centreon
network::stormshield::snmp::plugin --mode=interfaces
Hello,
I supervise differents stormshield firewalls but some firewalls do not respond.
They have the same firmware and it's the same model.
`$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=xx.xx.xx.xx --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic OK: All interfaces are ok | 'traffic_in_mvxpe0'=2963547.48b/s;;;0;10000000 'traffic_out_mvxpe0'=1404903.25b/s;;;0;10000000 'traffic_in_eth4'=0.00b/s;;;0;20000000 'traffic_out_eth4'=0.00b/s;;;0;20000000 'traffic_in_eth5'=0.00b/s;;;0;20000000 'traffic_out_eth5'=0.00b/s;;;0;20000000 'traffic_in_eth6'=0.00b/s;;;0;20000000 'traffic_out_eth6'=0.00b/s;;;0;20000000 'traffic_in_eth7'=0.00b/s;;;0;20000000 'traffic_out_eth7'=0.00b/s;;;0;20000000 'traffic_in_tun0'=0.00b/s;;;0; 'traffic_out_tun0'=0.00b/s;;;0; 'traffic_in_tun1'=0.00b/s;;;0; 'traffic_out_tun1'=0.00b/s;;;0; 'traffic_in_vlan0'=0.00b/s;;;0;20000000 'traffic_out_vlan0'=0.00b/s;;;0;20000000 'traffic_in_vlan1'=5510977.47b/s;;;0;20000000 'traffic_out_vlan1'=2200863.12b/s;;;0;20000000 'traffic_in_ng0'=5365627.45b/s;;;0;64000 'traffic_out_ng0'=2134053.24b/s;;;0;64000 'traffic_in_mvxpe1'=13128661.65b/s;;;0;10000000 'traffic_out_mvxpe1'=6396456.22b/s;;;0;10000000 'traffic_in_enc0'=17903.50b/s;;;0; 'traffic_out_enc0'=24815.28b/s;;;0; 'traffic_in_lo0'=724.67b/s;;;0; 'traffic_out_lo0'=724.67b/s;;;0; 'traffic_in_lagg0'=8011435.36b/s;;;0;20000000 'traffic_out_lagg0'=7700210.92b/s;;;0;20000000 'traffic_in_eth0'=5537403.20b/s;;;0;20000000 'traffic_out_eth0'=2218247.09b/s;;;0;20000000 'traffic_in_eth1'=2427643.80b/s;;;0;20000000 'traffic_out_eth1'=5471363.17b/s;;;0;20000000 'traffic_in_eth2'=0.00b/s;;;0;20000000 'traffic_out_eth2'=0.00b/s;;;0;20000000 'traffic_in_eth3'=90.16b/s;;;0;20000000 'traffic_out_eth3'=0.00b/s;;;0;20000000
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout`
Hi,
Timeout means that either you don't use the correct community string, or something between your poller and the device is filtering your request.
You can also try to increase the timeout value just in case the Stormshield box is a little bit busy and take some extra time processing plugin's requests.
Try to add --snmp-timeout=3
I still have the same problem, example with the host where the service is unknown and the host where the service is OK.
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=xx.xx.xx.xx --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic --snmp-timeout=6 UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic --snmp-timeout=6 OK: All interfaces are ok | 'traffic_in_mvxpe0'=0.00b/s;;;0;1000000000 'traffic_out_mvxpe0'=0.00b/s;;;0;1000000000 'traffic_in_vlan2'=1121.14b/s;;;0;1000000000 'traffic_out_vlan2'=1051.06b/s;;;0;1000000000 'traffic_in_mvxpe1'=56428.33b/s;;;0;1000000000 'traffic_out_mvxpe1'=43317.90b/s;;;0;1000000000 'traffic_in_mvxpe2'=87591.26b/s;;;0;1000000000 'traffic_out_mvxpe2'=27284.11b/s;;;0;1000000000 'traffic_in_enc0'=0.00b/s;;;0; 'traffic_out_enc0'=0.00b/s;;;0; 'traffic_in_lo0'=493.33b/s;;;0; 'traffic_out_lo0'=493.33b/s;;;0; 'traffic_in_tun0'=0.00b/s;;;0; 'traffic_out_tun0'=0.00b/s;;;0; 'traffic_in_tun1'=0.00b/s;;;0; 'traffic_out_tun1'=0.00b/s;;;0; 'traffic_in_vlan0'=1065.49b/s;;;0;1000000000 'traffic_out_vlan0'=74.58b/s;;;0;1000000000 'traffic_in_vlan1'=0.00b/s;;;0;1000000000 'traffic_out_vlan1'=0.00b/s;;;0;1000000000
Hey there, I got the same issue here : #/usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=WW.XX.YY.ZZ --snmp-version='2c' --snmp-community='public' --add-status --add-traffic --interface="" --name --snmp-autoreduce --statefile-dir ./stateFiletest --snmp-timeout=6 UNKNOWN: SNMP GET Request: Timeout
Using this command (with --snmp-autoreduce) the statefile is populated with data . But still timeout error thrown. If arg --snmp-autoreduce is not used : state file is not populated.
Note that snmpwalk against the same target is working : #snmpwalk -v 2c -c public WW.XX.YY.ZZ SNMPv2-MIB::sysDescr.0 = STRING: NS-BSD SN210A17Bxxxxxx arm SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.11256.2.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (121161286) 14 days, 0:33:32.86 SNMPv2-MIB::sysContact.0 = STRING: XXXXXXXXXXXX
--force-counters64 option do not seem to works too #/usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=W.XYZ-snmp-version='2c' --snmp-community='public' --add-status --add-traffic --interface="" --name --snmp-autoreduce --statefile-dir ./stateFiletest --snmp-timeout=1 --force-counters64 UNKNOWN: SNMP GET Request: Timeout
Maybe you can add directly: /usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=W.XYZ-snmp-version='2c' --snmp-community='public' --add-status --add-traffic --interface="" --name --snmp-autoreduce --statefile-dir ./stateFiletest --force-counters64 --snmp-force-getnext --subsetleef=10
I was trying all snmp options while you where writing your message. adding --snmp-force-getnext --subsetleef=10 do not work either.
I tried to add --verbose option but it does not seem to do anything, you know how to make it works, maybe it should give more debug data.
it seems like an issue with the stormshield snmp agent. you should ask to stormshield support maybe
I just open a new case to stormshield technical support. will post any relevant update here. Can someone tell me how to active debug on centreon_stormshield_snmp.pl script ?
No OIDs displayed, 'timeout' is displayed right after the command line
I juste tryied one more time today and i have more data displayed, now it shoes OIDs
/usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=XXXXXXXXX --snmp-version='2c' --snmp-community='XXXXXX' --add-status --add-traffic --statefile-dir ./stateFiletest --interface='' --name --snmp-autoreduce --debug-stream .1.3.6.1.2.1.31.1.1.1.1.1 = mvxpe0 .1.3.6.1.2.1.31.1.1.1.1.2 = mvxpe1 .1.3.6.1.2.1.31.1.1.1.1.3 = mvxpe2 .1.3.6.1.2.1.31.1.1.1.1.4 = enc0 .1.3.6.1.2.1.31.1.1.1.1.5 = lo0 .1.3.6.1.2.1.31.1.1.1.1.6 = tun0 .1.3.6.1.2.1.31.1.1.1.1.7 = tun1 UNKNOWN: SNMP GET Request: Timeout
There is an snmp agent issue. Maybe you could use the new plugin stormshield with the API: https://github.com/centreon/centreon-plugins/archive/refs/heads/MON-15453-add-stormshield-api.zip
$ perl centreon_plugins.pl--plugin=network::stormshield::api::plugin --mode=interfaces --hostname=10.25.7.145 --api-username=xxx --api-password=yyy --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors
I got an error : Can't locate network/stormshield/api/plugin.pm What is the lastest plugin version that is supporting stormshield API
Or, where do i have to copy files from the above (MON-15453-add-stormshield-api.zip )
It seems to works : perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --mode=interfaces --hostname=aa.bb.cc.dd --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors --port=37443 --insecure
[.....truncated......] Interface 'Ethernet0' [out] status: plugged (enabled), traffic in: 5.00b/s (-), traffic out: 5.00b/s (-), packets accepted: 18.75% (3 on 16), packets blocked: 81.25% (13 on 16) Interface 'Ethernet1' [in] status: plugged (enabled), traffic in: 155.00b/s (-), traffic out: 144.00b/s (-), packets accepted: 38.71% (24 on 62), packets blocked: 61.29% (38 on 62)
--filter-user-name and --filter-real-name options seems fail on data filtering : perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --mode=interfaces --hostname=aa.bb.cc.dd --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors --port=37443 --insecure --filter-real-name="out2"
CRITICAL: Interface 'ipsec' [ipsec] status: unplugged (enabled) - Interface 'sslvpn0' [sslvpn] status: unplugged (enabled) - Interface 'sslvpn1' [sslvpn_udp] status: unplugged (enabled) | 'out~Ethernet0#interface.traffic.in.bitspersecond'=4.00;;;0; 'out~Ethernet0#interface.traffic.out.bitspersecond'=4.00;;;0; 'out~Ethernet0#interface.packets.accepted.percentage'=10.87%;;;0;100 'out~Ethernet0#interface.packets.blocked.percentage'=89.13%;;;0;100 'in~Ethernet1#interface.traffic.in.bitspersecond'=212.00;;;0; 'in~Ethernet1#interface.traffic.out.bitspersecond'=309.00;;;0; 'in~Ethernet1#interface.packets.accepted.percentage'=42.95%;;;0;100 'in~Ethernet1#interface.packets.blocked.percentage'=57.05%;;;0;100 'out2~Ethernet2#interface.traffic.in.bitspersecond'=458.00;;;0; 'out2~Ethernet2#interface.traffic.out.bitspersecond'=540.00;;;0; 'out2~Ethernet2#interface.packets.accepted.percentage'=47.09%;;;0;100 'out2~Ethernet2#interface.packets.blocked.percentage'=52.91%;;;0;100 'ipsec~ipsec#interface.traffic.in.bitspersecond'=0.00;;;0; 'ipsec~ipsec#interface.traffic.out.bitspersecond'=0.00;;;0; 'ipsec~ipsec#interface.packets.accepted.percentage'=100.00%;;;0;100 'ipsec~ipsec#interface.packets.blocked.percentage'=0.00%;;;0;100 'sslvpn~sslvpn0#interface.traffic.in.bitspersecond'=0.00;;;0; 'sslvpn~sslvpn0#interface.traffic.out.bitspersecond'=0.00;;;0; 'sslvpn~sslvpn0#interface.packets.accepted.percentage'=0.00%;;;0;100 'sslvpn~sslvpn0#interface.packets.blocked.percentage'=0.00%;;;0;100 'sslvpn_udp~sslvpn1#interface.traffic.in.bitspersecond'=0.00;;;0; 'sslvpn_udp~sslvpn1#interface.traffic.out.bitspersecond'=0.00;;;0; 'sslvpn_udp~sslvpn1#interface.packets.accepted.percentage'=0.00%;;;0;100 'sslvpn_udp~sslvpn1#interface.packets.blocked.percentage'=0.00%;;;0;100
Interface 'Ethernet0' [out] status: plugged (enabled), traffic in: 4.00b/s (-), traffic out: 4.00b/s (-), packets accepted: 10.87% (10 on 92), packets blocked: 89.13% (82 on 92)
Interface 'Ethernet1' [in] status: plugged (enabled), traffic in: 212.00b/s (-), traffic out: 309.00b/s (-), packets accepted: 42.95% (134 on 312), packets blocked: 57.05% (178 on 312)
Interface 'Ethernet2' [out2] status: plugged (enabled), traffic in: 458.00b/s (-), traffic out: 540.00b/s (-), packets accepted: 47.09% (316 on 671), packets blocked: 52.91% (355 on 671)
Interface 'ipsec' [ipsec] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 100.00% (3 on 3), packets blocked: 0.00% (0 on 3)
Interface 'sslvpn0' [sslvpn] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 0.00% (0 on 0), packets blocked: 0.00% (0 on 0)
Interface 'sslvpn1' [sslvpn_udp] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 0.00% (0 on 0), packets blocked: 0.00% (0 on 0)
Sorry, but I dont understand what you asked. Can you make your question more precise ?
To use the API instead of SNMP is ok for you ? I'm going to add a memory and HA mode (for stormshield API)
Yeah it worked, but note that when using API, option --filter-user-name and --filter-real-name do not works (see : https://github.com/centreon/centreon-plugins/issues/3899#issuecomment-1337564628)
Let me know if you want to test HA and memory feature when ready. I have some devices available
@guillaumechardin I have added modes: 'ha' and 'memory'. You can test it if you download the archive (same link)