Skip to content

Commit

Permalink
SNMPv3 GETBULK and authNoPriv mode (#1)
Browse files Browse the repository at this point in the history
* Changed from SNMP `GETNEXT` to `GETBULK` (performance improvement)
* Added support for SNMPv3 authNoPriv mode
* fixed pylint consider-using-f-string
  • Loading branch information
m-erhardt authored Nov 11, 2021
1 parent 0d0e735 commit 04e2052
Show file tree
Hide file tree
Showing 10 changed files with 120 additions and 44 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pylint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,4 @@ jobs:
pip install -r requirements.txt
- name: Analysing the code with pylint
run: |
pylint ./*.py --disable=duplicate-code --disable=too-many-branches --disable=too-many-locals --disable=consider-using-f-string
pylint ./*.py --disable=duplicate-code --disable=too-many-branches --disable=too-many-locals
7 changes: 3 additions & 4 deletions README.md
100755 → 100644
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
[![Pylint](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pylint.yml/badge.svg)](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pylint.yml) [![pycodestyle](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pycodestyle.yml/badge.svg)](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pycodestyle.yml)
[![Pylint](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pylint.yml/badge.svg)](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pylint.yml) [![pycodestyle](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pycodestyle.yml/badge.svg)](https://github.com/m-erhardt/check-cisco-plugins/actions/workflows/pycodestyle.yml) [![Release](https://img.shields.io/github/release/m-erhardt/check-cisco-plugins.svg)](https://github.com/m-erhardt/check-cisco-plugins/releases)
# check-cisco-plugins

## About
* this repository contains a collection of Icinga / Nagios plugins to monitor Cisco IOS and NX-OS devices via SNMPv3
* Written for python 3
* Uses SNMPv3 in AuthPriv mode
* Uses SNMPv3 in AuthPriv or authNoPriv mode

### Compatibility
these plugins were developed / tested on the following models:
Expand Down Expand Up @@ -35,6 +35,5 @@ these plugins were developed / tested on the following models:
pylint ./*.py \
--disable=duplicate-code \
--disable=too-many-branches \
--disable=too-many-locals \
--disable=consider-using-f-string
--disable=too-many-locals
```
29 changes: 23 additions & 6 deletions check_cisco_cpuload.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import sys
from argparse import ArgumentParser
from itertools import chain
from pysnmp.hlapi import nextCmd, SnmpEngine, UsmUserData, \
from pysnmp.hlapi import bulkCmd, SnmpEngine, UsmUserData, \
UdpTransportTarget, \
ObjectType, ObjectIdentity, \
ContextData, usmHMACMD5AuthProtocol, \
Expand Down Expand Up @@ -62,6 +62,10 @@ def get_args():
default=10)
parser.add_argument("-u", "--user", required=True,
help="SNMPv3 user name", type=str, dest='user')
parser.add_argument("-l", "--seclevel", required=False,
help="SNMPv3 security level", type=str,
dest="v3mode",
choices=["authPriv", "authNoPriv"], default="authPriv")
parser.add_argument("-A", "--authkey", required=True,
help="SNMPv3 auth key", type=str, dest='authkey')
parser.add_argument("-X", "--privkey", required=True,
Expand Down Expand Up @@ -96,25 +100,38 @@ def get_snmp_table(table_oid, args):
# initialize empty list for return object
table = []

iterator = nextCmd(
if args.v3mode == "authPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey, args.privkey,
authProtocol=authprot[args.authmode],
privProtocol=privprot[args.privmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)
)
elif args.v3mode == "authNoPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey,
authProtocol=authprot[args.authmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)

for error_indication, error_status, error_index, var_binds in iterator:
if error_indication:
exit_plugin("3", ''.join(['SNMP error: ', str(error_indication)]), "")
elif error_status:
print('%s at %s' % (error_status.prettyPrint(),
error_index and
var_binds[int(error_index) - 1][0] or '?'))
print(f"{error_status.prettyPrint()} at "
f"{error_index and var_binds[int(error_index) - 1][0] or '?'}")
else:
# split OID and value into two fields and append to return element
table.append([str(var_binds[0][0]), str(var_binds[0][1])])
Expand Down
34 changes: 26 additions & 8 deletions check_cisco_envtemp.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ def get_args():
type=int, dest='timeout', default=10)
parser.add_argument("-u", "--user", required=True, help="SNMPv3 user name",
type=str, dest='user')
parser.add_argument("-l", "--seclevel", required=False,
help="SNMPv3 security level", type=str,
dest="v3mode",
choices=["authPriv", "authNoPriv"], default="authPriv")
parser.add_argument("-A", "--authkey", required=True,
help="SNMPv3 auth key", type=str, dest='authkey')
parser.add_argument("-X", "--privkey", required=True,
Expand Down Expand Up @@ -91,28 +95,42 @@ def get_snmp_table(table_oid, args):
# initialize empty list for return object
table = []

iterator = bulkCmd(
if args.v3mode == "authPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey, args.privkey,
authProtocol=authprot[args.authmode],
privProtocol=privprot[args.privmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 50,
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False
)
lexicographicMode=False,
lookupMib=False
)
elif args.v3mode == "authNoPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey,
authProtocol=authprot[args.authmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)

for error_indication, error_status, error_index, var_binds in iterator:
if error_indication:
exit_plugin("3", ''.join(['SNMP error: ', str(error_indication)]), "")
elif error_status:
print('%s at %s' % (error_status.prettyPrint(),
error_index and
var_binds[int(error_index) - 1][0] or '?'))
print(f"{error_status.prettyPrint()} at "
f"{error_index and var_binds[int(error_index) - 1][0] or '?'}")
else:
# split OID and value into two fields and append to return element
table.append(str(var_binds[0]).split("="))
table.append([str(var_binds[0][0]), str(var_binds[0][1])])

# return list with all OIDs/values from snmp table
return table

Expand Down
29 changes: 23 additions & 6 deletions check_cisco_memusage.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import sys
from argparse import ArgumentParser
from itertools import chain
from pysnmp.hlapi import nextCmd, SnmpEngine, UsmUserData, \
from pysnmp.hlapi import bulkCmd, SnmpEngine, UsmUserData, \
UdpTransportTarget, \
ObjectType, ObjectIdentity, \
ContextData, usmHMACMD5AuthProtocol, \
Expand Down Expand Up @@ -62,6 +62,10 @@ def get_args():
default=10)
parser.add_argument("-u", "--user", required=True,
help="SNMPv3 user name", type=str, dest='user')
parser.add_argument("-l", "--seclevel", required=False,
help="SNMPv3 security level", type=str,
dest="v3mode",
choices=["authPriv", "authNoPriv"], default="authPriv")
parser.add_argument("-A", "--authkey", required=True,
help="SNMPv3 auth key", type=str, dest='authkey')
parser.add_argument("-X", "--privkey", required=True,
Expand Down Expand Up @@ -95,25 +99,38 @@ def get_snmp_table(table_oid, args):
# initialize empty list for return object
table = []

iterator = nextCmd(
if args.v3mode == "authPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey, args.privkey,
authProtocol=authprot[args.authmode],
privProtocol=privprot[args.privmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)
)
elif args.v3mode == "authNoPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey,
authProtocol=authprot[args.authmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)

for error_indication, error_status, error_index, var_binds in iterator:
if error_indication:
exit_plugin("3", ''.join(['SNMP error: ', str(error_indication)]), "")
elif error_status:
print('%s at %s' % (error_status.prettyPrint(),
error_index and
var_binds[int(error_index) - 1][0] or '?'))
print(f"{error_status.prettyPrint()} at "
f"{error_index and var_binds[int(error_index) - 1][0] or '?'}")
else:
# split OID and value into two fields and append to return element
table.append([str(var_binds[0][0]), str(var_binds[0][1])])
Expand Down
35 changes: 27 additions & 8 deletions check_cisco_stackmodules.py
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

import sys
from argparse import ArgumentParser
from pysnmp.hlapi import nextCmd, SnmpEngine, UsmUserData, \
from pysnmp.hlapi import bulkCmd, SnmpEngine, UsmUserData, \
UdpTransportTarget, \
ObjectType, ObjectIdentity, \
ContextData, usmHMACMD5AuthProtocol, \
Expand Down Expand Up @@ -79,6 +79,10 @@ def get_args():
type=int, dest='timeout', default=10)
parser.add_argument("--user", required=True, help="SNMPv3 user name",
type=str, dest='user')
parser.add_argument("-l", "--seclevel", required=False,
help="SNMPv3 security level", type=str,
dest="v3mode",
choices=["authPriv", "authNoPriv"], default="authPriv")
parser.add_argument("--authkey", required=True, help="SNMPv3 auth key",
type=str, dest='authkey')
parser.add_argument("--privkey", required=True, help="SNMPv3 priv key",
Expand All @@ -102,27 +106,42 @@ def get_snmp_table(table_oid, args):
# initialize empty list for return object
table = []

iterator = nextCmd(
if args.v3mode == "authPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey, args.privkey,
authProtocol=authprot[args.authmode],
privProtocol=privprot[args.privmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False
)
lexicographicMode=False,
lookupMib=False
)
elif args.v3mode == "authNoPriv":
iterator = bulkCmd(
SnmpEngine(),
UsmUserData(args.user, args.authkey,
authProtocol=authprot[args.authmode]),
UdpTransportTarget((args.host, args.port), timeout=args.timeout),
ContextData(),
0, 20,
ObjectType(ObjectIdentity(table_oid)),
lexicographicMode=False,
lookupMib=False
)

for error_indication, error_status, error_index, var_binds in iterator:
if error_indication:
exit_plugin("3", ''.join(['SNMP error: ', str(error_indication)]), "")
elif error_status:
print('%s at %s' % (error_status.prettyPrint(),
error_index and
var_binds[int(error_index) - 1][0] or '?'))
print(f"{error_status.prettyPrint()} at "
f"{error_index and var_binds[int(error_index) - 1][0] or '?'}")
else:
# split OID and value into two fields and append to return element
table.append(str(var_binds[0]).split("="))
table.append([str(var_binds[0][0]), str(var_binds[0][1])])

# return list with all OIDs/values from snmp table
return table

Expand Down
7 changes: 4 additions & 3 deletions docs/check_cisco_cpuload.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@
## Usage

```
./check_cisco_cpuload.py --help
usage: check_cisco_cpuload.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER -A
AUTHKEY -X PRIVKEY
usage: check_cisco_cpuload.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER
[-l {authPriv,authNoPriv}] -A AUTHKEY -X PRIVKEY
[-a {MD5,SHA,SHA224,SHA256,SHA384,SHA512}]
[-x {DES,3DES,AES,AES192,AES256}] [-w WARN]
[-c CRIT]
Expand All @@ -22,6 +21,8 @@ optional arguments:
-t TIMEOUT, --timeout TIMEOUT
SNMP timeout
-u USER, --user USER SNMPv3 user name
-l {authPriv,authNoPriv}, --seclevel {authPriv,authNoPriv}
SNMPv3 security level
-A AUTHKEY, --authkey AUTHKEY
SNMPv3 auth key
-X PRIVKEY, --privkey PRIVKEY
Expand Down
7 changes: 4 additions & 3 deletions docs/check_cisco_envtemp.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@
## Usage

```
./check_cisco_envtemp.py --help
usage: check_cisco_envtemp.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER -A
AUTHKEY -X PRIVKEY
usage: check_cisco_envtemp.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER
[-l {authPriv,authNoPriv}] -A AUTHKEY -X PRIVKEY
[-a {MD5,SHA,SHA224,SHA256,SHA384,SHA512}]
[-x {DES,3DES,AES,AES192,AES256}]
[--os {ios,nxos}] [--scale SCALE]
Expand All @@ -22,6 +21,8 @@ optional arguments:
-t TIMEOUT, --timeout TIMEOUT
SNMP timeout
-u USER, --user USER SNMPv3 user name
-l {authPriv,authNoPriv}, --seclevel {authPriv,authNoPriv}
SNMPv3 security level
-A AUTHKEY, --authkey AUTHKEY
SNMPv3 auth key
-X PRIVKEY, --privkey PRIVKEY
Expand Down
8 changes: 5 additions & 3 deletions docs/check_cisco_memusage.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
## Usage

```
./check_cisco_memusage.py --help
usage: check_cisco_memusage.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER -A
AUTHKEY -X PRIVKEY
usage: check_cisco_memusage.py [-h] -H HOST [-p PORT] [-t TIMEOUT] -u USER
[-l {authPriv,authNoPriv}] -A AUTHKEY -X
PRIVKEY
[-a {MD5,SHA,SHA224,SHA256,SHA384,SHA512}]
[-x {DES,3DES,AES,AES192,AES256}] [-w WARN]
[-c CRIT]
Expand All @@ -23,6 +23,8 @@ optional arguments:
-t TIMEOUT, --timeout TIMEOUT
SNMP timeout
-u USER, --user USER SNMPv3 user name
-l {authPriv,authNoPriv}, --seclevel {authPriv,authNoPriv}
SNMPv3 security level
-A AUTHKEY, --authkey AUTHKEY
SNMPv3 auth key
-X PRIVKEY, --privkey PRIVKEY
Expand Down
6 changes: 4 additions & 2 deletions docs/check_cisco_stackmodules.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
## Usage

```
./check_cisco_stackmodules.py --help
usage: check_cisco_stackmodules.py [-h] --host HOST [--port PORT]
[--timeout TIMEOUT] --user USER --authkey
[--timeout TIMEOUT] --user USER
[-l {authPriv,authNoPriv}] --authkey
AUTHKEY --privkey PRIVKEY
[--authmode {MD5,SHA,SHA224,SHA256,SHA384,SHA512}]
[--privmode {DES,3DES,AES,AES192,AES256}]
Expand All @@ -20,6 +20,8 @@ optional arguments:
--port PORT SNMP port
--timeout TIMEOUT SNMP timeout
--user USER SNMPv3 user name
-l {authPriv,authNoPriv}, --seclevel {authPriv,authNoPriv}
SNMPv3 security level
--authkey AUTHKEY SNMPv3 auth key
--privkey PRIVKEY SNMPv3 priv key
--authmode {MD5,SHA,SHA224,SHA256,SHA384,SHA512}
Expand Down

0 comments on commit 04e2052

Please sign in to comment.