SNMP always ok from scripts exec

I want to get the number of openvpn user via SNMP and view in icinga2.
I got result with a python scripts(2016 By Christian Stankowic stdevel (Christian Stankowic) · GitHub)

# python /etc/snmp/scripts/check_ovpn_users.py -f /var/log/openvpn-status.log -P -c 10
OK: OpenVPN users OK (17) | 'vpn_users'=17;5;10

and then put it into a bash script for snmp

cat /etc/snmp/scripts/check_ovpn_users.sh
#! /bin/bash

python /etc/snmp/scripts/check_ovpn_users.py -f /var/log/openvpn-status.log -P
# cat /etc/snmp/snmpd.conf
extend ovpn_users /etc/snmp/scripts/check_ovpn_users.sh

Now, I got result in cli

/usr/lib/nagios/plugins/check_snmp -H 192.168.1.2  -C publiC -o iso.3.6.1.4.1.8072.1.3.2.4.1.2.10.111.118.112.110.95.117.115.101.114.115.1 -w 12 -c 20
SNMP WARNING - *17* | 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."ovpn_users".1'=17;12;20

But the icingaweb2 show
SNMP OK - OK: OpenVPN users OK (17)

apply Service for (OIDs => config in host.vars.snmp_oid)  {
  check_command = "snmp"
  vars += config
  display_name = vars.displayName
  vars.snmp_warn = vars.snmp_warn
  vars.snmp_crit = vars.snmp_crit
  vars.snmp_oid = vars.OID
  vars.check_command = "users"
  #vars.grafana_graph_disable = 1
  assign where (host.vars.client_endpoint == "master" && host.vars.snmp_community && host.vars.os && host.vars.snmp_oid)
}

object Host "openvpn.cqccs.com" {
  check_command = "hostalive"
  address = "192.168.1.2"
  vars.os = "Linux"
  vars.snmp_community = "publiC"

  vars.snmp_oid["procOvpn"] = {
    displayName = "ovpnPROCS"
    OID = "iso.3.6.1.4.1.8072.1.3.2.3.1.2.12.111.112.101.110.118.112.110.95.112.105.100.115"
    vars.snmp_warn = "3:3"
    vars.snmp_crit = "6:6"
  }
  vars.snmp_oid["vpnUsers"] = {
    displayName = "ovpnUSER"
    vars.snmp_warn = "10:10"
    vars.snmp_crit = "30:30"
    OID = "iso.3.6.1.4.1.8072.1.3.2.4.1.2.10.111.118.112.110.95.117.115.101.114.115.1"
  }

}

the warn and crit are not avaible. How could I make it work?

1 Like

Do you care to show the command definition for this?

I use default command “snmp” in /usr/share/icinga2/include/command-plugins.conf

I have tested “–invert-search” and "-R CRITICAL|WARNING ":

/usr/lib/nagios/plugins/check_snmp -H 192.168.1.2 -C publiC -o iso.3.6.1.4.1.8072.1.3.2.4.1.2.10.111.118.112.110.95.117.115.101.114.115.1 --invert-search -R “CRITICAL|WARNING”
SNMP CRITICAL - WARNING: OpenVPN users WARNING (15) | ‘vpn_users’=15;10;20 |

and add two lines in service:

vars.snmpv3_invert_search = true
vars.snmpv3_ereg = “CRITICAL|WARNING”

but icingaweb2 show:

SNMP OK - WARNING: OpenVPN users WARNING (15)

icinga2-20210816115126

The result with cli show char “*” and :* |":
深度截图_选择区域_20210816120804

My guess:
As you are wrapping the check script with a shell script, you are getting back the exit code of that wrapper script instead of the check script.
So you would need to make the wrapper check for the exit code of the check script and use that instead of the wrappers own exit code.

2 Likes

Missed the bash wrapper part.

I agree with this. I’m not saying anyone here doesn’t know bash, but if someone happens to stumble upon this in the future who doesn’t, you can get the exit code with $? and do any additional logic checking if you wish, or simply exit after.

$? gets the exit code of the last run command, so will needed to be checked after the bash script executes the check command.

Should be as simple as

#! /bin/bash

python /etc/snmp/scripts/check_ovpn_users.py -f /var/log/openvpn-status.log -P

exit # When no parameter is given to exit, it will exit with the status code of the last executed command iirc
2 Likes

thank log1c and Ben.
I got it with a wrapper script :

while getopts ":H:C:o:w:c:" option; do
  case "${option}" in
    H) HOST=${OPTARG};;
    C) COMMUNITY=${OPTARG};;
    o) OID=${OPTARG};;
    w) WARNING=${OPTARG};;
    c) CRITICAL=${OPTARG};;
    *) usage;;
  esac
done

STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKOWN=3


SNMP_OUTPUT=$(/usr/lib/nagios/plugins/check_snmp -H $HOST -C $COMMUNITY -o $OID)

#echo $SNMP_OUTPUT

PERDATA=$(echo $SNMP_OUTPUT | awk 'BEGIN{FS="|"}{print $2}')
OUTPUT=$(echo $SNMP_OUTPUT  | awk 'BEGIN{FS="|"}{print $1}' | awk 'BEGIN{FS="-"}{print $2}')
STATUS=$(echo $SNMP_OUTPUT  | awk '{print $4}')

#echo $STATUS
if [[ $STATUS == 'OK:' ]]; then
  echo "$OUTPUT | $PERDATA" && exit $STATE_OK
elif [[ $STATUS == 'WARNING:' ]]; then
  echo "$OUTPUT | $PERDATA" && exit $STATE_WARNING
elif [[ $STATUS == 'CRITICAL:' ]]; then
  echo "$OUTPUT | $PERDATA" && exit $STATE_CRITICAL
else
  echo "$OUTPUT" && exit $STATE_UNKOWN
fi

check_snmp delivers already an exit code for icinga. This is saved in $?. Use this in your script :wink:

Note that $? is only valid immediately after the command you want the exit
code from - copy it into another variable straight away and then use that
later when you are ready to exit from your script.

If you have any other commands in between check_snmp and when you use $?, you
will get the result of the last command run before you looked at $?, not the
result of check_snmp.

Antony.

1 Like

thanks, i am stupid… :sweat_smile: