claudio/VSC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Issue

Browse Source 
Code backup
This commit is contained in:
Claudio
2026-05-10 16:59:01 +02:00
commit 368d6fafea
796 changed files with 315310 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Icinga2/Monitoring/001 - WatchGuard/License
+7
View File
@@ -0,0 +1,7 @@
Copyright 2022 Kalarumeth - https://github.com/Kalarumeth
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Icinga2/Monitoring/001 - WatchGuard/ReadMe.md
+172
View File
@@ -0,0 +1,172 @@
# Check WatchGuard
<img src="https://img.shields.io/badge/Dev by-Kalarumeth-blueviolet?style=flat-square" alt="Dev"> <img src="https://img.shields.io/badge/Code-Bash-orange?style=flat-square&logo=GNU Bash&logoColor=orange" alt="Bash"> <img src="https://img.shields.io/badge/License-MIT-blue?style=flat-square" alt="MIT License">
The following script is used to monitor the basic functions of the WatchGuard firewall via snmpwalk scripts and are processed to provide easy-to-read data. It can be run separately or integrated into Icinga2 as a monitoring plugin.
**Important**: *snmpwalk command is required for script to run correctly*
# Update Note
## 1.3 - Code improvements
+Improved the code
+Add check host alive before snmp
+Merge InfoIps, InfoGav and IpsecTunnelNum to one check
<details>
<summary>1.2 - Fix</summary>
+Fix Warning and Critical state
+Add ability to set limits for waring and critical on percentage
+Add ability to set maximum Active Connections for ActiveConns
+Set default variable warning(80)
+Set default variable critical(90)
+Set default variable maximum active connections(3300000)
</details>
<details>
<summary>1.1 - Code improvements</summary>
+Improved the code
+Add Check Memory
+Add Check Info Ips Service
+Removed unnecessary code
</details>
<details>
<summary>1.0 - Release</summary>
+Release Script
</details>
# Installation
1. Download the script and give it privilages for run
```
curl -LJO https://raw.githubusercontent.com/Kalarumeth/Check-WatchGuard/main/check_watchguard.sh
```
2. Move to Icinga Plugin Dir
```
Default location: /usr/lib/nagios/plugins
```
3. Add command to Icinga
```
object CheckCommand "check_watchguard" {
import "plugin-check-command"
command = [ PluginDir + "/check_watchguard.sh" ]
arguments += {
"-ac" = {
order = 4
value = "$watchguard_ac$"
}
"-c" = {
order = 0
required = true
value = "$snmp_community$"
}
"-cr" = {
order = 3
value = "$crit$"
}
"-h" = {
order = 1
required = true
value = "$address$"
}
"-t" = {
order = 5
required = true
value = "$watchguard_type$"
}
"-wa" = {
order = 2
value = "$warn$"
}
}
vars.snmp_community = "public"
}
```
# Functions
The Script is designed to monitor the following firewall functions:
- **[ac] ActiveConns:**
Active connections in use and total number of active connections;
```
OK! Active Connections used: 0.16%
Current Active Connections: 5.412 of 3.300.000
```
- **[cpu] Cpu:**
Cpu load;
```
OK! CPU used: 2%
```
- **[data] Transfer:**
Information of file size send and recive.
```
Send 1479 GB / Recive 1982 GB
WatchGuard transfer info:
Total Data Send: 1479 GB 1855886728 Pkg
Total Data Recive: 1982 GB 2466423320 Pkg
```
- **[info] Info:**
Information of Active VPN, Intrusion Prevention Service and Gateway Antivirus Service
```
VPN active: 7
Gateway Antivirus Service: gav_version:2022020
Last Update: Fri, Feb 04 2022 11:54:03 AM
Intrusion Prevention Service: ips_version:18.196
Last Update: Thu, Feb 03 2022 06:53:47 PM
```
- **[ram] Memory:**
Ram load;
```
OK! RAM used: 2,67 / 3,77 GB (71,00 %)
RAM free: 1,10 GB (29,13 %)
```
# How it work
Method to compose the execution string:
./check_watchguard.sh -c <SNMP community> -h <host> [-wa <value> -cr <value> -ac <value>] -t <object>
### OPTIONS:
```
-c --community SNMP v2 community string with Read access.
Default is: public.
-h --host [REQUIRED OPTION] Host name or IP address to check.
Default is: localhost.
-wa --allert-wa Defines the threshold for Warning.
Default is: 80.
-cr --allert-cr Defines the threshold for Critical.
Default is: 90.
-ac --activeconns Defines the threshold for Max ActiveConnection.
Default is: 3300000
-t --type [REQUIRED OPTION] Field for select element to check on WatchGuard Device.
{ ac | cpu | data | info | ram }.
-H --help Show script help.
-V --version Show script version.
```
# Credits
## Author
Kalarumeth - https://github.com/Kalarumeth
## GitHub Supporters
kelups
## License
MIT License - Copyright 2022 Kalarumeth
Icinga2/Monitoring/001 - WatchGuard/check_watchguard.sh
+275
View File
@@ -0,0 +1,275 @@
#!/bin/bash
# - VAR
# - Bash info
APPNAME=$(basename $0)
NAME="Check WatchGuard"
AUTHOR="Kalarumeth"
VERSION="v1.4"
URL="https://github.com/Kalarumeth/Check-WatchGuard"
# - Default settings for connection
COMMUNITY="public"
HOST_NAME="localhost"
SNMPVERSION="2c"
# - State Variables
STATE_OK=0
STATE_WARN=1
STATE_CRIT=2
STATE_UNK=3
STATE=$STATE_OK
# - Range Variables
WA=80
CR=90
maxActiveConns=3300000
# - OID
WatchGuard.OIDS() {
# - wgSystemStatisticsMIB
OID_wgSystemTotalSendBytes="1.3.6.1.4.1.3097.6.3.8"
OID_wgSystemTotalRecvBytes="1.3.6.1.4.1.3097.6.3.9"
OID_wgSystemTotalSendPackets="1.3.6.1.4.1.3097.6.3.10"
OID_wgSystemTotalRecvPackets="1.3.6.1.4.1.3097.6.3.11"
OID_wgSystemCpuUtil1="1.3.6.1.4.1.3097.6.3.77"
OID_wgSystemCurrActiveConns="1.3.6.1.4.1.3097.6.3.80"
# - wgMem
OID_wgMemTotalReal="1.3.6.1.4.1.2021.4.5.0"
OID_wgMemAvailReal="1.3.6.1.4.1.2021.4.6.0"
# - wgIpsecStats
OID_wgIpsecTunnelNum="1.3.6.1.4.1.3097.6.5.1.1"
# - wgInfoSystem
OID_wgInfoGavService="1.3.6.1.4.1.3097.6.1.3.0"
OID_wgInfoIpsService="1.3.6.1.4.1.3097.6.1.4"
}
# - MAIN CODE
Source.HostAlive() {
for host in $HOST_NAME; do
ping -c1 -W1 -q $host &>/dev/null
if [[ $? != 0 ]] ; then
printf "%s\n" "$host is unreachable"
exit $STATE_UNK
fi
done
}
Source.SNMP() {
snmpwalk -v $SNMPVERSION -r 1 -t 10 -Oe -c $COMMUNITY $HOST_NAME $1
}
# - WatchGuard Health Monitoring
WatchGuard.Main() {
Source.HostAlive
case $1 in
ac)
WatchGuard.ActiveConns ;;
cpu)
WatchGuard.Cpu ;;
data)
WatchGuard.TransferData ;;
info)
WatchGuard.Info ;;
ram)
WatchGuard.Ram ;;
*)
echo "Unknown Monitoring: $1"
Help.WatchGuard
STATE=$STATE_UNK ;;
esac
}
WatchGuard.GetData() {
WatchGuard.OIDS
case $1 in
data)
totalSendGb=$(Source.SNMP $OID_wgSystemTotalSendBytes | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
totalRecvGb=$(Source.SNMP $OID_wgSystemTotalRecvBytes | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
totalSendPackets=$(Source.SNMP $OID_wgSystemTotalSendPackets | cut -d " " -f 4)
totalRecvPackets=$(Source.SNMP $OID_wgSystemTotalRecvPackets | cut -d " " -f 4) ;;
cpu)
cpuPercentage=$(Source.SNMP $OID_wgSystemCpuUtil1 | cut -d " " -f 4 | awk '{ cpu = $1 /100; print cpu }') ;;
ram)
rawRamAll=$(Source.SNMP $OID_wgMemTotalReal | cut -d " " -f 4)
rawRamFree=$(Source.SNMP $OID_wgMemAvailReal | cut -d " " -f 4)
valueRamAllGb=$(echo "$rawRamAll" | awk '{ gbyte = $1 /1024/1024; print gbyte }' | xargs printf "%.2f")
valueRamFreeGb=$(echo "$rawRamFree" | awk '{ gbyte = $1 /1024/1024; print gbyte }' | xargs printf "%.2f")
printPercetageRam=$(echo "$rawRamFree" "$rawRamAll" | awk '{ ramp = $1 /$2 *100; print ramp }' | xargs printf "%.2f")
printPercetageRamUsed=$(echo "$printPercetageRam" | awk '{ ramup = 100 - $1; print ramup }')
rangePercetageRam=$(echo "$printPercetageRamUsed" | cut -d "." -f1)
rawRamUsed=$(echo "$rawRamAll" "$rawRamFree" | awk '{ used = $1 -$2; print used }')
valueRamUsedGb=$(echo "$rawRamUsed" | awk '{ gbyte = $1 /1024/1024; print gbyte }' | xargs printf "%.2f") ;;
ac)
rawActiveConns=$(Source.SNMP $OID_wgSystemCurrActiveConns | cut -d " " -f 4)
rawPercetageActiveConns=$(echo "$rawActiveConns $maxActiveConns" | awk '{ perc = $1 /$2 *100; print perc; }')
rangeActiveConns=$(echo "$rawPercetageActiveConns" | cut -d "." -f 1 )
printPercetageActiveConns=$(echo "$rawPercetageActiveConns" | xargs printf "%.2f")
printValueActiveConns=$(echo "$rawActiveConns" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g')
printMaxActiveConns=$(echo "$maxActiveConns" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g') ;;
info)
ipsecNum=$(Source.SNMP $OID_wgIpsecTunnelNum | cut -d " " -f 4)
rawInfoGav=$(Source.SNMP $OID_wgInfoGavService)
InfoGavVers=$(echo "$rawInfoGav" | cut -d "<" -f 2 | cut -d ">" -f 1)
InfoGavData=$(echo "$rawInfoGav" | cut -d "(" -f 2 | cut -d ")" -f 1)
rawInfoIps=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgInfoIpsService 2>&1 | sed 's/Timeout: No Response.*/Idle/')
if [ "$rawInfoIps" != "Idle" ] ; then
rawInfoIps=$(echo $rawInfoIps)
fi
InfoIpsVers=$(echo "$rawInfoIps" | cut -d "<" -f 2 | cut -d ">" -f 1)
InfoIpsData=$(echo "$rawInfoIps" | cut -d "(" -f 2 | cut -d ")" -f 1) ;;
esac
}
WatchGuard.TransferData() {
WatchGuard.GetData data
printf "%s\n" "Send $totalSendGb GB / Recive $totalRecvGb GB"
printf "%s\n" "WatchGuard transfer info:"
printf "%s\t%s\t%s\n" "Total Data Send:" "$totalSendGb GB" "$totalSendPackets Pkg"
printf "%s\t%s\t%s\n" "Total Data Recive:" "$totalRecvGb GB" "$totalRecvPackets Pkg"
}
WatchGuard.Cpu() {
WatchGuard.GetData cpu
for value in $cpuPercentage; do
case 1 in
$(($value <= $WA-1)))
echo "OK! CPU used: $value% | cpu_usage=$value%" && exit $STATE_OK ;;
$(($value <= $CR-1)))
echo "WARRING! CPU used: $value | cpu_usage=$value%%" && exit $STATE_WARN ;;
$(($value > $CR-1)))
echo "CRITICAL! CPU used: $value% | cpu_usage=$value%" && exit $STATE_CRIT ;;
esac
done
}
WatchGuard.Ram() {
WatchGuard.GetData ram
case 1 in
$(($rangePercetageRam <= $WA-1)))
printf "%s\n" "OK! RAM used: $valueRamUsedGb / $valueRamAllGb GB ($printPercetageRamUsed%)" "RAM free: $valueRamFreeGb GB ($printPercetageRam%) | ram_used=$printPercetageRamUsed% ram_free=$printPercetageRam%" && exit $STATE_OK ;;
$(($rangePercetageRam <= $CR-1)))
printf "%s\n" "WARRING! RAM used: $valueRamUsedGb / $valueRamAllGb GB ($printPercetageRamUsed%)" "RAM free: $valueRamFreeGb GB ($printPercetageRam%) | ram_used=$printPercetageRamUsed% ram_free=$printPercetageRam%" && exit $STATE_WARN ;;
$(($rangePercetageRam > $CR-1)))
printf "%s\n" "CRITICAL! RAM used: $valueRamUsedGb / $valueRamAllGb GB ($printPercetageRamUsed%)" "RAM free: $valueRamFreeGb GB ($printPercetageRam%) | ram_used=$printPercetageRamUsed% ram_free=$printPercetageRam%" && exit $STATE_CRIT ;;
esac
}
WatchGuard.ActiveConns() {
WatchGuard.GetData ac
case 1 in
$(($rangeActiveConns <= $WA-1)))
printf "%s\n" "OK! Active Connections used: $printPercetageActiveConns%" "Current Active Connections: $printValueActiveConns of $printMaxActiveConns | active_connections=$printPercetageActiveConns%" && exit $STATE_OK ;;
$(($rangeActiveConns <= $CR-1)))
printf "%s\n" "WARRING! Active Connections used: $printPercetageActiveConns%" "Current Active Connections: $printValueActiveConns of $printMaxActiveConns | active_connections=$printPercetageActiveConns%" && exit $STATE_WARN ;;
$(($rangeActiveConns > $CR-1)))
printf "%s\n" "CRITICAL! Active Connections used: $printPercetageActiveConns%" "Current Active Connections: $printValueActiveConns of $printMaxActiveConns | active_connections=$printPercetageActiveConns%" && exit $STATE_CRIT ;;
esac
}
WatchGuard.Info() {
WatchGuard.GetData info
printf "%s\t%s\n\n" "VPN active:" "$ipsecNum"
printf "%s\n%s\n\n" "Gateway Antivirus Service: $InfoGavVers" " Last Update: $InfoGavData"
printf "%s\n" "Intrusion Prevention Service: $InfoIpsVers" " Last Update: $InfoIpsData"
}
# - HELP
Help.Main() {
echo "Script bash for moninitoring WatchGuard Health"
echo ''
Help.Usage
echo ''
Help.Option
echo ''
Help.WatchGuard
echo ''
Help.Support
echo ''
Help.Info
echo ''
exit $STATE_UNK
}
Help.Usage() {
printf "%s\n" "Method to compose the execution string:" "./$APPNAME -c <SNMP community> -h <host> [-wa <value> -cr <value> -ac <value>] -t <object>"
}
Help.Option() {
printf "%s\n" "OPTIONS:"
printf "%s\t%s\t%s\n\t\t\t%s\n" "-c" "--community" "SNMP v2 community string with Read access." " Default is: $COMMUNITY."
printf "%s\t%s\t\t%s\n\t\t\t%s\n" "-h" "--host" "Host name or IP address to check." " Default is: $HOST_NAME."
printf "%s\t%s\t%s\n\t\t\t%s\n" "-wa" "--allert-wa" "Defines the threshold for Warning." " Default is: $WA."
printf "%s\t%s\t%s\n\t\t\t%s\n" "-cr" "--allert-cr" "Defines the threshold for Critical." " Default is: $CR."
printf "%s\t%s\t%s\n\t\t\t%s\n" "-ac" "--activeconns" "Defines the threshold for Max ActiveConnection." " Default is: $maxActiveConns."
printf "%s\t%s\t\t%s\n\t\t\t%s\n" "-t" "--type" "[REQUIRED OPTION] Field for select element to check on WatchGuard Device." " { ac | cpu | data | info | ram }"
printf "%s\t%s\t\t%s\n" "-H" "--help" "Show script help."
printf "%s\t%s\t%s\n" "-V" "--version" "Show script version."
}
Help.WatchGuard() {
printf "\n%s\n\n" "WatchGuard Check Function"
printf "%s\t%s\n\n" "Check" "Description"
printf "%s\t%s\n" "ac" "Monitoring Active Connection."
printf "%s\t%s\n" "cpu" "Monitoring Cpu load."
printf "%s\t%s\n" "data" "Monitoring Data Tranfer."
printf "%s\t%s\n" "info" "Monitoring Ip Sec, Info Gav Service and Info Ips Service."
printf "%s\t%s\n" "ram" "Monitoring RAM load."
}
Help.Support(){
printf "%s\n" "GitHub Supporters:"
printf "\t%s\n" "kelups"
}
Help.Info() {
printf "%s\t%s\t%s\n" "INFO:" "$NAME" "$VERSION" "" "$AUTHOR" "$URL"
}
# - COMMAND LINE ENCODER
# - Prompt
while test -n "$1"; do
case "$1" in
--host|-h)
HOST_NAME=$2
shift ;;
--comunity|-c)
COMMUNITY=$2
shift ;;
--activeconns|-ac)
maxActiveConns=$2
shift ;;
--allert-wa|-wa)
WA=$2
shift ;;
--allert-cr|-cr)
CR=$2
shift ;;
--type|-t)
WatchGuard.Main $2
shift ;;
--help|-H)
Help.Main ;;
--version|-V)
Help.Info
exit $STATE ;;
*)
echo "Unknown argument: $1"
Help.Main
exit $STATE_UNK ;;
esac
shift
done
exit $STATE