CustoSec:Check SNMP Status Wrapper

From CustosecWiki
Jump to navigation Jump to search
caption
Basic Information on Check
Name of Check SNMP-Status Technical Name check_snmp_status_wrapper
Available in Standard Number of Arguments 7
From Version ARANSEC 2.40 Compability All ARANSEC and CustoSec



Scope of Check

This is a complex check that allows to interpret all kind of status codes returned by a snmp query into an OK, Warn, Critical or Unknown-Value. It provides the possibility to define a list of complex strings or regular expression patterns for every possible status code returned by the snmp query (read more about Regular Expressions).


Requirements

For the check to work properly the following requirements must be met:

  • The check is configured as a service check on the target host that should be monitored
  • SNMP must be activated on the target host (read only and a community name; It is also recommended to allow only the ARANSEC/CustoSec IP-Address to read SNMP information on the host). SNMP can easily be checked by starting a second session in a second browser tab and do a SNMP-Walk from ARANSEC's SNMP-Walk function (bottom entry in the left hand menu).
  • When working with OID's it might prove useful to have an explanation on individual OID's at hand. A good resource for this is i.e. the OID Repository where more information on OID's can be found.


Arguments

To configure the check, the following arguments are available:

Argument No. Argument Name Allowed Arguments Explanation Examples
Arg1 snmp-community string Community name for the SNMP agent. It is strongly recommended to change the default community on most systems from "public" to something like "aransec".
Must be entered or check cannot find OID.
custosec
Arg2 OID string List of Object Identifier(s) or SNMP variable(s) that are to be queried. Those can be obtained either by doing a SNMP-Walk on the target system or a search within MIB-Databases. Must be entered or check will time out. OID's (or SNMP Variables) must be separated by the pipe character "|". ifOperStatus.6
Arg3 port string Port number of the snmp-service on the particular host. Default is 161. Must be entered! 161
Arg4 OK string List of values or regex patterns on which OK should be returned. Use the pipe character "|" as list item separator.
Arg5 WARNING integer List of values or regex patterns on which WARNING should be returned. Use the pipe character "|" as list item separator.
Arg6 CRITICAL integer List of values or regex patterns on which CRITICAL should be returned. Use the pipe character "|" as list item separator.
Arg7 UNKNOWN integer List of values or regex patterns on which UNKNOWN should be returned. Use the pipe character "|" as list item separator.


Rules of status evaluation

Status evaluation will be performed according to the following rules:

  • If the specified OID does not lead to a result, CRITICAL will be returned.
  • If UNKNOWN is specified, every value matching one of the "UNKNOWN" patterns will lead to status UNKNOWN.
  • Also if the returned value queried by the OID does not match any of the list values specified by "OK", "WARNING" or "CRITICAL", UNKNOWN will be returned.
  • For overlapping ranges it is important to know, that the evaluation order is "CRITICAL", "WARNING" and "OK". The first match will produce the result.


Examples

The following examples should explain the usage of the check and how the arguments should be entered in CustoSec / ARANSEC.
(Please Note: Pipe Character in the fields of this table divide different options. Exception: Within the "Output" lines in the "Output" field, the pipe character is real and shows the division between the checks output and the checks performance data)

Example Description Output
!custosec!ifOperStatus.6!161!up.*|.*1.*|up\(1\)!.*[34567].*!.*2.*![\D] Checks a network interface (port 6 of a switch in this case), making extensive use of perl regular expressions as a demonstration
(read more about Pearl Regular Expressions)
OK: up(1)