Closed Napsty closed 8 years ago
riskersen
commented
8 years ago These are good points maybe you could submit a patch and ill test and merge it. About the sync state I really don't known, fortigate often behaves not like expected.
If I find an available time slot I'll contact the fg support. What version are you using? 5.2
Napsty
commented
8 years ago Version is: v5.2.5,build701
Have you heard anything from the support concerning the not sync status from pov of the slave?
Napsty
commented
8 years ago Pull request #18 created. The -T cluster check in combination with -S now works:
# ./check_fortigate.pl -H masterip -C monitoring -T cluster -S AAAAAAAAAAAAAAAA
OK: fwrap001 (Master: AAAAAAAAAAAAAAAA, Slave: BBBBBBBBBBBBBBBB): HA (Active/Passive) is active, Sync-State: Synchronized
# ./check_fortigate.pl -H slaveip -C monitoring -T cluster -S AAAAAAAAAAAAAAAA
CRITICAL: fwrap002 (Master: AAAAAAAAAAAAAAAA, Slave: BBBBBBBBBBBBBBBB): HA (Active/Passive) is active, Sync-State: Not SynchronizedThe correct master is now defined by using the dedicated OID in which the master serial is declared.
However you should verify the current method of the help_serials construct. It seems to be a roundrobin order of the serial id's. Sometimes the plugin takes the master's serial as slave, sometimes the slave's serial.
riskersen
commented
8 years ago @Napsty as @arigaud said in the pull request, this will not completely work, so i would advise to use snmp direct access for each host.
To achieve that, you could use host variables like _fw1_serial and _fw2_serial and add them to community, like check_fortigate_cluster!public-$_HOSTSERIAL_FW1$ / FW2$
But i saw that you lost your fortigate cluster, so we keep this for the archive.
It seems the "-T cluster" check is not working correctly when the check is launched on the slave. Output is:
The plugin thinks that serial BBBBBBBBBBBBBBBB should be master. But in the SNMP output it is shown that AAAAAAAAAAAAAAAA is master:
I assume the plugin simply takes the first found entry (.1) and considers it to be master. The actual master serial ID is stored in .1.3.6.1.4.1.12356.101.13.2.1.1.16.2 (fgHaStatsMasterSerial). So the plugin should take this value.
However of what I'm not sure is why the value of 1.3.6.1.4.1.12356.101.13.2.1.1.12.2 is showing 0 (Not Synchronized). Any idea? Or is this normal that from point of view of the slave the master (fw001) is not in sync?