![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 6f187113b79e61afe993b708ebf660f65907afe7..b943379d4770bbc67d220ec258c9d6019f5abd9f 100644 (file)
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
*
*****************************************************************************/
-#define PROGNAME "check_snmp"
+const char *progname = "check_snmp";
#define REVISION "$Revision$"
#define COPYRIGHT "1999-2002"
#define AUTHOR "Ethan Galstad"
-H <ip_address> -o <OID> [-w warn_range] [-c crit_range] \n\
[-C community] [-s string] [-r regex] [-R regexi] [-t timeout]\n\
[-l label] [-u units] [-p port-number] [-d delimiter]\n\
- [-D output-delimiter]"
+ [-D output-delimiter] [-m miblist] [-P snmp version]\n\
+ [-L seclevel] [-U secname] [-a authproto] [-A authpasswd]\n\
+ [-X privpasswd]\n"
#define LONGOPTIONS "\
-H, --hostname=HOST\n\
Units label(s) for output data (e.g., 'sec.').\n\
-p, --port=STRING\n\
UDP port number target is listening on. Default is \"%s\"\n\
+ -P, --protocol=[1|3]\n\
+ SNMP protocol version\n\
+ -L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]\n\
+ SNMPv3 securityLevel\n\
+ -U, --secname=USERNAME\n\
+ SNMPv3 username\n\
+ -a, --authproto=[MD5|SHA]\n\
+ SNMPv3 auth proto\n\
+ -A, --authpassword=PASSWORD\n\
+ SNMPv3 authentication password\n\
+ -X, --privpasswd=PASSWORD\n\
+ SNMPv3 crypt passwd (DES)\n\
-d, --delimiter=STRING\n\
Delimiter to use when parsing returned data. Default is \"%s\"\n\
Any data on the right hand side of the delimiter is considered\n\
-R, --eregi=REGEX\n\
Return OK state (for that OID) if case-insensitive extended REGEX matches\n\
-l, --label=STRING\n\
- Prefix label for output from plugin (default -s 'SNMP')\n"
+ Prefix label for output from plugin (default -s 'SNMP')\n\
+ -v, --verbose\n\
+ Debugging the output\n\
+ -m, --miblist=STRING\n\
+ List of MIBS to be loaded (default = ALL)\n"
#define NOTES "\
-- This plugin uses the 'snmpget' command included with the UCD-SNMP package.\n\
+- This plugin uses the 'snmpget' command included with the NET-SNMP package.\n\
If you don't have the package installed, you will need to download it from\n\
- http://ucd-snmp.ucdavis.edu before you can use this plugin.\n\
+ http://net-snmp.sourceforge.net before you can use this plugin.\n\
- Multiple OIDs may be indicated by a comma- or space-delimited list (lists with\n\
- internal spaces must be quoted)\n\
+ internal spaces must be quoted) [max 8 OIDs]\n\
- Ranges are inclusive and are indicated with colons. When specified as\n\
'min:max' a STATE_OK will be returned if the result is within the indicated\n\
range or is equal to the upper or lower bound. A non-OK state will be\n\
returned if the result is outside the specified range.\n\
-- If spcified in the order 'max:min' a non-OK state will be returned if the\n\
+- If specified in the order 'max:min' a non-OK state will be returned if the\n\
result is within the (inclusive) range.\n\
- Upper or lower bounds may be omitted to skip checking the respective limit.\n\
- Bare integers are interpreted as upper limits.\n\
#define DEFAULT_COMMUNITY "public"
#define DEFAULT_PORT "161"
#define DEFAULT_TIMEOUT 10
+#define DEFAULT_MIBLIST "ALL"
+#define DEFAULT_PROTOCOL "1"
+#define DEFAULT_AUTH_PROTOCOL "MD5"
#include "common.h"
#include "utils.h"
#endif
char *server_address = NULL;
-char *community = NULL;
+char *community = DEFAULT_COMMUNITY;
+char *authpriv = NULL;
+char *proto = NULL;
+char *seclevel = NULL;
+char *secname = NULL;
+char *authproto = NULL;
+char *authpasswd = NULL;
+char *privpasswd = NULL;
char *oid = "";
-char *label = NULL;
-char *units = NULL;
+char *label = "SNMP";
+char *units = "";
char *port = DEFAULT_PORT;
char string_value[MAX_INPUT_BUFFER] = "";
char **labels = NULL;
int check_warning_value = FALSE;
int check_critical_value = FALSE;
int eval_method[MAX_OIDS];
-char *delimiter = NULL;
-char *output_delim = NULL;
+char *delimiter = DEFAULT_DELIMITER;
+char *output_delim = DEFAULT_OUTPUT_DELIMITER;
+char *miblist = DEFAULT_MIBLIST;
int
char *command_line = NULL;
char *response = NULL;
char *outbuff = "";
- char *output = NULL;
+ char *output = "";
char *ptr = NULL;
char *p2 = NULL;
char *show = NULL;
usage ("Incorrect arguments supplied\n");
/* create the command line to execute */
- asprintf (&command_line, "%s -m ALL -v 1 -c %s %s:%s %s",
- PATH_TO_SNMPGET, community, server_address, port, oid);
+ asprintf (&command_line, "%s -m %s -v %s %s %s:%s %s",
+ PATH_TO_SNMPGET, miblist, proto, authpriv, server_address, port, oid);
if (verbose)
printf ("%s\n", command_line);
printf ("Could not open stderr for %s\n", command_line);
}
- asprintf (&output, "");
while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_process))
asprintf (&output, "%s%s", output, input_buffer);
}
}
+ /* We strip out the datatype indicator for PHBs */
if (strstr (response, "Gauge: "))
show = strstr (response, "Gauge: ") + 7;
else if (strstr (response, "Gauge32: "))
show = strstr (response, "Gauge32: ") + 9;
+ else if (strstr (response, "Counter32: "))
+ show = strstr (response, "Counter32: ") + 11;
+ else if (strstr (response, "INTEGER: "))
+ show = strstr (response, "INTEGER: ") + 9;
+ else if (strstr (response, "STRING: "))
+ show = strstr (response, "STRING: ") + 8;
else
show = response;
p2 = show;
iresult = STATE_DEPENDENT;
- if (eval_method[i] & CRIT_PRESENT) {
- iresult = STATE_CRITICAL;
- } else if (eval_method[i] & WARN_PRESENT) {
- iresult = STATE_WARNING;
- }
-
+ /* Process this block for integer comparisons */
if (eval_method[i] & CRIT_GT ||
- eval_method[i] & CRIT_LT ||
- eval_method[i] & CRIT_GE ||
- eval_method[i] & CRIT_LE ||
- eval_method[i] & CRIT_EQ ||
- eval_method[i] & CRIT_NE ||
- eval_method[i] & WARN_GT ||
- eval_method[i] & WARN_LT ||
- eval_method[i] & WARN_GE ||
- eval_method[i] & WARN_LE ||
- eval_method[i] & WARN_EQ || eval_method[i] & WARN_NE) {
+ eval_method[i] & CRIT_LT ||
+ eval_method[i] & CRIT_GE ||
+ eval_method[i] & CRIT_LE ||
+ eval_method[i] & CRIT_EQ ||
+ eval_method[i] & CRIT_NE ||
+ eval_method[i] & WARN_GT ||
+ eval_method[i] & WARN_LT ||
+ eval_method[i] & WARN_GE ||
+ eval_method[i] & WARN_LE ||
+ eval_method[i] & WARN_EQ ||
+ eval_method[i] & WARN_NE) {
p2 = strpbrk (p2, "0123456789");
+ if (p2 == NULL)
+ terminate (STATE_UNKNOWN,"No valid data returned");
response_value[i] = strtoul (p2, NULL, 10);
iresult = check_num (i);
asprintf (&show, "%lu", response_value[i]);
- /*asprintf (&show, "%s", response); */
}
+ /* Process this block for string matching */
else if (eval_method[i] & CRIT_STRING) {
if (strcmp (response, string_value))
iresult = STATE_CRITICAL;
iresult = STATE_OK;
}
+ /* Process this block for regex matching */
else if (eval_method[i] & CRIT_REGEX) {
#ifdef HAVE_REGEX_H
excode = regexec (&preg, response, 10, pmatch, eflags);
iresult = STATE_CRITICAL;
}
#else
- printf ("SNMP UNKNOWN: call for regex which was not a compiled option");
+ printf ("%s UNKNOWN: call for regex which was not a compiled option", label);
exit (STATE_UNKNOWN);
#endif
}
- if (response && iresult == STATE_DEPENDENT)
- iresult = STATE_OK;
- else if (eval_method[i] & CRIT_PRESENT)
- iresult = STATE_CRITICAL;
- else
- iresult = STATE_WARNING;
+ /* Process this block for existence-nonexistence checks */
+ else {
+ if (eval_method[i] & CRIT_PRESENT)
+ iresult = STATE_CRITICAL;
+ else if (eval_method[i] & WARN_PRESENT)
+ iresult = STATE_WARNING;
+ else if (response && iresult == STATE_DEPENDENT)
+ iresult = STATE_OK;
+ }
+ /* Result is the worst outcome of all the OIDs tested */
result = max_state (result, iresult);
+ /* Prepend a label for this OID if there is one */
if (nlabels > 1 && i < nlabels && labels[i] != NULL)
asprintf (&outbuff, "%s%s%s %s%s%s", outbuff,
(i == 0) ? " " : output_delim,
asprintf (&outbuff, "%s%s%s%s%s", outbuff, (i == 0) ? " " : output_delim,
mark (iresult), show, mark (iresult));
- if (nunits > 0 && i < nunits)
+ /* Append a unit string for this OID if there is one */
+ if (nunits > 0 && i < nunits && unitv[i] != NULL)
asprintf (&outbuff, "%s %s", outbuff, unitv[i]);
i++;
- } /* end while */
+ } /* end while (ptr) */
if (found == 0)
terminate
if (spclose (child_process))
result = max_state (result, STATE_WARNING);
- if (nunits > 0)
- printf ("%s %s -%s %s\n", label, state_text (result), outbuff, units);
- else
- printf ("%s %s -%s\n", label, state_text (result), outbuff);
+/* if (nunits == 1 || i == 1) */
+/* printf ("%s %s -%s %s\n", label, state_text (result), outbuff, units); */
+/* else */
+ printf ("%s %s -%s\n", label, state_text (result), outbuff);
return result;
}
{
char *ptr;
int c = 1;
- int j = 0, jj = 0;
+ int j = 0, jj = 0, ii = 0;
-#ifdef HAVE_GETOPT_H
int option_index = 0;
static struct option long_options[] = {
STD_LONG_OPTS,
{"label", required_argument, 0, 'l'},
{"units", required_argument, 0, 'u'},
{"port", required_argument, 0, 'p'},
+ {"miblist", required_argument, 0, 'm'},
+ {"protocol", required_argument, 0, 'P'},
+ {"seclevel", required_argument, 0, 'L'},
+ {"secname", required_argument, 0, 'U'},
+ {"authproto", required_argument, 0, 'a'},
+ {"authpasswd", required_argument, 0, 'A'},
+ {"privpasswd", required_argument, 0, 'X'},
{0, 0, 0, 0}
};
-#endif
if (argc < 2)
return ERROR;
}
while (1) {
-#ifdef HAVE_GETOPT_H
- c =
- getopt_long (argc, argv, "hVt:c:w:H:C:o:e:E:d:D:s:R:r:l:u:p:",
+ c = getopt_long (argc, argv, "hvVt:c:w:H:C:o:e:E:d:D:s:R:r:l:u:p:m:P:L:U:a:A:X:",
long_options, &option_index);
-#else
- c = getopt (argc, argv, "hVt:c:w:H:C:o:e:E:d:D:s:R:r:l:u:p:");
-#endif
if (c == -1 || c == EOF)
break;
usage3 ("Unknown argument", optopt);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_OK);
case 'V': /* version */
- print_revision (PROGNAME, REVISION);
+ print_revision (progname, REVISION);
exit (STATE_OK);
case 'v': /* verbose */
verbose = TRUE;
break;
+
+ /* Connection info */
+ case 'C': /* group or community */
+ community = strscpy (community, optarg);
+ break;
+ case 'H': /* Host or server */
+ server_address = strscpy (server_address, optarg);
+ break;
+ case 'p': /* TCP port number */
+ port = strscpy(port, optarg);
+ break;
+ case 'm': /* List of MIBS */
+ miblist = strscpy(miblist, optarg);
+ break;
+ case 'P': /* SNMP protocol version */
+ proto = strscpy(proto, optarg);
+ break;
+ case 'L': /* security level */
+ seclevel = strscpy(seclevel,optarg);
+ break;
+ case 'U': /* security username */
+ secname = strscpy(secname, optarg);
+ break;
+ case 'a': /* auth protocol */
+ asprintf (&authproto, optarg);
+ break;
+ case 'A': /* auth passwd */
+ authpasswd = strscpy(authpasswd, optarg);
+ break;
+ case 'X': /* priv passwd */
+ privpasswd = strscpy(privpasswd, optarg);
+ break;
case 't': /* timeout period */
if (!is_integer (optarg))
usage2 ("Timeout Interval must be an integer", optarg);
timeout_interval = atoi (optarg);
break;
- case 'e': /* PRELIMINARY - may change */
- eval_method[j] |= WARN_PRESENT;
- for (ptr = optarg; (ptr = index (ptr, ',')); ptr++)
- ptr[0] = ' '; /* relpace comma with space */
- for (ptr = optarg; (ptr = index (ptr, ' ')); ptr++)
- eval_method[++j] |= WARN_PRESENT;
- asprintf (&oid, "%s %s", (oid?oid:""), optarg);
- break;
- case 'E': /* PRELIMINARY - may change */
- eval_method[j] |= WARN_PRESENT;
- for (ptr = optarg; (ptr = index (ptr, ',')); ptr++)
- ptr[0] = ' '; /* relpace comma with space */
- for (ptr = optarg; (ptr = index (ptr, ' ')); ptr++)
- eval_method[++j] |= CRIT_PRESENT;
- asprintf (&oid, "%s %s", (oid?oid:""), optarg);
- break;
+
+ /* Test parameters */
case 'c': /* critical time threshold */
if (strspn (optarg, "0123456789:,") < strlen (optarg)) {
printf ("Invalid critical threshold: %s\n", optarg);
print_usage ();
exit (STATE_UNKNOWN);
}
- for (ptr = optarg, jj = 0; ptr && jj < MAX_OIDS; jj++) {
+ for (ptr = optarg; ptr && jj < MAX_OIDS; jj++) {
if (lu_getll (&lower_crit_lim[jj], ptr) == 1)
eval_method[jj] |= CRIT_LT;
if (lu_getul (&upper_crit_lim[jj], ptr) == 1)
print_usage ();
exit (STATE_UNKNOWN);
}
- for (ptr = optarg, jj = 0; ptr && jj < MAX_OIDS; jj++) {
- if (lu_getll (&lower_warn_lim[jj], ptr) == 1)
- eval_method[jj] |= WARN_LT;
- if (lu_getul (&upper_warn_lim[jj], ptr) == 1)
- eval_method[jj] |= WARN_GT;
+ for (ptr = optarg; ptr && ii < MAX_OIDS; ii++) {
+ if (lu_getll (&lower_warn_lim[ii], ptr) == 1)
+ eval_method[ii] |= WARN_LT;
+ if (lu_getul (&upper_warn_lim[ii], ptr) == 1)
+ eval_method[ii] |= WARN_GT;
(ptr = index (ptr, ',')) ? ptr++ : ptr;
}
break;
- case 'H': /* Host or server */
- server_address = strscpy (server_address, optarg);
- break;
- case 'C': /* group or community */
- community = strscpy (community, optarg);
- break;
case 'o': /* object identifier */
+ case 'e': /* PRELIMINARY - may change */
+ case 'E': /* PRELIMINARY - may change */
for (ptr = optarg; (ptr = index (ptr, ',')); ptr++)
ptr[0] = ' '; /* relpace comma with space */
for (ptr = optarg; (ptr = index (ptr, ' ')); ptr++)
j++; /* count OIDs */
asprintf (&oid, "%s %s", (oid?oid:""), optarg);
- break;
- case 'd': /* delimiter */
- delimiter = strscpy (delimiter, optarg);
- break;
- case 'D': /* output-delimiter */
- output_delim = strscpy (output_delim, optarg);
+ if (c == 'E' || c == 'e') {
+ jj++;
+ ii++;
+ }
+ if (c == 'E')
+ eval_method[j+1] |= WARN_PRESENT;
+ else if (c == 'e')
+ eval_method[j+1] |= CRIT_PRESENT;
break;
case 's': /* string or substring */
strncpy (string_value, optarg, sizeof (string_value) - 1);
string_value[sizeof (string_value) - 1] = 0;
eval_method[jj++] = CRIT_STRING;
+ ii++;
break;
case 'R': /* regex */
#ifdef HAVE_REGEX_H
return ERROR;
}
eval_method[jj++] = CRIT_REGEX;
+ ii++;
#else
- printf ("SNMP UNKNOWN: call for regex which was not a compiled option");
+ printf ("%s UNKNOWN: call for regex which was not a compiled option", label);
exit (STATE_UNKNOWN);
#endif
break;
+
+ /* Format */
+ case 'd': /* delimiter */
+ delimiter = strscpy (delimiter, optarg);
+ break;
+ case 'D': /* output-delimiter */
+ output_delim = strscpy (output_delim, optarg);
+ break;
case 'l': /* label */
label = optarg;
nlabels++;
unitv[nunits - 1] = ptr;
}
break;
- case 'p': /* TCP port number */
- port = strscpy(port, optarg);
- break;
}
}
validate_arguments ()
{
- if (community == NULL)
- asprintf (&community, DEFAULT_COMMUNITY);
-
- if (delimiter == NULL)
- asprintf (&delimiter, DEFAULT_DELIMITER);
+ /* Need better checks to verify seclevel and authproto choices */
+
+ if (seclevel == NULL)
+ asprintf (&seclevel, "noAuthNoPriv");
- if (output_delim == NULL)
- asprintf (&output_delim, DEFAULT_OUTPUT_DELIMITER);
- if (label == NULL)
- asprintf (&label, "SNMP");
-
- if (units == NULL)
- asprintf (&units, "");
+ if (authproto == NULL )
+ asprintf(&authproto, DEFAULT_AUTH_PROTOCOL);
+
+
+
+ if (proto == NULL || (strcmp(proto,DEFAULT_PROTOCOL) == 0) ) { /* default protocol version */
+ asprintf(&proto, DEFAULT_PROTOCOL);
+ asprintf(&authpriv, "%s%s", "-c ", community);
+ }
+ else if ( strcmp (proto, "3") == 0 ) { /* snmpv3 args */
+ asprintf(&proto, "%s", "3");
+
+ if ( (strcmp(seclevel, "noAuthNoPriv") == 0) || seclevel == NULL ) {
+ asprintf(&authpriv, "%s", "-l noAuthNoPriv" );
+ }
+ else if ( strcmp(seclevel, "authNoPriv") == 0 ) {
+ if ( secname == NULL || authpasswd == NULL) {
+ printf ("Missing secname (%s) or authpassword (%s) ! \n",secname, authpasswd );
+ print_usage ();
+ exit (STATE_UNKNOWN);
+ }
+ asprintf(&authpriv, "-l authNoPriv -a %s -u %s -A %s ", authproto, secname, authpasswd);
+ }
+ else if ( strcmp(seclevel, "authPriv") == 0 ) {
+ if ( secname == NULL || authpasswd == NULL || privpasswd == NULL ) {
+ printf ("Missing secname (%s), authpassword (%s), or privpasswd (%s)! \n",secname, authpasswd,privpasswd );
+ print_usage ();
+ exit (STATE_UNKNOWN);
+ }
+ asprintf(&authpriv, "-l authPriv -a %s -u %s -A %s -x DES -X %s ", authproto, secname, authpasswd, privpasswd);
+ }
+
+
+ }
+ else {
+ printf ("Invalid SNMP version: %s\n", proto);
+ print_usage ();
+ exit (STATE_UNKNOWN);
+ }
+
+
+
return OK;
}
-\f
+
void
print_help (void)
{
- print_revision (PROGNAME, REVISION);
+ print_revision (progname, REVISION);
printf
- ("Copyright (c) %s %s <%s>\n\n%s\n",
- COPYRIGHT, AUTHOR, EMAIL, SUMMARY);
+ ("Copyright (c) %s %s <%s>\n\n%s\n", COPYRIGHT, AUTHOR, EMAIL, SUMMARY);
print_usage ();
printf
("\nOptions:\n" LONGOPTIONS "\n" DESCRIPTION "\n" NOTES "\n",
("Usage:\n" " %s %s\n"
" %s (-h | --help) for detailed help\n"
" %s (-V | --version) for version information\n",
- PROGNAME, OPTIONS, PROGNAME, PROGNAME);
+ progname, OPTIONS, progname, progname);
}
\f