diff --git a/fortigate/check_fortigate.pl b/fortigate/check_fortigate.pl index ffb8c89..b3404f5 100644 --- a/fortigate/check_fortigate.pl +++ b/fortigate/check_fortigate.pl @@ -196,6 +196,7 @@ ## OIDs ## my $oid_unitdesc = ".1.3.6.1.2.1.1.5.0"; # Location of Fortinet device description... (String) my $oid_serial = ".1.3.6.1.4.1.12356.100.1.1.1.0"; # Location of Fortinet serial number (String) +my $oid_fex_serial = ".1.3.6.1.4.1.12356.121.21.1.1.5.0"; # Location of FortiExtender serial number (String) my $oid_firmware = ".1.3.6.1.4.1.12356.101.4.1.1.0"; # Location of Fortinet firmware # fg ha info / Cluster member @@ -264,6 +265,12 @@ # my $oid_fad_load = ".1.3.6.1.4.1.12356.112.1.40.0"; # "SNMP No Such Object" my $oid_fad_cpu = ".1.3.6.1.4.1.12356.112.1.4.0"; # Location of CPU for FortiADC (%) +## FortiExtender OIDs ## +my $oid_fex_data = ".1.3.6.1.4.1.12356.121.21.3.3.1.6.1"; # Location of Data Usage for FortiExtender +my $oid_fex_data_pct = ".1.3.6.1.4.1.12356.121.21.3.3.1.7.1"; # Location of Data Percentage for FortiExtender +my $oid_fex_data_plan = ".1.3.6.1.4.1.12356.121.21.3.3.1.8.1"; # Location of Data Plan for FortiExtender +my $oid_fex_conn = ".1.3.6.1.4.1.12356.121.21.3.1.1.32.1";# Location of Modem Connection State for FortiExtender + # Cluster my $oid_cluster_type = ".1.3.6.1.4.1.12356.101.13.1.1.0"; # Location of Fortinet cluster type (String) my $oid_cluster_serials = ".1.3.6.1.4.1.12356.101.13.2.1.1.2"; # Location of Cluster serials (String) @@ -350,7 +357,10 @@ my $curr_serial = ''; -if ( $curr_device=~/100A/) { +if ( lc($type) eq "data" || lc($type) eq "conn" ) { + # Direct FortiExtender checks completely bypass the FortiGate Serial OID + $curr_serial = get_snmp_value($session, $oid_fex_serial); +} elsif ( $curr_device=~/100A/) { $curr_serial = get_snmp_value($session, $oid_legacy_serial); } else { # Check SNMP connection and get the serial of the device... @@ -429,6 +439,15 @@ } else { ($return_state, $return_string) = ('UNKNOWN', "UNKNOWN: This device supports only selected type -T cpu|mem|ldisk|load, $curr_device is a FortiADC (S/N: $curr_serial)"); } +} elsif ( $curr_serial =~ /^FX|^FEX/ ) { # FX|FEX = FortiExtender + my $type_lc = lc($type); + if ( $type_lc eq "data" ) { + ($return_state, $return_string) = get_fex_data_health($oid_fex_data, $oid_fex_data_pct, $oid_fex_data_plan); + } elsif ( $type_lc eq "conn" ) { + ($return_state, $return_string) = get_fex_conn_state($oid_fex_conn); + } else { + ($return_state, $return_string) = ('UNKNOWN', "UNKNOWN: This device supports only selected type -T data|conn, $curr_device is a FortiExtender (S/N: $curr_serial)"); + } } elsif ( $curr_serial =~ /^FG100A/ ) { # 100A = Legacy Device my $type_lc = lc($type); if ( $type_lc eq "cpu" ) { @@ -579,6 +598,55 @@ sub get_disk_usage { return ($return_state, $return_string); } +sub get_fex_data_health { + my $used_oid = $_[0]; + my $pct_oid = $_[1]; + my $plan_oid = $_[2]; + + my $used_value = get_snmp_value($session, $used_oid); + my $pct_value = get_snmp_value($session, $pct_oid); + my $plan_value = get_snmp_value($session, $plan_oid); + + # strip any leading or trailing non zeros + $used_value =~ s/\D*(\d+)\D*/$1/g if defined $used_value; + $pct_value =~ s/\D*(\d+)\D*/$1/g if defined $pct_value; + $plan_value =~ s/\D*(\d+)\D*/$1/g if defined $plan_value; + + if ( $pct_value >= $crit ) { + $return_state = "CRITICAL"; + $return_string = "Data Usage is critical: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)"; + } elsif ( $pct_value >= $warn ) { + $return_state = "WARNING"; + $return_string = "Data Usage is warning: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)"; + } else { + $return_state = "OK"; + $return_string = "Data Usage is okay: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)"; + } + + $perf = "|'data'=" . $pct_value . "%;" . $warn . ";" . $crit . " 'data_mb'=" . $used_value . "MB;; 'plan_mb'=" . $plan_value . "MB;;"; + $return_string = $return_state . ": " . $curr_device . " (Current device: " . $curr_serial .") " . $return_string . $perf; + + return ($return_state, $return_string); +} + +sub get_fex_conn_state { + my $conn_oid = $_[0]; + + my $conn_value = get_snmp_value($session, $conn_oid); + + if ( defined $conn_value && $conn_value =~ /CONN_STATE_CONNECTED/i ) { + $return_state = "OK"; + $return_string = "Modem Connection is UP (" . $conn_value . ")"; + } else { + $return_state = "CRITICAL"; + $return_string = "Modem Connection is DOWN (" . (defined $conn_value ? $conn_value : "Unknown") . ")"; + } + + $return_string = $return_state . ": " . $curr_device . " (Current device: " . $curr_serial .") " . $return_string; + + return ($return_state, $return_string); +} + sub get_pktloss_value { my $value = get_snmp_value($session, $oid_chklink_pktloss1); if ( $value >= $crit ) { @@ -691,13 +759,21 @@ sub get_health_value { my $label = $_[1]; my $UOM = $_[2]; - if ( $slave == 1 ) { + # Protect scalar nodes ending in .0 from having .1 or .2 erroneously appended + if ( $_[0] =~ /\.0$/ ) { + $oid = $_[0]; + $label = "slave_" . $label if ($slave == 1); + } elsif ( $slave == 1 ) { $oid = $_[0] . ".2"; $label = "slave_" . $label; } elsif ( $curr_serial =~ /^FG100A/ ) { $oid = $_[0]; } elsif ( $curr_serial =~ /^FG201/ ) { $oid = $_[0]; + } elsif ( $curr_serial =~ /^FGT/ ) { + $oid = $_[0]; + } elsif ( $curr_serial =~ /^FG80F/ ) { + $oid = $_[0]; } elsif ( $curr_serial =~ /^FG/ ) { $oid = $_[0] . ".1"; } else { @@ -1646,7 +1722,7 @@ =head2 Other =over =item B<-T|--type> -STRING - CPU, MEM, cpu-sys, mem-sys, ses, VPN, net, disk, ha, hasync, uptime, Cluster, wtp, switch, hw, fazcpu, fazmem, fazdisk, sdwan-hc, pktloss, pktloss2, fmgdevice, license, license-version, linkmonitor-hc +STRING - CPU, MEM, cpu-sys, mem-sys, ses, VPN, net, disk, data, conn, ha, hasync, uptime, Cluster, wtp, switch, hw, fazcpu, fazmem, fazdisk, sdwan-hc, pktloss, pktloss2, fmgdevice, license, license-version, linkmonitor-hc =item B<-S|--serial> STRING - Primary serial number.