#!/usr/bin/perl
# ============================================================================
# ============================== INFO ========================================
# ============================================================================
# Version : 0.2
# Date : June 10 2017
# Author : Michiel Timmers ( michiel.timmers AT gmx.net)
# Licence : GPL - summary below
#
# ============================================================================
# ============================== SUMMARY =====================================
# ============================================================================
#
# Check the state of the redudant stack ring, switches in the stack ring and
# stackport status
#
# Check the http://exchange.nagios.org website for new versions.
# For comments, questions, problems and patches send me an
# e-mail (michiel.timmmers AT gmx.net).
#
# ============================================================================
# ============================== LICENCE =====================================
# ============================================================================
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
#
# ============================================================================
# ============================== HELP ========================================
# ============================================================================
# Help : ./check_snmp_cisco_stack.pl --help
#
# ============================================================================
use warnings;
use strict;
use Net::SNMP;
use Getopt::Long;
use Time::Piece;
#use lib "/usr/local/nagios/libexec";
#use utils qw(%ERRORS $TIMEOUT);
# ============================================================================
# ============================== NAGIOS VARIABLES ============================
# ============================================================================
my $TIMEOUT = 15; # This is the global script timeout, not the SNMP timeout
my %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
my @Nagios_state = ("UNKNOWN","OK","WARNING","CRITICAL"); # Nagios states coding
# ============================================================================
# ============================== OID VARIABLES ===============================
# ============================================================================
my $cisco_cswRingRedundant_oid = "1.3.6.1.4.1.9.9.500.1.1.3.0"; # cswRingRedundant
my $cisco_cswSwitchInfoEntry_oid = "1.3.6.1.4.1.9.9.500.1.2.1.1"; # cswSwitchInfoEntry
my $cisco_cswSwitchNumCurrent_oid = "1.3.6.1.4.1.9.9.500.1.2.1.1.1"; # cswSwitchNumCurrent
my $cisco_cswSwitchState_oid = "1.3.6.1.4.1.9.9.500.1.2.1.1.6"; # cswSwitchState
my $cisco_cswStackPortInfoEntry_oid = "1.3.6.1.4.1.9.9.500.1.2.2.1"; # cswStackPortInfoEntry
my $cisco_cswStackPortOperStatus_oid = "1.3.6.1.4.1.9.9.500.1.2.2.1.1"; # cswStackPortOperStatus
my $cisco_entPhysicalSerialNum_oid = "1.3.6.1.2.1.47.1.1.1.1.11"; # entPhysicalSerialNum
# ============================================================================
# ============================== GLOBAL VARIABLES ============================
# ============================================================================
my $Version = '0.2'; # Version number of this script
my $o_host = undef; # Hostname
my $o_community = undef; # Community
my $o_port = 161; # Port
my $o_help = undef; # Want some help ?
my $o_verb = undef; # Verbose mode
my $o_version = undef; # Print version
my $o_timeout = undef; # Timeout (Default 5)
my $o_version1 = undef; # Use SNMPv1
my $o_version2 = undef; # Use SNMPv2c
my $o_domain = undef; # Use IPv6
my $o_login = undef; # Login for SNMPv3
my $o_passwd = undef; # Pass for SNMPv3
my $v3protocols = undef; # V3 protocol list.
my $o_authproto = 'sha'; # Auth protocol
my $o_privproto = 'aes'; # Priv protocol
my $o_privpass = undef; # priv password
# ============================================================================
# ============================== SUBROUTINES (FUNCTIONS) =====================
# ============================================================================
# Subroutine: Print version
sub p_version {
print "check_snmp_cisco_stack version : $Version\n";
}
# Subroutine: Print Usage
sub print_usage {
print "Usage: $0 [-v] -H [-6] -C [-2] | (-l login -x passwd [-X pass -L ,]) [-p ] [-t ] [-V]\n";
}
# Subroutine: Check number
sub isnnum { # Return true if arg is not a number
my $num = shift;
if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
return 1;
}
# Subroutine: Set final status
sub set_status { # Return worst status with this order : OK, unknown, warning, critical
my $new_status = shift;
my $cur_status = shift;
if ($new_status == 1 && $cur_status != 2) {$cur_status = $new_status;}
if ($new_status == 2) {$cur_status = $new_status;}
if ($new_status == 3 && $cur_status == 0) {$cur_status = $new_status;}
return $cur_status;
}
# Subroutine: Check if SNMP table could be retrieved, otherwise give error
sub check_snmp_result {
my $snmp_table = shift;
my $snmp_error_mesg = shift;
# Check if table is defined and does not contain specified error message.
# Had to do string compare it will not work with a status code
if (!defined($snmp_table) && $snmp_error_mesg !~ /table is empty or does not exist/) {
printf("ERROR: ". $snmp_error_mesg . " : UNKNOWN\n");
exit $ERRORS{"UNKNOWN"};
}
}
# Subroutine: Print complete help
sub help {
print "\nCisco Stack check plugin for Nagios\nVersion: ",$Version,"\n\n";
print_usage();
print <,
: Authentication protocol (md5|sha : default sha)
: Priv protocole (des|aes : default aes)
-P, --port=PORT
SNMP port (Default 161)
-t, --timeout=INTEGER
Timeout for SNMP in seconds (Default: 15)
-V, --version
Prints version number
Notes:
- Check the http://exchange.nagios.org website for new versions.
- For questions, problems and patches send me an e-mail (michiel.timmmers AT gmx.net).
EOT
}
# Subroutine: Verbose output
sub verb {
my $t=shift;
print $t,"\n" if defined($o_verb);
}
# Subroutine: Verbose output
sub check_options {
Getopt::Long::Configure ("bundling");
GetOptions(
'v' => \$o_verb, 'verbose' => \$o_verb,
'h' => \$o_help, 'help' => \$o_help,
'H:s' => \$o_host, 'hostname:s' => \$o_host,
'p:i' => \$o_port, 'port:i' => \$o_port,
'C:s' => \$o_community, 'community:s' => \$o_community,
'l:s' => \$o_login, 'login:s' => \$o_login,
'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd,
'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass,
'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols,
't:i' => \$o_timeout, 'timeout:i' => \$o_timeout,
'V' => \$o_version, 'version' => \$o_version,
'6' => \$o_domain, 'use-ipv6' => \$o_domain,
'1' => \$o_version1, 'v1' => \$o_version1,
'2' => \$o_version2, 'v2c' => \$o_version2
);
# Basic checks
if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) {
print "Timeout must be >1 and <60 !\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
if (!defined($o_timeout)) {
$o_timeout=15;
}
if (defined ($o_help) ) {
help();
exit $ERRORS{"UNKNOWN"};
}
if (defined($o_version)) {
p_version();
exit $ERRORS{"UNKNOWN"};
}
# check host and filter
if ( ! defined($o_host) ) {
print_usage();
exit $ERRORS{"UNKNOWN"};
}
# Check IPv6
if (defined ($o_domain)) {
$o_domain="udp/ipv6";
} else {
$o_domain="udp/ipv4";
}
# Check SNMP information
if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ){
print "Put SNMP login info!\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) ){
print "Can't mix SNMP v1,v2c,v3 protocols!\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
# Check SNMPv3 information
if (defined ($v3protocols)) {
if (!defined($o_login)) {
print "Put SNMP V3 login info with protocols!\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
my @v3proto=split(/,/,$v3protocols);
if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {
$o_authproto=$v3proto[0];
}
if (defined ($v3proto[1])) {
$o_privproto=$v3proto[1];
}
if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
print "Put SNMP v3 priv login info with priv protocols!\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
}
}
# ============================================================================
# ============================== MAIN ========================================
# ============================================================================
check_options();
# Check gobal timeout if SNMP screws up
if (defined($TIMEOUT)) {
verb("Alarm at ".$TIMEOUT." + ".$o_timeout);
alarm($TIMEOUT+$o_timeout);
} else {
verb("no global timeout defined : ".$o_timeout." + 15");
alarm ($o_timeout+15);
}
# Report when the script gets "stuck" in a loop or takes to long
$SIG{'ALRM'} = sub {
print "UNKNOWN: Script timed out\n";
exit $ERRORS{"UNKNOWN"};
};
# Connect to host
my ($session,$error);
if (defined($o_login) && defined($o_passwd)) {
# SNMPv3 login
verb("SNMPv3 login");
if (!defined ($o_privpass)) {
# SNMPv3 login (Without encryption)
verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
($session, $error) = Net::SNMP->session(
-domain => $o_domain,
-hostname => $o_host,
-version => 3,
-username => $o_login,
-authpassword => $o_passwd,
-authprotocol => $o_authproto,
-timeout => $o_timeout
);
} else {
# SNMPv3 login (With encryption)
verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
($session, $error) = Net::SNMP->session(
-domain => $o_domain,
-hostname => $o_host,
-version => 3,
-username => $o_login,
-authpassword => $o_passwd,
-authprotocol => $o_authproto,
-privpassword => $o_privpass,
-privprotocol => $o_privproto,
-timeout => $o_timeout
);
}
} else {
if ((defined ($o_version2)) || (!defined ($o_version1))) {
# SNMPv2 login
verb("SNMP v2c login");
($session, $error) = Net::SNMP->session(
-domain => $o_domain,
-hostname => $o_host,
-version => 2,
-community => $o_community,
-port => $o_port,
-timeout => $o_timeout
);
} else {
# SNMPv1 login
verb("SNMP v1 login");
($session, $error) = Net::SNMP->session(
-domain => $o_domain,
-hostname => $o_host,
-version => 1,
-community => $o_community,
-port => $o_port,
-timeout => $o_timeout
);
}
}
# Check if there are any problems with the session
if (!defined($session)) {
printf("ERROR opening session: %s.\n", $error);
exit $ERRORS{"UNKNOWN"};
}
my $exit_val=undef;
# ============================================================================
# =================== Cisco - STACK CHECK ====================================
# ============================================================================
# Define variables
my $output = "";
my $final_status = 0;
my $stackport_up = 0;
my $stackport_down = 0;
my $stackport_forcedDown = 0;
my $number_of_switches = 0;
my $result_t;
my @temp_oid;
my ($cswSwitchState,$cswSwitchNumCurrent,$entPhysicalSerialNum,$cswStackPortOperStatus)=(undef,undef,undef,undef);
# Get SNMP table(s) and check the result
@temp_oid=($cisco_cswRingRedundant_oid );
$result_t = $session->get_request( Varbindlist => \@temp_oid);
my $cisco_cswRingRedundant = $$result_t{$cisco_cswRingRedundant_oid};
my $cisco_cswSwitchInfoEntry = $session->get_table(Baseoid => $cisco_cswSwitchInfoEntry_oid);
&check_snmp_result($cisco_cswSwitchInfoEntry,$session->error);
my $cisco_entPhysicalSerialNum = $session->get_table(Baseoid => $cisco_entPhysicalSerialNum_oid);
&check_snmp_result($cisco_entPhysicalSerialNum,$session->error);
my $cisco_cswStackPortInfoEntry = $session->get_table(Baseoid => $cisco_cswStackPortInfoEntry_oid);
&check_snmp_result($cisco_cswStackPortInfoEntry,$session->error);
# Clear the SNMP Transport Domain and any errors associated with the object.
$session->close;
if ($cisco_cswRingRedundant eq 1 || $cisco_cswRingRedundant eq 2) {
$output.= "Switch States: ";
if (defined($cisco_cswSwitchInfoEntry)) {
foreach my $key ( keys %$cisco_cswSwitchInfoEntry) {
if ($key =~ /$cisco_cswSwitchState_oid/) {
$key =~ s/$cisco_cswSwitchState_oid//;
$number_of_switches++;
$cswSwitchState = $$cisco_cswSwitchInfoEntry{$cisco_cswSwitchState_oid.$key};
$cswSwitchNumCurrent = $$cisco_cswSwitchInfoEntry{$cisco_cswSwitchNumCurrent_oid.$key};
$entPhysicalSerialNum = $$cisco_entPhysicalSerialNum{$cisco_entPhysicalSerialNum_oid.$key};
if($cswSwitchState == 1){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=WAITING!, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 2){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=PROGRESSING!, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 3){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=ADDED!, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 4){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=ready, ";}
if($cswSwitchState == 5){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=SDM-MISMATCH!, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 6){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=VER-MISMATCH, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 7){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=FEATURE-MISMATCH, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 8){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=NEW-MASTER-INIT, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 9){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=PROVISIONED, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 10){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=INVALID, ";$final_status = &set_status(2,$final_status);}
if($cswSwitchState == 11){$output.= "sw".$cswSwitchNumCurrent."(sn:".$entPhysicalSerialNum.")=REMOVED, ";$final_status = &set_status(2,$final_status);}
}
}
}
$output.= "Port States: ";
if (defined($cisco_cswStackPortInfoEntry)) {
foreach my $key ( keys %$cisco_cswStackPortInfoEntry) {
if ($key =~ /$cisco_cswStackPortOperStatus_oid/) {
$key =~ s/$cisco_cswStackPortOperStatus_oid//;
$cswStackPortOperStatus = $$cisco_cswStackPortInfoEntry{$cisco_cswStackPortOperStatus_oid.$key};
if ($cswStackPortOperStatus == 1){$stackport_up++}
if ($cswStackPortOperStatus == 2){$stackport_down++}
if ($cswStackPortOperStatus == 3){$stackport_forcedDown++}
}
}
$output.= "up(".$stackport_up."),";
if ($stackport_down == 0){
$output.= "down(0),";
}else{
if ($number_of_switches == 1){
$output.= "down(".$stackport_down."),";
}else{
$output.= "DOWN(".$stackport_down."!),";
$final_status = &set_status(2,$final_status);
}
}
if ($stackport_forcedDown == 0){
$output.= "forcedDown(0)";
}else{
$output.= "FORCED-DOWN(".$stackport_forcedDown."!)";
$final_status = &set_status(2,$final_status);
}
}
if($cisco_cswRingRedundant == 1){
$output = "Ring Redundant: yes, ".$output;
}else{
if ($number_of_switches == 1){
$output = "Ring Redundant: no (single switch in stack), ".$output;
}else{
$output = "Ring Redundant: NO!, ".$output;
$final_status = &set_status(2,$final_status);
}
}
}else{
$output = "Switch is non-stackable";
}
if ($final_status == 3) {
print $output," : UNKNOWN\n";
exit $ERRORS{"UNKNOWN"};
}
if ($final_status == 2) {
print $output," : CRITICAL\n";
exit $ERRORS{"CRITICAL"};
}
if ($final_status == 1) {
print $output," : WARNING\n";
exit $ERRORS{"WARNING"};
}
print $output," : OK\n";
exit $ERRORS{"OK"};
# ============================================================================
# ============================== NO CHECK DEFINED ============================
# ============================================================================
print "Unknown check type : UNKNOWN\n";
exit $ERRORS{"UNKNOWN"};