claudio/VSC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
VSC/Icinga2/_Test/WatchGuard File/check_watchguard.sh
T
claudio 368d6fafea Issue 
Code backup
2026-05-10 16:59:01 +02:00

347 lines
12 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
# - VAR
# - Bash info
APPNAME=$(basename $0)
NAME="Check Watchguard"
AUTHOR="Kalarumeth"
VERSION="v1.2"
URL="https://github.com/Kalarumeth/Check-WatchGuard"
# - Default settings for connection
COMMUNITY="public"
HOST_NAME="localhost"
SNMPVERSION="2c"
# - State Variables
STATE_OK=0
STATE_WARN=1
STATE_CRIT=2
STATE_UNK=3
# - Range Variables
WA=80
CR=90
CAC_MAX=3300000
# - Default Outputs
STATE=$STATE_OK
STATE_STRING=""
PERFDATA=""
# - WATCHGUARD OID
# - wgSystemStatisticsMIB
OID_wgSystemTotalSendBytes="1.3.6.1.4.1.3097.6.3.8"
OID_wgSystemTotalRecvBytes="1.3.6.1.4.1.3097.6.3.9"
OID_wgSystemTotalSendPackets="1.3.6.1.4.1.3097.6.3.10"
OID_wgSystemTotalRecvPackets="1.3.6.1.4.1.3097.6.3.11"
OID_wgSystemCpuUtil1="1.3.6.1.4.1.3097.6.3.77"
OID_wgSystemCurrActiveConns="1.3.6.1.4.1.3097.6.3.80"
# - wgMem
OID_wgMemTotalReal="1.3.6.1.4.1.2021.4.5.0"
OID_wgMemAvailReal="1.3.6.1.4.1.2021.4.6.0"
# - wgIpsecStats
OID_wgIpsecTunnelNum="1.3.6.1.4.1.3097.6.5.1.1"
# - wgInfoSystem
OID_wgInfoGavService="1.3.6.1.4.1.3097.6.1.3.0"
OID_wgInfoIpsService="1.3.6.1.4.1.3097.6.1.4"
# - HELP
print_help(){
echo ''
echo "Script bash for check WatchGuard OIDs"
echo ''
print_usage
echo ''
print_options
echo ''
print_info
echo ''
print_sup
echo ''
exit $STATE_UNK
}
print_usage(){
echo " ./$APPNAME -C <SNMP community> -H <host/ip> -t <type to check> | -wa <value> -cr <value> | -acm <value>"
}
print_options(){
echo 'OPTIONS:'
echo ''
echo " -c|--community SNMP v2 community string with Read access."
echo " Default is 'public'."
echo ''
echo " -h|--host [REQUIRED OPTION] Host name or IP address to check."
echo " Default is: localhost."
echo ''
echo " -t|--type [REQUIRED OPTION] Select what you need to scan."
echo " { ActiveConns | Cpu | InfoIps | InfoGav | IpsecTunnelNum | Memory | Transfer }."
echo ''
echo " -wa|--allert-wa Defines the threshold for Warning,"
echo " you can set only for ActiveConns - Cpu - Memory."
echo " Default is: 80."
echo ''
echo " -cr|--allert-cr Defines the threshold for Critical,"
echo " you can set only for ActiveConns - Cpu - Memory."
echo " Default is: 90."
echo ''
echo " -acm|--activeconns-max Defines the maximum Active Connections of the firewall,"
echo " write this number in full without dot, work only for ActiveConns."
echo " Default is: 3300000"
echo ''
echo " -H|--help Show help."
echo ''
echo " -V|--version Print script version."
}
print_info(){
echo "INFO: $NAME $VERSION"
echo " $AUTHOR - $URL"
}
print_sup(){
echo 'GitHub Supporters:'
echo " kelups"
}
# - SNMPWALK FUNCTION
# - Check System Statistics Send/Recv
CheckTransferData(){
TOTSENDB=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalSendBytes)
TOTSENDPKG=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalSendPackets)
TOTRECVB=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalRecvBytes)
TOTRECVPKG=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemTotalRecvPackets)
TSPO=$(echo "$TOTSENDPKG" | cut -d " " -f 4)
TSBO=$(echo "$TOTSENDB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.2f")
TRPO=$(echo "$TOTRECVPKG" | cut -d " " -f 4)
TRBO=$(echo "$TOTRECVB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.2f")
TSGB=$(echo "$TOTSENDB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
TRGB=$(echo "$TOTRECVB" | cut -d " " -f 4 | awk '{ byte = $1 /1024/1024/1024; print byte }' | xargs printf "%.0f")
echo "Send $TSGB GB / Recive $TRGB GB"
echo "WatchGuard transfer info:"
echo ''
echo "Total Data Send:"
echo " $TSPO pkg"
echo " $TSBO GB"
echo ''
echo "Total Data Recive:"
echo " $TRPO pkg"
echo " $TRBO GB"
}
# - Check Cpu Utilization
CheckCpuUtil(){
CPUUTIL=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemCpuUtil1)
CPU_STATE=$(echo "$CPUUTIL" | cut -d " " -f 4)
CPU_PERC=$(echo "$CPU_STATE" | awk '{ cpu = $1 /100; print cpu }')
case 1 in
$(($CPU_PERC <= $WA-1)))
echo "OK! CPU used: $CPU_PERC%"
exit $STATE_OK ;;
$(($CPU_PERC <= $CR-1)))
echo "WARRING! CPU used: $CPU_PERC%"
exit $STATE_WARN ;;
$(($CPU_PERC > $CR-1)))
echo "CRITICAL! CPU used: $CPU_PERC%"
exit $STATE_CRIT ;;
*)
echo "UNKNOWN! Cpu not found"
exit $STATE_UNK ;;
esac
}
# - Check Memory Utilization
CheckMemory(){
RAMIM=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgMemTotalReal)
RAMAR=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgMemAvailReal)
RAM_ALL=$(echo "$RAMIM" | cut -d " " -f4 )
RAM_FRE=$(echo "$RAMAR" | cut -d " " -f4 )
RAM_ALLK=$(echo "$RAM_ALL" | awk '{ kbyte = $1 /1024/1024; print kbyte }' | xargs printf "%.2f")
RAM_FREK=$(echo "$RAM_FRE" | awk '{ kbyte = $1 /1024/1024; print kbyte }' | xargs printf "%.2f")
RAM_PERC=$(echo "$RAM_FRE" "$RAM_ALL" | awk '{ ramp = $1 /$2 *100; print ramp }' | xargs printf "%.2f" )
RAM_UPERC=$(echo "$RAM_PERC" | awk '{ ramup = 100 - $1; print ramup }')
RAM_P=$(echo "$RAM_UPERC" | cut -d "." -f1 )
RAM_USE=$(echo "$RAM_ALL" "$RAM_FRE" | awk '{ used = $1 -$2; print used }' )
RAM_USEK=$(echo "$RAM_USE" | awk '{ kbyte = $1 /1024/1024; print kbyte }' | xargs printf "%.2f")
case 1 in
$(($RAM_P <= $WA-1)))
echo "OK! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
exit $STATE_OK ;;
$(($RAM_P <= $CR-1)))
echo "WARRING! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
exit $STATE_WARN ;;
$(($RAM_P > $CR-1)))
echo "CRITICAL! RAM used: $RAM_USEK / $RAM_ALLK GB ($RAM_UPERC%)"
echo "RAM free: $RAM_FREK GB ($RAM_PERC%)"
exit $STATE_CRIT ;;
*)
echo "UNKNOWN! RAM not found"
exit $STATE_UNK ;;
esac
}
# - Check Current Active Connections
CheckCurrActiveConns(){
CAC=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgSystemCurrActiveConns)
CACO=$(echo "$CAC" | cut -d " " -f 4)
CAC_PER=$(echo "$CACO $CAC_MAX" | awk '{ perc = $1 /$2 *100; print perc; }')
CAC_P=$(echo "$CAC_PER" | cut -d "." -f 1 )
CAC_PERC=$(echo "$CAC_PER" | xargs printf "%.2f")
CAC_U=$(echo "$CACO" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g')
CAC_M=$(echo "$CAC_MAX" | perl -pe 's/(\d{1,3})(?=(?:\d{3}){1,5}\b)/\1./g')
case 1 in
$(($CAC_P <= $WA-1)))
echo "OK! Active Connections used: $CAC_PERC%"
echo "Current Active Connections: $CAC_U of $CAC_M"
exit $STATE_OK ;;
$(($CAC_P <= $CR-1)))
echo "WARRING! Active Connections used: $CAC_PERC%"
echo "Current Active Connections: $CAC_U of $CAC_M"
exit $STATE_WARN ;;
$(($CAC_P > $CR-1)))
echo "CRITICAL! Active Connections used: $CAC_PERC%"
echo "Current Active Connections: $CAC_U of $CAC_M"
exit $STATE_CRIT ;;
*)
echo "UNKNOWN! Current Active Connections not found"
exit $STATE_UNK ;;
esac
}
# - Check IP Security Tunnel
CheckIpsecTunnelNum(){
IPSTN=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgIpsecTunnelNum)
IPSTNO=$(echo "$IPSTN" | cut -d " " -f 4)
echo "VPN active: $IPSTNO"
}
# - Check Last update of Gateway Antivirus Service
CheckInfoGavService(){
INFOGAV=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgInfoGavService)
IGSV=$(echo "$INFOGAV" | cut -d "<" -f 2 | cut -d ">" -f 1)
IGSD=$(echo "$INFOGAV" | cut -d "(" -f 2 | cut -d ")" -f 1)
echo "Gateway Antivirus Service: $IGSV"
echo "Last Update: $IGSD"
}
# - Check Last update of Intrusion Prevention Service
CheckInfoIpsService(){
INFOIPS=$(snmpwalk -v $SNMPVERSION -c $COMMUNITY $HOST_NAME $OID_wgInfoIpsService 2>&1 | sed 's/Timeout: No Response.*/Idle/')
if [ "$INFOIPS" != "Idle" ] ; then
INFOIPS=$(echo $INFOIPS)
fi
IISV=$(echo "$INFOIPS" | cut -d "<" -f 2 | cut -d ">" -f 1)
IISD=$(echo "$INFOIPS" | cut -d "(" -f 2 | cut -d ")" -f 1)
echo "Intrusion Prevention Service: $IISV"
echo "Last Update: $IISD"
}
# - COMMAND LINE ENCODER
# - Prompt
while test -n "$1"; do
case "$1" in
--host|-h) #SNMP Coordinate
HOST_NAME=$2
shift
;;
--comunity|-c)
COMMUNITY=$2
shift
;;
--type|-t)
CHECK_TYPE=$2
shift
;;
--activeconns-max|-acm)
CAC_MAX=$2
shift
;;
--allert-wa|-wa) #Allert Range
WA=$2
shift
;;
--allert-cr|-cr)
CR=$2
shift
;;
--help|-H) #Info
print_help
;;
--version|-V)
print_info
exit $STATE
;;
*)
echo "Unknown argument: $1"
print_help
exit $STATE_UNK
;;
esac
shift
done
# - Type Check
if [ ! -z $CHECK_TYPE ]; then
case "$CHECK_TYPE" in
Transfer)
CheckTransferData;;
Cpu)
CheckCpuUtil;;
Memory)
CheckMemory;;
ActiveConns)
CheckCurrActiveConns;;
IpsecTunnelNum)
CheckIpsecTunnelNum;;
InfoGav)
CheckInfoGavService;;
InfoIps)
CheckInfoIpsService;;
*)
echo "Command incomplete!"
print_help
STATE=$STATE_UNK ;;
esac
fi
exit $STATE
Reference in New Issue View Git Blame Copy Permalink