diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 362 | ||||
| -rwxr-xr-x | plugins-scripts/check_ifstatus.pl | 170 | ||||
| -rw-r--r-- | plugins-scripts/t/check_ifoperstatus.t | 73 | ||||
| -rw-r--r-- | plugins-scripts/t/check_ifstatus.t | 63 |
5 files changed, 365 insertions, 305 deletions
@@ -39,6 +39,8 @@ This file documents the major additions and syntax changes between releases. Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675) check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster) + Fixed SNMPv3 behaviour of check_ifoperstatus and check_ifstatus. Added -P to define privprotocol (#2343438 - Robin Schroeder) + check_ifoperstatus and check_ifstatus are now more user-friendly in case of missing arguments 1.4.13 25th Sept 2008 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index d0a1655a..588993be 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -43,25 +43,26 @@ use Getopt::Long; my $PROGNAME = "check_ifoperstatus"; sub print_help (); -sub usage (); +sub usage ($); +sub print_usage (); sub process_arguments (); my $timeout; my $status; my %ifOperStatus = ('1','up', - '2','down', - '3','testing', - '4','unknown', - '5','dormant', - '6','notPresent', - '7','lowerLayerDown'); # down due to the state of lower layer interface(s) + '2','down', + '3','testing', + '4','unknown', + '5','dormant', + '6','notPresent', + '7','lowerLayerDown'); # down due to the state of lower layer interface(s) my $state = "UNKNOWN"; my $answer = ""; my $snmpkey = 0; my $community = "public"; my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 -my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); +my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context); my $port = 161; my @snmpoids; my $sysUptime = '1.3.6.1.2.1.1.3.0'; @@ -89,6 +90,7 @@ my $lastc; my $dormantWarn; my $adminWarn; my $name; +my %session_opts; ### Validate Arguments @@ -97,19 +99,28 @@ $status = process_arguments(); # Just in case of problems, let's not hang Nagios $SIG{'ALRM'} = sub { - print ("ERROR: No snmp response from $hostname (alarm)\n"); - exit $ERRORS{"UNKNOWN"}; + print ("ERROR: No snmp response from $hostname (alarm)\n"); + exit $ERRORS{"UNKNOWN"}; }; alarm($timeout); +($session, $error) = Net::SNMP->session(%session_opts); + + +if (!defined($session)) { + $state='UNKNOWN'; + $answer=$error; + print ("$state: $answer\n"); + exit $ERRORS{$state}; +} ## map ifdescr to ifindex - should look at being able to cache this value if (defined $ifdescr || defined $iftype) { # escape "/" in ifdescr - very common in the Cisco world if (defined $iftype) { - $status=fetch_ifindex($snmpIfType, $iftype); + $status=fetch_ifindex($snmpIfType, $iftype); } else { $ifdescr =~ s/\//\\\//g; $status=fetch_ifindex($snmpIfDescr, $ifdescr); # if using on device with large number of interfaces @@ -138,88 +149,86 @@ push(@snmpoids,$snmpIfDescr); push(@snmpoids,$snmpIfName) if (defined $ifXTable) ; push(@snmpoids,$snmpIfAlias) if (defined $ifXTable) ; - if (!defined($response = $session->get_request(@snmpoids))) { - $answer=$session->error; - $session->close; - $state = 'WARNING'; - print ("$state: SNMP error: $answer\n"); - exit $ERRORS{$state}; - } - - $answer = sprintf("host '%s', %s(%s) is %s\n", - $hostname, - $response->{$snmpIfDescr}, - $snmpkey, - $ifOperStatus{$response->{$snmpIfOperStatus}} - ); - - - ## Check to see if ifName match is requested and it matches - exit if no match - ## not the interface we want to monitor - if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) { - $state = 'UNKNOWN'; - $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)"; - print ("$state: $answer\n"); - exit $ERRORS{$state}; - } - - ## define the interface name - if (defined $ifXTable) { - $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ; - }else{ - $name = $response->{$snmpIfDescr} ; - } - - ## if AdminStatus is down - some one made a consious effort to change config - ## - if ( not ($response->{$snmpIfAdminStatus} == 1) ) { - $answer = "Interface $name (index $snmpkey) is administratively down."; - if ( not defined $adminWarn or $adminWarn eq "w" ) { - $state = 'WARNING'; - } elsif ( $adminWarn eq "i" ) { - $state = 'OK'; - } elsif ( $adminWarn eq "c" ) { - $state = 'CRITICAL'; - } else { # If wrong value for -a, say warning - $state = 'WARNING'; - } - } - ## Check operational status - elsif ( $response->{$snmpIfOperStatus} == 2 ) { - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) is down."; - } elsif ( $response->{$snmpIfOperStatus} == 5 ) { - if (defined $dormantWarn ) { - if ($dormantWarn eq "w") { - $state = 'WARNING'; - $answer = "Interface $name (index $snmpkey) is dormant."; - }elsif($dormantWarn eq "c") { - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) is dormant."; - }elsif($dormantWarn eq "i") { - $state = 'OK'; - $answer = "Interface $name (index $snmpkey) is dormant."; - } - }else{ - # dormant interface - but warning/critical/ignore not requested - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) is dormant."; - } - } elsif ( $response->{$snmpIfOperStatus} == 6 ) { - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress."; - } elsif ( $response->{$snmpIfOperStatus} == 7 ) { - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) down due to lower layer being down."; +if (!defined($response = $session->get_request(@snmpoids))) { + $answer=$session->error; + $session->close; + $state = 'WARNING'; + print ("$state: SNMP error: $answer\n"); + exit $ERRORS{$state}; +} - } elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) { - $state = 'CRITICAL'; - $answer = "Interface $name (index $snmpkey) down (testing/unknown)."; +$answer = sprintf("host '%s', %s(%s) is %s\n", + $hostname, + $response->{$snmpIfDescr}, + $snmpkey, + $ifOperStatus{$response->{$snmpIfOperStatus}} +); + + +## Check to see if ifName match is requested and it matches - exit if no match +## not the interface we want to monitor +if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) { + $state = 'UNKNOWN'; + $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)"; + print ("$state: $answer\n"); + exit $ERRORS{$state}; +} + +## define the interface name +if (defined $ifXTable) { + $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ; +}else{ + $name = $response->{$snmpIfDescr} ; +} - } else { - $state = 'OK'; - $answer = "Interface $name (index $snmpkey) is up."; - } +## if AdminStatus is down - some one made a consious effort to change config +## +if ( not ($response->{$snmpIfAdminStatus} == 1) ) { + $answer = "Interface $name (index $snmpkey) is administratively down."; + if ( not defined $adminWarn or $adminWarn eq "w" ) { + $state = 'WARNING'; + } elsif ( $adminWarn eq "i" ) { + $state = 'OK'; + } elsif ( $adminWarn eq "c" ) { + $state = 'CRITICAL'; + } else { # If wrong value for -a, say warning + $state = 'WARNING'; + } +} +## Check operational status +elsif ( $response->{$snmpIfOperStatus} == 2 ) { + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) is down."; +} elsif ( $response->{$snmpIfOperStatus} == 5 ) { + if (defined $dormantWarn ) { + if ($dormantWarn eq "w") { + $state = 'WARNING'; + $answer = "Interface $name (index $snmpkey) is dormant."; + }elsif($dormantWarn eq "c") { + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) is dormant."; + }elsif($dormantWarn eq "i") { + $state = 'OK'; + $answer = "Interface $name (index $snmpkey) is dormant."; + } + }else{ + # dormant interface - but warning/critical/ignore not requested + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) is dormant."; + } +} elsif ( $response->{$snmpIfOperStatus} == 6 ) { + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress."; +} elsif ( $response->{$snmpIfOperStatus} == 7 ) { + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) down due to lower layer being down."; +} elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) { + $state = 'CRITICAL'; + $answer = "Interface $name (index $snmpkey) down (testing/unknown)."; +} else { + $state = 'OK'; + $answer = "Interface $name (index $snmpkey) is up."; +} @@ -259,22 +268,28 @@ sub fetch_ifindex { return $snmpkey; } -sub usage() { - printf "\nMissing arguments!\n"; - printf "\n"; - printf "usage: \n"; - printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n"; - printf "Copyright (C) 2000 Christoph Kron\n"; - printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n"; - printf "This programm is licensed under the terms of the "; - printf "GNU General Public License\n(check source code for details)\n"; - printf "\n\n"; - exit $ERRORS{"UNKNOWN"}; +sub usage($) { + print "$_[0]\n"; + print_usage(); + exit $ERRORS{"UNKNOWN"}; +} + +sub print_usage() { + printf "\n"; + printf "usage: \n"; + printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n"; + printf "Copyright (C) 2000 Christoph Kron\n"; + printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n"; + printf "This programm is licensed under the terms of the "; + printf "GNU General Public License\n(check source code for details)\n"; + printf "\n\n"; } sub print_help() { + print_revision($PROGNAME, '@NP_VERSION@'); + print_usage(); printf "check_ifoperstatus plugin for Nagios monitors operational \n"; - printf "status of a particular network interface on the target host\n"; + printf "status of a particular network interface on the target host\n"; printf "\nUsage:\n"; printf " -H (--hostname) Hostname to query - (required)\n"; printf " -C (--community) SNMP read community (defaults to public,\n"; @@ -285,19 +300,20 @@ sub print_help() { printf " if monitoring with -d\n"; printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n"; printf " -U (--secname) username for SNMPv3 context\n"; - printf " -c (--context) SNMPv3 context name (default is empty string)"; + printf " -c (--context) SNMPv3 context name (default is empty string)\n"; printf " -A (--authpass) authentication password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " auth password and authEngineID\n"; - printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n"; + printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n"; printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " privacy password and authEngineID\n"; + printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n"; printf " -k (--key) SNMP IfIndex value\n"; printf " -d (--descr) SNMP ifDescr value\n"; printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; printf " -p (--port) SNMP port (default 161)\n"; - printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n"; + printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n"; printf " you don't know what this is. \n"; printf " -n (--name) the value should match the returned ifName\n"; printf " (Implies the use of -I)\n"; @@ -312,7 +328,6 @@ sub print_help() { printf "intensive. Use it sparingly or not at all. -n is used to match against\n"; printf "a much more descriptive ifName value in the IfXTable to verify that the\n"; printf "snmpkey has not changed to some other network interface after a reboot.\n\n"; - print_revision($PROGNAME, '@NP_VERSION@'); } @@ -327,6 +342,7 @@ sub process_arguments() { "U=s" => \$secname, "secname=s" => \$secname, "A=s" => \$authpass, "authpass=s" => \$authpass, "X=s" => \$privpass, "privpass=s" => \$privpass, + "P=s" => \$privproto, "privproto=s" => \$privproto, "c=s" => \$context, "context=s" => \$context, "k=i" => \$snmpkey, "key=i",\$snmpkey, "d=s" => \$ifdescr, "descr=s" => \$ifdescr, @@ -343,12 +359,11 @@ sub process_arguments() { ); - if ($status == 0){ print_help(); exit $ERRORS{'OK'}; } - + if ($opt_V) { print_revision($PROGNAME,'@NP_VERSION@'); exit $ERRORS{'OK'}; @@ -360,19 +375,14 @@ sub process_arguments() { } if (! utils::is_hostname($hostname)){ - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Hostname invalid or not given"); } - unless ($snmpkey > 0 || defined $ifdescr || defined $iftype){ - printf "Either a valid snmpkey key (-k) or a ifDescr (-d) must be provided)\n"; - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Either a valid snmp key (-k) or a ifDescr (-d) must be provided"); } - - if (defined $name) { + if (defined $ifName) { $ifXTable=1; } @@ -387,128 +397,76 @@ sub process_arguments() { $timeout = $TIMEOUT; } + if ($snmp_version !~ /[123]/){ + $state='UNKNOWN'; + print ("$state: No support for SNMP v$snmp_version yet\n"); + exit $ERRORS{$state}; + } + + %session_opts = ( + -hostname => $hostname, + -port => $port, + -version => $snmp_version, + -maxmsgsize => $maxmsgsize + ); + + $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/); + if ($snmp_version =~ /3/ ) { # Must define a security level even though default is noAuthNoPriv # v3 requires a security username - if (defined $seclevel && defined $secname) { + if (defined $seclevel && defined $secname) { + $session_opts{'-username'} = $secname; # Must define a security level even though defualt is noAuthNoPriv unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Must define a valid security level even though default is noAuthNoPriv"); } # Authentication wanted if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { - - unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') { + usage("Auth protocol can be either MD5 or SHA1"); } + $session_opts{'-authprotocol'} = $authproto if(defined $authproto); if ( !defined $authpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Auth password/key is not defined"); }else{ if ($authpass =~ /^0x/ ) { - $auth = "-authkey => $authpass" ; + $session_opts{'-authkey'} = $authpass ; }else{ - $auth = "-authpassword => $authpass"; + $session_opts{'-authpassword'} = $authpass ; } } - } # Privacy (DES encryption) wanted - if ($seclevel eq 'authPriv' ) { + if ($seclevel eq 'authPriv' ) { if (! defined $privpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Privacy passphrase/key is not defined"); }else{ if ($privpass =~ /^0x/){ - $priv = "-privkey => $privpass"; + $session_opts{'-privkey'} = $privpass; }else{ - $priv = "-privpassword => $privpass"; + $session_opts{'-privpassword'} = $privpass; } } + + $session_opts{'-privprotocol'} = $privproto if(defined $privproto); } # Context name defined or default - unless ( defined $context) { $context = ""; } - - }else { - usage(); - exit $ERRORS{'UNKNOWN'}; ; + usage("Security level or name is not defined"); } } # end snmpv3 - if ( $snmp_version =~ /[12]/ ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -community => $community, - -port => $port, - -version => $snmp_version, - -maxmsgsize => $maxmsgsize - ); - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer\n"); - exit $ERRORS{$state}; - } - - }elsif ( $snmp_version =~ /3/ ) { - - if ($seclevel eq 'noAuthNoPriv') { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - ); - - }elsif ( $seclevel eq 'authNoPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - $auth, - -authprotocol => $authproto, - ); - }elsif ($seclevel eq 'authPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - $auth, - -authprotocol => $authproto, - $priv - ); - } - - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer\n"); - exit $ERRORS{$state}; - } - - }else{ - $state='UNKNOWN'; - print ("$state: No support for SNMP v$snmp_version yet\n"); - exit $ERRORS{$state}; - } - } ## End validation diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index bae3ffa7..22638234 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -42,7 +42,8 @@ Getopt::Long::Configure('bundling'); my $PROGNAME = "check_ifstatus"; sub print_help (); -sub usage (); +sub usage ($); +sub print_usage (); sub process_arguments (); @@ -63,7 +64,7 @@ my $snmpoid=0; my $key=0; my $community = "public"; my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 -my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); +my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context); my $port = 161; my @snmpoids; my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7'; @@ -92,6 +93,7 @@ my $opt_u; my $opt_x ; my %excluded ; my @unused_ports ; +my %session_opts; @@ -115,6 +117,15 @@ if ($status != 0) alarm($timeout); +($session, $error) = Net::SNMP->session(%session_opts); + +if (!defined($session)) { + $state='UNKNOWN'; + $answer=$error; + print ("$state: $answer\n"); + exit $ERRORS{$state}; +} + push(@snmpoids,$snmpIfOperStatus); push(@snmpoids,$snmpIfAdminStatus); @@ -209,19 +220,25 @@ my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$i print ("$state: $answer |$perfdata\n"); exit $ERRORS{$state}; +sub usage($) { + print "$_[0]\n"; + print_usage(); + exit $ERRORS{"UNKNOWN"}; +} -sub usage (){ - printf "\nMissing arguments!\n"; +sub print_usage() { printf "\n"; + printf "usage: \n"; printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n"; printf "Copyright (C) 2000 Christoph Kron\n"; printf "Updates 5/2002 Subhendu Ghosh\n"; - printf "\n\n"; support(); - exit $ERRORS{"UNKNOWN"}; + printf "\n\n"; } -sub print_help (){ +sub print_help() { + print_revision($PROGNAME, '@NP_VERSION@'); + print_usage(); printf "check_ifstatus plugin for Nagios monitors operational \n"; printf "status of each network interface on the target host\n"; printf "\nUsage:\n"; @@ -242,14 +259,15 @@ sub print_help (){ printf " See the IANAifType-MIB for a list of interface types.\n"; printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n"; printf " -U (--secname) username for SNMPv3 context\n"; - printf " -c (--context) SNMPv3 context name (default is empty string)"; + printf " -c (--context) SNMPv3 context name (default is empty string)\n"; printf " -A (--authpass) authentication password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " auth password and authEngineID\n"; - printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n"; + printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n"; printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " privacy password and authEngineID\n"; + printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n"; printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n"; printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n"; printf " -V (--version) Plugin version\n"; @@ -269,6 +287,7 @@ sub process_arguments() { "U=s" => \$secname, "secname=s" => \$secname, "A=s" => \$authpass, "authpass=s" => \$authpass, "X=s" => \$privpass, "privpass=s" => \$privpass, + "P=s" => \$privproto, "privproto=s" => \$privproto, "c=s" => \$context, "context=s" => \$context, "p=i" =>\$port, "port=i" => \$port, "H=s" => \$hostname, "hostname=s" => \$hostname, @@ -280,9 +299,10 @@ sub process_arguments() { ); if ($status == 0){ - print_help() ; + print_help(); exit $ERRORS{'OK'}; } + if ($opt_V) { print_revision($PROGNAME,'@NP_VERSION@'); exit $ERRORS{'OK'}; @@ -297,68 +317,75 @@ sub process_arguments() { $timeout = $TIMEOUT; } + if ($snmp_version !~ /[123]/){ + $state='UNKNOWN'; + print ("$state: No support for SNMP v$snmp_version yet\n"); + exit $ERRORS{$state}; + } + + %session_opts = ( + -hostname => $hostname, + -port => $port, + -version => $snmp_version, + -maxmsgsize => $maxmsgsize + ); + + $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/); + if ($snmp_version =~ /3/ ) { # Must define a security level even though default is noAuthNoPriv # v3 requires a security username - if (defined $seclevel && defined $secname) { + if (defined $seclevel && defined $secname) { + $session_opts{'-username'} = $secname; # Must define a security level even though defualt is noAuthNoPriv - unless ($seclevel eq ('noAuthNoPriv' || 'authNoPriv' || 'authPriv' ) ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { + usage("Must define a valid security level even though default is noAuthNoPriv"); } # Authentication wanted - if ($seclevel eq ('authNoPriv' || 'authPriv') ) { - - unless ($authproto eq ('MD5' || 'SHA1') ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { + if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') { + usage("Auth protocol can be either MD5 or SHA1"); } + $session_opts{'-authprotocol'} = $authproto if(defined $authproto); if ( !defined $authpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Auth password/key is not defined"); }else{ if ($authpass =~ /^0x/ ) { - $auth = "-authkey => $authpass" ; + $session_opts{'-authkey'} = $authpass ; }else{ - $auth = "-authpassword => $authpass"; + $session_opts{'-authpassword'} = $authpass ; } } - } # Privacy (DES encryption) wanted - if ($seclevel eq 'authPriv' ) { + if ($seclevel eq 'authPriv' ) { if (! defined $privpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Privacy passphrase/key is not defined"); }else{ if ($privpass =~ /^0x/){ - $priv = "-privkey => $privpass"; + $session_opts{'-privkey'} = $privpass; }else{ - $priv = "-privpassword => $privpass"; + $session_opts{'-privpassword'} = $privpass; } } + + $session_opts{'-privprotocol'} = $privproto if(defined $privproto); } # Context name defined or default - unless ( defined $context) { $context = ""; } - - }else { - usage(); - exit $ERRORS{'UNKNOWN'}; ; + usage("Security level or name is not defined"); } } # end snmpv3 - # for snmp v1 & v2c we default to community = "public" - # Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces if (defined $opt_x) { my @x = split(/,/, $opt_x); @@ -380,79 +407,16 @@ sub process_arguments() { } if (! utils::is_hostname($hostname)){ - usage(); + usage("Hostname invalid or not given"); exit $ERRORS{"UNKNOWN"}; } - # create SNMP session handle based on options passed. - - if ( ! $snmp_version ) { - $snmp_version =1 ; - }else{ - if ( $snmp_version =~ /[12]/ ) { - - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -community => $community, - -port => $port, - -version => $snmp_version, - -maxmsgsize => $maxmsgsize - ); - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer"); - exit $ERRORS{$state}; - } - - }elsif ( $snmp_version =~ /3/ ) { - - if ($seclevel eq 'noAuthNoPriv') { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - ); - - }elsif ( $seclevel eq 'authNoPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - -authprotocol => $authproto, - $auth - ); - }elsif ($seclevel eq 'authPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - -authprotocol => $authproto, - $auth, - $priv - ); - } - - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer"); - exit $ERRORS{$state}; - } - - }else{ + if ($snmp_version !~ /[123]/) { $state='UNKNOWN'; print ("$state: No support for SNMP v$snmp_version yet\n"); exit $ERRORS{$state}; } -} return $ERRORS{"OK"}; - } diff --git a/plugins-scripts/t/check_ifoperstatus.t b/plugins-scripts/t/check_ifoperstatus.t new file mode 100644 index 00000000..1267f415 --- /dev/null +++ b/plugins-scripts/t/check_ifoperstatus.t @@ -0,0 +1,73 @@ +#! /usr/bin/perl -w -I .. +# +# SNMP Test via check_ifoperstatus +# +# + +use strict; +use Test::More; +use NPTest; + +my $tests = 15; +plan tests => $tests; +my $res; + +my $plugin = "check_ifoperstatus"; +SKIP: { + skip "$plugin is not created", $tests if ( ! -x $plugin ); + + my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost", + "A host providing an SNMP Service"); + + my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public", + "The SNMP Community string for SNMP Testing (assumes snmp v1)" ); + + my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", + "The hostname of system not responsive to network requests" ); + + my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", + "An invalid (not known to DNS) hostname" ); + + $res = NPTest->testCmd( "./$plugin" ); + is( $res->return_code, 3, "No arguments" ); + like( $res->output, '/usage/', "Output contains usage" ); + + $res = NPTest->testCmd( "./$plugin -H fakehostname" ); + is( $res->return_code, 3, "No key/descr specified" ); + like( $res->output, '/Either a valid snmp key/', "Output contains 'Either a valid snmp key'" ); + + $res = NPTest->testCmd( "./$plugin -H fakehost -k 1 -v 3 --seclevel rubbish --secname foobar" ); + is( $res->return_code, 3, "invalid seclevel" ); + like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" ); + + SKIP: { + skip "no snmp host defined", 6 if ( ! $host_snmp ); + + $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -k 1"); + cmp_ok( $res->return_code, '==', 0, "Exit OK for ifindex 1" ); + like($res->output, '/^OK.*Interface.*is up/', "String contains OK Interface is up"); + + $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -d lo"); + cmp_ok( $res->return_code, '==', 0, "Exit OK for ifdescr lo" ); + like($res->output, '/^OK.*Interface.*is up/', "String contains OK Interface is up"); + + $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community -k 1 -n rubbish"); + cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN if interface name doesn't match" ); + like($res->output, '/doesn\'t match snmp value/', "String contains 'doesn't match snmp value'"); + + } + + SKIP: { + skip "no non responsive host defined", 1 if ( ! $host_nonresponsive ); + $res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community -k 1"); + cmp_ok( $res->return_code, '==', 1, "Exit WARNING with non responsive host" ); + } + + SKIP: { + skip "no invalid host defined", 2 if ( ! $hostname_invalid ); + $res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community -k 1"); + cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" ); + like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid"); + } + +} diff --git a/plugins-scripts/t/check_ifstatus.t b/plugins-scripts/t/check_ifstatus.t new file mode 100644 index 00000000..c5169d90 --- /dev/null +++ b/plugins-scripts/t/check_ifstatus.t @@ -0,0 +1,63 @@ +#! /usr/bin/perl -w -I .. +# +# SNMP Test via check_ifoperstatus +# +# + +use strict; +use Test::More; +use NPTest; + +my $tests = 9; +plan tests => $tests; +my $res; + +my $plugin = "check_ifstatus"; +SKIP: { + skip "$plugin is not created", $tests if ( ! -x $plugin ); + + my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost", + "A host providing an SNMP Service"); + + my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public", + "The SNMP Community string for SNMP Testing (assumes snmp v1)" ); + + my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", + "The hostname of system not responsive to network requests" ); + + my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", + "An invalid (not known to DNS) hostname" ); + + $res = NPTest->testCmd( "./$plugin" ); + is( $res->return_code, 3, "No arguments" ); + like( $res->output, '/usage/', "Output contains usage" ); + + $res = NPTest->testCmd( "./$plugin -H fakehost -v 3 --seclevel rubbish --secname foobar" ); + is( $res->return_code, 3, "invalid seclevel" ); + like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" ); + + SKIP: { + skip "no snmp host defined", 2 if ( ! $host_snmp ); + + $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community "); + like($res->output, '/^.*host.*interfaces up/', "String contains host.*interfaces up"); + + $res = NPTest->testCmd( "./$plugin -H $host_snmp -C rubbish"); + cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL for community 'rubbish'" ); + + } + + SKIP: { + skip "no non responsive host defined", 1 if ( ! $host_nonresponsive ); + $res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community"); + cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" ); + } + + SKIP: { + skip "no invalid host defined", 2 if ( ! $hostname_invalid ); + $res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community"); + cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" ); + like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid"); + } + +} |