#!/usr/bin/env python3 # # More information about this Cisco system: # https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/15-2mt/sec-get-vpn.html # from dataclasses import dataclass from typing import Dict, List from cmk.base.plugins.agent_based.agent_based_api.v1 import ( register, Service, Result, State, SNMPTree, contains, OIDEnd, ) @dataclass class Section: kek_info: dict def chars_to_ip_addr(chars): return ".".join(map(lambda c: str(ord(c)), [*chars])) conversions = { "1": "using", "2": "new", "3": "old", } # SNMP parsing function def parse_cisco_gdoi(string_table): def parse(data): lookup = {} for val in data: ip = chars_to_ip_addr(val[0]) remaining = int(val[1]) state = conversions[val[2]] lookup.setdefault(ip, {}) lookup[ip][state] = remaining return lookup if string_table == [[]]: return return Section( kek_info=parse(string_table[0]), ) # Inventory function, returning inventory based upon SNMP parsed result above def discovery_cisco_gdoi(section): yield Service(item="Keyservers", parameters=section.kek_info) # Check function, returning ok/crit based upon SNMP parsed result above def check_cisco_gdoi(item, params, section): state = params registered = False for ip, state in params.items(): in_use = state.get("using") if in_use > 0: registered = True yield Result(state=State.OK, summary="Registered, using KEK from " + ip) if not registered: yield Result(state=State.CRIT, summary="Unregistered") register.snmp_section( name="cisco_gdoi", parse_function=parse_cisco_gdoi, fetch=[ SNMPTree( # ciscoGdoiMIB::cgmGdoiGmKekRemainingLifetime base=".1.3.6.1.4.1.9.9.759.1.3.2.1", oids=[ "5", # cgmGdoiGmKekSrcIdValue "20", # cgmGdoiGmKekRemainingLifetime "21", # cgmGdoiGmKekStatus ] ), ], detect=contains(".1.3.6.1.2.1.1.1.0", "Cisco"), ) register.check_plugin( name="cisco_gdoi", service_name="Cisco GDOI %s", discovery_function=discovery_cisco_gdoi, check_function=check_cisco_gdoi, check_default_parameters={}, check_ruleset_name="cisco_gdoi", )