centreon-plugins icon indicating copy to clipboard operation
centreon-plugins copied to clipboard
verified publisher icon centreon

[network::fortinet::fortigate::snmp::plugin]: mode interfaces return impossible traffic values

Open christophe-activiumid opened this issue 5 months ago • 1 comments

Quick description

Metric for traffic on the fortigate plugin returns value that are on a wrong scale (Tb/s instead of Mb/s)

How to reproduce

the issue is variable and does not appear everytime, it usually disappears when running the check in command line so debugging hard

  • Environment: Linux 4.18.0-553.66.1.el8_10.x86_64 #1 SMP Wed Aug 6 13:33:37 EDT 2025 x86_64 x86_64 x86_64 GNU/Linux AlmaLinux release 8.10 (Cerulean Leopard)
  • Version of the plugin: centreon-plugin-Network-Firewalls-Fortinet-Fortigate-Snmp-20250700-1.el8.noarch
  • Information about the monitored resource:
  • fortigate 7.4.6 (also 7.4.4, occurs on multiple equipements)
  • Command line: /usr/lib/centreon/plugins/centreon_fortinet_fortigate.pl --plugin=network::fortinet::fortigate::snmp::plugin --mode=interfaces --hostname=x --snmp-version='2c' --snmp-community='x' --interface='^LAN$' --name --add-status --add-traffic --critical-status='%{admstatus} eq "up" and %{opstatus} ne "up"' --warning-in-traffic='' --critical-in-traffic='' --warning-out-traffic='' --critical-out-traffic='' --verbose --debug

here is 2 outputs OK: Interface 'LAN' Status : up (admin: up), Traffic In : 975.98Gb/s (4879.91%), Traffic Out : 819.85Kb/s (0.00%) | 'traffic_in'=975981983317.91b/s;;;0;20000000000 'traffic_out'=819845.77b/s;;;0;20000000000 .1.3.6.1.2.1.2.2.1.5.45 = 4294967295 .1.3.6.1.2.1.2.2.1.7.45 = 1 .1.3.6.1.2.1.2.2.1.8.45 = 1 .1.3.6.1.2.1.2.2.1.10.45 = 4013101544 .1.3.6.1.2.1.2.2.1.16.45 = 11375360 .1.3.6.1.2.1.31.1.1.1.6.45 = 13541750018536 .1.3.6.1.2.1.31.1.1.1.10.45 = 11375360 .1.3.6.1.2.1.31.1.1.1.15.45 = 20000 Interface 'LAN' Status : up (admin: up), Traffic In : 975.98Gb/s (4879.91%), Traffic Out : 819.85Kb/s (0.00%)

OK: Interface 'LAN' Status : up (admin: up), Traffic In : 1.75Tb/s (8736.72%), Traffic Out : 1.47Mb/s (0.01%) | 'traffic_in'=1747344042106.32b/s;;;0;20000000000 'traffic_out'=1468052.65b/s;;;0;20000000000 .1.3.6.1.2.1.2.2.1.5.45 = 4294967295 .1.3.6.1.2.1.2.2.1.7.45 = 1 .1.3.6.1.2.1.2.2.1.8.45 = 1 .1.3.6.1.2.1.2.2.1.10.45 = 4179409332 .1.3.6.1.2.1.2.2.1.16.45 = 11377408 .1.3.6.1.2.1.31.1.1.1.6.45 = 13541916326324 .1.3.6.1.2.1.31.1.1.1.10.45 = 11377408 .1.3.6.1.2.1.31.1.1.1.15.45 = 20000 Interface 'LAN' Status : up (admin: up), Traffic In : 1.75Tb/s (8736.72%), Traffic Out : 1.47Mb/s (0.01%)

they were run a few seconds apart, there were 166307788 bytes difference on the traffic-in OID which is about 158MB or 1268Mbit. I don't have the exact delay between the 2 checks, but I would say about 15sec. but the perfdata reported is 1.75Tb/s (the physical nic is a 2x10Gbps, which is the 20000 )

the issue is completely random on any fortinet traffic check, here is a graph, unreadable now because the "correct" value between 0 and 1Gbps are squashed by Terabits values

Image

One thing to note, this seems to be happening since a few month, it is not a recent issue but no one reported it to me... I checked and I could see the issue appearing as far as 2025-02-28

Image

I don't see the issue on any other interface traffic check, I don't understand (as the mode looks like basic snmp interface) it could coincide with major OS update for FortiOS, and I was thinking maybe fortios reported wrong data, but apparently the counter are consistent with what we see on the FW UI, that debug value above was "real" traffic I don't really understand how the calculation is done

also I tried purging all cachefile in case there was something wrong, the issue disappear for a time then things go back to enormous values

christophe-activiumid avatar Aug 14 '25 07:08 christophe-activiumid

Hello :)

Thank you for your feedback. We have realised that it seems to point to the same issue as https://github.com/centreon/centreon-plugins/issues/5054, and we have therefore raised the priority of the associated development ticket. We will keep you informed of progress on this issue.

Kind regards

lucie-tirand avatar Aug 28 '25 12:08 lucie-tirand

Hi, The issue should be fixed in the December Release. Feel free to reopen the issue if the problem persists after updating your plugin.

omercier avatar Dec 16 '25 15:12 omercier

I'm sorry I didn't update this issue before, I found a few weeks ago why this issue was happening and I didn't see the notification here...

TL;DR I don't think it is the same issue, as #5054, it was a centreon cache issue caused by a bad usage from my part

in depth, I have fortigate cluster, and I use 3 host for a cluster, I have the same IP on the 3 host, 1 for the "vip", and one for node 1 and one for node 2 with a snmp community built with "snmpcommunity-serialnumber" you can have the hardware status of each node

unfortunately I enabled autodiscover for all the interfaces and all the traffic were discovered on all 3 hosts, not really a problem but technically all the 3 host have the same IP, so it uses only 1 cache file, that's what caused the abnormal value (as the cache is used to computer the bandwidth over time)

for now I added an extra option on the traffic check : --statefile-suffix='$HOSTNAME$' (I had to create a new custom command, and modify the service template)

I think I need to rethink the host template for the "vip" host, and the "node" host to make them independant and not have the autodiscover on the nodes, they are based on the same fortigate template oob currently

christophe-activiumid avatar Dec 16 '25 16:12 christophe-activiumid