├── check_updates.ps1 ├── check_services.ps1 ├── check_azureadconnectsync.ps1 ├── check_bejobs.ps1 ├── check_wsb.ps1 ├── README.md ├── check_icingaversion.ps1 ├── check_iis.ps1 ├── check_diskq.sh ├── install_icinga.ps1 ├── check_adreplication.ps1 ├── check_veeamjobs.ps1 ├── check_wg_cpu.sh ├── check_wg_mem.sh ├── check_wg_signatures.sh ├── check_wg_tunnels.sh ├── check_wg_load.sh ├── check_diskdefragstatus.ps1 ├── check_wg_network.sh └── LICENSE /check_updates.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juangranados/nagios-plugins/HEAD/check_updates.ps1 -------------------------------------------------------------------------------- /check_services.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check all automatic services are running and try to start stopped ones. 4 | .DESCRIPTION 5 | Check all automatic services are running and returns Nagios output and code. 6 | Try to start stopped services manually. 7 | .OUTPUTS 8 | OK: All services running. 9 | WARNING: Services stopped but started manually. 10 | CRITICAL: Services stopped and could not started. 11 | .NOTES 12 | Author: Juan Granados 13 | #> 14 | 15 | $Services = Get-CimInstance win32_service -Filter "startmode = 'auto' AND state != 'running' AND exitcode != 0" | select name, startname, exitcode 16 | $ServicesRunning = Get-CimInstance win32_service -Filter "state = 'running'" 17 | if ([string]::IsNullOrEmpty($Services)) { 18 | Write-Output "OK: All services running | ServicesRunning=$($ServicesRunning.Count);0;0;0;0" 19 | Exit(0) 20 | } else { 21 | $ServicesStopped="" 22 | foreach ($Service in $Services){ 23 | Start-Service $($Service.Name) -ErrorAction SilentlyContinue | Out-Null 24 | if ($(Get-Service -Name $($Service.Name)).Status -eq "running") { 25 | $ServicesStopped += "$($Service.Name)(Started manually)," 26 | if ($ExitCode -eq 0) { 27 | $ExitCode = 1 28 | } 29 | } else { 30 | $ServicesStopped += "$($Service.Name)(Stopped)," 31 | $ExitCode = 2 32 | } 33 | } 34 | if ($ExitCode -eq 2) { 35 | Write-Output "CRITICAL: Service(s) stopped: $($ServicesStopped.TrimEnd(",")) | ServicesRunning=$($ServicesRunning.Count);0;0;0;0" 36 | Exit(2) 37 | } else { 38 | Write-Output "WARNING: Service(s) stopped: $($ServicesStopped.TrimEnd(",")) | ServicesRunning=$($ServicesRunning.Count);0;0;0;0" 39 | Exit(1) 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /check_azureadconnectsync.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Azure AD Connect Sync. 4 | .DESCRIPTION 5 | Check Azure AD Connect Sync status and returns Nagios output and code. 6 | .PARAMETER Hours 7 | Hours since the last synchronization. 8 | Default: 3 9 | .OUTPUTS 10 | OK: Azure AD Connect Sync sync cycle enabled and not synced within last -Hours. 11 | WARNING: Azure AD Connect Sync sync cycle enabled and not synced within last -Hours. 12 | CRITICAL: Azure AD Connect Sync sync cycle not enabled. 13 | .NOTES 14 | Author: Juan Granados 15 | #> 16 | Param( 17 | [Parameter(Mandatory=$false,Position=0)] 18 | [ValidateNotNullOrEmpty()] 19 | [int]$Hours=3 20 | ) 21 | 22 | $Output = "" 23 | $ExitCode = 0 24 | 25 | $pingEvents = Get-EventLog -LogName "Application" -Source "Directory Synchronization" -InstanceId 654 -After (Get-Date).AddHours(-$($Hours)) -ErrorAction SilentlyContinue | 26 | Sort-Object { $_.Time } -Descending 27 | if ($pingEvents -ne $null) { 28 | $Output = "Latest heart beat event (within last $($Hours) hours). Time $($pingEvents[0].TimeWritten)." 29 | } else { 30 | $Output = "No ping event found within last $($Hours) hours." 31 | $ExitCode = 1 32 | } 33 | 34 | $ADSyncScheduler = Get-ADSyncScheduler 35 | if (!$ADSyncScheduler.SyncCycleEnabled) { 36 | $ExitCode = 2 37 | } 38 | 39 | if ($ADSyncScheduler.StagingModeEnabled) { 40 | $Output = "Server is in stand by mode. $($Output)" 41 | } else { 42 | $Output = "Server is in active mode. $($Output)" 43 | } 44 | 45 | if ($ExitCode -eq 0) { 46 | Write-Host "OK: Azure AD Connect Sync is up and running. $($Output)" 47 | } elseif ($ExitCode -eq 1) { 48 | Write-Host "WARNING: Azure AD Connect Sync is enabled, but not syncing. $($Output)" 49 | } elseif ($ExitCode -eq 2) { 50 | Write-Host "CRITICAL: Azure AD Connect Sync is disabled. $($Output)" 51 | } 52 | 53 | Exit($ExitCode) 54 | -------------------------------------------------------------------------------- /check_bejobs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Backup Exec last scheduled job status. 4 | .DESCRIPTION 5 | Check Backup Exec last scheduled job status and returns Nagios output and code. 6 | .PARAMETER Hours 7 | Number of hours since now to check for backup jobs. 8 | Default 48. 9 | .OUTPUTS 10 | OK: All last backups jobs within $Hours successful. 11 | WARNING: Backup job status succeeded with exceptions. 12 | CRITICAL: Backup job failed. 13 | .EXAMPLE 14 | .\check_bejobs.ps1 -Hours 96 15 | .NOTES 16 | Author: Juan Granados 17 | Date: December 2017 18 | #> 19 | Param( 20 | [Parameter(Mandatory=$false,Position=0)] 21 | [ValidateNotNullOrEmpty()] 22 | [int]$Hours=48 23 | ) 24 | if (Get-Module -ListAvailable -Name BEMCLI) { 25 | Import-Module BEMCLI 26 | } else { 27 | Write-Output "UNKNOWN: Module BEMCLI does not exist." 28 | Exit 3 29 | } 30 | $OkStatus = 'Succeeded','Active' 31 | $StartTime = Get-Date 32 | $Jobs = Get-BEJobHistory | Where-Object { ($_.JobType -eq "Backup") -and ($_.StartTime -ge $StartTime.AddHours(-$Hours))} | Sort-Object -Property {$_.StartTime -as [datetime]} -Descending 33 | $ExitCode = 0 34 | $Output="" 35 | $TotalDataSizeBytes = 0 36 | $SuccessJobs = 0 37 | $FailedJobs = 0 38 | $JobsNames = New-Object System.Collections.ArrayList 39 | foreach ($Job in $Jobs) { 40 | if ( $JobsNames -contains $Job.Name) { 41 | continue 42 | } else { 43 | $JobsNames.Add($Job.Name) | Out-Null 44 | } 45 | $TotalDataSizeBytes += $Job.TotalDataSizeBytes 46 | 47 | if ($Job.JobStatus -eq "SucceededWithExceptions") { 48 | if ($ExitCode -lt 1) { 49 | $ExitCode = 1 50 | } 51 | $SuccessJobs++ 52 | } elseif (!($OkStatus -match $Job.JobStatus)) { 53 | $ExitCode = 2 54 | $FailedJobs++ 55 | } else { 56 | $SuccessJobs++ 57 | continue 58 | } 59 | $Output += "$($Job.Name) exited with status $($Job.JobStatus) at $($Job.EndTime)." 60 | 61 | } 62 | 63 | $PerformanceOutput = " | SuccessJobs=$($SuccessJobs);;;; FailedJobs=$($FailedJobs);1;1;; BackupSize=$([math]::round($TotalDataSizeBytes/1GB,3))GB;;;;" 64 | 65 | if ($ExitCode -eq 0) { 66 | Write-Host "All last backups jobs within $($Hours) hours successful.$($PerformanceOutput)" 67 | Exit(0) 68 | } elseif ($ExitCode -eq 1) { 69 | Write-Host "WARNING: $($Output)$($PerformanceOutput)" 70 | Exit(1) 71 | } else { 72 | Write-Host "CRITICAL: $($Output)$($PerformanceOutput)" 73 | Exit(2) 74 | } 75 | -------------------------------------------------------------------------------- /check_wsb.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Windows Server Backup last scheduled job status. 4 | .DESCRIPTION 5 | Check Windows Server Backup and returns Nagios output and code. 6 | .PARAMETER Hours 7 | Number of hours since now to check for backup jobs. 8 | Default 48. 9 | .OUTPUTS 10 | OK: All last backups jobs within $Hours successful. 11 | CRITICAL: Backup job failed. 12 | .EXAMPLE 13 | .\check_wsb.ps1 -Hours 96 14 | .NOTES 15 | Author: Juan Granados 16 | #> 17 | Param( 18 | [Parameter(Mandatory=$false,Position=0)] 19 | [ValidateNotNullOrEmpty()] 20 | [int]$Hours=48 21 | ) 22 | 23 | #Load PSSnapin for Windows 2008 / R2 24 | $OperatingSystemVersion = (Get-WmiObject win32_operatingsystem).version 25 | if (($OperatingSystemVersion -match "6.0.") -or ($OperatingSystemVersion -match "6.1.")) { 26 | Add-PSSnapin windows.serverbackup 27 | } 28 | 29 | # Get backup status 30 | try { 31 | $BackupSummary = Get-WBSummary -ErrorAction Stop 32 | } catch { 33 | Write-Output "UNKNOWN: Could not get Windows Server Backup information. Try running in PowerShell console: Add-WindowsFeature -Name Backup-Tools | NumberOfVersions=0;;;;" 34 | Exit(3) 35 | } 36 | if ($BackupSummary) { 37 | # Check last backup 38 | $LastSuccessfulBackupTime = ($BackupSummary.LastSuccessfulBackupTime).Date 39 | # If there is a last backup 40 | if ($LastSuccessfulBackupTime) { 41 | # Get number of backup versions 42 | $PerfmonOutput = " | NumberOfVersions=$($BackupSummary.NumberOfVersions);;;;" 43 | # If last backup has been performed in time and its result is ok. 44 | if ( (($BackupSummary.LastSuccessfulBackupTime).Date -ge (get-date).AddHours(-$($Hours))) -and $BackupSummary.LastBackupResultHR -eq '0') { 45 | Write-Output "OK: last backup date $($BackupSummary.LastSuccessfulBackupTime). $($BackupSummary.NumberOfVersions) versions stored.$($PerfmonOutput)" 46 | $host.SetShouldExit(0) 47 | } else { 48 | if ($BackupSummary.DetailedMessage){ 49 | Write-Output "CRITICAL: Last backup result on error: $($BackupSummary.DetailedMessage) Last successful backup date: $($BackupSummary.LastSuccessfulBackupTime).$($PerfmonOutput)" 50 | } else { 51 | Write-Output "CRITICAL: Last backup result on unspecified error. Last successful backup date: $($BackupSummary.LastSuccessfulBackupTime).$($PerfmonOutput)" 52 | } 53 | $host.SetShouldExit(2) 54 | } 55 | } else { 56 | Write-Output "CRITICAL: There is not any successful backup yet. | NumberOfVersions=0;;;;" 57 | Exit(2) 58 | } 59 | } else{ 60 | Write-Output "UNKNOWN: Could not get Windows Server Backup information. | NumberOfVersions=0;;;;" 61 | Exit(3) 62 | } 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nagios/Icinga plugins 2 | 3 | Several Nagios/Icinga Plugins written in PowerShell and Shell. Most of them return Nagios performance data too. 4 | 5 | - [Active Directory Replication](https://github.com/juangranados/nagios-plugins/blob/master/check_adreplication.ps1): Check AD Replication in a DC Server. 6 | - [Azure AD Connect](https://github.com/juangranados/nagios-plugins/blob/master/check_azureadconnectsync.ps1): Check Azure AD Connect status and last replication. 7 | - [Backup Exec Jobs](https://github.com/juangranados/nagios-plugins/blob/master/check_bejobs.ps1): Check Backup Exec / Veritas (2012-2019) last scheduled job status. 8 | - [Disk Fragmentation](https://github.com/juangranados/nagios-plugins/blob/master/check_diskdefragstatus.ps1): Check disks fragmentation status and optionally defrag them if warning or critical. 9 | - [Check Icinga Agent](https://github.com/juangranados/nagios-plugins/blob/master/check_icingaversion.ps1) / [Install Icinga Agent](https://github.com/juangranados/nagios-plugins/blob/master/install_icinga.ps1): Check Icinga Agent version and optionally updates it. 10 | - [Internet Information Server](https://github.com/juangranados/nagios-plugins/blob/master/check_iis.ps1): Check Internet Information Server Websites and AppPools and try to start (filtered) stopped ones. 11 | - [Linux disk queue](https://github.com/juangranados/nagios-plugins/blob/master/check_diskq.sh): Check Linux disk queue using iostat. 12 | - [Veeam Jobs](https://github.com/juangranados/nagios-plugins/blob/master/check_veeamjobs.ps1): Check Veeam last result of all jobs. 13 | - [Watchguard CPU](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_cpu.sh): Check Watchguard CPU. 14 | - [Watchguard Load](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_load.sh): Check Watchguard Load 1, 5 and 15. 15 | - [Watchguard Memory](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_mem.sh): Check Watchguard memory. 16 | - [Watchguard Network](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_network.sh): Check Watchguard network connections and bandwidth. 17 | - [Watchguard Signatures](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_signatures.sh): Check Gateway Antivirus Service and/or Intrusion Prevention Service last update. 18 | - [Watchguard Tunnels](https://github.com/juangranados/nagios-plugins/blob/master/check_wg_tunnels.sh): Check if one or more of Branch Office VPN Tunnels are active on a Watchguard device. 19 | - [Windows drives fragmentation](https://github.com/juangranados/nagios-plugins/blob/master/check_diskdefragstatus.ps1): Check Windows drives fragmentation and optionally defrag them. 20 | - [Windows Server Backup](https://github.com/juangranados/nagios-plugins/blob/master/check_wsb.ps1): Check Windows Server Backup last backup. 21 | - [Windows Services](https://github.com/juangranados/nagios-plugins/blob/master/check_services.ps1): Check all automatic services are running and try to start stopped ones. 22 | - [Windows Update](https://github.com/juangranados/nagios-plugins/blob/master/check_updates.ps1): Check if there are additional updates that have not been applied to a Microsoft Windows machine. 23 | -------------------------------------------------------------------------------- /check_icingaversion.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check version Icinga Windows Agent. 4 | .DESCRIPTION 5 | Check version Icinga Windows Agent and optionally updates it. 6 | .OUTPUTS 7 | OK: Version up to date. 8 | WARNING: Version needs updating. 9 | CRITICAL: Error updating agent. 10 | .PARAMETER lastVersion 11 | Icinga agent last version. 12 | Default: "2.11.11" 13 | .PARAMETER downloadURL 14 | Icinga agent last version download url. 15 | Default: "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi" 16 | .PARAMETER update 17 | Updates agent without modify configuration. Requires script "install_icinga.ps1" in the same directory. 18 | Creates a scheduled task to run "install_icinga.ps1" in 2 minutes and updates agent. 19 | .PARAMETER changeLoginToSystem 20 | Changes login service from Network Service to System after updating. 21 | .EXAMPLE 22 | check_icingaversion.ps1 -lastVersion "2.11.11" -downloadURL "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi" -update -changeLoginToSystem 23 | .NOTES 24 | Author: Juan Granados 25 | #> 26 | Param( 27 | [Parameter(Mandatory = $false)] 28 | [ValidateNotNullOrEmpty()] 29 | [string]$lastVersion = "2.11.11", 30 | [Parameter()] 31 | [ValidateNotNullOrEmpty()] 32 | [string]$downloadURL = "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi", 33 | [Parameter()] 34 | [switch]$update, 35 | [Parameter()] 36 | [switch]$changeLoginToSystem 37 | ) 38 | #Requires -RunAsAdministrator 39 | 40 | SCHTASKS /delete /tn UpdateIcingaAgent /f 2> $null 41 | $lastVersion = [version]($lastVersion) 42 | $installedVersion = (Get-Item 'C:\Program Files\ICINGA2\sbin\icinga2.exe').VersionInfo.ProductVersion 43 | if (-not $installedVersion) { 44 | Write-Host "UNKNOWN: Icinga Agent not found" 45 | Exit(3) 46 | } 47 | $installedVersion = $installedVersion -replace "v", "" 48 | if ($installedVersion.IndexOf('-') -ne -1) { 49 | $installedVersion = $installedVersion.Substring(0, $installedVersion.IndexOf('-')) 50 | } 51 | $installedVersion = [version]($installedVersion) 52 | if ($installedVersion -ge $lastVersion) { 53 | Write-Output "OK: Your version up to date: $InstalledVersion" 54 | Exit(0) 55 | } 56 | else { 57 | if ($update) { 58 | $installTime = $(Get-Date).AddMinutes(2).toString('HH:mm') 59 | if ($changeLoginToSystem) { 60 | SCHTASKS /create /sc once /tn "UpdateIcingaAgent" /st "$installTime" /tr "$($PsHome)\powershell.exe $($PSScriptRoot)\install_icinga.ps1 -downloadURL $downloadURL -changeLoginToSystem" /RU "NT AUTHORITY\SYSTEM" /RL HIGHEST 61 | } 62 | else { 63 | SCHTASKS /create /sc once /tn "UpdateIcingaAgent" /st "$installTime" /tr "$($PsHome)\powershell.exe $($PSScriptRoot)\install_icinga.ps1 -downloadURL $downloadURL" /RU "NT AUTHORITY\SYSTEM" /RL HIGHEST 64 | } 65 | Write-Output "WARNING: Installing new version: $($lastVersion.ToString()). Check again in a few minutes" 66 | Exit(1) 67 | } 68 | else { 69 | Write-Output "WARNING: Please update your version: $InstalledVersion. Last version: $($lastVersion.ToString())" 70 | Exit(1) 71 | } 72 | } -------------------------------------------------------------------------------- /check_iis.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check IIS Website and AppPool status. 4 | .DESCRIPTION 5 | Check IIS Website and AppPool status and try to start stopped ones. 6 | .PARAMETER Websites 7 | Websites to check status. 8 | Default All. 9 | .PARAMETER AppPools 10 | AppPools to check status. 11 | Default All. 12 | .OUTPUTS 13 | OK: All Websites and AppPools Running. 14 | WARNING: Websites or AppPools stopped, but started manually. 15 | CRITICAL: Websites or AppPools stopped and could not started. 16 | .EXAMPLE 17 | Check a list of Websites and AppPools 18 | .\check_iis.ps1 -Websites 'site 1','site 2','site 3' -AppPools 'apppool 1','app2','test 1' 19 | 20 | Check all Websites and AppPools 21 | .\check_iis.ps1 22 | .NOTES 23 | Author: Juan Granados 24 | #> 25 | Param( 26 | [Parameter(Mandatory=$false,Position=0)] 27 | [ValidateNotNullOrEmpty()] 28 | $Websites="All", 29 | [Parameter(Mandatory=$false,Position=1)] 30 | [ValidateNotNullOrEmpty()] 31 | $AppPools="All" 32 | ) 33 | 34 | $ExitCode = "0" 35 | $Output = "" 36 | $WebsitesRunning = (Get-WebsiteState | Where-Object { ($_.value -eq "Started") }).Count 37 | $AppPoolsRunning = (Get-WebAppPoolState | Where-Object { ($_.value -eq "Started") }).Count 38 | $WebsitesTotal = (Get-WebsiteState).Count 39 | $AppPoolTotal = (Get-WebAppPoolState).Count 40 | $StoppedWebsites = $null 41 | $StoppedAppPools = $null 42 | 43 | Function Get-Status ($Names,$List,$Type,[ref]$ExitCode) { 44 | $ReturnOutput="" 45 | foreach ($Item in $List) { 46 | if (($Names -eq "All") -or ($Names -contains $Item.Name)) { 47 | if ($Type -eq "Websites"){ 48 | Start-Website -Name $Item.Name -ErrorAction SilentlyContinue 49 | $Result = (Get-WebsiteState -Name $Item.Name).value 50 | } else { 51 | Start-WebAppPool -Name $Item.Name -ErrorAction SilentlyContinue 52 | $Result = (Get-WebAppPoolState -Name $Item.Name).value 53 | } 54 | if ($Result -eq "Started") { 55 | if ($ExitCode.Value -eq 0) { 56 | $ExitCode.Value = "1" 57 | } 58 | if ($ReturnOutput -eq "") { 59 | $ReturnOutput += "$($Type) not started: $($Item.Name)(Started manually). " 60 | } else { 61 | $ReturnOutput +="$($Item.Name)(Started manually). " 62 | } 63 | } else { 64 | $ExitCode.Value = "2" 65 | If ($ReturnOutput -eq "") { 66 | $ReturnOutput += "$($Type) not started: $($Item.Name)(Stopped). " 67 | } else{ 68 | $ReturnOutput +="$($Item.Name)(Stopped). " 69 | } 70 | } 71 | } 72 | } 73 | Return $ReturnOutput 74 | } 75 | $StoppedWebsites = Get-WebsiteState | Where-Object { ($_.value -ne "Started") } | % { return @{($_.itemxpath -split ("'"))[1]="$($_.value)" } } | % getEnumerator 76 | if ($StoppedWebsites) { 77 | $Output += Get-Status $Websites $StoppedWebsites "Websites" ([ref]$ExitCode) 78 | } 79 | $StoppedAppPools = Get-WebAppPoolState | Where-Object { ($_.value -ne "Started") } | % { return @{($_.itemxpath -split ("'"))[1]="$($_.value)" } } | % getEnumerator 80 | if ($StoppedAppPools) { 81 | $Output += Get-Status $AppPools $StoppedAppPools "AppPools" ([ref]$ExitCode) 82 | } 83 | 84 | $Output += "| WebsitesRunning=$($WebsitesRunning);0;0;0;$($WebsitesTotal) AppPoolsRunning=$($AppPoolsRunning);0;0;0;$($AppPoolTotal)" 85 | 86 | if ($ExitCode -eq 2) { 87 | Write-Output "CRITICAL: $($Output)" 88 | Exit(2) 89 | } elseif ($ExitCode -eq 1) { 90 | Write-Output "WARNING: $($Output)" 91 | Exit(1) 92 | } else { 93 | Write-Output "OK: All Websites and AppPools Running. $($Output)" 94 | Exit(0) 95 | } 96 | -------------------------------------------------------------------------------- /check_diskq.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_diskq for Nagios 3 | # Version: 0.1 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks disk queue using iostat and returns queue, read/write and active time performance data. 7 | # Usage: check_diskq.sh -d -w -c 8 | # -d | --disk: disk to check queue. 9 | # -w | --warning: queue warning. 10 | # -c | --critical: queue critical. 11 | # -h | --help: shows help. 12 | # Example: check_diskq.sh -d sdb -c 2 -w 0.5 13 | # Example: check_diskq.sh --disk sda --critical 1.5 --warning 0.5 14 | #--------------------------------------------------- 15 | 16 | # Default variables 17 | warning=1 18 | critical=2 19 | disk=$(mount |grep ' / ' | cut -d' ' -f 1 | cut -d'/' -f 3) 20 | re='^[0-9]+([.][0-9]+)?$' 21 | 22 | # Process arguments 23 | while [ $# -gt 0 ]; do 24 | case "$1" in 25 | --disk*|-d*) 26 | if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` 27 | disk="${1#*=}" 28 | ;; 29 | --warning*|-w*) 30 | if [[ "$1" != *=* ]]; then shift; fi 31 | warning="${1#*=}" 32 | ;; 33 | -critical*|-c*) 34 | if [[ "$1" != *=* ]]; then shift; fi 35 | critical="${1#*=}" 36 | ;; 37 | --help|-h) 38 | echo "Usage: check_diskq.sh -d -c -w " 39 | echo "Example: check_diskq.sh -d sdb -c 2 -w 0.5" 40 | echo "Example: check_diskq.sh --disk sda --critical 1.5 --warning 0.5" 41 | exit 3 42 | ;; 43 | *) 44 | >&2 printf "Error: Invalid argument: $1\n" 45 | exit 3 46 | ;; 47 | esac 48 | shift 49 | done 50 | 51 | # Check arguments 52 | if ! [[ $(command -v iostat) ]] 53 | then 54 | echo "Unknown: iostat command could not be found. Please install it and try again" 55 | exit 3 56 | fi 57 | if ! [[ $(command -v jq) ]] 58 | then 59 | echo "Unknown: jq command could not be found. Please install it and try again" 60 | exit 3 61 | fi 62 | if ! [[ $(command -v bc) ]] 63 | then 64 | echo "Unknown: bc command could not be found. Please install it and try again" 65 | exit 3 66 | fi 67 | if [[ $warning -gt $critical ]] 68 | then 69 | echo "Unknown: Critical must be higher than warning" 70 | exit 3 71 | fi 72 | if ! [[ $warning =~ $re ]] 73 | then 74 | echo "Unknown: warning must be a number" 75 | exit 3 76 | fi 77 | if ! [[ $critical =~ $re ]] 78 | then 79 | echo "Unknown: critical must be a number" 80 | exit 3 81 | fi 82 | if ! [[ $(lsblk | grep $disk) ]] 83 | then 84 | echo "Unknown: disk not found" 85 | exit 3 86 | fi 87 | 88 | # Get disk queue 89 | eval "$(iostat /dev/$disk -x -o JSON | jq .[].hosts[].statistics[].disk | jq -r '.[] | to_entries | .[] | .key + "=" + (.value | @sh)' | tr -d '/-')" 90 | if [ -z $aqusz ] 91 | then 92 | echo "Unknown: disk queue lenght not found" 93 | exit 3 94 | fi 95 | output="Stats for disk $disk -> Queue:$aqusz Read:${rkBs}kB/s Read/s:$rs Write:${wkBs}kB/s Writes/s:$ws %util:$util%" 96 | perf="| queue=$aqusz;$warning;$critical;; read=${rkBs}KB;;;; reads=$rs;;;; write=${wkBs}KB;;;; writess=$ws;;;; util=$util%;;;;" 97 | 98 | # Check disk queue result 99 | if [[ $(echo $aqusz'>'$critical | bc -l) -eq 1 ]] 100 | then 101 | echo "Critical. $output $perf" 102 | exit 2 103 | fi 104 | if [[ $(echo $aqusz'>'$warning | bc -l) -eq 1 ]] 105 | then 106 | echo "Warning. $output $perf" 107 | exit 1 108 | fi 109 | echo "Ok. $output $perf" 110 | exit 0 111 | -------------------------------------------------------------------------------- /install_icinga.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check version Icinga Windows Agent. 4 | .DESCRIPTION 5 | Check version Icinga Windows Agent and optionally updates it. 6 | .OUTPUTS 7 | OK: Version up to date. 8 | WARNING: Version needs updating. 9 | CRITICAL: Error updating agent. 10 | .PARAMETER downloadURL 11 | Icinga agent last version download url. 12 | Default: "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi" 13 | .PARAMETER changeLoginToSystem 14 | Changes login service from Network Service to System. 15 | .EXAMPLE 16 | install_icinga.ps1 -downloadURL "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi" -changeLoginToSystem 17 | .NOTES 18 | Author: Juan Granados 19 | #> 20 | Param( 21 | [Parameter()] 22 | [ValidateNotNullOrEmpty()] 23 | [string]$downloadURL = "http://packages.icinga.com/windows/Icinga2-v2.11.11-x86_64.msi", 24 | [Parameter()] 25 | [switch]$changeLoginToSystem 26 | ) 27 | #Requires -RunAsAdministrator 28 | 29 | Function StartProcess { 30 | param([string]$executable, [bool]$flushNewLines, [string]$arguments); 31 | 32 | $processData = New-Object System.Diagnostics.ProcessStartInfo; 33 | $processData.FileName = $executable; 34 | $processData.RedirectStandardError = $true; 35 | $processData.RedirectStandardOutput = $true; 36 | $processData.UseShellExecute = $false; 37 | $processData.Arguments = $arguments; 38 | $process = New-Object System.Diagnostics.Process; 39 | $process.StartInfo = $processData; 40 | $process.Start() | Out-Null; 41 | $stdout = $process.StandardOutput.ReadToEnd(); 42 | $stderr = $process.StandardError.ReadToEnd(); 43 | $process.WaitForExit(); 44 | 45 | if ($flushNewLines) { 46 | $stdout = $stdout.Replace("`n", '').Replace("`r", ''); 47 | $stderr = $stderr.Replace("`n", '').Replace("`r", ''); 48 | } 49 | else { 50 | if ($stdout.Contains("`n")) { 51 | $stdout = $stdout.Substring(0, $stdout.LastIndexOf("`n")); 52 | } 53 | } 54 | 55 | $r = @{}; 56 | $r.Add('message', $stdout); 57 | $r.Add('error', $stderr); 58 | $r.Add('exitcode', $process.ExitCode); 59 | 60 | return $r; 61 | } 62 | Start-Transcript "$($PSScriptRoot)\install_icinga2.txt" 63 | $localInstaller = "$($PSScriptRoot)\icinga2.msi" 64 | Write-Host "Downloading icinga from $downloadURL" 65 | (New-Object System.Net.WebClient).DownloadFile($downloadURL, $localInstaller) 66 | Write-Host "Unlocking $localInstaller" 67 | Unblock-File $localInstaller 68 | Write-Host "Installing icinga" 69 | $R = StartProcess "msiexec.exe" $false "/I $localInstaller /qn /norestart" 70 | if ($R.exitcode -ne 0) { 71 | Write-Host "Error installing Icinga2" 72 | Write-Host $R.error 73 | Remove-Item $localInstaller -Force 74 | Stop-Transcript 75 | Exit(2) 76 | } 77 | Write-Host "Removing $localInstaller" 78 | Remove-Item $localInstaller -Force 79 | if ($changeLoginToSystem) { 80 | Write-Host "Change servide login to System" 81 | (Get-Service icinga2).WaitForStatus('Running') 82 | $changeServiceResult = Get-CimInstance win32_service -filter "name='icinga2'" | Invoke-CimMethod -Name Change -Arguments @{StartName = "LocalSystem" } 83 | if ($changeServiceResult.ReturnValue -ne 0) { 84 | Write-Host "Error changing icinga2 login to System" 85 | Stop-Transcript 86 | Exit(2) 87 | } 88 | Write-Host "Restarting icinga service" 89 | Restart-Service icinga2 90 | } 91 | Write-Output "OK: Version updated to: $((Get-Item 'C:\Program Files\ICINGA2\sbin\icinga2.exe').VersionInfo.ProductVersion)" 92 | Stop-Transcript 93 | Exit(0) -------------------------------------------------------------------------------- /check_adreplication.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check AD Replication in a DC Server. 4 | .DESCRIPTION 5 | Check AD Replication in a DC Server and returns Nagios output and code. 6 | .PARAMETER Warning 7 | Number of failed replications for warning treshold. 8 | Default 1. 9 | .PARAMETER Critical 10 | Number of failed replications for critical treshold. 11 | Default 5. 12 | .OUTPUTS 13 | OK: AD replication successful. 14 | WARNING: Failed replications equal to Warning treshold. 15 | CRITICAL: Failed replications equal to Critical treshold. 16 | .EXAMPLE 17 | .\Get-ADReplication.ps1 -Warning 5 -Critical 10 18 | .NOTES 19 | Author: Juan Granados 20 | #> 21 | Param( 22 | [Parameter(Mandatory = $false, Position = 0)] 23 | [ValidateNotNullOrEmpty()] 24 | [int]$Warning = 1, 25 | [Parameter(Mandatory = $false, Position = 1)] 26 | [ValidateNotNullOrEmpty()] 27 | [int]$Critical = 5 28 | ) 29 | # Variables 30 | $SyncErrors = 0 31 | $NagiosStatus = 0 32 | $NagiosOutput = "" 33 | $Syncs = 0 34 | if (!(Get-ADDomainController -filter *).count) { 35 | Write-Host "OK: There is only one domain controller. | Syncs=0;;;; SyncErrors=0;$Warning;$Critical;;" 36 | Exit(0) 37 | } 38 | # Get AD Replication Status for this DC 39 | $SyncResults = Get-WmiObject -Namespace root\MicrosoftActiveDirectory -Class MSAD_ReplNeighbor -ComputerName $env:COMPUTERNAME | 40 | Select-Object SourceDsaCN, NamingContextDN, LastSyncResult, NumConsecutiveSyncFailures, @{N = "LastSyncAttempt"; E = { $_.ConvertToDateTime($_.TimeOfLastSyncAttempt) } }, @{N = "LastSyncSuccess"; E = { $_.ConvertToDateTime($_.TimeOfLastSyncSuccess) } } 41 | if (-not $SyncResults) { 42 | Write-Host "UNKNOWN - Can not check DC syncs. Maybe WMI is not working properly." 43 | Exit(3) 44 | } 45 | # Process result 46 | foreach ($SyncResult in $SyncResults) { 47 | if ($SyncResult.LastSyncResult -gt 0) { 48 | $NagiosOutput += "$($SyncResult.NumConsecutiveSyncFailures) failed sync with DC $($SyncResult.SourceDsaCN) on $($SyncResult.NamingContextDN) at $($SyncResult.LastSyncAttempt), last success sync at $($SyncResult.LastSyncSuccess)." 49 | $SyncErrors++ 50 | if ($SyncErrors -eq $Warning) { 51 | $NagiosStatus = 1 52 | } 53 | elseif ($SyncErrors -eq $Critical) { 54 | $NagiosStatus = 2 55 | } 56 | } 57 | else { 58 | $Syncs++ 59 | } 60 | } 61 | $SysvolStatus = Get-WMIObject -ComputerName $env:COMPUTERNAME -Namespace "root/microsoftdfs" -Class "dfsrreplicatedfolderinfo" -Filter "ReplicatedFolderName = 'SYSVOL Share'" | Select-Object State 62 | if ($SysvolStatus.State) { 63 | switch ( $SysvolStatus.State ) { 64 | 0 { $NagiosOutput += " CRITICAL - Sysvol Uninitialized."; $NagiosStatus = 2; } 65 | 1 { $NagiosOutput += " WARNING - Sysvol Initialized."; if ($NagiosStatus -eq 0) { $NagiosStatus = 1 } } 66 | 2 { $NagiosOutput += " WARNING - Sysvol on Initial Sync."; if ($NagiosStatus -eq 0) { $NagiosStatus = 1 } } 67 | 3 { $NagiosOutput += " WARNING - Sysvol on Auto Recovery."; if ($NagiosStatus -eq 0) { $NagiosStatus = 1 } } 68 | 4 { $NagiosOutput += " Sysvol is OK." } 69 | 5 { $NagiosOutput += " CRITICAL - Sysvol has an Error."; $NagiosStatus = 2; } 70 | } 71 | } 72 | else { 73 | $NagiosOutput = "UNKNOWN - Can not chech Sysvol status. | Syncs=$($Syncs);;;; SyncErrors=$($SyncErrors);$Warning;$Critical;;" 74 | Write-Host $NagiosOutput 75 | Exit(3) 76 | } 77 | $NagiosOutput += " | Syncs=$($Syncs);;;; SyncErrors=$($SyncErrors);$Warning;$Critical;;" 78 | if ($NagiosStatus -eq 2) { 79 | Write-Host "CRITICAL: Replication error: $($NagiosOutput)" 80 | Exit(2) 81 | } 82 | elseif ($NagiosStatus -eq 1) { 83 | Write-Host "WARNING: Replication error: $($NagiosOutput)" 84 | Exit(1) 85 | } 86 | else { 87 | Write-Host "OK: replication is up and running.$($NagiosOutput)" 88 | Exit(0) 89 | } 90 | -------------------------------------------------------------------------------- /check_veeamjobs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Veeam last result and last run of all jobs. 4 | .DESCRIPTION 5 | Check Veeam last result and last run of all jobs. 6 | .OUTPUTS 7 | OK: All jobs last result is Success. 8 | CRITICAL: Any job last result is warning or any job last run less than warning hours ago. 9 | CRITICAL: Any job last result is error or any job last run less than critical hours ago. 10 | .PARAMETER warning 11 | Warning hours after last backup. 12 | Default 24. 13 | .PARAMETER critical 14 | Warning hours after last backup. 15 | Default 48. 16 | .PARAMETER jobs 17 | Jobs names to check. 18 | Default: all. 19 | Example: "Tape Backup","Hyper-V","Incremental backup" 20 | .EXAMPLE 21 | Checks jobs by name with default warning treshold and 50h critical treshold. 22 | check_diskdefragstatus.ps1 -jobs "Tape Backup","Full Backup","Hyper-V Backup" -critical 50 23 | .EXAMPLE 24 | Checks all jobs by name with 48h warning treshold and 96h critical treshold. 25 | check_diskdefragstatus.ps1 -warning 48 -critical 96 26 | .NOTES 27 | Author: Juan Granados 28 | #> 29 | Param( 30 | [Parameter(Mandatory = $false, Position = 0)] 31 | [int]$warning = 24, 32 | [Parameter(Mandatory = $false, Position = 1)] 33 | [int]$critical = 48, 34 | [Parameter(Mandatory = $false, Position = 2)] 35 | [string[]]$jobs = "all" 36 | ) 37 | #Requires -RunAsAdministrator 38 | $ErrorActionPreference = "Stop" 39 | $global:nagiosStatus = 0 40 | $global:nagiosOutput = @() 41 | $WarningPreference = 'SilentlyContinue' 42 | Add-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue 43 | function Get-JobStatus ([string]$name, [string]$result, [string]$state, [datetime]$lastRun) { 44 | $jobInfo = "Name: $name - Result: $result - State: $state - Last run ending: $("$($lastRun.ToShortDateString()) at $($lastRun.ToShortTimeString())")." 45 | Write-Verbose $jobInfo 46 | # https://helpcenter.veeam.com/docs/backup/powershell/enums.html?ver=110#vbrsessionresult 47 | if ($result -eq 'Failed' -or ($lastRun -lt (Get-Date).AddHours(-$critical))) { 48 | $global:nagiosOutput += "Critical -> $jobInfo" 49 | $global:nagiosStatus = 2 50 | } 51 | elseif ($result -eq 'Warning' -or ($lastRun -lt (Get-Date).AddHours(-$warning)) -or ($state -match "waiting")) { 52 | $global:nagiosOutput += "Warning -> $jobInfo" 53 | if ($global:nagiosStatus -eq 0) { 54 | $global:nagiosStatus = 1 55 | } 56 | 57 | } 58 | else { 59 | $global:nagiosOutput += "Ok: -> $jobInfo" 60 | } 61 | Write-Verbose "Nagios output: $global:nagiosOutput" 62 | Write-Verbose "Nagios status: $global:nagiosStatus" 63 | } 64 | try { 65 | Write-Verbose "Getting jobs" 66 | $computerJobs = Get-VBRJob 67 | $tapeJobs = Get-VBRTapeJob 68 | } 69 | catch { 70 | Write-Output "CRITICAL: $($_.Exception.Message)" 71 | Exit(2) 72 | } 73 | if ($jobs -ne "all") { 74 | foreach ($job in $jobs) { 75 | if (!($computerJobs.Name -like $job) -and !($tapeJobs.Name -like $job)) { 76 | Write-Output "CRITICAL: $job not detected" 77 | Exit(2) 78 | } 79 | } 80 | } 81 | if ($computerJobs.Length -gt 0) { 82 | foreach ($job in $computerJobs) { 83 | if ($jobs -eq "all" -or $jobs -like $job.Name) { 84 | Get-JobStatus $($job.Name) $($job.GetLastResult()) $($job.findlastsession().state) $($job.FindLastbasesession().EndTime) 85 | } 86 | } 87 | } 88 | $i=0 89 | if ($tapeJobs.Length -gt 0) { 90 | foreach ($job in $tapeJobs) { 91 | if ($jobs -eq "all" -or $jobs -like $job.Name) { 92 | Get-JobStatus $($job.Name) $($job.LastResult) $($job.LastState) $((Get-VBRSession -Job $TapeJobS[$i] -Last).EndTime) 93 | } 94 | $i++ 95 | } 96 | } 97 | if ($global:nagiosStatus -eq 2) { 98 | Write-Output "CRITICAL -> One or more jobs are in critical state" 99 | Write-Output "--------------------------------------------------" 100 | Write-Output $global:nagiosOutput 101 | Exit(2) 102 | } 103 | if ($global:nagiosStatus -eq 1) { 104 | Write-Output "WARNING -> One or more jobs are in warning state" 105 | Write-Output "------------------------------------------------" 106 | Write-Output $global:nagiosOutput 107 | Exit(1) 108 | } 109 | if ($global:nagiosOutput.Length -eq 0) { 110 | Write-Output "UNKNOWN: No jobs found" 111 | Exit(3) 112 | } 113 | Write-Output "OK -> All jobs are ok" 114 | Write-Output "---------------------" 115 | Write-Output $global:nagiosOutput 116 | Exit(0) 117 | -------------------------------------------------------------------------------- /check_wg_cpu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_cpu for Nagios 3 | # Version: 1.0 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks CPU usage of Watchguard device and returns CPU performance data. 7 | # Usage: check_wg_cpu.sh [options] 8 | # -h | --host: ip of device. 9 | # -w | --warning: % of cpu warning. Default 90. 10 | # -c | --critical: % of cpu critical. Default 100. 11 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 12 | # 2: -s | --string: snmp community string. Default public. 13 | # 3: -u | --user: user. -p | --pass: password. 14 | # Example: check_wg_cpu.sh -h 192.168.2.100 15 | # Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 2 -s publicwg 16 | # Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 3 -u read -p 1234567789 17 | #--------------------------------------------------- 18 | # Reference https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA22A000000HQ0PSAW&lang=en_US 19 | #--------------------------------------------------- 20 | 21 | # Default variables 22 | warning=90 23 | critical=100 24 | version="2" 25 | community="public" 26 | timeout="10" 27 | oid="1.3.6.1.4.1.2021.11.11.0" 28 | 29 | # Process arguments 30 | while [ $# -gt 0 ]; do 31 | case "$1" in 32 | --warning*|-w*) 33 | if [[ "$1" != *=* ]]; then shift; fi 34 | warning="${1#*=}" 35 | ;; 36 | --critical*|-c*) 37 | if [[ "$1" != *=* ]]; then shift; fi 38 | critical="${1#*=}" 39 | ;; 40 | --host*|-h*) 41 | if [[ "$1" != *=* ]]; then shift; fi 42 | host="${1#*=}" 43 | ;; 44 | --user*|-u*) 45 | if [[ "$1" != *=* ]]; then shift; fi 46 | user="${1#*=}" 47 | ;; 48 | --pass*|-p*) 49 | if [[ "$1" != *=* ]]; then shift; fi 50 | pass="${1#*=}" 51 | ;; 52 | --version*|-v*) 53 | if [[ "$1" != *=* ]]; then shift; fi 54 | version="${1#*=}" 55 | ;; 56 | --string*|-s*) 57 | if [[ "$1" != *=* ]]; then shift; fi 58 | community="${1#*=}" 59 | ;; 60 | --help) 61 | echo "Usage: check_wg_cpu.sh [options]" 62 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 63 | echo " -w | --warning: % of cpu warning. Default 90" 64 | echo " -c | --critical: % of cpu critical. Defaul 100" 65 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 66 | echo " 2: -s | --string: snmp community string. Default public" 67 | echo " 3: -u | --user: user. -p | --pass: password" 68 | echo "Example: check_wg_cpu.sh -h 192.168.2.100" 69 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 2 -s publicwg" 70 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 3 -u read -p 1234567789" 71 | exit 3 72 | ;; 73 | *) 74 | >&2 printf "Error: Invalid argument: $1\n" 75 | exit 3 76 | ;; 77 | esac 78 | shift 79 | done 80 | 81 | # Check arguments 82 | if ! [[ $(command -v snmpget) ]] 83 | then 84 | echo "snmpget could not be found. Please install it and try again" 85 | exit 3 86 | fi 87 | if ! [[ $warning =~ $re ]] 88 | then 89 | echo "Unknown: warning must be a number" 90 | exit 3 91 | fi 92 | if ! [[ $critical =~ $re ]] 93 | then 94 | echo "Unknown: critical must be a number" 95 | exit 3 96 | fi 97 | 98 | if [[ -z $host ]] 99 | then 100 | echo "Unknown: host can not be empty" 101 | exit 3 102 | fi 103 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 104 | then 105 | echo "Unknown: username and/or password can not be empty" 106 | exit 3 107 | fi 108 | if [[ $(echo $warning'>'$critical | bc -l) -eq 1 ]] 109 | then 110 | echo "Unknown: Critical must be higher than warning" 111 | exit 3 112 | fi 113 | 114 | # SNMP Command sintax 115 | if [[ $version -eq "2" ]] 116 | then 117 | args=" -OQne -v 2c -c $community -t $timeout" 118 | elif [[ $version -eq "3" ]] 119 | then 120 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 121 | else 122 | echo "Unknown: snmp version must be 2 or 3" 123 | exit 3 124 | fi 125 | 126 | # Run SNMP Command 127 | cpu=`snmpget $args $host $oid 2> /dev/null| cut -d = -f2 | cut -d " " -f2` 128 | if [[ -z $cpu ]] 129 | then 130 | echo "Unknown: cpu stats not found" 131 | exit 3 132 | fi 133 | cpu=`echo "100 - $cpu" | bc -l` 134 | output="CPU usage: $cpu%" 135 | perf="| cpu=$cpu%;$warning;$critical;0;100" 136 | 137 | # Check SNMP command result 138 | if [[ "$cpu" -gt "$critical" ]] 139 | then 140 | echo "Critical. $output $perf" 141 | exit 2 142 | fi 143 | if [[ "$cpu" -gt "$warning" ]] 144 | then 145 | echo "Warning. $output $perf" 146 | exit 1 147 | fi 148 | echo "Ok. $output $perf" 149 | exit 0 -------------------------------------------------------------------------------- /check_wg_mem.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_memory for Nagios 3 | # Version: 1.0 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks memory usage of Watchguard device and returns memory performance data 7 | # Usage: check_wg_mem.sh [options] 8 | # -h | --host: ip of device. 9 | # -w | --warning: % of memory warning. Default 85. 10 | # -c | --critical: % of memory critical. Default 95. 11 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 12 | # 2: -s | --string: snmp community string. Default public. 13 | # 3: -u | --user: user. -p | --pass: password. 14 | # Example: check_wg_mem.sh -h 192.168.2.100 15 | # Example: check_wg_mem.sh -h 192.168.2.100 -c 80 -w 90 -v 2 -s publicwg 16 | # Example: check_wg_mem.sh -h 192.168.2.100 -c 80 -w 90 -v 3 -u read -p 1234567789 17 | #--------------------------------------------------- 18 | # Reference https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA22A000000HQ0PSAW&lang=en_US 19 | #--------------------------------------------------- 20 | 21 | # Default variables 22 | warning=85 23 | critical=95 24 | version="2" 25 | community="public" 26 | timeout="10" 27 | oid_total_mem="1.3.6.1.4.1.2021.4.5.0" 28 | oid_free_mem="1.3.6.1.4.1.2021.4.11.0" 29 | oid_total_swap="1.3.6.1.4.1.2021.4.3.0" 30 | oid_used_swap=" 1.3.6.1.4.1.2021.4.4.0" 31 | 32 | # Process arguments 33 | while [ $# -gt 0 ]; do 34 | case "$1" in 35 | --warning*|-w*) 36 | if [[ "$1" != *=* ]]; then shift; fi 37 | warning="${1#*=}" 38 | ;; 39 | --critical*|-c*) 40 | if [[ "$1" != *=* ]]; then shift; fi 41 | critical="${1#*=}" 42 | ;; 43 | --host*|-h*) 44 | if [[ "$1" != *=* ]]; then shift; fi 45 | host="${1#*=}" 46 | ;; 47 | --user*|-u*) 48 | if [[ "$1" != *=* ]]; then shift; fi 49 | user="${1#*=}" 50 | ;; 51 | --pass*|-p*) 52 | if [[ "$1" != *=* ]]; then shift; fi 53 | pass="${1#*=}" 54 | ;; 55 | --version*|-v*) 56 | if [[ "$1" != *=* ]]; then shift; fi 57 | version="${1#*=}" 58 | ;; 59 | --string*|-s*) 60 | if [[ "$1" != *=* ]]; then shift; fi 61 | community="${1#*=}" 62 | ;; 63 | --help) 64 | echo "Usage: check_wg_cpu.sh [options]" 65 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 66 | echo " -w | --warning: % of cpu warning. Default 85" 67 | echo " -c | --critical: % of cpu critical. Defaul 95" 68 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 69 | echo " 2: -s | --string: snmp community string. Default public" 70 | echo " 3: -u | --user: user. -p | --pass: password" 71 | echo "Example: check_wg_cpu.sh -h 192.168.2.100" 72 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 2 -s publicwg" 73 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80 -w 90 -v 3 -u read -p 1234567789" 74 | exit 3 75 | ;; 76 | *) 77 | >&2 printf "Error: Invalid argument: $1\n" 78 | exit 3 79 | ;; 80 | esac 81 | shift 82 | done 83 | 84 | # Check arguments 85 | if ! [[ $(command -v snmpget) ]] 86 | then 87 | echo "snmpget could not be found. Please install it and try again" 88 | exit 3 89 | fi 90 | if ! [[ $warning =~ $re ]] 91 | then 92 | echo "Unknown: warning must be a number" 93 | exit 3 94 | fi 95 | if ! [[ $critical =~ $re ]] 96 | then 97 | echo "Unknown: critical must be a number" 98 | exit 3 99 | fi 100 | 101 | if [[ -z $host ]] 102 | then 103 | echo "Unknown: host can not be empty" 104 | exit 3 105 | fi 106 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 107 | then 108 | echo "Unknown: username and/or password can not be empty" 109 | exit 3 110 | fi 111 | if [[ $(echo $warning'>'$critical | bc -l) -eq 1 ]] 112 | then 113 | echo "Unknown: Critical must be higher than warning" 114 | exit 3 115 | fi 116 | 117 | # SNMP Command sintax 118 | if [[ $version -eq "2" ]] 119 | then 120 | args=" -OQne -v 2c -c $community -t $timeout" 121 | elif [[ $version -eq "3" ]] 122 | then 123 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 124 | else 125 | echo "Unknown: snmp version must be 2 or 3" 126 | exit 3 127 | fi 128 | 129 | # Run SNMP Command 130 | snmp_mem=`snmpget $args $host $oid_total_mem $oid_free_mem $oid_total_swap $oid_used_swap 2> /dev/null` 131 | if [[ -z $snmp_mem ]] 132 | then 133 | echo "Unknown: memory stats not found" 134 | exit 3 135 | fi 136 | total_mem=`echo $snmp_mem | cut -d = -f2 | cut -d " " -f2` 137 | free_mem=`echo $snmp_mem | cut -d = -f3 | cut -d " " -f2` 138 | total_swap=`echo $snmp_mem | cut -d = -f4 | cut -d " " -f2` 139 | free_swap=`echo $snmp_mem | cut -d = -f5 | cut -d " " -f2` 140 | percent_used_mem=`echo "100 - (($free_mem * 100) / $total_mem)" | bc -l | cut -d. -f1` 141 | if [[ total_swap -gt 0 ]] 142 | then 143 | percent_used_swap=`echo "100 - (($free_swap * 100) / $total_swap)" | bc -l | cut -d. -f1` 144 | else 145 | percent_used_swap=0 146 | fi 147 | used_mem=`echo "$total_mem - $free_mem" | bc -l` 148 | used_mem_warning=`echo "($total_mem * $warning) / 100" | bc -l | cut -d. -f1` 149 | used_mem_critical=`echo "($total_mem * $critical) / 100" | bc -l | cut -d. -f1` 150 | free_mem_warning=`echo "$total_mem - $used_mem_warning" | bc -l | cut -d. -f1` 151 | free_mem_critical=`echo "$total_mem - $used_mem_critical" | bc -l | cut -d. -f1` 152 | used_swap=`echo "$total_swap - $free_swap" | bc -l` 153 | output="Memory usage: $percent_used_mem%" 154 | perf="| %mem_used=$percent_used_mem%;$warning;$critical;0;100 %swap_used=$percent_used_swap%;;;0;100 mem_used=$(echo $used_mem)KB;$used_mem_warning;$used_mem_critical;0;$total_mem mem_free=$(echo $free_mem)KB;$free_mem_warning;$free_mem_critical;0;$total_mem swap_used=$(echo $used_swap)KB;;;0;$total_swap swap_free=$(echo $free_swap)KB;;;0;$total_swap" 155 | 156 | # Check SNMP command result 157 | if [[ "$percent_used_mem" -gt "$critical" ]] 158 | then 159 | echo "Critical. $output $perf" 160 | exit 2 161 | fi 162 | if [[ "$percent_used_mem" -gt "$warning" ]] 163 | then 164 | echo "Warning. $output $perf" 165 | exit 1 166 | fi 167 | echo "Ok. $output $perf" 168 | exit 0 -------------------------------------------------------------------------------- /check_wg_signatures.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_signatures for Nagios 3 | # Version: 1.0 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks Gateway Antivirus Service and/or Intrusion Prevention Service 7 | # update time in a Watchguard device. 8 | # Usage: check_wg_signatures.sh [options] 9 | # -h | --host: ip of device. 10 | # -w | --warning: warning hours since last update. Default 24. 11 | # -c | --critical: critical hours since last update. Default 48. 12 | # -a | --antivirus: checks only Antivirus Service. 13 | # -i | --intrusion: checks only Intrusion Prevention Service. 14 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 15 | # 2: -s | --string: snmp community string. Default public. 16 | # 3: -u | --user: user. -p | --pass: password. 17 | # Example: check_wg_signatures.sh -h 192.168.2.100 -s publicsnmp -a 18 | # Example: check_wg_signatures.sh -h 192.168.2.100 -v 3 -u read -p 1234567789 -i 19 | #--------------------------------------------------- 20 | # Reference https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/snmp_mibs_details_c.html 21 | #--------------------------------------------------- 22 | 23 | # Default variables 24 | warning=24 25 | critical=48 26 | version="2" 27 | community="public" 28 | timeout="10" 29 | wgInfoGavService="1.3.6.1.4.1.3097.6.1.3.0" 30 | wgInfoIpsService="1.3.6.1.4.1.3097.6.1.4.0" 31 | exitCode=0 32 | intrusion=1 33 | antivirus=1 34 | output="" 35 | 36 | # Process arguments 37 | while [ $# -gt 0 ]; do 38 | case "$1" in 39 | --warning*|-w*) 40 | if [[ "$1" != *=* ]]; then shift; fi 41 | warning="${1#*=}" 42 | ;; 43 | --critical*|-c*) 44 | if [[ "$1" != *=* ]]; then shift; fi 45 | critical="${1#*=}" 46 | ;; 47 | --host*|-h*) 48 | if [[ "$1" != *=* ]]; then shift; fi 49 | host="${1#*=}" 50 | ;; 51 | --user*|-u*) 52 | if [[ "$1" != *=* ]]; then shift; fi 53 | user="${1#*=}" 54 | ;; 55 | --pass*|-p*) 56 | if [[ "$1" != *=* ]]; then shift; fi 57 | pass="${1#*=}" 58 | ;; 59 | --version*|-v*) 60 | if [[ "$1" != *=* ]]; then shift; fi 61 | version="${1#*=}" 62 | ;; 63 | --string*|-s*) 64 | if [[ "$1" != *=* ]]; then shift; fi 65 | community="${1#*=}" 66 | ;; 67 | intrusion--*|-i*) 68 | if [[ "$1" != *=* ]]; then shift; fi 69 | intrusion=1 70 | antivirus=0 71 | ;; 72 | antivirus--*|-a*) 73 | if [[ "$1" != *=* ]]; then shift; fi 74 | intrusion=0 75 | antivirus=1 76 | ;; 77 | --help) 78 | echo "Usage: check_wg_signatures.sh [options]" 79 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 80 | echo " -w | --warning: warning hours since last update. Default 24." 81 | echo " -c | --critical: critical hours since last update. Default 48." 82 | echo " -i | --intrusion: checks only Intrusion Prevention Service." 83 | echo " -a | --antivirus: checks only Gateway Antivirus Service." 84 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 85 | echo " 2: -s | --string: snmp community string. Default public" 86 | echo " 3: -u | --user: user. -p | --pass: password" 87 | echo "Example: check_wg_signatures.sh -h 192.168.2.100 -s publicsnmp -a" 88 | echo "Example: check_wg_signatures.sh -h 192.168.2.100 -v 3 -u read -p 1234567789 -i" 89 | exit 3 90 | ;; 91 | *) 92 | >&2 printf "Error: Invalid argument: $1\n" 93 | exit 3 94 | ;; 95 | esac 96 | shift 97 | done 98 | 99 | # Check arguments 100 | if ! [[ $(command -v snmpget) ]] 101 | then 102 | echo "snmpget could not be found. Please install it and try again" 103 | exit 3 104 | fi 105 | if ! [[ $warning =~ $re ]] 106 | then 107 | echo "Unknown: warning must be a number" 108 | exit 3 109 | fi 110 | if ! [[ $critical =~ $re ]] 111 | then 112 | echo "Unknown: critical must be a number" 113 | exit 3 114 | fi 115 | 116 | if [[ -z $host ]] 117 | then 118 | echo "Unknown: host can not be empty" 119 | exit 3 120 | fi 121 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 122 | then 123 | echo "Unknown: username and/or password can not be empty" 124 | exit 3 125 | fi 126 | if [[ $(echo $warning'>'$critical | bc -l) -eq 1 ]] 127 | then 128 | echo "Unknown: Critical must be higher than warning" 129 | exit 3 130 | fi 131 | 132 | # SNMP Command sintax 133 | if [[ $version -eq "2" ]] 134 | then 135 | args=" -OQne -v 2c -c $community -t $timeout" 136 | elif [[ $version -eq "3" ]] 137 | then 138 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 139 | else 140 | echo "Unknown: snmp version must be 2 or 3" 141 | exit 3 142 | fi 143 | 144 | # Critical and warning dates 145 | criticalDate=`date -d "-$critical hour" +%s` 146 | warningDate=`date -d "-$warning hour" +%s` 147 | 148 | # Run SNMP commands and check 149 | if [[ $antivirus -eq 1 ]] 150 | then 151 | avDate=`snmpget $args $host $wgInfoGavService 2> /dev/null | grep -oP '\(\K[^\)]+'` 152 | if [[ -z $avDate ]] 153 | then 154 | echo "Unknown: could not get update time of the Gateway Antivirus Service" 155 | exit 3 156 | fi 157 | avDateS=`date -d "$avDate" +%s` 158 | 159 | if [[ $avDateS -lt $warningDate ]] 160 | then 161 | exitCode=1 162 | fi 163 | if [[ $avDateS -lt $criticalDate ]] 164 | then 165 | exitCode=2 166 | fi 167 | output="Gateway Antivirus Service date: $avDate" 168 | fi 169 | if [[ $intrusion -eq 1 ]] 170 | then 171 | ipDate=`snmpget $args $host $wgInfoIpsService 2> /dev/null | grep -oP '\(\K[^\)]+'` 172 | if [[ -z $ipDate ]] 173 | then 174 | echo "Unknown: could not get update time of the Intrusion Prevention Service" 175 | exit 3 176 | fi 177 | ipDateS=`date -d "$ipDate" +%s` 178 | if [[ ($ipDateS -lt $warningDate) && ($exitCode -eq 0) ]] 179 | then 180 | exitCode=1 181 | fi 182 | if [[ $ipDateS -lt $criticalDate ]] 183 | then 184 | exitCode=2 185 | fi 186 | output="${output:+$output. }Intrusion Prevention Service date: $ipDate." 187 | fi 188 | 189 | # Exit 190 | if [[ $exitCode -eq 0 ]] 191 | then 192 | echo "Ok. $output" 193 | exit 0 194 | elif [[ $exitCode -eq 1 ]] 195 | then 196 | echo "Warning. $output" 197 | exit 1 198 | else 199 | echo "Critical. $output" 200 | exit 2 201 | fi -------------------------------------------------------------------------------- /check_wg_tunnels.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_tunnels for Nagios 3 | # Version: 1.0 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks if one or more of Branch Office VPN Tunnels are active on a Watchguard device. 7 | # Usage: check_wg_tunnels.sh [options] 8 | # -h | --host: ip of device. 9 | # -t | --tunnels: list of tunnels to check. Array of pairs of gateways. 10 | # Syntax "localGwIP1-peerGwIP1 localGwIP2-peerGwIP2 localGwIPn-peerGwIPn" 11 | # Example: "80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123 123.234.43.65-65.234.56.78" 12 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 13 | # 2: -s | --string: snmp community string. Default public. 14 | # 3: -u | --user: user. -p | --pass: password. 15 | # Example: check_wg_tunnels.sh -h 192.168.2.100 -s publicsnmp -t "80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123" 16 | # Example: check_wg_tunnels.sh -h 192.168.2.100 -v 3 -u read -p 1234567789 -t "80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123 123.234.43.65-65.234.56.78" 17 | #--------------------------------------------------- 18 | # Reference https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/snmp_mibs_details_c.html 19 | #--------------------------------------------------- 20 | 21 | # Default variables 22 | version="2" 23 | community="public" 24 | timeout="10" 25 | wgIpsecEndpointPairLocalAddr="1.3.6.1.4.1.3097.5.1.1.2.1.2" 26 | wgIpsecEndpointPairPeerAddr="1.3.6.1.4.1.3097.5.1.1.2.1.3" 27 | exitCode=0 28 | output="" 29 | 30 | # Process arguments 31 | while [ $# -gt 0 ]; do 32 | case "$1" in 33 | --host*|-h*) 34 | if [[ "$1" != *=* ]]; then shift; fi 35 | host="${1#*=}" 36 | ;; 37 | --user*|-u*) 38 | if [[ "$1" != *=* ]]; then shift; fi 39 | user="${1#*=}" 40 | ;; 41 | --pass*|-p*) 42 | if [[ "$1" != *=* ]]; then shift; fi 43 | pass="${1#*=}" 44 | ;; 45 | --version*|-v*) 46 | if [[ "$1" != *=* ]]; then shift; fi 47 | version="${1#*=}" 48 | ;; 49 | --string*|-s*) 50 | if [[ "$1" != *=* ]]; then shift; fi 51 | community="${1#*=}" 52 | ;; 53 | tunnels--*|-t*) 54 | if [[ "$1" != *=* ]]; then shift; fi 55 | tunnels="${1#*=}" 56 | ;; 57 | --help) 58 | echo "This plugin checks if one or more of Branch Office VPN Tunnels are active on a Watchguard device." 59 | echo "Usage: check_wg_tunnels.sh [options]" 60 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 61 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 62 | echo " 2: -s | --string: snmp community string. Default public" 63 | echo " 3: -u | --user: user. -p | --pass: password" 64 | echo " -t | --tunnels: list of tunnels to check. Array of pairs of gateways." 65 | echo " Syntax \"localGwIP1-peerGwIP1 localGwIP2-peerGwIP2 localGwIPn-peerGwIPn\"" 66 | echo " Example: \"80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123 123.234.43.65-65.234.56.78\"" 67 | echo "Example: check_wg_tunnels.sh -h 192.168.2.100 -s publicsnmp -t \"80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123\"" 68 | echo "Example: check_wg_tunnels.sh -h 192.168.2.100 -v 3 -u read -p 1234567789 -t \"80.24.56.73-90.123.124.34 100.234.45.47-90.12.45.123 123.234.43.65-65.234.56.78\"" 69 | exit 3 70 | ;; 71 | *) 72 | >&2 printf "Error: Invalid argument: $1\n" 73 | exit 3 74 | ;; 75 | esac 76 | shift 77 | done 78 | 79 | # https://stackoverflow.com/a/13778973 80 | ipvalid() { 81 | # Set up local variables 82 | local ip=${1:-1.2.3.4} 83 | local IFS=.; local -a a=($ip) 84 | # Start with a regex format test 85 | [[ $ip =~ ^[0-9]+(\.[0-9]+){3}$ ]] || return 1 86 | # Test values of quads 87 | local quad 88 | for quad in {0..3}; do 89 | [[ "${a[$quad]}" -gt 255 ]] && return 1 90 | done 91 | return 0 92 | } 93 | 94 | # Check arguments 95 | if ! [[ $(command -v snmpwalk) ]] 96 | then 97 | echo "snmpwalk could not be found. Please install it and try again" 98 | exit 3 99 | fi 100 | 101 | if [[ -z $host ]] 102 | then 103 | echo "Unknown: host can not be empty" 104 | exit 3 105 | fi 106 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 107 | then 108 | echo "Unknown: username and/or password can not be empty" 109 | exit 3 110 | fi 111 | if [[ -z $tunnels ]] 112 | then 113 | echo "Unknown: tunnels can not be empty" 114 | exit 3 115 | fi 116 | 117 | # SNMP Command sintax 118 | if [[ $version -eq "2" ]] 119 | then 120 | args=" -OQne -v 2c -c $community -t $timeout" 121 | elif [[ $version -eq "3" ]] 122 | then 123 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 124 | else 125 | echo "Unknown: snmp version must be 2 or 3" 126 | exit 3 127 | fi 128 | 129 | # Get tunnels info 130 | localAddr=( $( snmpwalk $args $host $wgIpsecEndpointPairLocalAddr | cut -d "=" -f2 | cut -d " " -f2 ) ) 131 | peerAddr=( $( snmpwalk $args $host $wgIpsecEndpointPairPeerAddr | cut -d "=" -f2 | cut -d " " -f2 ) ) 132 | tunnels=( $( echo $tunnels ) ) 133 | 134 | # Check tunnels 135 | for t in "${tunnels[@]}" 136 | do 137 | up=0 138 | local=`echo "$t" | cut -d "-" -f1` 139 | peer=`echo "$t" | cut -d "-" -f2` 140 | if ! [[ `echo "$t" | grep -` ]] 141 | then 142 | echo "Unknown: bad 't' parameter. Syntax \"localGwIP1-peerGwIP1 localGwIP2-peerGwIP2 localGwIPn-peerGwIPn\"" 143 | exit 3 144 | fi 145 | if [[ $local = $peer ]] 146 | then 147 | echo "Unknown: local gateway IP and peer gateway IP can not be the same. Syntax \"localGwIP1-peerGwIP1 localGwIP2-peerGwIP2 localGwIPn-peerGwIPn\"" 148 | exit 3 149 | fi 150 | if ! ipvalid "$local" 151 | then 152 | echo "Unknown: $local is not a valid IP" 153 | exit 3 154 | fi 155 | if ! ipvalid "$peer" 156 | then 157 | echo "Unknown: $peer is not a valid IP" 158 | exit 3 159 | fi 160 | arraylength=${#localAddr[@]} 161 | for (( i=0; i<${arraylength}; i++ )); 162 | do 163 | if [[ ("${localAddr[$i]}" = "$local") && ("${peerAddr[$i]}" = "$peer") ]] 164 | then 165 | up=1 166 | fi 167 | done 168 | if [[ $up -eq 1 ]] 169 | then 170 | output="${output:+$output. }$t is up" 171 | else 172 | output="${output:+$output. }$t is down" 173 | exitCode=2 174 | fi 175 | done 176 | 177 | # Exit 178 | if [[ $exitCode -eq 0 ]] 179 | then 180 | echo "Ok. $output" 181 | exit 0 182 | else 183 | echo "Critical. $output" 184 | exit 2 185 | fi -------------------------------------------------------------------------------- /check_wg_load.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_load for Nagios 3 | # Version: 1.0 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks CPU load of Watchguard device and returns load performance data 7 | # Usage: check_wg_load.sh [options] 8 | # -h | --host: ip of device. 9 | # -w1 | --warning1: load1 warning. Default: 0.7 10 | # -c1 | --critical1: load1 critical. Default: 1. 11 | # -w5 | --warning5: load5 warning. Default: 0.7 12 | # -c5 | --critical5: load5 critical. Default: 1. 13 | # -w15 | --warning15: load15 warning. Default: 0.7 14 | # -c15 | --critical15: load15 critical. Default: 1. 15 | # -a | --auto: auto detects number of cores and multiply warning and critical by cores. 16 | # Ex. warning=0.7 and critical=1 will be w=2.8 and c=4 on a device with 4 cores. 17 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 18 | # 2: -s | --string: snmp community string. Default public. 19 | # 3: -u | --user: user. -p | --pass: password. 20 | # Example: check_wg_load.sh -h 192.168.2.100 -a 21 | # Example: check_wg_load.sh -h 192.168.2.100 -c1 1 -w1 0.7 -w5 0.5 -c5 0.8 -w15 0.5 -c15 0.6 -v 2 -s publicwg -a 22 | # Example: check_wg_load.sh -h 192.168.2.100 -c1 2 -w1 0.8 -v 3 -u read -p 1234567789 -a 23 | #--------------------------------------------------- 24 | # Reference https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA22A000000HQ0PSAW&lang=en_US 25 | #--------------------------------------------------- 26 | 27 | # Default variables 28 | warning1=0.7 29 | critical1=1 30 | warning5=0.7 31 | critical5=1 32 | warning15=0.7 33 | critical15=1 34 | version="2" 35 | community="public" 36 | timeout="10" 37 | auto=0 38 | oid_num_cpu="1.3.6.1.2.1.25.3.3.1.2" 39 | oid_load1="1.3.6.1.4.1.2021.10.1.3.1" 40 | oid_load5="1.3.6.1.4.1.2021.10.1.3.2" 41 | oid_load15="1.3.6.1.4.1.2021.10.1.3.3" 42 | 43 | # Process arguments 44 | while [ $# -gt 0 ]; do 45 | case "$1" in 46 | --warning1*|-w1*) 47 | if [[ "$1" != *=* ]]; then shift; fi 48 | warning1="${1#*=}" 49 | ;; 50 | --critical1*|-c*) 51 | if [[ "$1" != *=* ]]; then shift; fi 52 | critical1="${1#*=}" 53 | ;; 54 | --warning5*|-w*) 55 | if [[ "$1" != *=* ]]; then shift; fi 56 | warning5="${1#*=}" 57 | ;; 58 | --critical5*|-c*) 59 | if [[ "$1" != *=* ]]; then shift; fi 60 | critical5="${1#*=}" 61 | ;; 62 | --warning15*|-w*) 63 | if [[ "$1" != *=* ]]; then shift; fi 64 | warning15="${1#*=}" 65 | ;; 66 | --critical15*|-c*) 67 | if [[ "$1" != *=* ]]; then shift; fi 68 | critical15="${1#*=}" 69 | ;; 70 | --host*|-h*) 71 | if [[ "$1" != *=* ]]; then shift; fi 72 | host="${1#*=}" 73 | ;; 74 | --user*|-u*) 75 | if [[ "$1" != *=* ]]; then shift; fi 76 | user="${1#*=}" 77 | ;; 78 | --pass*|-p*) 79 | if [[ "$1" != *=* ]]; then shift; fi 80 | pass="${1#*=}" 81 | ;; 82 | --version*|-v*) 83 | if [[ "$1" != *=* ]]; then shift; fi 84 | version="${1#*=}" 85 | ;; 86 | --string*|-s*) 87 | if [[ "$1" != *=* ]]; then shift; fi 88 | community="${1#*=}" 89 | ;; 90 | --auto*|-a*) 91 | auto=1 92 | ;; 93 | --help) 94 | echo "Usage: check_wg_cpu.sh [options]" 95 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 96 | echo " -w1 | --warning1: load1 warning. Default: 0.7" 97 | echo " -c1 | --critical: load1 critical. Default 1" 98 | echo " -w5 | --warning5: load5 warning. Default: 0.7" 99 | echo " -c5 | --critica5: load5 critical. Default 1" 100 | echo " -w15 | --warning15: load15 warning. Default: 0.7" 101 | echo " -c15 | --critical5: load15 critical. Default 1" 102 | echo " -a | --auto: auto detects number of cores and multiply warning and critical by cores." 103 | echo " Ex. warning=0.7 and critical=1 will be w=2.8 and c=4 on a device with 4 cores" 104 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 105 | echo " 2: -s | --string: snmp community string. Default public" 106 | echo " 3: -u | --user: user. -p | --pass: password" 107 | echo "Example: check_wg_load.sh -h 192.168.2.100 -a" 108 | echo "Example: check_wg_load.sh -h 192.168.2.100 -c1 1 -w1 0.7 -w5 0.5 -c5 0.8 -w15 0.5 -c15 0.6 -v 2 -s publicwg -a" 109 | echo "Example: check_wg_load.sh -h 192.168.2.100 -c1 2 -w1 0.8 -v 3 -u read -p 1234567789 -a" 110 | exit 3 111 | ;; 112 | *) 113 | >&2 printf "Error: Invalid argument: $1\n" 114 | exit 3 115 | ;; 116 | esac 117 | shift 118 | done 119 | 120 | # Check arguments 121 | if ! [[ $(command -v snmpwalk) ]] 122 | then 123 | echo "snmpget could not be found. Please install it and try again" 124 | exit 3 125 | fi 126 | if ! [[ $warning =~ $re ]] 127 | then 128 | echo "Unknown: warning must be a number" 129 | exit 3 130 | fi 131 | if ! [[ $critical =~ $re ]] 132 | then 133 | echo "Unknown: critical must be a number" 134 | exit 3 135 | fi 136 | 137 | if [[ -z $host ]] 138 | then 139 | echo "Unknown: host can not be empty" 140 | exit 3 141 | fi 142 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 143 | then 144 | echo "Unknown: username and/or password can not be empty" 145 | exit 3 146 | fi 147 | if [[ $(echo $warning1'>'$critical1 | bc -l) -eq 1 ]] 148 | then 149 | echo "Unknown: Critical1 must be higher than warning1" 150 | exit 3 151 | fi 152 | if [[ $(echo $warning5'>'$critical5 | bc -l) -eq 1 ]] 153 | then 154 | echo "Unknown: Critical5 must be higher than warning5" 155 | exit 3 156 | fi 157 | if [[ $(echo $warning15'>'$critical15 | bc -l) -eq 1 ]] 158 | then 159 | echo "Unknown: Critical15 must be higher than warning15" 160 | exit 3 161 | fi 162 | 163 | # SNMP Command sintax 164 | if [[ $version -eq "2" ]] 165 | then 166 | args=" -OQne -v 2c -c $community -t $timeout" 167 | elif [[ $version -eq "3" ]] 168 | then 169 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 170 | else 171 | echo "Unknown: snmp version must be 2 or 3" 172 | exit 3 173 | fi 174 | 175 | # Run SNMP Command 176 | cpu=`snmpget $args $host $oid_load1 $oid_load5 $oid_load15 2> /dev/null` 177 | if [[ -z $cpu ]] 178 | then 179 | echo "Unknown: cpu stats not found" 180 | exit 3 181 | fi 182 | num_cores=`snmpwalk $args $host $oid_num_cpu | wc -l` 183 | if [[ -z $num_cores ]] 184 | then 185 | echo "Unknown: number of cores not found" 186 | exit 3 187 | fi 188 | # If auto, update warning and critical 189 | if [[ $auto -eq 1 ]] 190 | then 191 | warning1=`echo "$num_cores * $warning1" | bc -l` 192 | critical1=`echo "$num_cores * $critical1" | bc -l` 193 | warning5=`echo "$num_cores * $warning5" | bc -l` 194 | critical5=`echo "$num_cores * $critical5" | bc -l` 195 | warning15=`echo "$num_cores * $warning15" | bc -l` 196 | critical15=`echo "$num_cores * $critical15" | bc -l` 197 | fi 198 | load1=`echo $cpu | cut -d \" -f2` 199 | load5=`echo $cpu | cut -d \" -f4` 200 | load15=`echo $cpu | cut -d \" -f6` 201 | output="CPU load average: $load1, $load5, $load15 " 202 | perf="| load1=$load1;$warning1;$critical1;0;$num_cores load5=$load5;$warning5;$critical5;0;$num_cores load15=$load15;$warning15;$critical15;0;$num_cores" 203 | 204 | # Check SNMP command result 205 | if [[ $(echo $load1'>'$critical1 | bc -l) -eq 1 || $(echo $load5'>'$critical5 | bc -l) -eq 1 || $(echo $load15'>'$critical15 | bc -l) -eq 1 ]] 206 | then 207 | echo "Critical. $output $perf" 208 | exit 2 209 | fi 210 | if [[ $(echo $load1'>'$warning1 | bc -l) -eq 1 || $(echo $load5'>'$warning5 | bc -l) -eq 1 || $(echo $load15'>'$warning15 | bc -l) -eq 1 ]] 211 | then 212 | echo "Warning. $output $perf" 213 | exit 1 214 | fi 215 | echo "Ok. $output $perf" 216 | exit 0 -------------------------------------------------------------------------------- /check_diskdefragstatus.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Windows disks fragmentation status. 4 | .DESCRIPTION 5 | Check Windows disks fragmentation status. 6 | Optionally performs defragmentation. 7 | .OUTPUTS 8 | OK: All disk fragmentation status is ok. 9 | WARNING: % of fragmentation equal to Warning treshold. 10 | CRITICAL: % of fragmentation equal to Critical treshold. 11 | .PARAMETER warning 12 | % of fragmentation for warning treshold. 13 | Default System default. 14 | .PARAMETER critical 15 | % of fragmentation for critical treshold. 16 | Default None. 17 | .PARAMETER disks 18 | Disks to check fragmentation status. 19 | Default: all. 20 | Example: "C:","D:","F:" 21 | .PARAMETER defrag 22 | Defrag disks if warning or critical. 23 | Default: false 24 | .PARAMETER forceDefrag 25 | Defrag disks if free space is low. 26 | Default: false 27 | .EXAMPLE 28 | Only checks all drives with system default warning treshold. 29 | check_diskdefragstatus.ps1 30 | .EXAMPLE 31 | Checks all drives with 15 warning treshold and 40 critical treshold. 32 | check_diskdefragstatus.ps1 -warning 15 -critical 40 33 | .EXAMPLE 34 | Checks only C and D drives with system default warning treshold and 50 critical treshold. 35 | check_diskdefragstatus.ps1 -disks "C:","D:" -critical 50 36 | .EXAMPLE 37 | Checks C drive with system default warning treshold. 38 | If defragmentation status is greater than warning or critical treshold, it runs disk defragmentation. 39 | check_diskdefragstatus.ps1 -disks "C:" -defrag 40 | .EXAMPLE 41 | Checks C drive with system default warning treshold. 42 | If defragmentation status is greater than warning or critical treshold, it runs disk defragmentation even C: disk free space is low. 43 | check_diskdefragstatus.ps1 -disks "C:" -defrag -forceDefrag 44 | .NOTES 45 | Author: Juan Granados 46 | #> 47 | 48 | Param( 49 | [Parameter(Mandatory = $false, Position = 0)] 50 | [ValidateRange(0, 100)] 51 | [int]$warning = 0, 52 | [Parameter(Mandatory = $false, Position = 1)] 53 | [ValidateRange(0, 100)] 54 | [int]$critical = 0, 55 | [Parameter(Mandatory = $false, Position = 2)] 56 | [ValidateNotNullOrEmpty()] 57 | [string[]]$disks = "all", 58 | [Parameter()] 59 | [switch]$defrag, 60 | [Parameter()] 61 | [switch]$forceDefrag 62 | ) 63 | #Requires -RunAsAdministrator 64 | $ErrorActionPreference = "Stop" 65 | $global:nagiosStatus = 0 66 | $global:nagiosOutput = "" 67 | 68 | Function Defrag-Disk($diskToDefrag) { 69 | 70 | if ($forceDefrag) { 71 | Write-Verbose "Forcing $($diskToDefrag.DriveLetter) defragmentation" 72 | $result = $diskToDefrag.Defrag($true) 73 | } 74 | else { 75 | Write-Verbose "Performing $($diskToDefrag.DriveLetter) defragmentation" 76 | $result = $diskToDefrag.Defrag($false) 77 | } 78 | 79 | if ($result.ReturnValue -eq 0) { 80 | Write-Verbose "Defragmentation successful" 81 | Write-Verbose "Current fragmentation is $($result.DefragAnalysis.FilePercentFragmentation)" 82 | $diskToDefrag.DefragResult = $result 83 | if (($critical -gt 0) -and ($result.DefragAnalysis.FilePercentFragmentation -gt $critical)) { 84 | Write-Verbose "Status is critical" 85 | $global:nagiosStatus = 2 86 | } 87 | elseif (($warning -eq 0 -and $result.DefragAnalysis.FilePercentFragmentation -gt 10) -or ( ($warning -gt 0) -and ($result.DefragAnalysis.FilePercentFragmentation -gt $warning))) { 88 | Write-Verbose "Status is warning" 89 | $global:nagiosStatus = 1 90 | } 91 | } 92 | else { 93 | Write-Output "CRITICAL: Error $($result.ReturnValue) defragmenting drive $($diskToDefrag.DriveLetter)" 94 | Write-Output "Check error codes: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/vdswmi/defrag-method-in-class-win32-volume" 95 | Exit(2) 96 | } 97 | 98 | $global:nagiosOutput += "Disk $($diskToDefrag.DriveLetter) fragmentation is $($result.DefragAnalysis.FilePercentFragmentation)." 99 | } 100 | 101 | try { 102 | if ($disks -eq "all") { 103 | $drives = get-wmiobject win32_volume | Where-Object { $_.DriveType -eq 3 -and $_.DriveLetter -and (Get-WMIObject Win32_LogicalDiskToPartition | Select-Object Dependent) -match $_.DriveLetter } 104 | } 105 | else { 106 | foreach ($disk in $disks) { 107 | if (-not ($disk -match '[A-Za-z]:')) { 108 | Write-Output "UNKNOWN: Error $($drive) is not a valid disk unit. Expected N:, where N is drive unit. Example C: or D: or F:" 109 | Exit(3) 110 | } 111 | } 112 | $drives = get-wmiobject win32_volume | Where-Object { $_.DriveType -eq 3 -and $_.DriveLetter -in $disks } 113 | } 114 | if (-not ($drives)) { 115 | Write-Output "UNKNOWN: No drives found with get-wmiobject win32_volume command" 116 | Exit(3) 117 | } 118 | foreach ($drive in $drives) { 119 | Write-Verbose "Analizing drive $($drive.DriveLetter)" 120 | $result = $drive.DefragAnalysis() 121 | if ($result.ReturnValue -eq 0) { 122 | Write-Verbose "Current fragmentation is $($result.DefragAnalysis.FilePercentFragmentation)" 123 | $drive | Add-Member -NotePropertyName 'DefragResult' -NotePropertyValue $result 124 | if (($critical -gt 0) -and ($result.DefragAnalysis.FilePercentFragmentation -gt $critical)) { 125 | if (-not $defrag) { 126 | Write-Verbose "Disk will not be defragmented. Status is critical" 127 | $global:nagiosStatus = 2 128 | } 129 | else { 130 | Defrag-Disk -diskToDefrag $drive 131 | Continue 132 | } 133 | } 134 | elseif (($warning -eq 0 -and $result.DefragRecommended -eq "True") -or ( ($warning -gt 0) -and ($result.DefragAnalysis.FilePercentFragmentation -gt $warning))) { 135 | if (-not $defrag) { 136 | Write-Verbose "Disk will not be defragmented. Status is warning" 137 | $global:nagiosStatus = 1 138 | } 139 | else { 140 | Defrag-Disk -diskToDefrag $drive 141 | Continue 142 | } 143 | } 144 | $global:nagiosOutput += "Disk $($drive.DriveLetter) fragmentation is $($result.DefragAnalysis.FilePercentFragmentation)." 145 | } 146 | else { 147 | Write-Output "CRITICAL: Error $($result.ReturnValue) checking status of drive $($drive.DriveLetter)" 148 | Write-Output "Check error codes: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/vdswmi/defraganalysis-method-in-class-win32-volume#return-value" 149 | Exit(2) 150 | } 151 | } 152 | 153 | } 154 | catch { 155 | Write-Output "CRITICAL: $($_.Exception.Message)" 156 | Exit(2) 157 | } 158 | 159 | $global:nagiosOutput += " |" 160 | if ($warning -eq 0) { 161 | $warning = 10; 162 | } 163 | if ($critical -eq 0) { 164 | $critical = 50; 165 | } 166 | 167 | foreach ($drive in $drives) { 168 | $global:nagiosOutput += " $($drive.DriveLetter.TrimEnd(':'))=$($drive.DefragResult.DefragAnalysis.FilePercentFragmentation)%;$($warning);$($critical);0;100" 169 | } 170 | 171 | if ($global:nagiosStatus -eq 2) { 172 | Write-Output "CRITICAL: $($global:nagiosOutput)" 173 | Exit(2) 174 | } 175 | elseif ($global:nagiosStatus -eq 1) { 176 | Write-Output "WARNING: $($global:nagiosOutput)" 177 | Exit(1) 178 | } 179 | else { 180 | Write-Output "OK: disk fragmentation is correct.$($global:nagiosOutput)" 181 | Exit(0) 182 | } -------------------------------------------------------------------------------- /check_wg_network.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # check_wg_network for Nagios 3 | # Version: 0.4 4 | # March 2022 - Juan Granados 5 | #--------------------------------------------------- 6 | # This plugin checks network usage of Watchguard device and returns network performance data. 7 | # Usage: check_wg_network.sh [options] 8 | # -h | --host: ip of device. 9 | # -w | --warning: optional. Number of connections warning. 10 | # -c | --critical: optional. Number of connections critical. 11 | # -iw | --iwarning: optional. % of usage of interface warning. 12 | # -ic | --icritical: optional. % of usage of interface critical. 13 | # -v | --version: snmp version. Default 2. Depends on version you must specify: 14 | # 2: -s | --string: snmp community string. Default public. 15 | # 3: -u | --user: user. -p | --pass: password. 16 | # -i | --interfaces: list of interfaces to monitor. Default all (autodetects interfaces). Ex: "eth0 eth1 eth2 eth3" 17 | # -t | --time: polling time in seconds. Default 10. 18 | # -d | --dspeed: default speed of interfaces in case that snmp returns 0. Default 1000000000. 19 | # Example: check_wg_network.sh -h 192.168.2.100 -c 800000 -w 900000 -v 2 -s publicwg -i "eth0 eth1 vlan1" 20 | # Example: check_wg_network.sh -h 192.168.2.100 -c 800000 -w 900000 -v 3 -u read -p 1234567789 -t 15 21 | # https://networkengineering.stackexchange.com/questions/57435/network-bandwidth-utilization-with-snmp 22 | # https://serverfault.com/questions/401162/how-to-get-interface-traffic-snmp-information-for-routers-cisco-zte-huawei 23 | #--------------------------------------------------- 24 | # Reference https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA22A000000HQ0PSAW&lang=en_US 25 | #--------------------------------------------------- 26 | 27 | # Default variables 28 | version="2" 29 | community="public" 30 | timeout=10 31 | conn_oid="1.3.6.1.4.1.3097.6.3.80" 32 | ifName="1.3.6.1.2.1.31.1.1.1.1" 33 | ifSpeed="1.3.6.1.2.1.2.2.1.5" 34 | ifHighSpeed="1.3.6.1.2.1.31.1.1.1.15" 35 | ifHCInOctets="1.3.6.1.2.1.31.1.1.1.6" 36 | ifHCOutOctets="1.3.6.1.2.1.2.2.1.16" 37 | interfaces="all" 38 | polling=10 39 | dspeed=1000000000 40 | warning=2147483647 41 | critical=2147483647 42 | iwarning=101 43 | icritical=101 44 | exitCode=0 45 | # Process arguments 46 | while [ $# -gt 0 ]; do 47 | case "$1" in 48 | --warning*|-w*) 49 | if [[ "$1" != *=* ]]; then shift; fi 50 | warning="${1#*=}" 51 | ;; 52 | --critical*|-c*) 53 | if [[ "$1" != *=* ]]; then shift; fi 54 | critical="${1#*=}" 55 | ;; 56 | --iwarning*|-iw*) 57 | if [[ "$1" != *=* ]]; then shift; fi 58 | iwarning="${1#*=}" 59 | ;; 60 | --icritical*|-ic*) 61 | if [[ "$1" != *=* ]]; then shift; fi 62 | icritical="${1#*=}" 63 | ;; 64 | --host*|-h*) 65 | if [[ "$1" != *=* ]]; then shift; fi 66 | host="${1#*=}" 67 | ;; 68 | --user*|-u*) 69 | if [[ "$1" != *=* ]]; then shift; fi 70 | user="${1#*=}" 71 | ;; 72 | --pass*|-p*) 73 | if [[ "$1" != *=* ]]; then shift; fi 74 | pass="${1#*=}" 75 | ;; 76 | --version*|-v*) 77 | if [[ "$1" != *=* ]]; then shift; fi 78 | version="${1#*=}" 79 | ;; 80 | --string*|-s*) 81 | if [[ "$1" != *=* ]]; then shift; fi 82 | community="${1#*=}" 83 | ;; 84 | --interfaces*|-i*) 85 | if [[ "$1" != *=* ]]; then shift; fi 86 | interfaces="${1#*=}" 87 | ;; 88 | --time*|-t*) 89 | if [[ "$1" != *=* ]]; then shift; fi 90 | polling="${1#*=}" 91 | ;; 92 | --dspeed*|-d*) 93 | if [[ "$1" != *=* ]]; then shift; fi 94 | dspeed="${1#*=}" 95 | ;; 96 | --help) 97 | echo "Usage: check_wg_network.sh [options]" 98 | echo " -h | --host: ip of device. Ex: 192.168.2.100" 99 | echo " -w | --warning: Optional. Number of connections warning." 100 | echo " -c | --critical: Optional. Number of connections critical." 101 | echo " -iw | --iwarning: Optional. % of usage of interface warning." 102 | echo " -ic | --icritical: Optional. % of usage of interface critical." 103 | echo " -v | --version: snmp version. Default 2. Depends on version you must specify:" 104 | echo " 2: -s | --string: snmp community string. Default public" 105 | echo " 3: -u | --user: user. -p | --pass: password" 106 | echo " -i | --interfaces: list of interfaces to monitor. Default all (autodetects interfaces). Ex: 'eth0 eth1 eth2 eth3'" 107 | echo " -t | --time: polling time in seconds. Default 10." 108 | echo " -d | --dspeed: default speed of interfaces in case that snmp returns 0. Default 1000000000." 109 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80000 -w 90000 -v 2 -s publicwg -i 'eth0 vlan1 eth3'" 110 | echo "Example: check_wg_cpu.sh -h 192.168.2.100 -c 80000 -w 90000 -v 3 -u read -p 1234567789 -t 15" 111 | exit 3 112 | ;; 113 | *) 114 | >&2 printf "Error: Invalid argument: $1\n" 115 | exit 3 116 | ;; 117 | esac 118 | shift 119 | done 120 | function getInterfaceStats { 121 | if [[ -z $1 ]] 122 | then 123 | echo "Unknown: interface cannot be null" 124 | exit 3 125 | fi 126 | 127 | ifindex=`snmpwalk $args $host $ifName | grep -w $1 | grep -o "\.[0-9]*\ "` 128 | if [[ -z $ifindex ]] 129 | then 130 | echo "Unknown: could not get stats for interface $(echo $1)" 131 | exit 3 132 | fi 133 | 134 | mbconversion=1000000 # 1000000 bits is 1 Megabite. 135 | ifspeed=`snmpwalk $args $host $ifSpeed | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 136 | ifHspeed=`snmpwalk $args $host $ifHighSpeed | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 137 | if [[ $ifspeed -eq "0" ]] 138 | then 139 | ifspeed=$dspeed 140 | ifHspeed=`echo "$dspeed/$mbconversion" | bc` 141 | fi 142 | 143 | result1In=`echo "$ifHCInOctets1" | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 144 | result2In=`echo "$ifHCInOctets2" | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 145 | calcIn=`echo "($result2In-$result1In)*8"| bc` # Multiply by 8 to convert octets into bits -> bites received in interval. 146 | bandwidthIn=`echo "scale=3; x=($calcIn/$polling)/$mbconversion; if(x<1 && x!=0) print 0; x" | bc` # Bits / seconds / Mbites -> Mbps 147 | percIn=`echo "scale=2; x=(($calcIn/$polling)*100)/$ifspeed; if(x<1 && x!=0) print 0; x" | bc` 148 | if [[ $(echo $percIn'<'$iwarning | bc -l) -eq 0 && "$exitCode" -eq "0" ]] 149 | then 150 | exitCode=1 151 | elif [[ $(echo $percIn'<'$icritical | bc -l) -eq 0 ]] 152 | then 153 | exitCode=2 154 | fi 155 | 156 | result1Out=`echo "$ifHCOutOctets1" | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 157 | result2Out=`echo "$ifHCOutOctets2" | grep $ifindex | cut -d = -f2 | cut -d " " -f2` 158 | calcOut=`echo "($result2Out-$result1Out)*8" | bc` # Multiply by 8 to convert octets into bits -> bites received in interval. 159 | bandwidthOut=`echo "scale=3; x=($calcOut/$polling)/$mbconversion; if(x<1 && x!=0) print 0; x" | bc` # Bits / seconds / Mbites -> Mbps 160 | percOut=`echo "scale=2; x=(($calcOut/$polling)*100)/$ifspeed; if(x<1 && x!=0) print 0; x" | bc` 161 | if [[ $(echo $percOut'<'$iwarning | bc -l) -eq 0 && "$exitCode" -eq "0" ]] 162 | then 163 | exitCode=1 164 | elif [[ $(echo $percOut'<'$icritical | bc -l) -eq 0 ]] 165 | then 166 | exitCode=2 167 | fi 168 | if [[ "$iwarning" -ne "101" || "$icritical" -ne "101" ]] 169 | then 170 | bwarning=`echo "($iwarning*$ifHspeed)/100" | bc` 171 | bcritical=`echo "($icritical*$ifHspeed)/100" | bc` 172 | perf="$perf $1_in=$(echo $bandwidthIn)Mb;$bwarning;$bcritical;0;$ifHspeed $1_in%=$(echo $percIn)%;$iwarning;$icritical;0;100 $1_out=$(echo $bandwidthOut)Mb;$bwarning;$bcritical;0;$ifHspeed $1_out%=$(echo $percOut)%;$iwarning;$icritical;0;100" 173 | else 174 | perf="$perf $1_in=$(echo $bandwidthIn)Mb;;;0;$ifHspeed $1_in%=$(echo $percIn)%;;;0;100 $1_out=$(echo $bandwidthOut)Mb;;;0;$ifHspeed $1_out%=$(echo $percOut)%;;;0;100" 175 | fi 176 | output="$output. $1=IN:$(echo $bandwidthIn)Mb/s OUT:$(echo $bandwidthOut)Mb/s" 177 | } 178 | # Check arguments 179 | if ! [[ $(command -v snmpwalk) ]] 180 | then 181 | echo "snmpget could not be found. Please install it and try again" 182 | exit 3 183 | fi 184 | if ! [[ $warning =~ $re ]] 185 | then 186 | echo "Unknown: warning must be a number" 187 | exit 3 188 | fi 189 | if ! [[ $critical =~ $re ]] 190 | then 191 | echo "Unknown: critical must be a number" 192 | exit 3 193 | fi 194 | if [[ "$warning" -gt "$critical" ]] 195 | then 196 | echo "Unknown: warning can not be greater than critical" 197 | exit 3 198 | fi 199 | if ! [[ $iwarning =~ $re ]] 200 | then 201 | echo "Unknown: interface warning must be a number" 202 | exit 3 203 | fi 204 | if ! [[ $icritical =~ $re ]] 205 | then 206 | echo "Unknown: interface critical must be a number" 207 | exit 3 208 | fi 209 | if [[ "$iwarning" -gt "$icritical" ]] 210 | then 211 | echo "Unknown: interface warning can not be greater than interface critical" 212 | exit 3 213 | fi 214 | if [[ -z $host ]] 215 | then 216 | echo "Unknown: host can not be empty" 217 | exit 3 218 | fi 219 | if [[ $version -eq 3 && ( -z $user || -z $pass) ]] 220 | then 221 | echo "Unknown: username and/or password can not be empty" 222 | exit 3 223 | fi 224 | if ! [[ $polling =~ $re ]] 225 | then 226 | echo "Unknown: polling must be a number" 227 | exit 3 228 | fi 229 | if ! [[ $dspeed =~ $re ]] 230 | then 231 | echo "Unknown: default speed must be a number" 232 | exit 3 233 | fi 234 | # SNMP Command sintax 235 | if [[ $version -eq "2" ]] 236 | then 237 | args=" -OQne -v 2c -c $community -t $timeout" 238 | elif [[ $version -eq "3" ]] 239 | then 240 | args=" -OQne -v 3 -u $user -A $pass -l authNoPriv -a MD5 -t $timeout" 241 | else 242 | echo "Unknown: snmp version must be 2 or 3" 243 | exit 3 244 | fi 245 | 246 | # Run SNMP Command 247 | conn=`snmpwalk $args $host $conn_oid 2> /dev/null | cut -d = -f2 | cut -d " " -f2` 248 | if [[ -z $conn ]] 249 | then 250 | echo "Unknown: connections stats not found" 251 | exit 3 252 | fi 253 | output="Number of connections: $conn" 254 | if [[ "$warning" -ne "2147483647" || "$critical" -ne "2147483647" ]] 255 | then 256 | perf="| conn=$conn;$warning;$critical;;" 257 | else 258 | perf="| conn=$conn;;;;" 259 | fi 260 | 261 | # Interfaces stats 262 | ifHCInOctets1=`snmpwalk $args $host $ifHCInOctets` 263 | ifHCOutOctets1=`snmpwalk $args $host $ifHCOutOctets` 264 | sleep $polling 265 | ifHCInOctets2=`snmpwalk $args $host $ifHCInOctets` 266 | ifHCOutOctets2=`snmpwalk $args $host $ifHCOutOctets` 267 | # Gets all interfaces 268 | if [[ "$interfaces" = "all" ]] 269 | then 270 | interfaces=`snmpwalk $args $host $ifName | sed -r "s/.*?([\"'])(.*)\1.*/\2/"` 271 | fi 272 | IFS=' ' read -r -a array <<< $(echo $interfaces) 273 | for interface in "${array[@]}" 274 | do 275 | getInterfaceStats "$interface" 276 | done 277 | 278 | # Check SNMP command result 279 | if [[ "$conn" -ge "$critical" ]] 280 | then 281 | exitCode=2 282 | elif [[ "$conn" -ge "$warning" && "$exitCode" -eq "0" ]] 283 | then 284 | exitCode=1 285 | fi 286 | 287 | if [[ "$exitCode" -eq "0" ]] 288 | then 289 | echo "Ok. $output $perf" 290 | exit 0 291 | elif [[ "$exitCode" -eq "1" ]] 292 | then 293 | echo "Warning. $output $perf" 294 | exit 1 295 | else 296 | echo "Critical. $output $perf" 297 | exit 2 298 | fi -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------