answer = "Interface $name (index $snmpkey) is up.";
+}
+
+
+
+print ("$state: $answer\n");
+exit $ERRORS{$state};
+
+
+### subroutines
+
+sub fetch_ifindex {
+ my $oid = shift;
+ my $lookup = shift;
+
+ if (!defined ($response = $session->get_table($oid))) {
+ $answer=$session->error;
+ $session->close;
+ $state = 'CRITICAL';
+ printf ("$state: SNMP error with snmp version $snmp_version ($answer)\n");
+ $session->close;
+ exit $ERRORS{$state};
+ }
+
+ foreach $key ( keys %{$response}) {
+ if ($response->{$key} =~ /^$lookup$/) {
+ $key =~ /.*\.(\d+)$/;
+ $snmpkey = $1;
+ #print "$lookup = $key / $snmpkey \n"; #debug
+ }
+ }
+ unless (defined $snmpkey) {
+ $session->close;
+ $state = 'CRITICAL';
+ printf "$state: Could not match $ifdescr on $hostname\n";
+ exit $ERRORS{$state};
+ }
+
+ return $snmpkey;
+}
+
+sub usage($) {
+ print "$_[0]\n";
+ print_usage();
+ exit $ERRORS{"UNKNOWN"};
+}
+
+sub print_usage() {
+ printf "\n";
+ printf "usage: \n";
+ printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n";
+ printf "Copyright (C) 2000 Christoph Kron\n";
+ printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n";
+ printf "This programm is licensed under the terms of the ";
+ printf "GNU General Public License\n(check source code for details)\n";
+ printf "\n\n";
+}
+
+sub print_help() {
+ print_revision($PROGNAME, '1.4.15');
+ print_usage();
+ printf "check_ifoperstatus plugin for Nagios monitors operational \n";
+ printf "status of a particular network interface on the target host\n";
+ printf "\nUsage:\n";
+ printf " -H (--hostname) Hostname to query - (required)\n";
+ printf " -C (--community) SNMP read community (defaults to public,\n";
+ printf " used with SNMP v1 and v2c\n";
+ printf " -v (--snmp_version) 1 for SNMP v1 (default)\n";
+ printf " 2 for SNMP v2c\n";
+ printf " SNMP v2c will use get_bulk for less overhead\n";
+ printf " if monitoring with -d\n";
+ printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
+ printf " -U (--secname) username for SNMPv3 context\n";
+ printf " -c (--context) SNMPv3 context name (default is empty string)\n";
+ printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
+ printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
+ printf " auth password and authEngineID\n";
+ printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
+ printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
+ printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
+ printf " privacy password and authEngineID\n";
+ printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
+ printf " -k (--key) SNMP IfIndex value\n";
+ printf " -d (--descr) SNMP ifDescr value\n";
+ printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
+ printf " -p (--port) SNMP port (default 161)\n";
+ printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n";
+ printf " you don't know what this is. \n";
+ printf " -n (--name) the value should match the returned ifName\n";
+ printf " (Implies the use of -I)\n";
+ printf " -w (--warn =i|w|c) ignore|warn|crit if the interface is dormant (default critical)\n";
+ printf " -D (--admin-down =i|w|c) same for administratively down interfaces (default warning)\n";
+ printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
+ printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n";
+ printf " -V (--version) Plugin version\n";
+ printf " -h (--help) usage help \n\n";
+ printf " -k or -d or -T must be specified\n\n";
+ printf "Note: either -k or -d or -T must be specified and -d and -T are much more network \n";
+ printf "intensive. Use it sparingly or not at all. -n is used to match against\n";
+ printf "a much more descriptive ifName value in the IfXTable to verify that the\n";
+ printf "snmpkey has not changed to some other network interface after a reboot.\n\n";
+
+}
+
+sub process_arguments() {
+ $status = GetOptions(
+ "V" => \$opt_V, "version" => \$opt_V,
+ "h" => \$opt_h, "help" => \$opt_h,
+ "v=i" => \$snmp_version, "snmp_version=i" => \$snmp_version,
+ "C=s" => \$community, "community=s" => \$community,
+ "L=s" => \$seclevel, "seclevel=s" => \$seclevel,
+ "a=s" => \$authproto, "authproto=s" => \$authproto,
+ "U=s" => \$secname, "secname=s" => \$secname,
+ "A=s" => \$authpass, "authpass=s" => \$authpass,
+ "X=s" => \$privpass, "privpass=s" => \$privpass,
+ "P=s" => \$privproto, "privproto=s" => \$privproto,
+ "c=s" => \$context, "context=s" => \$context,
+ "k=i" => \$snmpkey, "key=i",\$snmpkey,
+ "d=s" => \$ifdescr, "descr=s" => \$ifdescr,
+ "l=s" => \$lastc, "lastchange=s" => \$lastc,
+ "p=i" => \$port, "port=i" =>\$port,
+ "H=s" => \$hostname, "hostname=s" => \$hostname,
+ "I" => \$ifXTable, "ifmib" => \$ifXTable,
+ "n=s" => \$ifName, "name=s" => \$ifName,
+ "w=s" => \$dormantWarn, "warn=s" => \$dormantWarn,
+ "D=s" => \$adminWarn, "admin-down=s" => \$adminWarn,
+ "M=i" => \$maxmsgsize, "maxmsgsize=i" => \$maxmsgsize,
+ "t=i" => \$timeout, "timeout=i" => \$timeout,
+ "T=i" => \$iftype, "type=i" => \$iftype,
+ );
+
+
+ if ($status == 0){
+ print_help();
+ exit $ERRORS{'OK'};
+ }
+
+ if ($opt_V) {
+ print_revision($PROGNAME,'1.4.15');
+ exit $ERRORS{'OK'};
+ }
+
+ if ($opt_h) {
+ print_help();
+ exit $ERRORS{'OK'};
+ }
+
+ if (! utils::is_hostname($hostname)){
+ usage("Hostname invalid or not given");
+ }
+
+ unless ($snmpkey > 0 || defined $ifdescr || defined $iftype){
+ usage("Either a valid snmp key (-k) or a ifDescr (-d) must be provided");
+ }
+
+ if (defined $ifName) {
+ $ifXTable=1;
+ }
+
+ if (defined $dormantWarn) {
+ unless ($dormantWarn =~ /^(w|c|i)$/ ) {
+ printf "Dormant alerts must be one of w|c|i \n";
+ exit $ERRORS{'UNKNOWN'};
+ }
+ }
+
+ unless (defined $timeout) {
+ $timeout = $TIMEOUT;
+ }
+
+ if ($snmp_version !~ /[123]/){
+ $state='UNKNOWN';
+ print ("$state: No support for SNMP v$snmp_version yet\n");
+ exit $ERRORS{$state};
+ }
+
+ %session_opts = (
+ -hostname => $hostname,
+ -port => $port,
+ -version => $snmp_version,
+ -maxmsgsize => $maxmsgsize
+ );
+
+ $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
+
+ if ($snmp_version =~ /3/ ) {
+ # Must define a security level even though default is noAuthNoPriv
+ # v3 requires a security username
+ if (defined $seclevel && defined $secname) {
+ $session_opts{'-username'} = $secname;
+
+ # Must define a security level even though defualt is noAuthNoPriv
+ unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
+ usage("Must define a valid security level even though default is noAuthNoPriv");
+ }
+
+ # Authentication wanted
+ if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
+ if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
+ usage("Auth protocol can be either MD5 or SHA1");
+ }
+ $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
+
+ if ( !defined $authpass) {
+ usage("Auth password/key is not defined");
+ }else{
+ if ($authpass =~ /^0x/ ) {
+ $session_opts{'-authkey'} = $authpass ;
+ }else{
+ $session_opts{'-authpassword'} = $authpass ;
+ }
+ }
+ }
+
+ # Privacy (DES encryption) wanted
+ if ($seclevel eq 'authPriv' ) {
+ if (! defined $privpass) {
+ usage("Privacy passphrase/key is not defined");
+ }else{
+ if ($privpass =~ /^0x/){
+ $session_opts{'-privkey'} = $privpass;
+ }else{
+ $session_opts{'-privpassword'} = $privpass;
+ }
+ }
+
+ $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
+ }
+
+ # Context name defined or default
+ unless ( defined $context) {
+ $context = "";
+ }
+
+ }else {
+ usage("Security level or name is not defined");
+ }
+ } # end snmpv3
+
+
+}
+## End validation
+