Introduction
The following sample script describes how to monitor Cisco IPsec Phase-1 IKE Site-to-Site Tunnel status. The monitor observes the tunnels that are provided while assigning a template.
The following sections describe the different components of the sample script.
Important
Apply script on each device individually and not through device management policy.Importing libraries
Import all libraries in this section based on your requirement. The mandatory import libraries are:
- import groovy.transform.CompileStatic
- import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import groovy.transform.CompileStatic;
import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI;Defining a user-defined class
The user-defined class enables you to declare and initialize global variables.
Important
Use the same metric name on the Setup > Monitoring > Monitors > Create a Monitor screen and within the script.class CiscoIpSecTunnelStatus {
private static final String VPN_TUNNEL_STATUS = (String) "cisco.vpn.ike.tunnel.status";
private static final String VPN_REMOTE_PEER_IDENTITY = (String) "cisco.vpn.remote.peer.identity";
private static final String VPN_REMOTE_PEER_NAME = (String) "cisco.vpn.name";
private static final String VPN_DOWN_STATUS = (String) "2";
private static final String VPN_UP_STATUS = (String) "1";
private static final String EMPTY_STRING = (String) "";
private static final String VPN_TUNNEL_REMOTE_PEER_TABLE = (String) "1.3.6.1.4.1.9.9.171.1.2.3.1.7";Implementing the business logic
Implement business logic using the following mandatory function:
void execute(SnmpExtendedAPI api) throws Exception {
Warning
Do not change the method signature.void execute(SnmpExtendedAPI api) throws Exception {Parsing user-defined input
Parse user-defined input using the following API methods depending on the component or monitor level scope:
- api.getComponentScopeMap();
- api.getComponentScopeMap(index);
- api.getMonitorScopeValue(key);
Parsing Using User-Defined Input
List<HashMap<String, String>> compList = (List<HashMap<String, String>>) api.getComponentScopeMap();
if (compList == null || compList.size() <= 0)
return;
for (int i = 0; i <= compList.size() - 1; i++)
{
HashMap<String, String> compMap = (HashMap<String, String>) compList.get(i);
if (compMap != null && compMap.size() > 0)
{
String compRemoteIp = (String) compMap.get(VPN_REMOTE_PEER_IDENTITY);
String compName = (String) compMap.get(VPN_REMOTE_PEER_NAME);
if (compName == null || EMPTY_STRING.equals(compName) || compRemoteIp == null || EMPTY_STRING.equals(compRemoteIp))
{
continue;
}
reqVpnEntries.put(compRemoteIp, compName);
}
}Querying SNMP OIDs
Query SNMP OIDs using one of the following API methods based on your requirement:
- api.getSnmpRequest(String sOid);
- api.getSnmpRequest(String[] sOids);
- api.getSnmpRequest(String sOid, String format);
- api.getSnmpTable(String sOid);
- api.getSnmpTable(String sOid, String format);
HashMap<String, String> resultant = (HashMap<String, String>) api.getSnmpTable(VPN_TUNNEL_REMOTE_PEER_TABLE);Processing the SNMP OID results
Use one of the following API methods to store or delete previous poll values in the cache:
- api.getPersistantValue(uuid);
- api.deletePersistantValue(String uuid);
Use the following API methods to get device details into the script
- api.getResourceIp();
- api.getResourceName();
- api.getResourceUuid();
Use the following API methods based on user requirement:
- api.getBigDecimalMetricValue(String instance, String metric);
- api.getInstanceNames();
- api.getMetrics(String instance);
- api.getStringMetricValue(String instance, String metric);
if (resultant != null)
{
for (String peerVariable : resultant.values())
{
if (peerVariable != null && !peerVariable.isEmpty())
{
currentPeers.add(peerVariable);
}
}
}Adding output metric values
Add output metric values in a standard JSON format using the following API methods based on your requirement:
- api.addOutputMetric(HashMap<String, HashMap<String, String» metricResultMap);
- api.addOutputMetric(String compName, HashMap<String, String> metricResultMap);
- api.addOutputMetric(String metric, String value);
- api.addOutputMetric(String metric, String instance, String value);
- api.addOutputMetric(String metric, String instance, int value);
- api.addOutputMetric(String metric, String instance, long value);
- api.addOutputMetric(String metric, String instance, double value);
- api.addOutputMetric(String metric, String instance, float value);
for (String reqVpnIP : reqVpnEntries.keySet())
{
if (currentPeers.contains(reqVpnIP))
{
HashMap<String, String> temp = new HashMap<>();
temp.put(VPN_TUNNEL_STATUS, VPN_UP_STATUS); // Here: 1=>OK and
// 2=>Critical
temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
}
else
{
HashMap<String, String> temp = new HashMap<>();
temp.put(VPN_TUNNEL_STATUS, VPN_DOWN_STATUS); // Here: 1=>OK andG
// 2=>Critical
temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
}
}Original sample script
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import groovy.transform.CompileStatic;
import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI;
class CiscoIpSecTunnelStatus {
private static final String VPN_TUNNEL_STATUS = (String) "cisco.vpn.ike.tunnel.status";
private static final String VPN_REMOTE_PEER_IDENTITY = (String) "cisco.vpn.remote.peer.identity";
private static final String VPN_REMOTE_PEER_NAME = (String) "cisco.vpn.name";
private static final String VPN_DOWN_STATUS = (String) "2";
private static final String VPN_UP_STATUS = (String) "1";
private static final String EMPTY_STRING = (String) "";
private static final String VPN_TUNNEL_REMOTE_PEER_TABLE = (String) "1.3.6.1.4.1.9.9.171.1.2.3.1.7";
@CompileStatic
void execute(SnmpExtendedAPI api) throws Exception {
HashSet<String> currentPeers = new HashSet<>();
HashMap<String, String> reqVpnEntries = new HashMap<>();
/*
* Step 1: Fetching user given component inputs using API Call and
* prepares reqVpnEntries hash with VPN_REMOTE_PEER_IP as key and
* VPN_REMOTE_PEER_NAME as value
*
*/
List<HashMap<String, String>> compList = (List<HashMap<String, String>>) api.getComponentScopeMap();
if (compList == null || compList.size() <= 0)
return;
for (int i = 0; i <= compList.size() - 1; i++) {
HashMap<String, String> compMap = (HashMap<String, String>) compList.get(i);
if (compMap != null && compMap.size() > 0) {
String compRemoteIp = (String) compMap.get(VPN_REMOTE_PEER_IDENTITY);
String compName = (String) compMap.get(VPN_REMOTE_PEER_NAME);
if (compName == null || EMPTY_STRING.equals(compName) || compRemoteIp == null || EMPTY_STRING.equals(compRemoteIp)){
continue;
}
reqVpnEntries.put(compRemoteIp, compName);
}
}
/*
* Step 2: SNMPWALK for IKE Remote Peer IP table and prepares
* currentPeers hashset
*
*/
HashMap<String, String> resultant = (HashMap<String, String>) api.getSnmpTable(VPN_TUNNEL_REMOTE_PEER_TABLE);
if (resultant != null){
for (String peerVariable : resultant.values()) {
if (peerVariable != null && !peerVariable.isEmpty()) {
currentPeers.add(peerVariable);
}
}
}
for (String reqVpnIP : reqVpnEntries.keySet()) {
if (currentPeers.contains(reqVpnIP)) {
HashMap<String, String> temp = new HashMap<>();
temp.put(VPN_TUNNEL_STATUS, VPN_UP_STATUS); // Here: 1=>OK and
// 2=>Critical
temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
} else {
HashMap<String, String> temp = new HashMap<>();
temp.put(VPN_TUNNEL_STATUS, VPN_DOWN_STATUS); // Here: 1=>OK andG
// 2=>Critical
temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
}
}
}
}