Monitoring icon indicating copy to clipboard operation
Monitoring copied to clipboard
verified publisher icon riskersen

check_fortigate.pl: Return OK in case of no configured VPN tunnels

Open bonki opened this issue 9 years ago • 6 comments

In case of zero configured tunnels $oid_ipsectuntableroot does not exist which resulted in the script exiting with

UNKNOWN: session get table failed for .1.3.6.1.4.1.12356.101.12.2.2.1.1

Expected:

OK: foo (Master: bar): Active SSL-VPN Connections/Tunnels: 0/0: IPSEC Tunnels: Configured/Active: 0/0 |'ActiveSSL-VPN'=0 'ActiveIPSEC'=0

bonki avatar Sep 19 '16 08:09 bonki

You probably don't want to merge this as it is as there's probably a canonical way of checking for SNMP::NoSuchInstance errors, this is merely meant for testing purposes.

bonki avatar Sep 19 '16 08:09 bonki

Hey, thanks for your contribution.

Hm, hard to decide, in most cases empty oids aren't okay, except this one. So i would propose to name the function somehow like

get_snmp_table_accept_empty_oid

What do you think?

riskersen avatar Sep 19 '16 08:09 riskersen

The problem is that get_table could also fail in case of real session errors (and in this case _accept_empty_oid is misleading) even if the OID exists in which case this will silently drop any errors and might wrongfully report zero tunnels which is what makes this more of a hack. In my book that's not very pretty error handling but if we can live with that (for the time being, anyway), go for it :)

bonki avatar Sep 19 '16 08:09 bonki

What do I have to do to get this merged (in which case I'll have to update #36 which is based on latest master)? :)

bonki avatar Apr 25 '17 19:04 bonki

I have no idea, how this went through, but are you willing to rebase your pull request...?

riskersen avatar Apr 08 '21 14:04 riskersen

I can create a PR to implement that one. (if @bonki agrees)

sgruber94 avatar Oct 04 '21 15:10 sgruber94