Issue

Code backup
2026-05-10 16:59:01 +02:00
commit 368d6fafea
796 changed files with 315310 additions and 0 deletions
@@ -0,0 +1,347 @@
+#!/bin/sh
+
+# - VAR
+
+# - Bash info
+APPNAME=$(basename $0)
+NAME="Check Watchguard"
+AUTHOR="Kalarumeth"
+VERSION="v1.2"
+URL="https://github.com/Kalarumeth/Check-WatchGuard"
+
+# - Default settings for connection
+COMMUNITY="public"
+HOST_NAME="localhost"
+SNMPVERSION="2c"
+
+# - State Variables
+STATE_OK=0
+STATE_WARN=1
+STATE_CRIT=2
+STATE_UNK=3
+
+# - Range Variables
+WA=80
+CR=90
+CAC_MAX=3300000
+
+# - Default Outputs
+STATE=$STATE_OK
+STATE_STRING=""
+PERFDATA=""
+
+# - WATCHGUARD OID
+
+# - wgSystemStatisticsMIB
+OID_wgSystemTotalSendBytes="1.3.6.1.4.1.3097.6.3.8"
+OID_wgSystemTotalRecvBytes="1.3.6.1.4.1.3097.6.3.9"
+OID_wgSystemTotalSendPackets="1.3.6.1.4.1.3097.6.3.10"
+OID_wgSystemTotalRecvPackets="1.3.6.1.4.1.3097.6.3.11"
+OID_wgSystemCpuUtil1="1.3.6.1.4.1.3097.6.3.77"
+OID_wgSystemCurrActiveConns="1.3.6.1.4.1.3097.6.3.80"
+# - wgMem
+OID_wgMemTotalReal="1.3.6.1.4.1.2021.4.5.0"
+OID_wgMemAvailReal="1.3.6.1.4.1.2021.4.6.0"
+# - wgIpsecStats
+OID_wgIpsecTunnelNum="1.3.6.1.4.1.3097.6.5.1.1"
+# - wgInfoSystem
+OID_wgInfoGavService="1.3.6.1.4.1.3097.6.1.3.0"
+OID_wgInfoIpsService="1.3.6.1.4.1.3097.6.1.4"
+
+# - HELP
+print_help(){
+        echo ''
+        echo "Script bash for check WatchGuard OIDs"
+        echo ''
+        print_usage
+        echo ''
+        print_options
+        echo ''
+        print_info
+        echo ''
+        print_sup
+        echo ''
+        exit $STATE_UNK
+}
+
+print_usage(){
+        echo "  ./$APPNAME -C <SNMP community> -H <host/ip> -t <type to check> | -wa <value> -cr <value> | -acm <value>"
+}
+
+print_options(){
+        echo 'OPTIONS:'
+        echo ''
+        echo "  -c|--community          SNMP v2 community string with Read access."
+        echo "                           Default is 'public'."
+        echo ''
+        echo "  -h|--host               [REQUIRED OPTION] Host name or IP address to check."
+        echo "                           Default is: localhost."
+        echo ''
+        echo "  -t|--type               [REQUIRED OPTION] Select what you need to scan."
+        echo "                           { ActiveConns | Cpu | InfoIps | InfoGav | IpsecTunnelNum | Memory | Transfer }."
+        echo ''
+        echo "  -wa|--allert-wa         Defines the threshold for Warning,"
+        echo "                           you can set only for ActiveConns - Cpu - Memory."
+        echo "                           Default is: 80."
+        echo ''
+        echo "  -cr|--allert-cr         Defines the threshold for Critical,"
+        echo "                           you can set only for ActiveConns - Cpu - Memory."
+        echo "                           Default is: 90."
+        echo ''
+        echo "  -acm|--activeconns-max  Defines the maximum Active Connections of the firewall,"
+        echo "                           write this number in full without dot, work only for ActiveConns."
+        echo "                           Default is: 3300000"
+        echo ''
+        echo "  -H|--help               Show help."
+        echo ''
+        echo "  -V|--version            Print script version."
+}
+
+print_info(){
+        echo "INFO: $NAME $VERSION"
+        echo "      $AUTHOR - $URL"
+}
+
+print_sup(){
+        echo 'GitHub Supporters:'
+        echo "      kelups"
+}
+
+# - SNMPWALK FUNCTION
+
+# - Check System Statistics Send/Recv
+CheckTransferData(){
+
+        TOTSENDB=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalSendBytes)
+        TOTSENDPKG=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalSendPackets)
+        TOTRECVB=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalRecvBytes)
+        TOTRECVPKG=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalRecvPackets)
+
+        TSPO=$(echo "$TOTSENDPKG" | cut -d " " -f 4)
+        TSBO=$(echo "$TOTSENDB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.2f")
+        TRPO=$(echo "$TOTRECVPKG" | cut -d " " -f 4)
+        TRBO=$(echo "$TOTRECVB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.2f")
+        TSGB=$(echo "$TOTSENDB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
+        TRGB=$(echo "$TOTRECVB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
+
+        echo "Send $TSGB GB / Recive $TRGB GB"
+
+        echo "WatchGuard transfer info:"
+        echo ''
+        echo "Total Data Send:"
+        echo "  $TSPO pkg"
+        echo "  $TSBO GB"
+        echo ''
+        echo "Total Data Recive:"
+        echo "  $TRPO pkg"
+        echo "  $TRBO GB"
+}
+
+# - Check Cpu Utilization
+CheckCpuUtil(){
+        CPUUTIL=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemCpuUtil1)
+
+        CPU_STATE=$(echo "$CPUUTIL" | cut -d " " -f 4)
+        CPU_PERC=$(echo "$CPU_STATE" | awk '{ cpu = $1 /100; print cpu }')
+
+        case 1 in
+                $(($CPU_PERC <= $WA-1)))
+                        echo "OK! CPU used: $CPU_PERC%"
+                        exit $STATE_OK ;;
+
+                $(($CPU_PERC <= $CR-1)))
+                        echo "WARRING! CPU used: $CPU_PERC%"
+                        exit $STATE_WARN ;;
+
+                $(($CPU_PERC > $CR-1)))
+                        echo "CRITICAL! CPU used: $CPU_PERC%"
+                        exit $STATE_CRIT ;;
+
+                *)
+                        echo "UNKNOWN! Cpu not found"
+                        exit $STATE_UNK ;;
+        esac
+}
+
+# - Check Memory Utilization
+CheckMemory(){
+        RAMIM=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgMemTotalReal)
+        RAMAR=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgMemAvailReal)
+
+        RAM_ALL=$(echo "$RAMIM" | cut -d " " -f4 )
+        RAM_FRE=$(echo "$RAMAR" | cut -d " " -f4 )
+        RAM_ALLK=$(echo "$RAM_ALL" | awk '{ kbyte = $1 /1024/1024; print kbyte }'  | xargs printf "%.2f")
+        RAM_FREK=$(echo "$RAM_FRE" | awk '{ kbyte = $1 /1024/1024; print kbyte }'  | xargs printf "%.2f")
+        RAM_PERC=$(echo "$RAM_FRE" "$RAM_ALL" | awk '{ ramp = $1 /$2 *100; print ramp }' | xargs printf "%.2f" )
+        RAM_UPERC=$(echo "$RAM_PERC" | awk '{ ramup = 100 - $1; print ramup }')
+        RAM_P=$(echo "$RAM_UPERC" | cut -d "." -f1 )
+        RAM_USE=$(echo "$RAM_ALL" "$RAM_FRE" | awk '{ used = $1 -$2; print used }' )
+        RAM_USEK=$(echo "$RAM_USE" | awk '{ kbyte = $1 /1024/1024; print kbyte }'  | xargs printf "%.2f")
+
+        case 1 in
+                $(($RAM_P <= $WA-1)))
+                        echo "OK! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
+                        echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
+                        exit $STATE_OK ;;
+
+                $(($RAM_P <= $CR-1)))
+                        echo "WARRING! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
+                        echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
+                        exit $STATE_WARN ;;
+
+                $(($RAM_P > $CR-1)))
+                        echo "CRITICAL! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
+                        echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
+                        exit $STATE_CRIT ;;
+                *)
+                        echo "UNKNOWN! RAM not found"
+                        exit $STATE_UNK ;;
+        esac
+}
+
+# - Check Current Active Connections
+CheckCurrActiveConns(){
+        CAC=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemCurrActiveConns)
+
+        CACO=$(echo "$CAC" | cut -d " " -f 4)
+        CAC_PER=$(echo "$CACO $CAC_MAX" | awk '{ perc = $1 /$2 *100; print perc; }')
+        CAC_P=$(echo "$CAC_PER" | cut -d "." -f 1 )
+        CAC_PERC=$(echo "$CAC_PER" | xargs printf "%.2f")
+        CAC_U=$(echo "$CACO" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g')     
+        CAC_M=$(echo "$CAC_MAX" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g')
+
+        case 1 in
+                $(($CAC_P <= $WA-1)))
+                        echo "OK! Active Connections used: $CAC_PERC%"
+                        echo "Current Active Connections: $CAC_U of $CAC_M"
+                        exit $STATE_OK ;;
+
+                $(($CAC_P <= $CR-1)))
+                        echo "WARRING! Active Connections used: $CAC_PERC%"
+                        echo "Current Active Connections: $CAC_U of $CAC_M"
+                        exit $STATE_WARN ;;
+
+                $(($CAC_P > $CR-1)))
+                        echo "CRITICAL! Active Connections used: $CAC_PERC%"
+                        echo "Current Active Connections: $CAC_U of $CAC_M"
+                        exit $STATE_CRIT ;;
+
+                *)
+                        echo "UNKNOWN! Current Active Connections not found"
+                        exit $STATE_UNK ;;
+        esac
+}
+
+# - Check IP Security Tunnel
+CheckIpsecTunnelNum(){
+
+        IPSTN=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgIpsecTunnelNum)
+
+        IPSTNO=$(echo "$IPSTN" | cut -d " " -f 4)
+
+        echo "VPN active: $IPSTNO"
+}
+
+# - Check Last update of Gateway Antivirus Service
+CheckInfoGavService(){
+
+        INFOGAV=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgInfoGavService)
+
+        IGSV=$(echo "$INFOGAV" | cut -d "<" -f 2 | cut -d ">" -f 1)
+        IGSD=$(echo "$INFOGAV" | cut -d "(" -f 2 | cut -d ")" -f 1)
+
+        echo "Gateway Antivirus Service: $IGSV"
+        echo "Last Update: $IGSD"
+}
+
+# - Check Last update of Intrusion Prevention Service
+CheckInfoIpsService(){
+
+        INFOIPS=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgInfoIpsService 2>&1 | sed 's/Timeout: No Response.*/Idle/')
+        if [ "$INFOIPS" != "Idle" ] ; then
+                INFOIPS=$(echo $INFOIPS)
+        fi
+
+        IISV=$(echo "$INFOIPS" | cut -d "<" -f 2 | cut -d ">" -f 1)
+        IISD=$(echo "$INFOIPS" | cut -d "(" -f 2 | cut -d ")" -f 1)
+
+        echo "Intrusion Prevention Service: $IISV"
+        echo "Last Update: $IISD"
+
+}
+
+# - COMMAND LINE ENCODER
+
+# - Prompt
+while test -n "$1"; do
+
+        case "$1" in
+                --host|-h)              #SNMP Coordinate
+                        HOST_NAME=$2
+                        shift
+                        ;;
+                --comunity|-c)
+                        COMMUNITY=$2
+                        shift
+                        ;;
+                --type|-t)
+                        CHECK_TYPE=$2
+                        shift
+                        ;;
+                --activeconns-max|-acm)        
+                        CAC_MAX=$2
+                        shift
+                        ;;
+                --allert-wa|-wa)        #Allert Range
+                        WA=$2
+                        shift
+                        ;;
+                --allert-cr|-cr)
+                        CR=$2
+                        shift
+                        ;;
+                --help|-H)              #Info
+                        print_help
+                        ;;
+                --version|-V)
+                        print_info
+                        exit $STATE
+                        ;;
+                *)
+                        echo "Unknown argument: $1"
+                        print_help
+                        exit $STATE_UNK
+                        ;;
+
+        esac
+
+        shift
+
+done
+
+# - Type Check
+if [ ! -z $CHECK_TYPE ]; then
+
+        case "$CHECK_TYPE" in
+                Transfer)
+                        CheckTransferData;;
+                Cpu)
+                        CheckCpuUtil;;
+                Memory)
+                        CheckMemory;;
+                ActiveConns)
+                        CheckCurrActiveConns;;
+                IpsecTunnelNum)
+                        CheckIpsecTunnelNum;;
+                InfoGav)
+                        CheckInfoGavService;;
+                InfoIps)
+                        CheckInfoIpsService;;
+                *)
+                        echo "Command incomplete!"
+                        print_help
+                        STATE=$STATE_UNK ;;
+        esac
+fi
+
+exit $STATE