Page 2 of 2
Re: Fortigate Monitoring Plugin Issue
Posted: Mon Jul 04, 2016 2:03 am
by martin09
Hi,
I already made the changes, the scripts looks good,however whenever i execute it I still got the same error from the start. " the device is not supported" Do we need to tweak some other scripts on this one?.
Code: Select all
#!/usr/bin/perl
# This Plugin checks the status of Fortigate Firewalls
# Check for proper args....
if ($#ARGV <= 0){
&print_help();
}
my %status = ( 'UNKNOWN' => '-1',
'OK' => '0',
'WARNING' => '1',
'CRITICAL' => '2' );
my ($ip, $mode, $community, $modus, $warn, $crit, $performance) = pars_args();
@oidDescTest = (".1.3.6.1.4.1.12356.101.13.2");
until ($oidFound) {
foreach $oidDesc (@oidDescTest) {
$snmpCommand = `/usr/bin/snmpwalk -v 2c -c $community $ip $oidDesc`;
chomp $snmpCommand;
if ($snmpCommand =~ "No Such Object") {
# Do nothing
} else {
$oidFound = "yes";
$descString = $snmpCommand;
}
}
}
@descArray = split("\"", $descString);
$unitdesc = @descArray[-1];
@descArray = split(",", $unitdesc);
$unitdesc = @descArray[0];
@descArray = split(" ", $unitdesc);
$unitdesc = @descArray[0];
if ($mode =~ "cpu") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.3.1";
} elsif ($mode =~ "mem") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.4.1";
} elsif ($mode =~ "ses") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.6.1";
} else {
&print_help();
}
Re: Fortigate Monitoring Plugin Issue
Posted: Tue Jul 05, 2016 9:33 am
by rkennedy
Yeah - we may need to alter it further. I'm guessing there is one if statement that is causing the issues. Can you post the entire plugin you're attempting to use at this point?
Re: Fortigate Monitoring Plugin Issue
Posted: Wed Jul 13, 2016 1:52 am
by martin09
Hi here's the plugin codes i'm trying to use;
------------------------------------------------------------------------------------------------------------------------------------
Code: Select all
#!/usr/bin/perl
# This Plugin checks the status of Fortigate Firewalls
# Check for proper args....
if ($#ARGV <= 0){
&print_help();
}
my %status = ( 'UNKNOWN' => '-1',
'OK' => '0',
'WARNING' => '1',
'CRITICAL' => '2' );
my ($ip, $mode, $community, $modus, $warn, $crit, $performance) = pars_args();
@oidDescTest = (".1.3.6.1.4.1.12356.101.13.2");
until ($oidFound) {
foreach $oidDesc (@oidDescTest) {
$snmpCommand = `/usr/bin/snmpwalk -v 2c -c $community $ip $oidDesc`;
chomp $snmpCommand;
if ($snmpCommand =~ "No Such Object") {
# Do nothing
} else {
$oidFound = "yes";
$descString = $snmpCommand;
}
}
}
@descArray = split("\"", $descString);
$unitdesc = @descArray[-1];
@descArray = split(",", $unitdesc);
$unitdesc = @descArray[0];
@descArray = split(" ", $unitdesc);
$unitdesc = @descArray[0];
if ($mode =~ "cpu") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.3.1";
} elsif ($mode =~ "mem") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.4.1";
} elsif ($mode =~ "ses") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.6.1";
} else {
&print_help();
}
eval {
$snmpCommand = `/usr/bin/snmpwalk -v 2c -c $community $ip $oid`;
chomp $snmpCommand;
} or do {
system("clear");
print "\nOops! Your model doesn't seem to be supported by this script... Yet!\n\n";
print "If you want to help out, try running the following command (replace \"FGXXXXXXXXXXXXXX\" with your Fortigate's serial number):\n\n";
print " snmpwalk -v 2c -c public [FortiGate IP address] .1.3.6.1.4.1.12356 | grep -iR \"FGXXXXXXXXXXXXXX\"\n";
print "\n";
print "The OIDs for CPU usage and other stats are almost always found near an OID containing the unit's serial number.\n\n";
print "For example, here's the output I get:\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 .1.3.6.1.4.1.12356 | grep -iR \"FGT80C1234567890\"\n";
print " iso.3.6.1.4.1.12356.100.1.1.1.0 = STRING: \"FGT80C1234567890\"\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.2.1 = STRING: \"FGT80C1234567890\"\n\n";
print "Now, all I need is to find which OID branch contains the info I want.\nTo do this, I grab the OID of the first result...\n\n";
print " iso.3.6.1.4.1.12356.100.1.1.1.0\n\n";
print "... remove the last two digits...\n\n";
print " iso.3.6.1.4.1.12356.100.1.1\n\n";
print "... and use that with snmpwalk.\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 iso.3.6.1.4.1.12356.100.1.1\n";
print " iso.3.6.1.4.1.12356.100.1.1.1.0 = STRING: \"FGT80C1234567890\"\n\n";
print "Hmmm. Nothing useful here.\n\nLet's try the second value.\n\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.2.1\n\n";
print "... remove the last two digits...\n\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1\n\n";
print "... and try that with snmpwalk!\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 iso.3.6.1.4.1.12356.101.13.2.1.1\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.1.1 = INTEGER: 1\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.2.1 = STRING: \"FGT80C1234567890\"\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.3.1 = Gauge32: 99\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.4.1 = Gauge32: 72\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.5.1 = Gauge32: 19690\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.6.1 = Gauge32: 212\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.7.1 = Counter32: 4185780372\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.8.1 = Counter32: 2786324006\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.9.1 = Counter32: 0\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.10.1 = Counter32: 0\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.11.1 = \"\"\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.11.1 = No more variables left in this MIB View (It is past the end of the MIB tree)\n\n";
print "Ooohhh... I like this!\nThe third and fourth values turn out to be the values for CPU and RAM usage, respectively..\n\n";
print "So, try to find the values for your model, and I'll update the script with your findings.\n\n";
exit($status{"UNKNOWN"});
};
if ($mode =~ "cpu") {
@cpuArray = split(" ", $snmpCommand);
$usage = @cpuArray[-1]."%";
$usagestring = "CPU Usage";
} elsif ($mode =~ "mem") {
@memArray = split(":", $snmpCommand);
$usage = @memArray[-1]."%";
$usagestring = "Memory Usage";
} elsif ($mode =~ "ses") {
@sesArray = split(" ", $snmpCommand);
$usage = @sesArray[-1];
$warn = "1800000";
$crit = "2100000";
$usagestring = "Active IP Sessions";
}
$usage =~ s/^\s+//; # Remove leading...
$usage =~ s/\s+$//; # ...and trailing spaces
my $string_errors="";
my $state = "OK";
my $unitstate="OK";
if ($modus >= 1 )
{
if ($usage >= $warn)
{
$unitstate="WARNING";
}
if ($usage >= $crit)
{
$unitstate="CRITICAL";
}
}
my $string = $unitdesc . ": " . $unitstate;
$string = $string . ", $usagestring: " . $usage;
my $perfstring="";
if ( $performance eq "yes" )
{
$perfstring="| $usagestring=".$usage.";".$warn.";".$crit;
}
$string = $string.$perfstring;
if($string =~/uknw/){
$state = "UNKNOWN";
}
if($string =~/WARNING/){
$state = "WARNING";
}
if($string =~/down/){
$state = "CRITICAL";
}
if($string =~ m/critical/i){
$state = "CRITICAL";
}
print $string."\n";
exit($status{$state});
sub pars_args
{
my $ip = "";
my $mode = "";
my $community = "public";
my $modus = "2";
my $warn = "80";
my $crit = "90";
my $performance = "yes";
while(@ARGV)
{
if($ARGV[0] =~/^-H|^--host/)
{
$ip = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-m|^--mode/)
{
$mode = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-C|^--community/)
{
$community = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-M|^--modus/)
{
$modus = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-w|^--warn/)
{
$warn = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-c|^--crit/)
{
$crit = $ARGV[1];
shift @ARGV;
shift @ARGV;
next;
}
if($ARGV[0] =~/^-f|^-F/)
{
$performance = "yes";
shift @ARGV;
next;
}
}
return ($ip, $mode, $community, $modus, $warn, $crit, $performance);
}
sub print_help() {
print "\n";
print "Usage: check_fortigate_status -H host -m mode [-C community] [-M X] [-w XX] [-c XX]\n\n";
print "Options:\n\n";
print " -H, --host hostname (or IP address)\n";
print " Check interface on the indicated host.\n\n";
print " -m, --mode STRING\n";
print " What to check\n";
print " Valid values are:\n";
print " cpu Returns CPU usage\n";
print " memory Returns memory usage\n";
print " sessions Returns the number of active IP sessions\n\n";
print " -C, --community STRING\n";
print " SNMP community string\n";
print " Default: public\n\n";
print " -M, --modus X\n";
print " 0: Just monitor, no alarms\n";
print " 1: Threshold excesses will cause alarms\n";
print " Default: 2\n\n";
print " -w, --warn XX\n";
print " Nagios warning threshold\n";
print " Percent value for \"memory\" and \"cpu\" modes\n";
print " Default: 80%\n";
print " Integer value for \"sessions\" mode\n";
print " Default: 1500\n\n";
print " -c, --crit XX\n";
print " Nagios critical threshold\n";
print " Percent value for \"memory\" and \"cpu\" modes\n";
print " Default: 90%\n";
print " Integer value for \"sessions\" mode\n";
print " Default: 2000\n";
#print " -F Also giving performance data output.\n\n";
#print "This plugin checks certain performance stats and gives the current utilization.\n\n";
exit($status{"UNKNOWN"});
}
Re: Fortigate Monitoring Plugin Issue
Posted: Wed Jul 13, 2016 12:35 pm
by ssax
Thanks, please post the exact command you are using as well.
Also, when pasting code, please wrap it in code tags.
Re: Fortigate Monitoring Plugin Issue
Posted: Mon Jul 18, 2016 5:27 am
by martin09
Hi Here's the command I'm using
From command.cfg
Code: Select all
define command{
command_name check_fortigate_status
command_line $USER1$/check_fortigate_status -H $HOSTADDRESS$ -m $ARG1$ -C $ARG2$ -M 1 -w $ARG3$ -c $ARG4$
}
Re: Fortigate Monitoring Plugin Issue
Posted: Mon Jul 18, 2016 1:47 pm
by tgriep
Can you login to the Nagios server, run the following commands and post the output?
Replace xxx.xxx.xxx.xxx with the IP address and the <community> with the community string.
Code: Select all
/usr/local/nagios/libexec/check_fortigate_status -H xxx.xxx.xxx.xxx -m cpu -C <community> -M 1
/usr/local/nagios/libexec/check_fortigate_status -H xxx.xxx.xxx.xxx -m mem -C <community> -M 1
/usr/local/nagios/libexec/check_fortigate_status -H xxx.xxx.xxx.xxx -m ses -C <community> -M 1
Re: Fortigate Monitoring Plugin Issue
Posted: Mon Jul 18, 2016 1:59 pm
by tgriep
One more thing to try if the above fails. It could be the OID is incorrect. Edit that script again and change the following from
Code: Select all
if ($mode =~ "cpu") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.3.1";
} elsif ($mode =~ "mem") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.4.1";
} elsif ($mode =~ "ses") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.6.1";
} else {
&print_help();
}
to
Code: Select all
if ($mode =~ "cpu") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.3";
} elsif ($mode =~ "mem") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.4";
} elsif ($mode =~ "ses") {
$oid = ".1.3.6.1.4.1.12356.101.13.2.1.1.6";
} else {
&print_help();
}
Then let us know if either of these work for you.