-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheck_cisco_stackmodules.py
executable file
·234 lines (203 loc) · 8.25 KB
/
check_cisco_stackmodules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/usr/bin/env python3
"""
###############################################################################
# check_cisco_stackmodules.py
# Nagios plugin/script that checks the status of all stack modules of a Cisco
# Switch/Router via SNMPv3 using the CISCO-STACKWISE-MIB
#
#
# Author : Mauno Erhardt <[email protected]>
# Copyright : (c) 2021 Burkert Fluid Control Systems
# Source : https://github.com/m-erhardt/check-cisco-plugins
# License : GPLv3 (http://www.gnu.org/licenses/gpl-3.0.txt)
#
###############################################################################
"""
import sys
from argparse import ArgumentParser
from pysnmp.hlapi import bulkCmd, SnmpEngine, UsmUserData, \
UdpTransportTarget, \
ObjectType, ObjectIdentity, \
ContextData, usmHMACMD5AuthProtocol, \
usmHMACSHAAuthProtocol, \
usmHMAC128SHA224AuthProtocol, \
usmHMAC192SHA256AuthProtocol, \
usmHMAC256SHA384AuthProtocol, \
usmHMAC384SHA512AuthProtocol, usmDESPrivProtocol, \
usm3DESEDEPrivProtocol, usmAesCfb128Protocol, \
usmAesCfb192Protocol, usmAesCfb256Protocol
authprot = {
"MD5": usmHMACMD5AuthProtocol,
"SHA": usmHMACSHAAuthProtocol,
"SHA224": usmHMAC128SHA224AuthProtocol,
"SHA256": usmHMAC192SHA256AuthProtocol,
"SHA384": usmHMAC256SHA384AuthProtocol,
"SHA512": usmHMAC384SHA512AuthProtocol,
}
privprot = {
"DES": usmDESPrivProtocol,
"3DES": usm3DESEDEPrivProtocol,
"AES": usmAesCfb128Protocol,
"AES192": usmAesCfb192Protocol,
"AES256": usmAesCfb256Protocol,
}
cswSwitchState = {
"1": "waiting",
"2": "progressing",
"3": "added",
"4": "ready",
"5": "sdmMismatch",
"6": "verMismatch",
"7": "featureMismatch",
"8": "newMasterInit",
"9": "provisioned",
"10": "invalid",
"11": "removed"
}
cswStackPortOperStatus = {
"1": "up",
"2": "down",
"3": "forcedDown"
}
def get_args():
""" Parse Arguments """
parser = ArgumentParser(
description="Cisco stack module check plugin")
connopts = parser.add_argument_group('Connection parameters')
connopts.add_argument("-H", "--host", required=True,
help="hostname or IP address", type=str, dest='host')
connopts.add_argument("-p", "--port", required=False, help="SNMP port",
type=int, dest='port', default=161)
connopts.add_argument("-t", "--timeout", required=False,
help="SNMP timeout", type=int, dest='timeout',
default=10)
snmpopts = parser.add_argument_group('SNMPv3 parameters')
snmpopts.add_argument("-u", "--user", required=True,
help="SNMPv3 user name", type=str, dest='user')
snmpopts.add_argument("-l", "--seclevel", required=False,
help="SNMPv3 security level", type=str,
dest="v3mode",
choices=["authPriv", "authNoPriv"], default="authPriv")
snmpopts.add_argument("-A", "--authkey", required=True,
help="SNMPv3 auth key", type=str, dest='authkey')
snmpopts.add_argument("-X", "--privkey", required=True,
help="SNMPv3 priv key", type=str, dest='privkey')
snmpopts.add_argument("-a", "--authmode", required=False,
help="SNMPv3 auth mode", type=str, dest='authmode',
default='SHA',
choices=['MD5', 'SHA', 'SHA224', 'SHA256', 'SHA384',
'SHA512'])
snmpopts.add_argument("-x", "--privmode", required=False,
help="SNMPv3 privacy mode", type=str, dest='privmode',
default='AES',
choices=['DES', '3DES', 'AES', 'AES192', 'AES256'])
args = parser.parse_args()
return args
def get_snmp_table(table_oid, args):
""" get SNMP table """
# initialize empty list for return object
table = []
if args.v3mode == "authPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey, args.privkey,
authProtocol=authprot[args.authmode],
privProtocol=privprot[args.privmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)
elif args.v3mode == "authNoPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey,
authProtocol=authprot[args.authmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)
for error_indication, error_status, error_index, var_binds in iterator:
if error_indication:
exit_plugin("3", ''.join(['SNMP error: ', str(error_indication)]), "")
elif error_status:
print(f"{error_status.prettyPrint()} at "
f"{error_index and var_binds[int(error_index) - 1][0] or '?'}")
else:
# split OID and value into two fields and append to return element
table.append([str(var_binds[0][0]), str(var_binds[0][1])])
# return list with all OIDs/values from snmp table
return table
def exit_plugin(returncode, output, perfdata):
""" Check status and exit accordingly """
if returncode == "3":
print("UNKNOWN - " + str(output))
sys.exit(3)
if returncode == "2":
if perfdata == "":
print(f"CRITICAL - {output}")
else:
print(f"CRITICAL - {output} | {perfdata}")
sys.exit(2)
if returncode == "1":
if perfdata == "":
print(f"WARNING - {output}")
else:
print(f"WARNING - {output} | {perfdata}")
sys.exit(1)
elif returncode == "0":
if perfdata == "":
print(f"OK - {output}")
else:
print(f"OK - {output} | {perfdata}")
sys.exit(0)
def main():
""" Main program code """
# Get Arguments
args = get_args()
# Get switch module state (CISCO-STACKWISE-MIB::cswSwitchState)
module_state_table = get_snmp_table('1.3.6.1.4.1.9.9.500.1.2.1.1.6', args)
# Get switch stack port state (CISCO-STACKWISE-MIB::cswStackPortOperStatus)
port_state_table = get_snmp_table('1.3.6.1.4.1.9.9.500.1.2.2.1.1', args)
# Summarize state of all stack modules
module_states = []
for entry in module_state_table:
module_states.append(entry[1].strip())
# Summarize state of all stack ports
port_states = []
for entry in port_state_table:
port_states.append(entry[1].strip())
# Replace status code with status strings
# for i in range(len(module_states)):
for i, _ in enumerate(module_states):
module_states[i] = cswSwitchState[module_states[i]]
for i, _ in enumerate(port_states):
port_states[i] = cswStackPortOperStatus[port_states[i]]
# Initialize return state ("0" = "OK")
retstate = "0"
# check if any modules are not in state "ready"
for i, obj in enumerate(module_states):
if obj != "ready":
retstate = "2"
# check if any stack ports are not in state "up"
for i, obj in enumerate(port_states):
if obj != "up":
retstate = "2"
if retstate == "2":
output = ''.join(['Switch states: \"',
str(",".join(module_states)),
'\", Stack port states: \"',
str(",".join(port_states)), '\"'])
exit_plugin("2", output, "")
elif retstate == "0":
output = ''.join([str(len(module_states)),
" switches are \"ready\" and ", str(len(port_states)),
" stack ports are \"up\""])
exit_plugin("0", output, "")
if __name__ == "__main__":
main()