diff options
| author | Matthias Eble <psychotrahe@gmx.de> | 2009-06-11 01:17:58 +0200 |
|---|---|---|
| committer | Matthias Eble <psychotrahe@gmx.de> | 2009-06-11 01:17:58 +0200 |
| commit | 5195074095cac48dd15d857bce69c1aa909ec2b2 (patch) | |
| tree | 6ebdfa3f9472c678e6a9df183f260205986b6860 | |
| parent | aff6140989777cbf128e9e4d6e35531372c284c1 (diff) | |
| download | monitoring-plugins-5195074095cac48dd15d857bce69c1aa909ec2b2.tar.gz | |
Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.
Additionally the -x argument was added to specify the privprotocol.
| -rw-r--r-- | NEWS | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 110 |
2 files changed, 40 insertions, 71 deletions
| @@ -39,6 +39,7 @@ This file documents the major additions and syntax changes between releases. | |||
| 39 | Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675) | 39 | Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675) |
| 40 | check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds | 40 | check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds |
| 41 | check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster) | 41 | check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster) |
| 42 | Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder) | ||
| 42 | 43 | ||
| 43 | 1.4.13 25th Sept 2008 | 44 | 1.4.13 25th Sept 2008 |
| 44 | Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) | 45 | Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) |
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index d0a1655a..503f1e41 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl | |||
| @@ -61,7 +61,7 @@ my $answer = ""; | |||
| 61 | my $snmpkey = 0; | 61 | my $snmpkey = 0; |
| 62 | my $community = "public"; | 62 | my $community = "public"; |
| 63 | my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 | 63 | my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 |
| 64 | my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); | 64 | my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context); |
| 65 | my $port = 161; | 65 | my $port = 161; |
| 66 | my @snmpoids; | 66 | my @snmpoids; |
| 67 | my $sysUptime = '1.3.6.1.2.1.1.3.0'; | 67 | my $sysUptime = '1.3.6.1.2.1.1.3.0'; |
| @@ -89,12 +89,14 @@ my $lastc; | |||
| 89 | my $dormantWarn; | 89 | my $dormantWarn; |
| 90 | my $adminWarn; | 90 | my $adminWarn; |
| 91 | my $name; | 91 | my $name; |
| 92 | my %session_opts; | ||
| 92 | 93 | ||
| 93 | ### Validate Arguments | 94 | ### Validate Arguments |
| 94 | 95 | ||
| 95 | $status = process_arguments(); | 96 | $status = process_arguments(); |
| 96 | 97 | ||
| 97 | 98 | ||
| 99 | use Data::Dumper; | ||
| 98 | # Just in case of problems, let's not hang Nagios | 100 | # Just in case of problems, let's not hang Nagios |
| 99 | $SIG{'ALRM'} = sub { | 101 | $SIG{'ALRM'} = sub { |
| 100 | print ("ERROR: No snmp response from $hostname (alarm)\n"); | 102 | print ("ERROR: No snmp response from $hostname (alarm)\n"); |
| @@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub { | |||
| 103 | 105 | ||
| 104 | alarm($timeout); | 106 | alarm($timeout); |
| 105 | 107 | ||
| 108 | print Dumper(\%session_opts); | ||
| 109 | ($session, $error) = Net::SNMP->session(%session_opts); | ||
| 110 | |||
| 111 | |||
| 112 | if (!defined($session)) { | ||
| 113 | $state='UNKNOWN'; | ||
| 114 | $answer=$error; | ||
| 115 | print ("$state: $answer\n"); | ||
| 116 | exit $ERRORS{$state}; | ||
| 117 | } | ||
| 106 | 118 | ||
| 107 | ## map ifdescr to ifindex - should look at being able to cache this value | 119 | ## map ifdescr to ifindex - should look at being able to cache this value |
| 108 | 120 | ||
| @@ -293,6 +305,7 @@ sub print_help() { | |||
| 293 | printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; | 305 | printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; |
| 294 | printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; | 306 | printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; |
| 295 | printf " privacy password and authEngineID\n"; | 307 | printf " privacy password and authEngineID\n"; |
| 308 | printf " -x (--privproto) privacy protocol (DES or AES; default: DES)\n"; | ||
| 296 | printf " -k (--key) SNMP IfIndex value\n"; | 309 | printf " -k (--key) SNMP IfIndex value\n"; |
| 297 | printf " -d (--descr) SNMP ifDescr value\n"; | 310 | printf " -d (--descr) SNMP ifDescr value\n"; |
| 298 | printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; | 311 | printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; |
| @@ -327,6 +340,7 @@ sub process_arguments() { | |||
| 327 | "U=s" => \$secname, "secname=s" => \$secname, | 340 | "U=s" => \$secname, "secname=s" => \$secname, |
| 328 | "A=s" => \$authpass, "authpass=s" => \$authpass, | 341 | "A=s" => \$authpass, "authpass=s" => \$authpass, |
| 329 | "X=s" => \$privpass, "privpass=s" => \$privpass, | 342 | "X=s" => \$privpass, "privpass=s" => \$privpass, |
| 343 | "x=s" => \$privproto, "privproto=s" => \$privproto, | ||
| 330 | "c=s" => \$context, "context=s" => \$context, | 344 | "c=s" => \$context, "context=s" => \$context, |
| 331 | "k=i" => \$snmpkey, "key=i",\$snmpkey, | 345 | "k=i" => \$snmpkey, "key=i",\$snmpkey, |
| 332 | "d=s" => \$ifdescr, "descr=s" => \$ifdescr, | 346 | "d=s" => \$ifdescr, "descr=s" => \$ifdescr, |
| @@ -387,10 +401,27 @@ sub process_arguments() { | |||
| 387 | $timeout = $TIMEOUT; | 401 | $timeout = $TIMEOUT; |
| 388 | } | 402 | } |
| 389 | 403 | ||
| 404 | |||
| 405 | if ($snmp_version !~ /[123]/){ | ||
| 406 | $state='UNKNOWN'; | ||
| 407 | print ("$state: No support for SNMP v$snmp_version yet\n"); | ||
| 408 | exit $ERRORS{$state}; | ||
| 409 | } | ||
| 410 | |||
| 411 | %session_opts = ( | ||
| 412 | -hostname => $hostname, | ||
| 413 | -port => $port, | ||
| 414 | -version => $snmp_version, | ||
| 415 | -maxmsgsize => $maxmsgsize | ||
| 416 | ); | ||
| 417 | |||
| 418 | $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/); | ||
| 419 | |||
| 390 | if ($snmp_version =~ /3/ ) { | 420 | if ($snmp_version =~ /3/ ) { |
| 391 | # Must define a security level even though default is noAuthNoPriv | 421 | # Must define a security level even though default is noAuthNoPriv |
| 392 | # v3 requires a security username | 422 | # v3 requires a security username |
| 393 | if (defined $seclevel && defined $secname) { | 423 | if (defined $seclevel && defined $secname) { |
| 424 | $session_opts{'-username'} = $secname; | ||
| 394 | 425 | ||
| 395 | # Must define a security level even though defualt is noAuthNoPriv | 426 | # Must define a security level even though defualt is noAuthNoPriv |
| 396 | unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { | 427 | unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { |
| @@ -400,23 +431,22 @@ sub process_arguments() { | |||
| 400 | 431 | ||
| 401 | # Authentication wanted | 432 | # Authentication wanted |
| 402 | if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { | 433 | if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { |
| 403 | |||
| 404 | unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { | 434 | unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { |
| 405 | usage(); | 435 | usage(); |
| 406 | exit $ERRORS{"UNKNOWN"}; | 436 | exit $ERRORS{"UNKNOWN"}; |
| 407 | } | 437 | } |
| 438 | $session_opts{'-authprotocol'} = $authproto if(defined $authproto); | ||
| 408 | 439 | ||
| 409 | if ( !defined $authpass) { | 440 | if ( !defined $authpass) { |
| 410 | usage(); | 441 | usage(); |
| 411 | exit $ERRORS{"UNKNOWN"}; | 442 | exit $ERRORS{"UNKNOWN"}; |
| 412 | }else{ | 443 | }else{ |
| 413 | if ($authpass =~ /^0x/ ) { | 444 | if ($authpass =~ /^0x/ ) { |
| 414 | $auth = "-authkey => $authpass" ; | 445 | $session_opts{'-authkey'} = $authpass ; |
| 415 | }else{ | 446 | }else{ |
| 416 | $auth = "-authpassword => $authpass"; | 447 | $session_opts{'-authpassword'} = $authpass ; |
| 417 | } | 448 | } |
| 418 | } | 449 | } |
| 419 | |||
| 420 | } | 450 | } |
| 421 | 451 | ||
| 422 | # Privacy (DES encryption) wanted | 452 | # Privacy (DES encryption) wanted |
| @@ -426,21 +456,20 @@ sub process_arguments() { | |||
| 426 | exit $ERRORS{"UNKNOWN"}; | 456 | exit $ERRORS{"UNKNOWN"}; |
| 427 | }else{ | 457 | }else{ |
| 428 | if ($privpass =~ /^0x/){ | 458 | if ($privpass =~ /^0x/){ |
| 429 | $priv = "-privkey => $privpass"; | 459 | $session_opts{'-privkey'} = $privpass; |
| 430 | }else{ | 460 | }else{ |
| 431 | $priv = "-privpassword => $privpass"; | 461 | $session_opts{'-privpassword'} = $privpass; |
| 432 | } | 462 | } |
| 433 | } | 463 | } |
| 464 | |||
| 465 | $session_opts{'-privprotocol'} = $privproto if(defined $privproto); | ||
| 434 | } | 466 | } |
| 435 | 467 | ||
| 436 | # Context name defined or default | 468 | # Context name defined or default |
| 437 | |||
| 438 | unless ( defined $context) { | 469 | unless ( defined $context) { |
| 439 | $context = ""; | 470 | $context = ""; |
| 440 | } | 471 | } |
| 441 | 472 | ||
| 442 | |||
| 443 | |||
| 444 | }else { | 473 | }else { |
| 445 | usage(); | 474 | usage(); |
| 446 | exit $ERRORS{'UNKNOWN'}; ; | 475 | exit $ERRORS{'UNKNOWN'}; ; |
| @@ -448,67 +477,6 @@ sub process_arguments() { | |||
| 448 | } # end snmpv3 | 477 | } # end snmpv3 |
| 449 | 478 | ||
| 450 | 479 | ||
| 451 | if ( $snmp_version =~ /[12]/ ) { | ||
| 452 | ($session, $error) = Net::SNMP->session( | ||
| 453 | -hostname => $hostname, | ||
| 454 | -community => $community, | ||
| 455 | -port => $port, | ||
| 456 | -version => $snmp_version, | ||
| 457 | -maxmsgsize => $maxmsgsize | ||
| 458 | ); | ||
| 459 | |||
| 460 | if (!defined($session)) { | ||
| 461 | $state='UNKNOWN'; | ||
| 462 | $answer=$error; | ||
| 463 | print ("$state: $answer\n"); | ||
| 464 | exit $ERRORS{$state}; | ||
| 465 | } | ||
| 466 | |||
| 467 | }elsif ( $snmp_version =~ /3/ ) { | ||
| 468 | |||
| 469 | if ($seclevel eq 'noAuthNoPriv') { | ||
| 470 | ($session, $error) = Net::SNMP->session( | ||
| 471 | -hostname => $hostname, | ||
| 472 | -port => $port, | ||
| 473 | -version => $snmp_version, | ||
| 474 | -username => $secname, | ||
| 475 | ); | ||
| 476 | |||
| 477 | }elsif ( $seclevel eq 'authNoPriv' ) { | ||
| 478 | ($session, $error) = Net::SNMP->session( | ||
| 479 | -hostname => $hostname, | ||
| 480 | -port => $port, | ||
| 481 | -version => $snmp_version, | ||
| 482 | -username => $secname, | ||
| 483 | $auth, | ||
| 484 | -authprotocol => $authproto, | ||
| 485 | ); | ||
| 486 | }elsif ($seclevel eq 'authPriv' ) { | ||
| 487 | ($session, $error) = Net::SNMP->session( | ||
| 488 | -hostname => $hostname, | ||
| 489 | -port => $port, | ||
| 490 | -version => $snmp_version, | ||
| 491 | -username => $secname, | ||
| 492 | $auth, | ||
| 493 | -authprotocol => $authproto, | ||
| 494 | $priv | ||
| 495 | ); | ||
| 496 | } | ||
| 497 | |||
| 498 | |||
| 499 | if (!defined($session)) { | ||
| 500 | $state='UNKNOWN'; | ||
| 501 | $answer=$error; | ||
| 502 | print ("$state: $answer\n"); | ||
| 503 | exit $ERRORS{$state}; | ||
| 504 | } | ||
| 505 | |||
| 506 | }else{ | ||
| 507 | $state='UNKNOWN'; | ||
| 508 | print ("$state: No support for SNMP v$snmp_version yet\n"); | ||
| 509 | exit $ERRORS{$state}; | ||
| 510 | } | ||
| 511 | |||
| 512 | } | 480 | } |
| 513 | ## End validation | 481 | ## End validation |
| 514 | 482 | ||