3 # check_ifoperstatus.pl - monitoring plugin
5 # Copyright (C) 2000 Christoph Kron,
6 # Modified 5/2002 to conform to updated Monitoring Plugins Guidelines
7 # Added support for named interfaces per Valdimir Ivaschenko (S. Ghosh)
8 # Added SNMPv3 support (10/2003)
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with this program; if not, write to the Free Software
22 # Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 # Report bugs to: help@monitoring-plugins.org
28 # 11.01.2000 Version 1.0
30 # Patches from Guy Van Den Bergh to warn on ifadminstatus down interfaces
31 # instead of critical.
33 # Primary MIB reference - RFC 2863
39 use lib
"$FindBin::Bin";
40 use utils
qw($TIMEOUT %ERRORS &print_revision &support);
44 &Getopt::Long::config('bundling');
46 my $PROGNAME = "check_ifoperstatus";
50 sub process_arguments ();
52 $ENV{'PATH'}='@TRUSTED_PATH@';
58 my %ifOperStatus = ('1','up',
64 '7','lowerLayerDown'); # down due to the state of lower layer interface(s)
66 my $state = "UNKNOWN";
69 my $community = "public";
70 my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
71 my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
74 my $sysUptime = '1.3.6.1.2.1.1.3.0';
75 my $snmpIfDescr = '1.3.6.1.2.1.2.2.1.2';
76 my $snmpIfType = '1.3.6.1.2.1.2.2.1.3';
77 my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7';
78 my $snmpIfOperStatus = '1.3.6.1.2.1.2.2.1.8';
79 my $snmpIfName = '1.3.6.1.2.1.31.1.1.1.1';
80 my $snmpIfLastChange = '1.3.6.1.2.1.2.2.1.9';
81 my $snmpIfAlias = '1.3.6.1.2.1.31.1.1.1.18';
82 my $snmpLocIfDescr = '1.3.6.1.4.1.9.2.2.1.1.28';
88 my $snmp_version = 1 ;
101 ### Validate Arguments
103 $status = process_arguments();
106 # Just in case of problems, let's not hang the monitoring system
108 print ("ERROR: No snmp response from $hostname (alarm)\n");
109 exit $ERRORS{"UNKNOWN"};
114 ($session, $error) = Net::SNMP->session(%session_opts);
117 if (!defined($session)) {
120 print ("$state: $answer\n");
121 exit $ERRORS{$state};
124 ## map ifdescr to ifindex - should look at being able to cache this value
126 if (defined $ifdescr || defined $iftype) {
127 if (defined $iftype) {
128 $status=fetch_ifindex($snmpIfType, $iftype);
130 # escape "/" in ifdescr - very common in the Cisco world
131 $ifdescr =~ s/\//\\\//g;
132 $status=fetch_ifindex($snmpIfDescr, $ifdescr); # if using on device with large number of interfaces
133 # recommend use of SNMP v2 (get-bulk)
137 printf "$state: could not retrieve ifdescr/iftype snmpkey - $status-$snmpkey\n";
139 exit $ERRORS{$state};
146 $snmpIfAdminStatus = $snmpIfAdminStatus . "." . $snmpkey;
147 $snmpIfOperStatus = $snmpIfOperStatus . "." . $snmpkey;
148 $snmpIfDescr = $snmpIfDescr . "." . $snmpkey;
149 $snmpIfName = $snmpIfName . "." . $snmpkey ;
150 $snmpIfAlias = $snmpIfAlias . "." . $snmpkey ;
152 push(@snmpoids,$snmpIfAdminStatus);
153 push(@snmpoids,$snmpIfOperStatus);
154 push(@snmpoids,$snmpIfDescr);
155 push(@snmpoids,$snmpIfName) if (defined $ifXTable) ;
156 push(@snmpoids,$snmpIfAlias) if (defined $ifXTable) ;
158 if (!defined($response = $session->get_request(@snmpoids))) {
159 $answer=$session->error;
162 print ("$state: SNMP error: $answer\n");
163 exit $ERRORS{$state};
166 $answer = sprintf("host '%s', %s(%s) is %s\n",
168 $response->{$snmpIfDescr},
170 $ifOperStatus{$response->{$snmpIfOperStatus}}
174 ## Check to see if ifName match is requested and it matches - exit if no match
175 ## not the interface we want to monitor
176 if ( defined $ifName && not ($response->{$snmpIfName} eq $ifName) ) {
178 $answer = "Interface name ($ifName) doesn't match snmp value ($response->{$snmpIfName}) (index $snmpkey)";
179 print ("$state: $answer\n");
180 exit $ERRORS{$state};
183 ## define the interface name
184 if (defined $ifXTable) {
185 $name = $response->{$snmpIfName} ." - " .$response->{$snmpIfAlias} ;
187 $name = $response->{$snmpIfDescr} ;
190 ## if AdminStatus is down - some one made a conscious effort to change config
192 if ( not ($response->{$snmpIfAdminStatus} == 1) ) {
193 $answer = "Interface $name (index $snmpkey) is administratively down.";
194 if ( not defined $adminWarn or $adminWarn eq "w" ) {
196 } elsif ( $adminWarn eq "i" ) {
198 } elsif ( $adminWarn eq "c" ) {
200 } else { # If wrong value for -a, say warning
204 ## Check operational status
205 elsif ( $response->{$snmpIfOperStatus} == 2 ) {
207 $answer = "Interface $name (index $snmpkey) is down.";
208 } elsif ( $response->{$snmpIfOperStatus} == 5 ) {
209 if (defined $dormantWarn ) {
210 if ($dormantWarn eq "w") {
212 $answer = "Interface $name (index $snmpkey) is dormant.";
213 }elsif($dormantWarn eq "c") {
215 $answer = "Interface $name (index $snmpkey) is dormant.";
216 }elsif($dormantWarn eq "i") {
218 $answer = "Interface $name (index $snmpkey) is dormant.";
221 # dormant interface - but warning/critical/ignore not requested
223 $answer = "Interface $name (index $snmpkey) is dormant.";
225 } elsif ( $response->{$snmpIfOperStatus} == 6 ) {
227 $answer = "Interface $name (index $snmpkey) notPresent - possible hotswap in progress.";
228 } elsif ( $response->{$snmpIfOperStatus} == 7 ) {
230 $answer = "Interface $name (index $snmpkey) down due to lower layer being down.";
231 } elsif ( $response->{$snmpIfOperStatus} == 3 || $response->{$snmpIfOperStatus} == 4 ) {
233 $answer = "Interface $name (index $snmpkey) down (testing/unknown).";
236 $answer = "Interface $name (index $snmpkey) is up.";
241 print ("$state: $answer\n");
242 exit $ERRORS{$state};
251 if (!defined ($response = $session->get_table($oid))) {
252 $answer=$session->error;
255 printf ("$state: SNMP error with snmp version $snmp_version ($answer)\n");
257 exit $ERRORS{$state};
260 foreach $key ( keys %{$response}) {
261 if ($response->{$key} =~ /^$lookup$/) {
262 $key =~ /.*\.(\d+)$/;
264 #print "$lookup = $key / $snmpkey \n"; #debug
267 unless (defined $snmpkey) {
270 printf "$state: Could not match $ifdescr on $hostname\n";
271 exit $ERRORS{$state};
280 exit $ERRORS{"UNKNOWN"};
286 printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n";
287 printf "Copyright (C) 2000 Christoph Kron\n";
288 printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n";
289 printf "This program is licensed under the terms of the ";
290 printf "GNU General Public License\n(check source code for details)\n";
295 print_revision($PROGNAME, '@NP_VERSION@');
297 printf "check_ifoperstatus plugin for monitoring operational \n";
298 printf "status of a particular network interface on the target host\n";
300 printf " -H (--hostname) Hostname to query - (required)\n";
301 printf " -C (--community) SNMP read community (defaults to public,\n";
302 printf " used with SNMP v1 and v2c\n";
303 printf " -v (--snmp_version) 1 for SNMP v1 (default)\n";
304 printf " 2 for SNMP v2c\n";
305 printf " SNMP v2c will use get_bulk for less overhead\n";
306 printf " if monitoring with -d\n";
307 printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
308 printf " -U (--secname) username for SNMPv3 context\n";
309 printf " -c (--context) SNMPv3 context name (default is empty string)\n";
310 printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
311 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
312 printf " auth password and authEngineID\n";
313 printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
314 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
315 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
316 printf " privacy password and authEngineID\n";
317 printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
318 printf " -k (--key) SNMP IfIndex value\n";
319 printf " -d (--descr) SNMP ifDescr value\n";
320 printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
321 printf " -p (--port) SNMP port (default 161)\n";
322 printf " -I (--ifmib) Agent supports IFMIB ifXTable. Do not use if\n";
323 printf " you don't know what this is. \n";
324 printf " -n (--name) the value should match the returned ifName\n";
325 printf " (Implies the use of -I)\n";
326 printf " -w (--warn =i|w|c) ignore|warn|crit if the interface is dormant (default critical)\n";
327 printf " -D (--admin-down =i|w|c) same for administratively down interfaces (default warning)\n";
328 printf " -M (--maxmsgsize) Max message size - useful only for v1 or v2c\n";
329 printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n";
330 printf " -V (--version) Plugin version\n";
331 printf " -h (--help) usage help \n\n";
332 printf " -k or -d or -T must be specified\n\n";
333 printf "Note: either -k or -d or -T must be specified and -d and -T are much more network \n";
334 printf "intensive. Use it sparingly or not at all. -n is used to match against\n";
335 printf "a much more descriptive ifName value in the IfXTable to verify that the\n";
336 printf "snmpkey has not changed to some other network interface after a reboot.\n\n";
340 sub process_arguments() {
341 $status = GetOptions(
342 "V" => \$opt_V, "version" => \$opt_V,
343 "h" => \$opt_h, "help" => \$opt_h,
344 "v=i" => \$snmp_version, "snmp_version=i" => \$snmp_version,
345 "C=s" => \$community, "community=s" => \$community,
346 "L=s" => \$seclevel, "seclevel=s" => \$seclevel,
347 "a=s" => \$authproto, "authproto=s" => \$authproto,
348 "U=s" => \$secname, "secname=s" => \$secname,
349 "A=s" => \$authpass, "authpass=s" => \$authpass,
350 "X=s" => \$privpass, "privpass=s" => \$privpass,
351 "P=s" => \$privproto, "privproto=s" => \$privproto,
352 "c=s" => \$context, "context=s" => \$context,
353 "k=i" => \$snmpkey, "key=i",\$snmpkey,
354 "d=s" => \$ifdescr, "descr=s" => \$ifdescr,
355 "l=s" => \$lastc, "lastchange=s" => \$lastc,
356 "p=i" => \$port, "port=i" =>\$port,
357 "H=s" => \$hostname, "hostname=s" => \$hostname,
358 "I" => \$ifXTable, "ifmib" => \$ifXTable,
359 "n=s" => \$ifName, "name=s" => \$ifName,
360 "w=s" => \$dormantWarn, "warn=s" => \$dormantWarn,
361 "D=s" => \$adminWarn, "admin-down=s" => \$adminWarn,
362 "M=i" => \$maxmsgsize, "maxmsgsize=i" => \$maxmsgsize,
363 "t=i" => \$timeout, "timeout=i" => \$timeout,
364 "T=i" => \$iftype, "type=i" => \$iftype,
370 exit $ERRORS{'UNKNOWN'};
374 print_revision($PROGNAME,'@NP_VERSION@');
375 exit $ERRORS{'UNKNOWN'};
380 exit $ERRORS{'UNKNOWN'};
383 if (! utils::is_hostname($hostname)){
384 usage("Hostname invalid or not given");
387 unless ($snmpkey > 0 || defined $ifdescr || defined $iftype){
388 usage("Either a valid snmp key (-k) or a ifDescr (-d) must be provided");
391 if (defined $ifName) {
395 if (defined $dormantWarn) {
396 unless ($dormantWarn =~ /^(w|c|i)$/ ) {
397 printf "Dormant alerts must be one of w|c|i \n";
398 exit $ERRORS{'UNKNOWN'};
402 unless (defined $timeout) {
406 if ($snmp_version !~ /[123]/){
408 print ("$state: No support for SNMP v$snmp_version yet\n");
409 exit $ERRORS{$state};
413 -hostname => $hostname,
415 -version => $snmp_version,
416 -maxmsgsize => $maxmsgsize
419 $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
421 if ($snmp_version =~ /3/ ) {
422 # Must define a security level even though default is noAuthNoPriv
423 # v3 requires a security username
424 if (defined $seclevel && defined $secname) {
425 $session_opts{'-username'} = $secname;
427 # Must define a security level even though default is noAuthNoPriv
428 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
429 usage
("Must define a valid security level even though default is noAuthNoPriv");
432 # Authentication wanted
433 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
434 if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
435 usage
("Auth protocol can be either MD5 or SHA1");
437 $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
439 if ( !defined $authpass) {
440 usage
("Auth password/key is not defined");
442 if ($authpass =~ /^0x/ ) {
443 $session_opts{'-authkey'} = $authpass ;
445 $session_opts{'-authpassword'} = $authpass ;
450 # Privacy (DES encryption) wanted
451 if ($seclevel eq 'authPriv' ) {
452 if (! defined $privpass) {
453 usage
("Privacy passphrase/key is not defined");
455 if ($privpass =~ /^0x/){
456 $session_opts{'-privkey'} = $privpass;
458 $session_opts{'-privpassword'} = $privpass;
462 $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
465 # Context name defined or default
466 unless ( defined $context) {
471 usage
("Security level or name is not defined");