#!/usr/local/bin/perl -w # # check_pix_conn # # by ATonns Fri Jan 17 13:15:38 EST 2003 # # monitor the critical PIX information # # $Id: check_pix_conn,v 1.3 2003/07/08 18:12:33 atonns Exp atonns $ # # check_pix_conn - monitor Cisco PIX connections # Copyright (C) 2003 - iVillage.com, Anthony Tonns # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # perl setup use strict; use Getopt::Long; use Net::SNMP (); use CGI; use IO::String; use lib "/usr/local/nagios/libexec"; use utils qw($TIMEOUT %ERRORS &print_revision &support); delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; use NWPE; # static variables my $PROGNAME = "check_pix_conn"; my $version = '$Revision: 1.3 $'; # PIX Firewall OIDs # # Number of connections # .6 is currentInUse # .7 is high # # .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt # .ciscoFirewallMIB.ciscoFirewallMIBObjects.cfwSystem.cfwStatistics # .cfwConnectionStatTable.cfwConnectionStatEntry.cfwConnectionStatValue.protoIp my $contableoid = "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40"; # auth config stuff my $username = "xxxxxxxx"; my $authpass = "xxxxxxxx"; my $privpass = "xxxxxxxx"; my $community = "xxxxxxxx"; ################################################################################ my $nwpe = NWPE->new($PROGNAME,$version); @ARGV = $nwpe->get_args; if ( ! exists $ARGV[0] ) { print "$PROGNAME: no args passed\n"; $nwpe->quit($ERRORS{UNKNOWN}); } # parse args my ($opt_V,$opt_h,$opt_H,$opt_v,$opt_w,$opt_c); Getopt::Long::Configure('bundling'); GetOptions( "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "v+" => \$opt_v, "verbose+" => \$opt_v, "H=s" => \$opt_H, "hostname=s" => \$opt_H, "w=s" => \$opt_w, "warning=s" => \$opt_w, "c=s" => \$opt_c, "critical=s" => \$opt_c, ); # check args if ( $opt_h ) { print_usage($nwpe,""); } if ( $opt_V ) { print_revision($PROGNAME,$version); $nwpe->quit($ERRORS{OK}); } if ( ! $opt_H ) { print_usage($nwpe,"must specify hostname with -H option."); } my $w_conn = $1 if ($opt_w =~ /(\d+)/); ($w_conn) || print_usage($nwpe,"Invalid connection warning threshold: $opt_w"); my $c_conn = $1 if ($opt_c =~ /(\d+)/); ($c_conn) || print_usage($nwpe,"Invalid connection critical threshold: $opt_c"); my $hostname = $opt_H; # set a timeout w/error message $SIG{'ALRM'} = sub { print ("$PROGNAME: ERROR: alarm timeout\n"); $nwpe->quit($ERRORS{UNKNOWN}); }; alarm($TIMEOUT); # establish a session my ($session,$error) = Net::SNMP->session( -hostname => $hostname, -version => "1", -community => $community, -maxmsgsize => 1048576, -timeout => $TIMEOUT, -retries => 3, ); if ( $error ) { print "$PROGNAME: session error: $error\n"; $nwpe->quit($ERRORS{UNKNOWN}); } my ($result,$key); # retreive the entire cfwConnectionStatValue $result = $session->get_table( -baseoid => $contableoid, ); if ( $session->error ) { print "$PROGNAME: get_table error: ".$session->error."\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } my ($curr_conninuse,$curr_connhigh); $key="$contableoid.6"; if ( exists $result->{$key} ) { $curr_conninuse = $result->{$key}; } else { print "$PROGNAME: missing connections in use used data\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } $key="$contableoid.7"; if ( exists $result->{$key} ) { $curr_connhigh = $result->{$key}; } else { print "$PROGNAME: missing high connections free data\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } $session->close; # since we've checked all the sanity beforehand, # start off assuming all is well my $state = $ERRORS{OK}; #my $conn #my ($curr_conninuse,$curr_connhigh); if ( $w_conn < $curr_conninuse ) { $state = $ERRORS{WARNING}; } if ( $c_conn < $curr_conninuse ) { $state = $ERRORS{CRITICAL}; } # print text for the humans my $statetxt; foreach (keys(%ERRORS)) { my $key = $_; $statetxt=$key if ( $state == $ERRORS{$key} ); } # the almighty output print "PIX Connections $statetxt - "; print "curr: $curr_conninuse, high: $curr_connhigh\n"; $nwpe->quit($state); ################################################################################ # how does this work again? sub print_usage { my ($nwpe,$msg) = @_; my $PROGNAME = $nwpe->PROGNAME; my $version = $nwpe->version; if ( $msg ) { print "$PROGNAME: $msg\n\n"; } print_revision($PROGNAME,$version); print "Usage: $PROGNAME -H hostname " . "-w warnlimit -c critlimit\n"; print "Usage: $PROGNAME --hostname=hostname " . "--warning=warnlimit --critical=critlimit\n"; print " ".' ' x length($PROGNAME) . " [-v|--verbose -V|--version -h|--help]\n"; $nwpe->quit($ERRORS{UNKNOWN}); }