#!/usr/bin/perl -w 
############################## check_snmp_css.pl #################
# Version : 1.0.1
# Date : 27 Sept 2006
# Author  : Patrick Proy ( patrick at proy.org)
# Help : http://www.manubulon.com/nagios/
# Licence : GPL - http://www.fsf.org/licenses/gpl.txt
# Changelog : 
# Contributors : 
#################################################################
#
# Help : ./check_snmp_css.pl -h
#

use strict;
use Net::SNMP;
use Getopt::Long;

# Nagios specific

use lib "/opt/plugins";
use utils qw(%ERRORS $TIMEOUT);
#my $TIMEOUT = 15;
#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);

# SNMP Datas

my $css_svc_table = 	"1.3.6.1.4.1.9.9.368.1.15.2.1"; # Svc table
my $css_svc_name =		"1.3.6.1.4.1.9.9.368.1.15.2.1.1"; #  Service Name / apSvcName
my $css_svc_index =		"1.3.6.1.4.1.9.9.368.1.15.2.1.2"; #  apSvcIndex
my $css_svc_enable =	"1.3.6.1.4.1.9.9.368.1.15.2.1.12"; #  apSvcEnable
my $css_svc_state=		"1.3.6.1.4.1.9.9.368.1.15.2.1.17"; #  apSvcState : suspended(1),  down(2), alive(4), dying(5)
my $css_svc_maxconn =	"1.3.6.1.4.1.9.9.368.1.15.2.1.19"; #  Max connexions / apSvcMaxConnections
my $css_svc_conn =		"1.3.6.1.4.1.9.9.368.1.15.2.1.20"; #  apSvcConnections
my $css_svc_avgresp =	"1.3.6.1.4.1.9.9.368.1.15.2.1.65"; #  apSvcAvgResponseTime : average response time
my $css_svc_maxresp =	"1.3.6.1.4.1.9.9.368.1.15.2.1.66"; #  apSvcPeakAvgResponseTime : peak response time
my @css_svc_state_txt=	("","suspended","down","","alive","dying");
my @css_svc_state_nag=	(3,2,2,3,0,2);

# Globals

my $Version='1.0';

my $o_host = 	undef; 		# hostname
my $o_community = undef; 	# community
my $o_port = 	161; 		# port
my $o_help=	undef; 		# wan't some help ?
my $o_verb=	undef;		# verbose mode
my $o_version=	undef;		# print version
my $o_timeout=  undef; 		# Timeout (Default 5)
my $o_perf=     undef;          # Output performance data
my $o_version2= undef;          # use snmp v2c
#Specific
my $o_dir=		"/tmp/";		# Directory to store temp file in it.
my $o_dir_set= undef;		# defined if names and index must be read form file.
my $o_name=		undef;		# service name (regexp)
my $o_warn_number=	undef;		# minimum number of service before warning
my $o_crit_number=	undef;		# minimum number of service before critical
my $o_warn_conn=	undef;		# % of max connexions for warning level
my $o_crit_conn=	undef;		# % of max connexions for critical level
my $o_warn_resp=	undef;		# average response time for warning level
my $o_crit_resp=	undef;		# average response time for critical level
my @o_levels=		undef;
# SNMPv3 specific
my $o_login=	undef;		# Login for snmpv3
my $o_passwd=	undef;		# Pass for snmpv3
my $v3protocols=undef;	# V3 protocol list.
my $o_authproto='md5';		# Auth protocol
my $o_privproto='des';		# Priv protocol
my $o_privpass= undef;		# priv password

# functions

sub p_version { print "check_snmp_css version : $Version\n"; }

sub print_usage {
    print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) -n <name> [-d directory] [-w <num>,<resp>,<conn> -c <num>,<resp>,<conn>]  [-p <port>] [-f] [-t <timeout>] [-V]\n";
}

sub isnnum { # Return true if arg is not a number
  my $num = shift;
  if ( $num =~ /^-?(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
  return 1;
}

sub set_status { # return worst status with this order : OK, unknwonw, warning, critical 
  my $new_status=shift;
  my $cur_status=shift;
  if (($cur_status == 0)|| ($new_status==$cur_status)){ return $new_status; }
  if ($new_status==3) { return $cur_status; }
  if ($new_status > $cur_status) {return $new_status;}
  return $cur_status;
}

sub is_pattern_valid { # Test for things like "<I\s*[^>" or "+5-i"
 my $pat = shift;
 if (!defined($pat)) { $pat=" ";} # Just to get rid of compilation time warnings
 return eval { "" =~ /$pat/; 1 } || 0;
}

sub round ($$) {
    sprintf "%.$_[1]f", $_[0];
}

sub help {
   print "\nSNMP Cisco CSS monitor for Nagios version ",$Version,"\n";
   print "(c)2004-2006 Patrick Proy\n\n";
   print_usage();
   print <<EOT;
-v, --verbose
   print extra debugging information 
-h, --help
   print this help message
-H, --hostname=HOST
   name or IP address of host to check
-n, --name=<name> 
   regexp to select service
-w, --warning=<num>,<resp>,<conn> 
   Optional. Warning level for
   - minimum number of active & alive service 
   - average response time
   - number of connexions
   For no warnings, put -1 (ex : -w5,-1,3).
   When using negative numbers, dont put space after "-w"
-d, --dir=<directory to put file> 
   Directory where the temp file with index, created by check_snmp_css_main.pl, can be found
   If no directory is set, /tmp will be used
-c, --critical=<num>,resp>,<conn>
   Optional. Critical levels (-1 for no critical levels)
   See warning levels.
-C, --community=COMMUNITY NAME
   community name for the host's SNMP agent (implies v1 protocol)
-2, --v2c
   Use snmp v2c
-l, --login=LOGIN ; -x, --passwd=PASSWD
   Login and auth password for snmpv3 authentication 
   If no priv password exists, implies AuthNoPriv 
-X, --privpass=PASSWD
   Priv password for snmpv3 (AuthPriv protocol)
-L, --protocols=<authproto>,<privproto>
   <authproto> : Authentication protocol (md5|sha : default md5)
   <privproto> : Priv protocole (des|aes : default des) 
-P, --port=PORT
   SNMP port (Default 161)
-f, --perfparse
   Perfparse compatible output
-t, --timeout=INTEGER
   timeout for SNMP in seconds (Default: 5)
-V, --version
   prints version number
EOT
}

# For verbose output
sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; }

# Get the alarm signal (just in case snmp timout screws up)
$SIG{'ALRM'} = sub {
     print ("ERROR: Alarm signal (Nagios time-out)\n");
     exit $ERRORS{"UNKNOWN"};
};

sub check_options {
    Getopt::Long::Configure ("bundling");
    GetOptions(
	'v'		=> \$o_verb,		'verbose'		=> \$o_verb,
	'h'     => \$o_help,    	'help'        	=> \$o_help,
	'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
	'p:i'   => \$o_port,   		'port:i'		=> \$o_port,
	'C:s'   => \$o_community,	'community:s'	=> \$o_community,
	'l:s'	=> \$o_login,		'login:s'		=> \$o_login,
	'x:s'	=> \$o_passwd,		'passwd:s'		=> \$o_passwd,
	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,   
	't:i'   => \$o_timeout,     'timeout:i'		=> \$o_timeout,
	'V'		=> \$o_version,		'version'		=> \$o_version,
	'2'     => \$o_version2,	'v2c'			=> \$o_version2,
	'f'     => \$o_perf,		'perfparse'		=> \$o_perf,
	'n:s'	=> \$o_name,		'name:s'		=> \$o_name,
	'w:s'	=> \$o_warn_conn,	'warning:s'		=> \$o_warn_conn,
	'c:s'	=> \$o_crit_conn,	'critical:s'		=> \$o_crit_conn,
	'd:s'	=> \$o_dir_set,		'dir:s'		=> \$o_dir_set	
	);
    # Basic checks
	if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) 
	  { print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	if (!defined($o_timeout)) {$o_timeout=5;}
    if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
    if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
    if ( ! defined($o_host) ) # check host and filter 
	{ print_usage(); exit $ERRORS{"UNKNOWN"}}
    # check snmp information
    if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
	  { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
	  { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	if (defined ($v3protocols)) {
	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	  my @v3proto=split(/,/,$v3protocols);
	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	}	# Auth protocol
	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	}
	if (!defined($o_name) || ! (is_pattern_valid($o_name))) 
		{print "Need a service name!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
	if (defined($o_warn_conn)) {
		@o_levels=split(/,/,$o_warn_conn);
		if (defined($o_levels[0])) {
			if (isnnum($o_levels[0])) {print "Need number for warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[0] != -1 ) {$o_warn_number=$o_levels[0];} 
		}
		if (defined($o_levels[1])) {
			if (isnnum($o_levels[1])) {print "Need number for warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[1] != -1 ) {$o_warn_conn=$o_levels[1];} else {$o_warn_conn=undef;}
		} else {$o_warn_conn=undef;}
		if (defined($o_levels[2]) ) {
			if (isnnum($o_levels[2])) {print "Need number for warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[2] != -1 ) {$o_warn_resp=$o_levels[2];}
		}
	}
	if (defined($o_crit_conn)) {
		@o_levels=split(/,/,$o_crit_conn);
		if (defined($o_levels[0]) ) {		
			if (isnnum($o_levels[0])) {print "Need number for critical!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[0] != -1 ) {
				$o_crit_number=$o_levels[0];
				if (defined($o_warn_number) && ($o_crit_number>=$o_warn_number)) 
					{print "critical must be < warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			}
		}
		if (defined($o_levels[1]) ) {		
			if (isnnum($o_levels[1])) {print "Need number for critical!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[1] != -1 ) {
				$o_crit_conn=$o_levels[1];
				if (defined($o_warn_conn) && ($o_warn_conn>=$o_crit_conn)) 
					{print "critical must be > warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			} else {$o_crit_conn=undef;}
		} else {$o_crit_conn=undef;}
		if (defined($o_levels[2]) ) {
			if (isnnum($o_levels[2])) {print "Need number for critical!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			if ($o_levels[2] != -1 ) {
				$o_crit_resp=$o_levels[1];
				if (defined($o_warn_resp) && ($o_warn_resp>=$o_crit_resp)) 
					{print "critical must be > warning!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
			}
		}
	}
	if (defined($o_dir_set)) {
	    if ($o_dir_set ne "") {$o_dir=$o_dir_set;} 
		verb("Tmp directory : $o_dir");
	}	
}

########## MAIN #######

check_options();

# Check gobal timeout if snmp screws up
if (defined($TIMEOUT)) {
  verb("Alarm at $TIMEOUT + 5");
  alarm($TIMEOUT+5);
} else {
  verb("no global timeout defined : $o_timeout + 10");
  alarm ($o_timeout+10);
}

# Connect to host
my ($session,$error);
if ( defined($o_login) && defined($o_passwd)) {
  # SNMPv3 login
  verb("SNMPv3 login");
    if (!defined ($o_privpass)) {
  verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
    ($session, $error) = Net::SNMP->session(
      -hostname   	=> $o_host,
      -version		=> '3',
      -username		=> $o_login,
      -authpassword	=> $o_passwd,
      -authprotocol	=> $o_authproto,
      -timeout          => $o_timeout
    );  
  } else {
    verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
    ($session, $error) = Net::SNMP->session(
      -hostname   	=> $o_host,
      -version		=> '3',
      -username		=> $o_login,
      -authpassword	=> $o_passwd,
      -authprotocol	=> $o_authproto,
      -privpassword	=> $o_privpass,
	  -privprotocol => $o_privproto,
      -timeout          => $o_timeout
    );
  }
} else {
	if (defined ($o_version2)) {
		# SNMPv2 Login
		verb("SNMP v2c login");
		  ($session, $error) = Net::SNMP->session(
		 -hostname  => $o_host,
		 -version   => 2,
		 -community => $o_community,
		 -port      => $o_port,
		 -timeout   => $o_timeout
		);
  	} else {
	  # SNMPV1 login
	  verb("SNMP v1 login");
	  ($session, $error) = Net::SNMP->session(
		-hostname  => $o_host,
		-community => $o_community,
		-port      => $o_port,
		-timeout   => $o_timeout
	  );
	}
}
if (!defined($session)) {
   printf("ERROR opening session: %s.\n", $error);
   exit $ERRORS{"UNKNOWN"};
}
$session->max_msg_size(10000);

########### Cisco CSS checks ##############

my (@index,@svcname)=(undef,undef);
my ($numsvc,$numoid,$numoid2)=0;
my (@oid,@oid_list,@oid_list2)=undef;
my $resultat = undef;
# Get load table by snmp or file
if (defined($o_dir_set)) {
	my $file_name=$o_dir."/Nagios_css_".$o_host;
	my $file_lock=$file_name.".lock";

	# Check for lock file during 3 seconds max and quit if sill here.
	my $file_timeout=0;
	while (-e $file_lock) { 
		sleep(1);
		if ($file_timeout==3) {
		  print "Lock file remaining for more than 3 sec : UNKNOWN\n";
		  exit $ERRORS{"UNKNOWN"};
		}
		$file_timeout++;
	}
	# Open file for reading.
	open(FILE,"< ".$file_name);
	while (<FILE>) {
		my @file_line=split(/:/,$_);
		if ((defined ($file_line[1])) && ($file_line[1] =~ /$o_name/)) { # select service by name
			chomp($file_line[1]);
			$svcname[$numsvc]=$file_line[1];
			my $key = $file_line[0];
			verb ("Found : $svcname[$numsvc]");
			$index[$numsvc++]=$key;
			# Build oid for snmpget
			$oid_list[$numoid++]=$css_svc_enable.$key;
			$oid_list[$numoid++]=$css_svc_state.$key;
			$oid_list2[$numoid2++]=$css_svc_maxconn.$key;
			$oid_list2[$numoid2++]=$css_svc_conn.$key;
			$oid_list2[$numoid2++]=$css_svc_avgresp.$key;
		}
	}
	close (FILE);
} else {
	$resultat = (Net::SNMP->VERSION < 4) ? 
			  $session->get_table($css_svc_name)
			: $session->get_table(Baseoid => $css_svc_name); 
			
	if (!defined($resultat)) {
	   printf("ERROR: Description table : %s.\n", $session->error);
	   $session->close;
	   exit $ERRORS{"UNKNOWN"};
	}


	# Get name data & index

	foreach my $key ( keys %$resultat) {
		verb("OID : $key, Desc : $$resultat{$key}");
		if ($$resultat{$key} =~ /$o_name/) { # select service by name
			$svcname[$numsvc]=$$resultat{$key};
			$key =~ s/$css_svc_name//;
			verb ("Found : $svcname[$numsvc]");
			$index[$numsvc++]=$key;
			# Build oid for snmpget
			$oid_list[$numoid++]=$css_svc_enable.$key;
			$oid_list[$numoid++]=$css_svc_state.$key;
			$oid_list2[$numoid2++]=$css_svc_maxconn.$key;
			$oid_list2[$numoid2++]=$css_svc_conn.$key;
			$oid_list2[$numoid2++]=$css_svc_avgresp.$key;
		}
	}
}
# Check if a least one service found
if ($numsvc == 0) {
	print "No service matching ",$o_name," found : CRITICAL\n";
	exit $ERRORS{"CRITICAL"};	
}

$resultat = undef;
$resultat = (Net::SNMP->VERSION < 4) ?
          $session->get_request(@oid_list)
        : $session->get_request(-varbindlist => \@oid_list);

if (!defined($resultat)) {
   printf("ERROR: Status get : %s.\n", $session->error);
   $session->close;
   exit $ERRORS{"UNKNOWN"};
}
my $resultat2 = undef;
$resultat2 = (Net::SNMP->VERSION < 4) ?
          $session->get_request(@oid_list2)
        : $session->get_request(-varbindlist => \@oid_list2);

if (!defined($resultat2)) {
   printf("ERROR: Conn get : %s.\n", $session->error);
   $session->close;
   exit $ERRORS{"UNKNOWN"};
}

my $output="";
my $output_perf="";
my $numsvc_ok=0;
my $output_done=0;
my $global_status=0;

for (my $i=0;$i<$numsvc;$i++) {
	my $key=$index[$i];
	if ($$resultat{$css_svc_enable.$key} == 0 ) {
		# service disabled
		if ($output ne "") { $output.=", ";}
		$output .= $svcname[$i] . " : Disabled";
	} else {
		if ($css_svc_state_nag[$$resultat{$css_svc_state.$key}] != 0) {
			# state not OK
			if ($output ne "") { $output.=", ";}
			$output .= $svcname[$i] . " : " . $css_svc_state_txt[$$resultat{$css_svc_state.$key}];
		} else {
			$numsvc_ok++;
			$output_done=0;
			# state OK
			my $prctconn = round(($$resultat2{$css_svc_conn.$key}/$$resultat2{$css_svc_maxconn.$key}) * 100,0);
			my $resptime = $$resultat2{$css_svc_avgresp.$key};
			if (defined ($o_warn_conn) && ($prctconn>$o_warn_conn)) {
				if ($output ne "") { $output.=", ";}
				$output .= $svcname[$i]. ":" . $prctconn ."%, ".$resptime."ms";
				set_status(1,$global_status);$output_done=1;
			}
			if (defined ($o_crit_conn) && ($prctconn>$o_crit_conn)) {
				if ($output_done==0) {
					$output .= $svcname[$i]. ":" . $prctconn ."%, ".$resptime."ms";
					$output_done=1;
				}
				set_status(2,$global_status);
			}
			if (defined ($o_warn_resp) && ($prctconn>$o_warn_resp)) {
				if ($output_done==0) {
					$output .= $svcname[$i]. ":" . $prctconn ."%, ".$resptime."ms";
					$output_done=1;
				}
				set_status(1,$global_status);
			}
			if (defined ($o_crit_resp) && ($prctconn>$o_crit_resp)) {
				if ($output_done==0) {
					$output .= $svcname[$i]. ":" . $prctconn ."%, ".$resptime."ms";
					$output_done=1;
				}			
				set_status(2,$global_status);
			}			
		}
	}
}


$output .= " ".$numsvc_ok."/".$numsvc." services OK";

if (($global_status == 2) || ((defined ($o_crit_number)) && ($numsvc_ok<=$o_crit_number)) || ($numsvc_ok==0) ) {
	print $output," : CRITICAL\n";
	exit $ERRORS{"CRITICAL"}
}
if (($global_status == 1) || ((defined ($o_warn_number)) && ($numsvc_ok<=$o_warn_number))) {
	print $output," : WARNING\n";
	exit $ERRORS{"WARNING"}
}
print $output," : OK\n";
exit $ERRORS{"OK"};
