#!/usr/local/bin/perl -w # # check_pix_cpu # # by ATonns Fri Jan 17 13:15:38 EST 2003 # # monitor the critical PIX information # # $Id: check_pix_cpu,v 1.3 2003/07/08 18:12:33 atonns Exp atonns $ # # check_pix_cpu - monitor Cisco PIX CPU # Copyright (C) 2003 - iVillage.com, Anthony Tonns # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # perl setup use strict; use Getopt::Long; use Net::SNMP (); use CGI; use IO::String; use lib "/usr/local/nagios/libexec"; use utils qw($TIMEOUT %ERRORS &print_revision &support); delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; use NWPE; # static variables my $PROGNAME = "check_pix_cpu"; my $version = '$Revision: 1.3 $'; # PIX Firewall OIDs # # CPU usage # .3.1 is cpmCPUTotal5sec.1 # .4.1 is cpmCPUTotal1min.1 # .5.1 is cpmCPUTotal5min.1 # # .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt # .ciscoProcessMIB.ciscoProcessMIBObjects.cpmCPU.cpmCPUTotalTable.cpmCPUTotalEntry my $cputableoid = "1.3.6.1.4.1.9.9.109.1.1.1.1"; # auth config stuff my $username = "xxxxxxxx"; my $authpass = "xxxxxxxx"; my $privpass = "xxxxxxxx"; my $community = "xxxxxxxx"; ################################################################################ my $nwpe = NWPE->new($PROGNAME,$version); @ARGV = $nwpe->get_args; if ( ! exists $ARGV[0] ) { print "$PROGNAME: no args passed\n"; $nwpe->quit($ERRORS{UNKNOWN}); } # parse args my ($opt_V,$opt_h,$opt_H,$opt_v,$opt_w,$opt_c); Getopt::Long::Configure('bundling'); GetOptions( "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "v+" => \$opt_v, "verbose+" => \$opt_v, "H=s" => \$opt_H, "hostname=s" => \$opt_H, "w=s" => \$opt_w, "warning=s" => \$opt_w, "c=s" => \$opt_c, "critical=s" => \$opt_c, ); # check args if ( $opt_h ) { print_usage($nwpe,""); } if ( $opt_V ) { print_revision($PROGNAME,$version); $nwpe->quit($ERRORS{OK}); } if ( ! $opt_H ) { print_usage($nwpe,"must specify hostname with -H option."); } my ($w_cpu5s,$w_cpu1m,$w_cpu5m) = split(',',$opt_w,3); my ($c_cpu5s,$c_cpu1m,$c_cpu5m) = split(',',$opt_c,3); map { my $input = $_; my $output = $1 if ($input =~ /(\d{1,2}\%?|100\%?)/); ($output) || print_usage($nwpe,"Invalid cpu threshold: '$input' "); } ($w_cpu5s,$w_cpu1m,$w_cpu5m,$c_cpu5s,$c_cpu1m,$c_cpu5m); my $hostname = $opt_H; # set a timeout w/error message $SIG{'ALRM'} = sub { print ("$PROGNAME: ERROR: alarm timeout\n"); $nwpe->quit($ERRORS{UNKNOWN}); }; alarm($TIMEOUT); # establish a session my ($session,$error) = Net::SNMP->session( -hostname => $hostname, -version => "1", -community => $community, -maxmsgsize => 1048576, -timeout => $TIMEOUT, -retries => 3, ); if ( $error ) { print "$PROGNAME: session error: $error\n"; $nwpe->quit($ERRORS{UNKNOWN}); } my ($result,$key); # retreive the entire cpmCPUTotalTable $result = $session->get_table( -baseoid => $cputableoid, ); if ( $session->error ) { print "$PROGNAME: get_table error: ".$session->error."\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } my ($curr_cpu5s,$curr_cpu1m,$curr_cpu5m); $key="$cputableoid.3.1"; if ( exists $result->{$key} ) { $curr_cpu5s = $result->{$key}; } else { print "$PROGNAME: missing cpu5s data\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } $key="$cputableoid.4.1"; if ( exists $result->{$key} ) { $curr_cpu1m = $result->{$key}; } else { print "$PROGNAME: missing cpu1m data\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } $key="$cputableoid.5.1"; if ( exists $result->{$key} ) { $curr_cpu5m = $result->{$key}; } else { print "$PROGNAME: missing cpu5m data\n"; $session->close; $nwpe->quit($ERRORS{UNKNOWN}); } $session->close; # since we've checked all the sanity beforehand, # start off assuming all is well my $state = $ERRORS{OK}; if ( $w_cpu5s < $curr_cpu5s || $w_cpu1m < $curr_cpu1m || $w_cpu5m < $curr_cpu5m ) { $state=$ERRORS{WARNING}; } if ( $c_cpu5s < $curr_cpu5s || $c_cpu1m < $curr_cpu1m || $c_cpu5m < $curr_cpu5m ) { $state=$ERRORS{CRITICAL}; } # print text for the humans my $statetxt; foreach (keys(%ERRORS)) { my $key = $_; $statetxt=$key if ( $state == $ERRORS{$key} ); } # the almighty output print "PIX CPU $statetxt - "; print "$curr_cpu5s\%/$curr_cpu1m\%/$curr_cpu5m\% (5s/1m/5m)\n"; $nwpe->quit($state); ################################################################################ # how does this work again? sub print_usage { my ($nwpe,$msg) = @_; my $PROGNAME = $nwpe->PROGNAME; my $version = $nwpe->version; if ( $msg ) { print "$PROGNAME: $msg\n\n"; } print_revision($PROGNAME,$version); print "Usage: $PROGNAME -H hostname " . "-w 5s,1m,5m -c 5s,1m,5m\n"; print "Usage: $PROGNAME --hostname=hostname " . "--warning=5s,1m,5m --critical=5s,1m,5m\n"; print " ".' ' x length($PROGNAME) . " [-v|--verbose -V|--version -h|--help]\n"; $nwpe->quit($ERRORS{UNKNOWN}); }