add graphing of ipsec tunnels on cisco kit

git-svn-id: http://www.observium.org/svn/observer/trunk@2450 61d68cd4-352d-0410-923a-c4978735b2b8

database-update.sql

@@ -4,3 +4,5 @@ ALTER TABLE  `bgpPeers_cbgp` ADD  `AcceptedPrefixes` INT NOT NULL ,ADD  `DeniedP
 ALTER TABLE  `bgpPeers_cbgp` ADD UNIQUE  `unique_index` (  `device_id` ,  `bgpPeerIdentifier` ,  `afi` ,  `safi` );
 ALTER TABLE  `ports` ADD UNIQUE  `device_ifIndex` (  `device_id` ,  `ifIndex` );
 ALTER TABLE  `devices` CHANGE  `port`  `port` SMALLINT( 5 ) UNSIGNED NOT NULL DEFAULT  '161';
+CREATE TABLE IF NOT EXISTS `ipsec_tunnels` (  `tunnel_id` int(11) NOT NULL AUTO_INCREMENT,  `device_id` int(11) NOT NULL,  `peer_port` int(11) NOT NULL,  `peer_addr` varchar(64) COLLATE utf8_unicode_ci NOT NULL,  `local_addr` varchar(64) COLLATE utf8_unicode_ci NOT NULL,  `local_port` int(11) NOT NULL,  `tunnel_name` varchar(96) COLLATE utf8_unicode_ci NOT NULL,  `tunnel_status` varchar(11) COLLATE utf8_unicode_ci NOT NULL,  PRIMARY KEY (`tunnel_id`),  UNIQUE KEY `unique_index` (`device_id`,`peer_addr`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ;
+

html/includes/graphs/ipsectunnel/auth.inc.php

@@ -0,0 +1,20 @@
+<?php
+
+if (is_numeric($id))
+{
+
+  $tunnel = dbFetchRow("SELECT * FROM `ipsec_tunnels` AS I, `devices` AS D WHERE I.tunnel_id = ? AND I.device_id = D.device_id", array($id));
+
+  if (is_numeric($tunnel['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($tunnel['device_id'])))
+  {
+    $device = device_by_id_cache($tunnel['device_id']);
+
+    $rrd_filename = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("ipsectunnel-".$tunnel['peer_addr'].".rrd");
+
+    $title  = generate_device_link($device);
+    $title .= " :: IPSEC Tunnel :: " . htmlentities($tunnel['peer_addr']);
+    $auth = TRUE;
+  }
+}
+
+?>

html/includes/graphs/ipsectunnel/bits.inc.php

@@ -0,0 +1,8 @@
+<?php
+
+$rra_in = "TunInOctets";
+$rra_out = "TunOutOctets";
+
+include("includes/graphs/generic_bytes.inc.php");
+
+?>

html/includes/graphs/ipsectunnel/pkts.inc.php

@@ -0,0 +1,19 @@
+<?php
+
+$rra_in = "TunInPkts";
+$rra_out = "TunOutPkts";
+
+$colour_area_in = "AA66AA";
+$colour_line_in = "330033";
+$colour_area_out = "FFDD88";
+$colour_line_out = "FF6600";
+
+$colour_area_in_max = "cc88cc";
+$colour_area_out_max = "FFefaa";
+
+$graph_max = 1;
+$unit_text = "Packets";
+
+include("includes/graphs/generic_duplex.inc.php");
+
+?>

html/pages/device.inc.php

@@ -114,6 +114,9 @@ if (device_permitted($_GET['opta']) || $check_device == $_GET['opta'])
 
     ### $routing_tabs is used in device/routing/ to build the tabs menu. we built it here to save some queries
 
+    $device_routing_count['ipsec_tunnels'] = dbFetchCell("SELECT COUNT(*) FROM `ipsec_tunnels` WHERE `device_id` = ?", array($device['device_id']));
+    if ($device_routing_count['ipsec_tunnels']) { $routing_tabs[] = 'ipsec_tunnels'; }
+
     $device_routing_count['bgp'] = dbFetchCell("SELECT COUNT(*) FROM `bgpPeers` WHERE `device_id` = ?", array($device['device_id']));
     if ($device_routing_count['bgp']) { $routing_tabs[] = 'bgp'; }
   

html/pages/device/routing.inc.php

@@ -1,6 +1,7 @@
 <?php
 
 #$type_text['overview'] = "Overview";
+$type_text['ipsec_tunnels'] = "IPSEC Tunnels";
 $type_text['bgp'] = "BGP";
 $type_text['cef'] = "CEF";
 $type_text['ospf'] = "OSPF";

html/pages/device/routing/ipsec_tunnels.inc.php

@@ -0,0 +1,93 @@
+<?php
+
+print_optionbar_start();
+
+echo("<span style='font-weight: bold;'>IPSEC Tunnels</span> &#187; ");
+
+$menu_options = array('basic' => 'Basic',
+                      );
+
+if (!$_GET['opta']) { $_GET['opta'] = "basic"; }
+
+$sep = "";
+foreach ($menu_options as $option => $text)
+{
+  if ($_GET['optd'] == $option) { echo("<span class='pagemenu-selected'>"); }
+  echo('<a href="device/' . $device['device_id'] . '/routing/ipsec_tunnels/' . $option . '/">' . $text
+ . '</a>');
+  if ($_GET['optd'] == $option) { echo("</span>"); }
+  echo(" | ");
+}
+
+unset($sep);
+
+echo(' Graphs: ');
+
+$graph_types = array("bits"   => "Bits",
+                     "pkts"   => "Packets",
+                     "errors" => "Errors");
+
+foreach ($graph_types as $type => $descr)
+{
+  echo("$type_sep");
+  if ($_GET['opte'] == $type) { echo("<span class='pagemenu-selected'>"); }
+  echo('<a href="device/' . $device['device_id'] . '/routing/ipsec_tunnels/graphs/'.$type.'/">'.$descr.'</a>');
+  if ($_GET['opte'] == $type) { echo("</span>"); }
+
+#  echo('(');
+#  if ($_GET['opte'] == $type) { echo("<span class='pagemenu-selected'>"); }
+#  echo('<a href="'.$config['base_url'].'/device/' . $device['device_id'] . '/ipsec_tunnelss/'.$type.'/thumbs/">Mini</a>');
+#  if ($_GET['opte'] == $type) { echo("</span>"); }
+#  echo(')');
+  $type_sep = " | ";
+}
+
+print_optionbar_end();
+
+echo("<div style='margin: 5px;'><table border=0 cellspacing=0 cellpadding=0 width=100%>");
+$i = "0";
+foreach (dbFetchRows("SELECT * FROM `ipsec_tunnels` WHERE `device_id` = ? ORDER BY `peer_addr`", array($device['device_id'])) as $tunnel)
+{
+
+if (is_integer($i/2)) { $bg_colour = $list_colour_a; } else { $bg_colour = $list_colour_b; }
+
+if($tunnel['tunnel_status'] == "active") { $tunnel_class="green"; } else { $tunnel_class="red"; }
+
+echo("<tr bgcolor='$bg_colour'>");
+echo("<td width=320 class=list-large>" . $tunnel['local_addr'] . "  &#187;  " . $tunnel['peer_addr'] . "</a></td>");
+echo("<td width=150 class=box-desc>" . $tunnel['tunnel_name'] . "</td>");
+echo("<td width=100 class=list-large><span class='".$tunnel_class."'>" . $tunnel['tunnel_status'] . "</span></td>");
+echo("</tr>");
+  if ($_GET['optd'] == "graphs")
+  {
+    echo('<tr class="list-bold">');
+    echo("<td colspan = 3>");
+    $graph_type = "ipsectunnel_" . $_GET['opte'];
+
+$graph_array['height'] = "100";
+$graph_array['width']  = "215";
+$graph_array['to']     = $config['time']['now'];
+$graph_array['id']     = $tunnel['tunnel_id'];
+$graph_array['type']   = $graph_type;
+
+include("includes/print-quadgraphs.inc.php");
+
+
+   echo("
+   </td>
+   </tr>");
+  }
+
+
+echo("</td>");
+echo("</tr>");
+
+
+
+
+  $i++;
+}
+
+echo("</table></div>");
+
+?>

includes/defaults.inc.php

@@ -334,6 +334,7 @@ $config['poller_modules']['cisco-ipsec-flow-monitor']     = 1;
 $config['poller_modules']['cisco-remote-access-monitor']  = 1;
 $config['poller_modules']['cisco-cef']                    = 1;
 $config['poller_modules']['cisco-mac-accounting']         = 1;
+$config['poller_modules']['cipsec-tunnels']		  = 1;
 
       #include("includes/polling/altiga-ssl.inc.php");
 

includes/polling/cipsec-tunnels.inc.php

@@ -0,0 +1,102 @@
+<?php
+
+$ipsec_array = snmpwalk_cache_oid($device, "cipSecTunnelEntry", array(), "CISCO-IPSEC-FLOW-MONITOR-MIB");
+$ike_array   = snmpwalk_cache_oid($device, "cikeTunnelEntry", array(), "CISCO-IPSEC-FLOW-MONITOR-MIB");
+
+$tunnels_db = dbFetchRows("SELECT * FROM `ipsec_tunnels` WHERE `device_id` = ?", array($device['device_id']));
+foreach ($tunnels_db as $tunnel) { $tunnels[$tunnel['peer_addr']] = $tunnel;}
+
+foreach($ipsec_array as $index => $tunnel)
+{
+
+  $tunnel = array_merge($tunnel, $ike_array[$tunnel['cipSecTunIkeTunnelIndex']]);
+
+  echo("Tunnel $index (".$tunnel['cipSecTunIkeTunnelIndex'].")\n");
+
+  echo("Address ".$tunnel['cikeTunRemoteValue']."\n");
+
+  $address = $tunnel['cikeTunRemoteValue'];
+
+  $oids = array (
+    "cipSecTunInOctets",
+    "cipSecTunInDecompOctets",
+    "cipSecTunInPkts",
+    "cipSecTunInDropPkts",
+    "cipSecTunInReplayDropPkts",
+    "cipSecTunInAuths",
+    "cipSecTunInAuthFails",
+    "cipSecTunInDecrypts",
+    "cipSecTunInDecryptFails",
+    "cipSecTunOutOctets",
+    "cipSecTunOutUncompOctets",
+    "cipSecTunOutPkts",
+    "cipSecTunOutDropPkts",
+    "cipSecTunOutAuths",
+    "cipSecTunOutAuthFails",
+    "cipSecTunOutEncrypts",
+    "cipSecTunOutEncryptFails");
+
+  $db_oids = array("cipSecTunStatus" => "tunnel_status",
+                   "cikeTunLocalName" => "tunnel_name",
+                   "cikeTunLocalValue" => "local_addr");
+
+
+
+  if(!is_array($tunnels[$tunnel['cikeTunRemoteValue']]))
+  {
+    $tunnel_id = dbInsert(array('device_id' => $device['device_id'], 'peer_addr' => $tunnel['cikeTunRemoteValue'], 'local_addr' => $tunnel['cikeTunLocalValue'], 'tunnel_name' => $tunnel['cikeTunLocalName']), 'ipsec_tunnels');
+  } else {
+    foreach($db_oids as $db_oid => $db_value) {
+      $db_update[$db_value] = $tunnel[$db_oid];
+    }
+
+    $updated   = dbUpdate($db_update, 'ipsec_tunnels', '`tunnel_id` = ?', array($tunnels[$tunnel['cikeTunRemoteValue']]['tunnel_id']));
+  }
+
+  if (is_numeric($tunnel['cipSecTunHcInOctets']) && is_numeric($tunnel['cipSecTunHcInDecompOctets']) && 
+        is_numeric($tunnel['cipSecTunHcOutOctets']) && is_numeric($tunnel['cipSecTunHcOutUncompOctets']))
+  {
+    echo("HC ");
+
+    $tunnel['cipSecTunInOctets'] = $tunnel['cipSecTunHcInOctets'];
+    $tunnel['cipSecTunInDecompOctets'] = $tunnel['cipSecTunHcInDecompOctets'];
+    $tunnel['cipSecTunOutOctets'] = $tunnel['cipSecTunHcOutOctets'];
+    $tunnel['cipSecTunOutUncompOctets'] = $tunnel['cipSecTunHcOutUncompOctets'];
+  }
+
+  $rrd_file = $config['rrd_dir'] . "/" . $device['hostname'] . "/ipsectunnel-".$address.".rrd";
+
+  $rrd_create = "RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 RRA:MAX:0.5:1:600 \
+                    RRA:MAX:0.5:6:700 RRA:MAX:0.5:24:775 RRA:MAX:0.5:288:797";
+
+  foreach ($oids as $oid)
+  {
+    $oid_ds = truncate(str_replace("cipSec", "", $oid), 19, '');
+    $rrd_create .= " DS:$oid_ds:COUNTER:600:U:1000000000";
+  }
+
+  $rrdupdate = "N";
+
+  foreach ($oids as $oid)
+  {
+    if (is_numeric($tunnel[$oid]))
+    {
+      $value = $tunnel[$oid];
+    } else {
+      $value = "0";
+    }
+    $rrdupdate .= ":$value";
+  }
+
+  if (isset($tunnel['cikeTunRemoteValue']))
+  {
+    if (!file_exists($rrd_file)) { rrdtool_create($rrd_file, $rrd_create); }
+    rrdtool_update($rrd_file, $rrdupdate);
+    #$graphs['ipsec_tunnels'] = TRUE;
+  }
+
+}
+
+unset($oids, $data, $data_array, $oid, $tunnel);
+
+?>