Closed Test2-0 closed 1 month ago
Hi,
Timeout means that either you don't use the correct community string, or something between your poller and the device is filtering your request.
In this case, the others services can't the status : OK ?
These services belong to the same host?
You can also try to increase the timeout value just in case the Stormshield box is a little bit busy and take some extra time processing plugin's requests.
Try to add --snmp-timeout=3
I still have the same problem, example with the host where the service is unknown and the host where the service is OK.
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=xx.xx.xx.xx --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic --snmp-timeout=6 UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic --snmp-timeout=6 OK: All interfaces are ok | 'traffic_in_mvxpe0'=0.00b/s;;;0;1000000000 'traffic_out_mvxpe0'=0.00b/s;;;0;1000000000 'traffic_in_vlan2'=1121.14b/s;;;0;1000000000 'traffic_out_vlan2'=1051.06b/s;;;0;1000000000 'traffic_in_mvxpe1'=56428.33b/s;;;0;1000000000 'traffic_out_mvxpe1'=43317.90b/s;;;0;1000000000 'traffic_in_mvxpe2'=87591.26b/s;;;0;1000000000 'traffic_out_mvxpe2'=27284.11b/s;;;0;1000000000 'traffic_in_enc0'=0.00b/s;;;0; 'traffic_out_enc0'=0.00b/s;;;0; 'traffic_in_lo0'=493.33b/s;;;0; 'traffic_out_lo0'=493.33b/s;;;0; 'traffic_in_tun0'=0.00b/s;;;0; 'traffic_out_tun0'=0.00b/s;;;0; 'traffic_in_tun1'=0.00b/s;;;0; 'traffic_out_tun1'=0.00b/s;;;0; 'traffic_in_vlan0'=1065.49b/s;;;0;1000000000 'traffic_out_vlan0'=74.58b/s;;;0;1000000000 'traffic_in_vlan1'=0.00b/s;;;0;1000000000 'traffic_out_vlan1'=0.00b/s;;;0;1000000000
Try to use --snmp-autoreduce
option for that host.
Hey there, I got the same issue here :
UNKNOWN: SNMP GET Request: Timeout
Using this command (with --snmp-autoreduce) the statefile is populated with data . But still timeout error thrown. If arg --snmp-autoreduce is not used : state file is not populated.
Note that snmpwalk against the same target is working :
SNMPv2-MIB::sysDescr.0 = STRING: NS-BSD SN210A17Bxxxxxx arm SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.11256.2.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (121161286) 14 days, 0:33:32.86 SNMPv2-MIB::sysContact.0 = STRING: XXXXXXXXXXXX
Please use also option: --force-counters64
--force-counters64 option do not seem to works too
UNKNOWN: SNMP GET Request: Timeout
Maybe you can add directly: /usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=W.XYZ-snmp-version='2c' --snmp-community='public' --add-status --add-traffic --interface="" --name --snmp-autoreduce --statefile-dir ./stateFiletest --force-counters64 --snmp-force-getnext --subsetleef=10
I was trying all snmp options while you where writing your message. adding --snmp-force-getnext --subsetleef=10 do not work either.
I tried to add --verbose option but it does not seem to do anything, you know how to make it works, maybe it should give more debug data.
it seems like an issue with the stormshield snmp agent. you should ask to stormshield support maybe
I just open a new case to stormshield technical support. will post any relevant update here. Can someone tell me how to active debug on centreon_stormshield_snmp.pl script ?
You have a --debug-stream option.
It does not work either (do not output anything on stdout/stderr)
It should display some OIDs. Or there is the timeout directly.
No OIDs displayed, 'timeout' is displayed right after the command line
I juste tryied one more time today and i have more data displayed, now it shoes OIDs
/usr/lib/centreon/plugins/centreon_stormshield_snmp.pl --plugin=network::stormshield::snmp::plugin --mode=interfaces --hostname=XXXXXXXXX --snmp-version='2c' --snmp-community='XXXXXX' --add-status --add-traffic --statefile-dir ./stateFiletest --interface='' --name --snmp-autoreduce --debug-stream .1.3.6.1.2.1.31.1.1.1.1.1 = mvxpe0 .1.3.6.1.2.1.31.1.1.1.1.2 = mvxpe1 .1.3.6.1.2.1.31.1.1.1.1.3 = mvxpe2 .1.3.6.1.2.1.31.1.1.1.1.4 = enc0 .1.3.6.1.2.1.31.1.1.1.1.5 = lo0 .1.3.6.1.2.1.31.1.1.1.1.6 = tun0 .1.3.6.1.2.1.31.1.1.1.1.7 = tun1 UNKNOWN: SNMP GET Request: Timeout
There is an snmp agent issue. Maybe you could use the new plugin stormshield with the API: https://github.com/centreon/centreon-plugins/archive/refs/heads/MON-15453-add-stormshield-api.zip
$ perl centreon_plugins.pl--plugin=network::stormshield::api::plugin --mode=interfaces --hostname=10.25.7.145 --api-username=xxx --api-password=yyy --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors
I got an error : Can't locate network/stormshield/api/plugin.pm What is the lastest plugin version that is supporting stormshield API
Or, where do i have to copy files from the above (MON-15453-add-stormshield-api.zip )
You can copy it and unzip in /tmp
for example (to test it)
It seems to works : perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --mode=interfaces --hostname=aa.bb.cc.dd --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors --port=37443 --insecure
[.....truncated......] Interface 'Ethernet0' [out] status: plugged (enabled), traffic in: 5.00b/s (-), traffic out: 5.00b/s (-), packets accepted: 18.75% (3 on 16), packets blocked: 81.25% (13 on 16) Interface 'Ethernet1' [in] status: plugged (enabled), traffic in: 155.00b/s (-), traffic out: 144.00b/s (-), packets accepted: 38.71% (24 on 62), packets blocked: 61.29% (38 on 62)
--filter-user-name and --filter-real-name options seems fail on data filtering : perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --mode=interfaces --hostname=aa.bb.cc.dd --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --add-status --add-traffic --add-errors --port=37443 --insecure --filter-real-name="out2"
CRITICAL: Interface 'ipsec' [ipsec] status: unplugged (enabled) - Interface 'sslvpn0' [sslvpn] status: unplugged (enabled) - Interface 'sslvpn1' [sslvpn_udp] status: unplugged (enabled) | 'out~Ethernet0#interface.traffic.in.bitspersecond'=4.00;;;0; 'out~Ethernet0#interface.traffic.out.bitspersecond'=4.00;;;0; 'out~Ethernet0#interface.packets.accepted.percentage'=10.87%;;;0;100 'out~Ethernet0#interface.packets.blocked.percentage'=89.13%;;;0;100 'in~Ethernet1#interface.traffic.in.bitspersecond'=212.00;;;0; 'in~Ethernet1#interface.traffic.out.bitspersecond'=309.00;;;0; 'in~Ethernet1#interface.packets.accepted.percentage'=42.95%;;;0;100 'in~Ethernet1#interface.packets.blocked.percentage'=57.05%;;;0;100 'out2~Ethernet2#interface.traffic.in.bitspersecond'=458.00;;;0; 'out2~Ethernet2#interface.traffic.out.bitspersecond'=540.00;;;0; 'out2~Ethernet2#interface.packets.accepted.percentage'=47.09%;;;0;100 'out2~Ethernet2#interface.packets.blocked.percentage'=52.91%;;;0;100 'ipsec~ipsec#interface.traffic.in.bitspersecond'=0.00;;;0; 'ipsec~ipsec#interface.traffic.out.bitspersecond'=0.00;;;0; 'ipsec~ipsec#interface.packets.accepted.percentage'=100.00%;;;0;100 'ipsec~ipsec#interface.packets.blocked.percentage'=0.00%;;;0;100 'sslvpn~sslvpn0#interface.traffic.in.bitspersecond'=0.00;;;0; 'sslvpn~sslvpn0#interface.traffic.out.bitspersecond'=0.00;;;0; 'sslvpn~sslvpn0#interface.packets.accepted.percentage'=0.00%;;;0;100 'sslvpn~sslvpn0#interface.packets.blocked.percentage'=0.00%;;;0;100 'sslvpn_udp~sslvpn1#interface.traffic.in.bitspersecond'=0.00;;;0; 'sslvpn_udp~sslvpn1#interface.traffic.out.bitspersecond'=0.00;;;0; 'sslvpn_udp~sslvpn1#interface.packets.accepted.percentage'=0.00%;;;0;100 'sslvpn_udp~sslvpn1#interface.packets.blocked.percentage'=0.00%;;;0;100
Interface 'Ethernet0' [out] status: plugged (enabled), traffic in: 4.00b/s (-), traffic out: 4.00b/s (-), packets accepted: 10.87% (10 on 92), packets blocked: 89.13% (82 on 92)
Interface 'Ethernet1' [in] status: plugged (enabled), traffic in: 212.00b/s (-), traffic out: 309.00b/s (-), packets accepted: 42.95% (134 on 312), packets blocked: 57.05% (178 on 312)
Interface 'Ethernet2' [out2] status: plugged (enabled), traffic in: 458.00b/s (-), traffic out: 540.00b/s (-), packets accepted: 47.09% (316 on 671), packets blocked: 52.91% (355 on 671)
Interface 'ipsec' [ipsec] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 100.00% (3 on 3), packets blocked: 0.00% (0 on 3)
Interface 'sslvpn0' [sslvpn] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 0.00% (0 on 0), packets blocked: 0.00% (0 on 0)
Interface 'sslvpn1' [sslvpn_udp] status: unplugged (enabled), traffic in: 0.00b/s (-), traffic out: 0.00b/s (-), packets accepted: 0.00% (0 on 0), packets blocked: 0.00% (0 on 0)
it's for you ? You can modify the status
Sorry, but I dont understand what you asked. Can you make your question more precise ?
To use the API instead of SNMP is ok for you ? I'm going to add a memory and HA mode (for stormshield API)
Yeah it worked, but note that when using API, option --filter-user-name and --filter-real-name do not works (see : https://github.com/centreon/centreon-plugins/issues/3899#issuecomment-1337564628)
Indeed... sorry it's fixed!
Let me know if you want to test HA and memory feature when ready. I have some devices available
@guillaumechardin I have added modes: 'ha' and 'memory'. You can test it if you download the archive (same link)
command HA
perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --hostname='fqdn' --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --insecure --port=31443 --ha
reply
WARNING: member 'SN710xxxxx' config sync: no | 'members.detected.count'=2;;;0; 'members.none.count'=0;;;0; 'members.starting.count'=0;;;0; 'members.waiting_peer.count'=0;;;0; 'members.running.count'=1;;;0; 'members.ready.count'=1;;;0; 'members.reboot.count'=0;;;0; 'members.down.count'=0;;;0; 'members.initializing.count'=0;;;0; 'SN710A26xxx#member.quality.percentage'=90.00%;;;0;100 'SN710A46xxxx#member.quality.percentage'=90.00%;;;0;100 checking member 'SN710A26xxxxx' state: running [mode: active], link status: ok config sync: no quality: 90.00% checking member 'SN710A46xxxx' state: ready [mode: passive], link status: ok config sync: yes quality: 90.00%
command memory
perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --hostname='fqdn' --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --insecure --port=31443 --memory
reply
OK: Memory usage total: 21.00 %, protected host: 16.00 %, fragmented: 0.00 %, connections: 0.00 %, icmp: 1.00 %, data tracking: 0.00 %, dynamic: 4.00 % | 'memory.usage.percentage'=21.00%;;;0;100 'memory.protected_host.percentage'=16.00%;;;0;100 'memory.fragmented.percentage'=0.00%;;;0;100 'memory.connections.percentage'=0.00%;;;0;100 'memory.icmp.percentage'=1.00%;;;0;100 'memory.data_tracking.percentage'=0.00%;;;0;100 'memory.dynamic.percentage'=4.00%;;;0;100
This part seems to be OK
I checks all other modes :
list-interface do not works
command
perl centreon_plugins.pl --plugin=network::stormshield::api::plugin --hostname='fqdn' --api-username=admin --api-password='mypass' --verbose --statefile-dir=/tmp --insecure --port=31443 --list-interfaces
reply
UNKNOWN: Not an ARRAY reference at /tmp/stormApi/centreon-plugins-MON-15453-add-stormshield-api/network/stormshield/api/mode/listinterfaces.pm line 53.
As a suggestion, you should add somewhere information about firmware version running on the box, ie : new --mode=version or show this info in --mode=health
thanks !
Thanks it's fixed! I have added the option --add-system-info
in mode uptime
It's merged
Do you have any idea when the next release of rpm will be pushed out ?
Hello :)
This issue seems particularly old and seems had been resolved by the branch merged by Quentin, so let me close it.
Hello,
I supervise differents stormshield firewalls but some firewalls do not respond.
They have the same firmware and it's the same model.
`$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=xx.xx.xx.xx --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic OK: All interfaces are ok | 'traffic_in_mvxpe0'=2963547.48b/s;;;0;10000000 'traffic_out_mvxpe0'=1404903.25b/s;;;0;10000000 'traffic_in_eth4'=0.00b/s;;;0;20000000 'traffic_out_eth4'=0.00b/s;;;0;20000000 'traffic_in_eth5'=0.00b/s;;;0;20000000 'traffic_out_eth5'=0.00b/s;;;0;20000000 'traffic_in_eth6'=0.00b/s;;;0;20000000 'traffic_out_eth6'=0.00b/s;;;0;20000000 'traffic_in_eth7'=0.00b/s;;;0;20000000 'traffic_out_eth7'=0.00b/s;;;0;20000000 'traffic_in_tun0'=0.00b/s;;;0; 'traffic_out_tun0'=0.00b/s;;;0; 'traffic_in_tun1'=0.00b/s;;;0; 'traffic_out_tun1'=0.00b/s;;;0; 'traffic_in_vlan0'=0.00b/s;;;0;20000000 'traffic_out_vlan0'=0.00b/s;;;0;20000000 'traffic_in_vlan1'=5510977.47b/s;;;0;20000000 'traffic_out_vlan1'=2200863.12b/s;;;0;20000000 'traffic_in_ng0'=5365627.45b/s;;;0;64000 'traffic_out_ng0'=2134053.24b/s;;;0;64000 'traffic_in_mvxpe1'=13128661.65b/s;;;0;10000000 'traffic_out_mvxpe1'=6396456.22b/s;;;0;10000000 'traffic_in_enc0'=17903.50b/s;;;0; 'traffic_out_enc0'=24815.28b/s;;;0; 'traffic_in_lo0'=724.67b/s;;;0; 'traffic_out_lo0'=724.67b/s;;;0; 'traffic_in_lagg0'=8011435.36b/s;;;0;20000000 'traffic_out_lagg0'=7700210.92b/s;;;0;20000000 'traffic_in_eth0'=5537403.20b/s;;;0;20000000 'traffic_out_eth0'=2218247.09b/s;;;0;20000000 'traffic_in_eth1'=2427643.80b/s;;;0;20000000 'traffic_out_eth1'=5471363.17b/s;;;0;20000000 'traffic_in_eth2'=0.00b/s;;;0;20000000 'traffic_out_eth2'=0.00b/s;;;0;20000000 'traffic_in_eth3'=90.16b/s;;;0;20000000 'traffic_out_eth3'=0.00b/s;;;0;20000000
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout
$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=yy.yy.yy.yy --snmp-version='2c' --snmp-port='161' --snmp-community='public' --interface='^((?!lo0).)*$$' --interface --name --add-traffic UNKNOWN: SNMP GET Request : Timeout`