diff --git a/README.md b/README.md index 93b30e0..3b2ac4b 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,11 @@ This template goal is to contain all available SNMP information provided by a Fortinet FortiGate device. ### Template Version -- v2.0 +- v2.1.0 ### Validated Versions - Zabbix 5.2 -- FortiOS 6.2 / 6.4 +- FortiOS 6.2 / 6.4 / 7.0 ### Setup - Download the template @@ -27,10 +27,15 @@ You can tune the following macros, which are used by some triggers: - {$IF_ID1} = 1; IF ID where Egress Shaping is configured - {$IF_IN_ID1} = 2; IF ID where Ingress Shaping is configured -### Template Links -- Template Module EtherLike-MIB SNMPv2 -- Template Module Generic SNMPv2 -- Template Module Interfaces SNMPv2 +### Templates Included +The following templates were included into this one (instead of linked) +due to several users having issues during import process when the default +templates are not present on their Zabbix install. All data and discovery +was simply copied from them into this template. + +- Template Module EtherLike-MIB +- Template Module Generic +- Template Module Interfaces ### Discovery Rules - CPU Cores @@ -43,6 +48,10 @@ You can tune the following macros, which are used by some triggers: - Virtual Domain ### Items Collected +- General + - System contact details, System description + - System location, System name, System object ID + - Network Interfaces - Bits received/sent, discards, errors - Type, operational status, speed @@ -70,9 +79,11 @@ You can tune the following macros, which are used by some triggers: - Session - IPv4 Active sessions -- ICMP - - Loss - - Response Time +- Status + - ICMP Loss + - ICMP Response Time + - Uptime + - SNMP data collection availability - VPN - Active IPsec VPN tunnels @@ -95,6 +106,10 @@ You can tune the following macros, which are used by some triggers: - AV and IPS event rate per member - Hostname, Sync Status, Sync Time (Success and Failure) +- Hardware Sensor + - Hardware Sensor Alarm Count + - Hardware Sensor Alarm Name and State + - IPS (Intrusion Prevention System) - Intrusions detected and blocked - Detected by severity level @@ -117,6 +132,15 @@ You can tune the following macros, which are used by some triggers: - Virtual Domain - VDOM Name + - VDOM Count, VDOM Max Count + - VDOM Operation Mode + - CPU usage per VDOM + - Memory usage per VDOM + - HA Member state per VDOM + - Active Sessions per VDOM + - Session Rate per VDOM + + ### Triggers - CPU diff --git a/Template Net Fortinet FortiGate SNMP.yaml b/Template Net Fortinet FortiGate SNMP.yaml index 141894c..49b5062 100644 --- a/Template Net Fortinet FortiGate SNMP.yaml +++ b/Template Net Fortinet FortiGate SNMP.yaml @@ -1,6 +1,6 @@ zabbix_export: version: '5.2' - date: '2021-02-03T00:36:34Z' + date: '2021-05-10T23:11:03Z' groups: - name: 'Templates/Network devices' @@ -12,24 +12,29 @@ zabbix_export: Zabbix Template for Fortinet FortiGate URL: https://github.com/mbdraks/fortinet-zabbix Author: Michel Barbosa - Version: 2.0 + Version: 2.1.0 Exposes information obtained from the following MIBs (import is not required): + - SNMPv2-MIB + - IF-MIB + - EtherLike-MIB - FORTINET-CORE-MIB - FORTINET-FORTIGATE-MIB - templates: - - - name: 'EtherLike-MIB SNMP' - - - name: 'Generic SNMP' - - - name: 'Interfaces SNMP' + + This template also incorporates the exact same data collected by the following default templates (no import or link required): + - Generic SNMP + - Interfaces SNMP + - EtherLike-MIB SNMP groups: - name: 'Templates/Network devices' applications: - name: CPU + - + name: General + - + name: 'Hardware Sensor' - name: 'High Availability' - @@ -40,6 +45,8 @@ zabbix_export: name: Memory - name: Session + - + name: Status - name: Storage - @@ -93,6 +100,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.5.0 key: fgHaAutoSync + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaAutoSync @@ -108,6 +116,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.2.0 key: fgHaGroupId + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaSystemMode @@ -120,6 +129,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.7.0 key: fgHaGroupName + delay: 1h trends: '0' value_type: CHAR description: | @@ -134,6 +144,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.4.0 key: fgHaOverride + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaOverride @@ -148,6 +159,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.3.0 key: fgHaPriority + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaPriority @@ -160,6 +172,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.6.0 key: fgHaSchedule + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaSchedule @@ -174,6 +187,7 @@ zabbix_export: type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.12356.101.13.1.1.0 key: fgHaSystemMode + delay: 1h description: | FORTINET-FORTIGATE-MIB::fgHaSystemMode @@ -183,6 +197,19 @@ zabbix_export: name: 'High Availability' valuemap: name: 'FORTINET-FORTIGATE-MIB::FgHaMode' + - + name: 'Hardware Sensor Count' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.4.1.12356.101.4.3.1.0 + key: fgHwSensorCount + delay: 1h + description: | + FORTINET-FORTIGATE-MIB::fgHwSensorCount + + The number of entries in fgHwSensorTable + applications: + - + name: 'Hardware Sensor' - name: 'Intrusions detected - Anomaly based' type: SNMP_AGENT @@ -485,6 +512,47 @@ zabbix_export: applications: - name: IPS + - + name: 'VDOM Enabled' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.4.1.12356.101.3.1.3.0 + key: fgVdEnabled + delay: 1h + description: | + FORTINET-FORTIGATE-MIB::fgVdEnabled + + Whether virtual domains are enabled on this device + applications: + - + name: 'Virtual Domain' + valuemap: + name: 'FORTINET-CORE-MIB::FnBoolState' + - + name: 'VDOM Max Count' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.4.1.12356.101.3.1.2.0 + key: fgVdMaxVdoms + delay: 1h + description: | + FORTINET-FORTIGATE-MIB::fgVdMaxVdoms + + The maximum number of virtual domains allowed on the device as allowed by hardware and/or licensing + applications: + - + name: 'Virtual Domain' + - + name: 'VDOM Count' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.4.1.12356.101.3.1.1.0 + key: fgVdNumber + delay: 1h + description: | + FORTINET-FORTIGATE-MIB::fgVdNumber + + The number of virtual domains in vdTable + applications: + - + name: 'Virtual Domain' - name: 'SSL VPN state' type: SNMP_AGENT @@ -640,6 +708,189 @@ zabbix_export: applications: - name: Inventory + - + name: 'ICMP ping' + type: SIMPLE + key: icmpping + history: 1w + applications: + - + name: Status + valuemap: + name: 'Service state' + triggers: + - + expression: '{max(#3)}=0' + name: 'Unavailable by ICMP ping' + priority: HIGH + description: 'Last three attempts returned timeout. Please check device connectivity.' + - + name: 'ICMP loss' + type: SIMPLE + key: icmppingloss + history: 1w + value_type: FLOAT + units: '%' + applications: + - + name: Status + triggers: + - + expression: '{min(5m)}>{$ICMP_LOSS_WARN} and {min(5m)}<100' + name: 'High ICMP ping loss' + opdata: 'Loss: {ITEM.LASTVALUE1}' + priority: WARNING + dependencies: + - + name: 'Unavailable by ICMP ping' + expression: '{Template Net Fortinet FortiGate SNMP:icmpping.max(#3)}=0' + - + name: 'ICMP response time' + type: SIMPLE + key: icmppingsec + history: 1w + value_type: FLOAT + units: s + applications: + - + name: Status + triggers: + - + expression: '{avg(5m)}>{$ICMP_RESPONSE_TIME_WARN}' + name: 'High ICMP ping response time' + opdata: 'Value: {ITEM.LASTVALUE1}' + priority: WARNING + dependencies: + - + name: 'High ICMP ping loss' + expression: '{Template Net Fortinet FortiGate SNMP:icmppingloss.min(5m)}>{$ICMP_LOSS_WARN} and {Template Net Fortinet FortiGate SNMP:icmppingloss.min(5m)}<100' + - + name: 'Unavailable by ICMP ping' + expression: '{Template Net Fortinet FortiGate SNMP:icmpping.max(#3)}=0' + - + name: 'SNMP traps (fallback)' + type: SNMP_TRAP + key: snmptrap.fallback + history: 2w + trends: '0' + value_type: LOG + description: 'Item is used to collect all SNMP traps unmatched by other snmptrap items' + applications: + - + name: General + logtimefmt: 'hh:mm:sszyyyy/MM/dd' + - + name: 'System contact details' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.4.0 + key: 'system.contact[sysContact.0]' + delay: 1h + history: 2w + trends: '0' + value_type: CHAR + description: | + MIB: SNMPv2-MIB + The textual identification of the contact person for this managed node, together with information on how to contact this person. If no contact information is known, the value is the zero-length string. + inventory_link: CONTACT + applications: + - + name: General + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1d + - + name: 'System description' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.1.0 + key: 'system.descr[sysDescr.0]' + delay: 1h + history: 2w + trends: '0' + value_type: CHAR + description: | + MIB: SNMPv2-MIB + A textual description of the entity. This value should + include the full name and version identification of the system's hardware type, software operating-system, and + networking software. + applications: + - + name: General + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1d + - + name: 'System location' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.6.0 + key: 'system.location[sysLocation.0]' + delay: 1h + history: 2w + trends: '0' + value_type: CHAR + description: | + MIB: SNMPv2-MIB + The physical location of this node (e.g., `telephone closet, 3rd floor'). If the location is unknown, the value is the zero-length string. + inventory_link: LOCATION + applications: + - + name: General + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1h + - + name: 'System name' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.5.0 + key: system.name + delay: 1h + history: 2w + trends: '0' + value_type: CHAR + description: | + MIB: SNMPv2-MIB + An administratively-assigned name for this managed node.By convention, this is the node's fully-qualified domain name. If the name is unknown, the value is the zero-length string. + inventory_link: NAME + applications: + - + name: General + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1h + triggers: + - + expression: '{diff()}=1 and {strlen()}>0' + name: 'System name has changed (new name: {ITEM.VALUE})' + priority: INFO + description: 'System name has changed. Ack to close.' + manual_close: 'YES' + - + name: 'System object ID' + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.2.0 + key: 'system.objectid[sysObjectID.0]' + delay: 15m + history: 2w + trends: '0' + value_type: CHAR + description: | + MIB: SNMPv2-MIB + The vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining`what kind of box' is being managed. For example, if vendor`Flintstones, Inc.' was assigned the subtree1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its `Fred Router'. + applications: + - + name: General + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1h - name: 'Operating System' type: SNMP_AGENT @@ -657,6 +908,58 @@ zabbix_export: applications: - name: Inventory + - + name: Uptime + type: SNMP_AGENT + snmp_oid: 1.3.6.1.2.1.1.3.0 + key: 'system.uptime[sysUpTime.0]' + delay: 30s + history: 2w + trends: 0d + units: uptime + description: | + MIB: SNMPv2-MIB + The time (in hundredths of a second) since the network management portion of the system was last re-initialized. + applications: + - + name: Status + preprocessing: + - + type: MULTIPLIER + parameters: + - '0.01' + triggers: + - + expression: '{last()}<10m' + name: '{HOST.NAME} has been restarted (uptime < 10m)' + priority: WARNING + description: 'Uptime is less than 10 minutes' + manual_close: 'YES' + dependencies: + - + name: 'No SNMP data collection' + expression: '{Template Net Fortinet FortiGate SNMP:zabbix[host,snmp,available].max({$SNMP.TIMEOUT})}=0' + - + name: 'SNMP agent availability' + type: INTERNAL + key: 'zabbix[host,snmp,available]' + history: 7d + applications: + - + name: Status + valuemap: + name: zabbix.host.available + triggers: + - + expression: '{max({$SNMP.TIMEOUT})}=0' + name: 'No SNMP data collection' + opdata: 'Current state: {ITEM.LASTVALUE1}' + priority: WARNING + description: 'SNMP is not available for polling. Please check device connectivity and SNMP settings.' + dependencies: + - + name: 'Unavailable by ICMP ping' + expression: '{Template Net Fortinet FortiGate SNMP:icmpping.max(#3)}=0' discovery_rules: - name: 'High Availability Discovery' @@ -949,6 +1252,46 @@ zabbix_export: item: host: 'Template Net Fortinet FortiGate SNMP' key: 'fgHaStatsIdsCount.rate.[{#HA_ID}]' + - + name: 'Hardware Sensor Discovery' + type: SNMP_AGENT + snmp_oid: 'discovery[{#SENSOR_ID},1.3.6.1.4.1.12356.101.4.3.2.1.1,{#SENSOR_NAME},1.3.6.1.4.1.12356.101.4.3.2.1.2]' + key: fgHwSensorEntIndex.discovery + delay: 1h + lifetime: '0' + description: | + FORTINET-FORTIGATE-MIB::fgHwSensorEntIndex + + A list of device specific hardware sensors and values. Because different devices have different hardware sensor capabilities, this table may or may not contain any values. + item_prototypes: + - + name: 'Hardware Sensor {#SENSOR_NAME} - Alarm Status' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.4.3.2.1.4.{#SENSOR_ID}' + key: 'fgHwSensorEntAlarmStatus.[{#SENSOR_ID}]' + description: | + FORTINET-FORTIGATE-MIB::fgHwSensorEntAlarmStatus + + If the sensor has an alarm threshold and has exceeded it, this will indicate its status. Not all sensors have alarms. + applications: + - + name: 'Hardware Sensor' + valuemap: + name: 'Alarm state' + - + name: 'Hardware Sensor {#SENSOR_NAME} - Value' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.4.3.2.1.3.{#SENSOR_ID}' + key: 'fgHwSensorEntValue.[{#SENSOR_ID}]' + trends: '0' + value_type: CHAR + description: | + FORTINET-FORTIGATE-MIB::fgHwSensorEntValue + + A string representation of the value of the sensor. Because sensors can present data in different formats, string representation is most general format. Interpretation of the value (units of measure, for example) is dependent on the individual sensor. + applications: + - + name: 'Hardware Sensor' - name: 'Interface-based Shaping (Egress) Discovery' type: SNMP_AGENT @@ -1271,139 +1614,62 @@ zabbix_export: host: 'Template Net Fortinet FortiGate SNMP' key: 'fgIntfBcInDrops.[{$IF_IN_ID1}.{#SNMPINDEX}]' - - name: 'FortiGate Interfaces Discovery' + name: 'CPU Cores Discovery' type: SNMP_AGENT - snmp_oid: 'discovery[{#IFNAME},1.3.6.1.2.1.31.1.1.1.1,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18]' - key: fgIntfEntry.discovery + snmp_oid: 'discovery[{#CPU_ID},1.3.6.1.4.1.12356.101.4.4.2.1.1,{#CPU_TYPE},1.3.6.1.4.1.12356.101.4.4.2.1.4]' + key: fgProcessorEntIndex.discovery delay: 1h + filter: + conditions: + - + macro: '{#CPU_TYPE}' + value: 12356.101.4.4.3.1 + formulaid: A + - + macro: '{#CPU_TYPE}' + value: 12356.101.4.4.3.2 + formulaid: B + - + macro: '{#CPU_TYPE}' + value: 12356.101.4.4.3.3 + formulaid: C description: | - FORTINET-FORTIGATE-MIB::fgIntfEntry - - Fortinet specific extensions to MIB-2 ifTable. + FORTINET-FORTIGATE-MIB::fgProcessorEntIndex - Fortinet specific information about an ifEntry. This table augments the standard ifTable, so the same indexing is used. + A unique identifier within the fgProcessorTable item_prototypes: - - name: 'Interface {#IFNAME}({#IFALIAS}): Estimated downstream bandwidth' + name: 'Average Usage of System Process over 1min per Core #{#CPU_ID}' type: SNMP_AGENT - snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.3.{#SNMPINDEX}' - key: 'fgIntfEntEstDownBandwidth.[{#SNMPINDEX}]' - units: bps + snmp_oid: '1.3.6.1.4.1.12356.101.4.4.2.1.10.{#CPU_ID}' + key: 'fgProcessorSysUsage.[{#CPU_ID}]' + units: '%' description: | - FORTINET-FORTIGATE-MIB::fgIntfEntEstDownBandwidth + FORTINET-FORTIGATE-MIB::fgProcessorSysUsage - Estimated maximum downstream bandwidth (Kbps). Used to estimate link utilization. - application_prototypes: - - - name: 'Interface {#IFNAME}({#IFALIAS})' - preprocessing: + The processor's CPU system space usage, which is an average + calculated over the last minute. + (only valid for processors types that support this statistic). + applications: - - type: MULTIPLIER - parameters: - - '1000' + name: CPU - - name: 'Interface {#IFNAME}({#IFALIAS}): Estimated upstream bandwidth' + name: 'Core #{#CPU_ID} Processor Type' type: SNMP_AGENT - snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.2.{#SNMPINDEX}' - key: 'fgIntfEntEstUpBandwidth.[{#SNMPINDEX}]' - units: bps + snmp_oid: '1.3.6.1.4.1.12356.101.4.4.2.1.4.{#CPU_ID}' + key: 'fgProcessorType.[{#CPU_ID}]' + delay: 1h + trends: '0' + value_type: TEXT description: | - FORTINET-FORTIGATE-MIB::fgIntfEntEstUpBandwidth + FORTINET-FORTIGATE-MIB::fgProcessorType - Estimated maximum upstream bandwidth (Kbps). Used to estimate link utilization. - application_prototypes: - - - name: 'Interface {#IFNAME}({#IFALIAS})' - preprocessing: + An indication of the type of the processor. Types are defined in fgProcessorTypes. + applications: - - type: MULTIPLIER - parameters: - - '1000' + name: CPU - - name: 'Interface {#IFNAME}({#IFALIAS}): VDOM' - type: SNMP_AGENT - snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.1.{#SNMPINDEX}' - key: 'fgIntfEntVdom.[{#SNMPINDEX}]' - delay: 1h - description: | - FORTINET-FORTIGATE-MIB::fgIntfEntVdom - - The virtual domain the interface belongs to. This index corresponds to the index used by fgVdTable. - application_prototypes: - - - name: 'Interface {#IFNAME}({#IFALIAS})' - graph_prototypes: - - - name: 'Estimated Bandwidth - {#IFNAME}' - graph_items: - - - color: 199C0D - item: - host: 'Template Net Fortinet FortiGate SNMP' - key: 'fgIntfEntEstDownBandwidth.[{#SNMPINDEX}]' - - - sortorder: '1' - color: F63100 - item: - host: 'Template Net Fortinet FortiGate SNMP' - key: 'fgIntfEntEstUpBandwidth.[{#SNMPINDEX}]' - - - name: 'CPU Cores Discovery' - type: SNMP_AGENT - snmp_oid: 'discovery[{#CPU_ID},1.3.6.1.4.1.12356.101.4.4.2.1.1,{#CPU_TYPE},1.3.6.1.4.1.12356.101.4.4.2.1.4]' - key: fgProcessorEntIndex.discovery - delay: 1h - filter: - conditions: - - - macro: '{#CPU_TYPE}' - value: 12356.101.4.4.3.1 - formulaid: A - - - macro: '{#CPU_TYPE}' - value: 12356.101.4.4.3.2 - formulaid: B - - - macro: '{#CPU_TYPE}' - value: 12356.101.4.4.3.3 - formulaid: C - description: | - FORTINET-FORTIGATE-MIB::fgProcessorEntIndex - - A unique identifier within the fgProcessorTable - item_prototypes: - - - name: 'Average Usage of System Process over 1min per Core #{#CPU_ID}' - type: SNMP_AGENT - snmp_oid: '1.3.6.1.4.1.12356.101.4.4.2.1.10.{#CPU_ID}' - key: 'fgProcessorSysUsage.[{#CPU_ID}]' - units: '%' - description: | - FORTINET-FORTIGATE-MIB::fgProcessorSysUsage - - The processor's CPU system space usage, which is an average - calculated over the last minute. - (only valid for processors types that support this statistic). - applications: - - - name: CPU - - - name: 'Core #{#CPU_ID} Processor Type' - type: SNMP_AGENT - snmp_oid: '1.3.6.1.4.1.12356.101.4.4.2.1.4.{#CPU_ID}' - key: 'fgProcessorType.[{#CPU_ID}]' - delay: 1h - trends: '0' - value_type: TEXT - description: | - FORTINET-FORTIGATE-MIB::fgProcessorType - - An indication of the type of the processor. Types are defined in fgProcessorTypes. - applications: - - - name: CPU - - - name: 'Average Usage over 1min per Core #{#CPU_ID}' + name: 'Average Usage over 1min per Core #{#CPU_ID}' type: SNMP_AGENT snmp_oid: '1.3.6.1.4.1.12356.101.4.4.2.1.2.{#CPU_ID}' key: 'fgProcessorUsage.[{#CPU_ID}]' @@ -1575,7 +1841,7 @@ zabbix_export: - name: 'Virtual Domain Discovery' type: SNMP_AGENT - snmp_oid: 'discovery[{#VDOM_ID},1.3.6.1.4.1.12356.101.3.2.1.1.1]' + snmp_oid: 'discovery[{#VDOM_ID},1.3.6.1.4.1.12356.101.3.2.1.1.1,{#VDOM_NAME},1.3.6.1.4.1.12356.101.3.2.1.1.2]' key: fgVdEntIndex.discovery delay: 1h lifetime: '0' @@ -1584,11 +1850,56 @@ zabbix_export: Internal virtual domain index used to uniquely identify rows in this table. This index is also used by other tables referencing a virtual domain. item_prototypes: + - + name: 'VDOM {#VDOM_NAME} - CPU Usage' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.5.{#VDOM_ID}' + key: 'fgVdEntCpuUsage.[{#VDOM_ID}]' + history: 7d + units: '%' + description: | + FORTINET-FORTIGATE-MIB::fgVdEntCpuUsage + + CPU usage of the virtual domain (percentage). + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' + - + name: 'VDOM {#VDOM_NAME} - HA Member State' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.4.{#VDOM_ID}' + key: 'fgVdEntHaState.[{#VDOM_ID}]' + history: 7d + description: | + FORTINET-FORTIGATE-MIB::fgVdEntHaState + + HA cluster member state of the virtual domain on this device + (master, backup or standalone) + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' + valuemap: + name: 'FORTINET-CORE-MIB::FgHaState' + - + name: 'VDOM {#VDOM_NAME} - Memory Usage' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.6.{#VDOM_ID}' + key: 'fgVdEntMemUsage.[{#VDOM_ID}]' + history: 7d + units: '%' + description: | + FORTINET-FORTIGATE-MIB::fgVdEntMemUsage + + Memory usage of the virtual domain (percentage). + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' - name: 'VDOM #{#VDOM_ID} - Name' type: SNMP_AGENT snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.2.{#VDOM_ID}' key: 'fgVdEntName.[{#VDOM_ID}]' + delay: 1h trends: '0' value_type: CHAR description: | @@ -1597,7 +1908,50 @@ zabbix_export: The name of the virtual domain application_prototypes: - - name: 'Virtual Domain' + name: 'Virtual Domain - {#VDOM_NAME}' + - + name: 'VDOM {#VDOM_NAME} - Operation Mode' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.3.{#VDOM_ID}' + key: 'fgVdEntOpMode.[{#VDOM_ID}]' + delay: 1h + history: 7d + description: | + FORTINET-FORTIGATE-MIB::fgVdEntOpMode + + Operation mode of the virtual domain (NAT or Transparent) + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' + valuemap: + name: 'FORTINET-FORTIGATE-MIB::FgOpMode' + - + name: 'VDOM {#VDOM_NAME} - Active Sessions' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.7.{#VDOM_ID}' + key: 'fgVdEntSesCount.[{#VDOM_ID}]' + history: 7d + description: | + FORTINET-FORTIGATE-MIB::fgVdEntSesCount + + Number of active sessions on the virtual domain. + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' + - + name: 'VDOM {#VDOM_NAME} - Session Rate' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.3.2.1.1.8.{#VDOM_ID}' + key: 'fgVdEntSesRate.[{#VDOM_ID}]' + history: 7d + units: 'Sessions Per Second' + description: | + FORTINET-FORTIGATE-MIB::fgVdEntSesRate + + The session setup rate on the virtual domain. + application_prototypes: + - + name: 'Virtual Domain - {#VDOM_NAME}' - name: 'SD-WAN Health Check Discovery' type: SNMP_AGENT @@ -1739,7 +2093,7 @@ zabbix_export: name: 'Alarm state' trigger_prototypes: - - expression: '{last()}=1' + expression: '{last()}=1 and {diff()}=1' recovery_mode: RECOVERY_EXPRESSION recovery_expression: '{last()}=0' name: 'Health Check State Failed to {#HC_NAME} on member {#MEMBER_SEQ}' @@ -2051,6 +2405,7 @@ zabbix_export: name: 'FortiAP {#SNMPVALUE} in {HOST.NAME} is DOWN' opdata: 'Status: {ITEM.LASTVALUE1}' priority: HIGH + manual_close: 'YES' - expression: '{last()}=3' recovery_mode: RECOVERY_EXPRESSION @@ -2058,6 +2413,7 @@ zabbix_export: name: 'FortiAP {#SNMPVALUE} is receiving firmware update from {HOST.NAME}' opdata: 'Status: {ITEM.LASTVALUE1}' priority: INFO + manual_close: 'YES' - expression: '{last()}=4' recovery_mode: RECOVERY_EXPRESSION @@ -2476,62 +2832,631 @@ zabbix_export: item: host: 'Template Net Fortinet FortiGate SNMP' key: 'fgWcWtpSessionWtpMemoryUsage.[{#SNMPVALUE}]' - macros: - - - macro: '{$CPU.UTIL.CRIT}' - value: '80' - - - macro: '{$IF_ID1}' - value: '1' - description: 'IF ID where Egress Shaping is configured' - - - macro: '{$IF_IN_ID1}' - value: '2' - description: 'IF ID where Ingress Shaping is configured' - - - macro: '{$MEMORY.UTIL.MAX}' - value: '80' - dashboards: - - name: 'HA Statistics' - widgets: + name: 'Network interfaces discovery' + type: SNMP_AGENT + snmp_oid: 'discovery[{#IFOPERSTATUS},1.3.6.1.2.1.2.2.1.8,{#IFADMINSTATUS},1.3.6.1.2.1.2.2.1.7,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18,{#IFNAME},1.3.6.1.2.1.31.1.1.1.1,{#IFDESCR},1.3.6.1.2.1.2.2.1.2,{#IFTYPE},1.3.6.1.2.1.2.2.1.3]' + key: net.if.discovery + delay: 1h + filter: + evaltype: AND + conditions: + - + macro: '{#IFADMINSTATUS}' + value: '{$NET.IF.IFADMINSTATUS.MATCHES}' + formulaid: A + - + macro: '{#IFADMINSTATUS}' + value: '{$NET.IF.IFADMINSTATUS.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: B + - + macro: '{#IFOPERSTATUS}' + value: '{$NET.IF.IFOPERSTATUS.MATCHES}' + formulaid: I + - + macro: '{#IFOPERSTATUS}' + value: '{$NET.IF.IFOPERSTATUS.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: J + - + macro: '{#IFNAME}' + value: '{$NET.IF.IFNAME.MATCHES}' + formulaid: G + - + macro: '{#IFNAME}' + value: '{$NET.IF.IFNAME.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: H + - + macro: '{#IFDESCR}' + value: '{$NET.IF.IFDESCR.MATCHES}' + formulaid: E + - + macro: '{#IFDESCR}' + value: '{$NET.IF.IFDESCR.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: F + - + macro: '{#IFALIAS}' + value: '{$NET.IF.IFALIAS.MATCHES}' + formulaid: C + - + macro: '{#IFALIAS}' + value: '{$NET.IF.IFALIAS.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: D + - + macro: '{#IFTYPE}' + value: '{$NET.IF.IFTYPE.MATCHES}' + formulaid: K + - + macro: '{#IFTYPE}' + value: '{$NET.IF.IFTYPE.NOT_MATCHES}' + operator: NOT_MATCHES_REGEX + formulaid: L + description: | + Discovering interfaces from IF-MIB. + + + + + FORTINET-FORTIGATE-MIB::fgIntfEntry + + Fortinet specific extensions to MIB-2 ifTable. + + Fortinet specific information about an ifEntry. This table augments the standard ifTable, so the same indexing is used. + item_prototypes: - - type: GRAPH_PROTOTYPE - width: '24' - height: '5' - fields: - - - type: INTEGER - name: columns - value: '1' + name: 'Interface {#IFNAME}({#IFALIAS}): Estimated downstream bandwidth' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.3.{#SNMPINDEX}' + key: 'fgIntfEntEstDownBandwidth.[{#SNMPINDEX}]' + delay: 1h + history: 7d + units: bps + description: | + FORTINET-FORTIGATE-MIB::fgIntfEntEstDownBandwidth + + Estimated maximum downstream bandwidth (Kbps). Used to estimate link utilization. + application_prototypes: - - type: INTEGER - name: rows - value: '1' + name: 'Interface {#IFNAME}({#IFALIAS})' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Estimated upstream bandwidth' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.2.{#SNMPINDEX}' + key: 'fgIntfEntEstUpBandwidth.[{#SNMPINDEX}]' + delay: 1h + history: 7d + units: bps + description: | + FORTINET-FORTIGATE-MIB::fgIntfEntEstUpBandwidth + + Estimated maximum upstream bandwidth (Kbps). Used to estimate link utilization. + application_prototypes: - - type: INTEGER - name: source_type - value: '2' + name: 'Interface {#IFNAME}({#IFALIAS})' + - + name: 'Interface {#IFNAME}({#IFALIAS}): VDOM' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.4.1.12356.101.7.2.1.1.1.{#SNMPINDEX}' + key: 'fgIntfEntVdom.[{#SNMPINDEX}]' + delay: 1h + history: 7d + description: | + FORTINET-FORTIGATE-MIB::fgIntfEntVdom + + The virtual domain the interface belongs to. This index corresponds to the index used by fgVdTable. + application_prototypes: - - type: GRAPH_PROTOTYPE - name: graphid - value: - name: 'HA Cluster Member {#HA_ID} - Concurrent Connections' - host: 'Template Net Fortinet FortiGate SNMP' + name: 'Interface {#IFNAME}({#IFALIAS})' - - type: GRAPH_PROTOTYPE - 'y': '5' - width: '24' - height: '5' - fields: + name: 'Interface {#IFNAME}({#IFALIAS}): Duplex status' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.10.7.2.1.19.{#SNMPINDEX}' + key: 'net.if.duplex[dot3StatsDuplexStatus.{#SNMPINDEX}]' + history: 7d + description: | + MIB: EtherLike-MIB + The current mode of operation of the MAC + entity. 'unknown' indicates that the current + duplex mode could not be determined. + + Management control of the duplex mode is + accomplished through the MAU MIB. When + an interface does not support autonegotiation, + or when autonegotiation is not enabled, the + duplex mode is controlled using + ifMauDefaultType. When autonegotiation is + supported and enabled, duplex mode is controlled + using ifMauAutoNegAdvertisedBits. In either + case, the currently operating duplex mode is + reflected both in this object and in ifMauType. + + Note that this object provides redundant + information with ifMauType. Normally, redundant + objects are discouraged. However, in this + instance, it allows a management application to + determine the duplex status of an interface + without having to know every possible value of + ifMauType. This was felt to be sufficiently + valuable to justify the redundancy. + Reference: [IEEE 802.3 Std.], 30.3.1.1.32,aDuplexStatus. + application_prototypes: - - type: INTEGER - name: columns - value: '1' + name: 'Interface {#IFNAME}({#IFALIAS})' + valuemap: + name: 'EtherLike-MIB::dot3StatsDuplexStatus' + trigger_prototypes: - - type: INTEGER - name: rows - value: '1' + expression: '{last()}=2' + name: 'Interface {#IFNAME}({#IFALIAS}): In half-duplex mode' + priority: WARNING + description: 'Please check autonegotiation settings and cabling' + manual_close: 'YES' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.13.{#SNMPINDEX}' + key: 'net.if.in.discards[ifInDiscards.{#SNMPINDEX}]' + delay: 3m + history: 7d + description: | + MIB: IF-MIB + The number of inbound packets which were chosen to be discarded + even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. + One possible reason for discarding such a packet could be to free up buffer space. + Discontinuities in the value of this counter can occur at re-initialization of the management system, + and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.14.{#SNMPINDEX}' + key: 'net.if.in.errors[ifInErrors.{#SNMPINDEX}]' + delay: 3m + history: 7d + description: | + MIB: IF-MIB + For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Bits received' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.31.1.1.1.6.{#SNMPINDEX}' + key: 'net.if.in[ifHCInOctets.{#SNMPINDEX}]' + delay: 3m + history: 7d + units: bps + description: | + MIB: IF-MIB + The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + type: MULTIPLIER + parameters: + - '8' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.19.{#SNMPINDEX}' + key: 'net.if.out.discards[ifOutDiscards.{#SNMPINDEX}]' + delay: 3m + history: 7d + description: | + MIB: IF-MIB + The number of outbound packets which were chosen to be discarded + even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. + One possible reason for discarding such a packet could be to free up buffer space. + Discontinuities in the value of this counter can occur at re-initialization of the management system, + and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.20.{#SNMPINDEX}' + key: 'net.if.out.errors[ifOutErrors.{#SNMPINDEX}]' + delay: 3m + history: 7d + description: | + MIB: IF-MIB + For packet-oriented interfaces, the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Bits sent' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.31.1.1.1.10.{#SNMPINDEX}' + key: 'net.if.out[ifHCOutOctets.{#SNMPINDEX}]' + delay: 3m + history: 7d + units: bps + description: | + MIB: IF-MIB + The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets.Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: CHANGE_PER_SECOND + parameters: + - '' + - + type: MULTIPLIER + parameters: + - '8' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Speed' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.31.1.1.1.15.{#SNMPINDEX}' + key: 'net.if.speed[ifHighSpeed.{#SNMPINDEX}]' + delay: 5m + history: 7d + trends: 0d + units: bps + description: | + MIB: IF-MIB + An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of `n' then the speed of the interface is somewhere in the range of `n-500,000' to`n+499,999'. For interfaces which do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + preprocessing: + - + type: MULTIPLIER + parameters: + - '1000000' + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1h + - + name: 'Interface {#IFNAME}({#IFALIAS}): Operational status' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.8.{#SNMPINDEX}' + key: 'net.if.status[ifOperStatus.{#SNMPINDEX}]' + history: 7d + trends: '0' + description: | + MIB: IF-MIB + The current operational state of the interface. + - The testing(3) state indicates that no operational packet scan be passed + - If ifAdminStatus is down(2) then ifOperStatus should be down(2) + - If ifAdminStatus is changed to up(1) then ifOperStatus should change to up(1) if the interface is ready to transmit and receive network traffic + - It should change todormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection) + - It should remain in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state + - It should remain in the notPresent(6) state if the interface has missing(typically, hardware) components. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + valuemap: + name: 'IF-MIB::ifOperStatus' + trigger_prototypes: + - + expression: '{$IFCONTROL:"{#IFNAME}"}=1 and ({last()}=2 and {diff()}=1)' + recovery_mode: RECOVERY_EXPRESSION + recovery_expression: '{last()}<>2 or {$IFCONTROL:"{#IFNAME}"}=0' + name: 'Interface {#IFNAME}({#IFALIAS}): Link down' + opdata: 'Current state: {ITEM.LASTVALUE1}' + priority: AVERAGE + description: | + This trigger expression works as follows: + 1. Can be triggered if operations status is down. + 2. {$IFCONTROL:"{#IFNAME}"}=1 - user can redefine Context macro to value - 0. That marks this interface as not important. No new trigger will be fired if this interface is down. + 3. {TEMPLATE_NAME:METRIC.diff()}=1) - trigger fires only if operational status was up(1) sometime before. (So, do not fire 'ethernal off' interfaces.) + + WARNING: if closed manually - won't fire again on next poll, because of .diff. + manual_close: 'YES' + - + name: 'Interface {#IFNAME}({#IFALIAS}): Interface type' + type: SNMP_AGENT + snmp_oid: '1.3.6.1.2.1.2.2.1.3.{#SNMPINDEX}' + key: 'net.if.type[ifType.{#SNMPINDEX}]' + delay: 1h + history: 7d + trends: 0d + description: | + MIB: IF-MIB + The type of interface. + Additional values for ifType are assigned by the Internet Assigned NumbersAuthority (IANA), + through updating the syntax of the IANAifType textual convention. + application_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS})' + valuemap: + name: 'IF-MIB::ifType' + preprocessing: + - + type: DISCARD_UNCHANGED_HEARTBEAT + parameters: + - 1d + trigger_prototypes: + - + expression: | + {Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].change()}<0 and {Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()}>0 + and ( + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=6 or + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=7 or + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=11 or + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=62 or + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=69 or + {Template Net Fortinet FortiGate SNMP:net.if.type[ifType.{#SNMPINDEX}].last()}=117 + ) + and + ({Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}<>2) + recovery_mode: RECOVERY_EXPRESSION + recovery_expression: | + ({Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].change()}>0 and {Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].prev()}>0) or + ({Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}=2) + name: 'Interface {#IFNAME}({#IFALIAS}): Ethernet has changed to lower speed than it was before' + opdata: 'Current reported speed: {ITEM.LASTVALUE1}' + priority: INFO + description: 'This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Ack to close.' + manual_close: 'YES' + dependencies: + - + name: 'Interface {#IFNAME}({#IFALIAS}): Link down' + expression: '{$IFCONTROL:"{#IFNAME}"}=1 and ({Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}=2 and {Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].diff()}=1)' + recovery_expression: '{Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}<>2 or {$IFCONTROL:"{#IFNAME}"}=0' + - + expression: | + ({Template Net Fortinet FortiGate SNMP:net.if.in[ifHCInOctets.{#SNMPINDEX}].avg(15m)}>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*{Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()} or + {Template Net Fortinet FortiGate SNMP:net.if.out[ifHCOutOctets.{#SNMPINDEX}].avg(15m)}>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*{Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()}) and + {Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()}>0 + recovery_mode: RECOVERY_EXPRESSION + recovery_expression: | + {Template Net Fortinet FortiGate SNMP:net.if.in[ifHCInOctets.{#SNMPINDEX}].avg(15m)}<(({$IF.UTIL.MAX:"{#IFNAME}"}-3)/100)*{Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()} and + {Template Net Fortinet FortiGate SNMP:net.if.out[ifHCOutOctets.{#SNMPINDEX}].avg(15m)}<(({$IF.UTIL.MAX:"{#IFNAME}"}-3)/100)*{Template Net Fortinet FortiGate SNMP:net.if.speed[ifHighSpeed.{#SNMPINDEX}].last()} + name: 'Interface {#IFNAME}({#IFALIAS}): High bandwidth usage (>{$IF.UTIL.MAX:"{#IFNAME}"}% )' + opdata: 'In: {ITEM.LASTVALUE1}, out: {ITEM.LASTVALUE3}, speed: {ITEM.LASTVALUE2}' + priority: WARNING + description: 'The network interface utilization is close to its estimated maximum bandwidth.' + manual_close: 'YES' + dependencies: + - + name: 'Interface {#IFNAME}({#IFALIAS}): Link down' + expression: '{$IFCONTROL:"{#IFNAME}"}=1 and ({Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}=2 and {Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].diff()}=1)' + recovery_expression: '{Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}<>2 or {$IFCONTROL:"{#IFNAME}"}=0' + - + expression: | + {Template Net Fortinet FortiGate SNMP:net.if.in.errors[ifInErrors.{#SNMPINDEX}].min(5m)}>{$IF.ERRORS.WARN:"{#IFNAME}"} + or {Template Net Fortinet FortiGate SNMP:net.if.out.errors[ifOutErrors.{#SNMPINDEX}].min(5m)}>{$IF.ERRORS.WARN:"{#IFNAME}"} + recovery_mode: RECOVERY_EXPRESSION + recovery_expression: | + {Template Net Fortinet FortiGate SNMP:net.if.in.errors[ifInErrors.{#SNMPINDEX}].max(5m)}<{$IF.ERRORS.WARN:"{#IFNAME}"}*0.8 + and {Template Net Fortinet FortiGate SNMP:net.if.out.errors[ifOutErrors.{#SNMPINDEX}].max(5m)}<{$IF.ERRORS.WARN:"{#IFNAME}"}*0.8 + name: 'Interface {#IFNAME}({#IFALIAS}): High error rate (>{$IF.ERRORS.WARN:"{#IFNAME}"} for 5m)' + opdata: 'errors in: {ITEM.LASTVALUE1}, errors out: {ITEM.LASTVALUE2}' + priority: WARNING + description: 'Recovers when below 80% of {$IF.ERRORS.WARN:"{#IFNAME}"} threshold' + manual_close: 'YES' + dependencies: + - + name: 'Interface {#IFNAME}({#IFALIAS}): Link down' + expression: '{$IFCONTROL:"{#IFNAME}"}=1 and ({Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}=2 and {Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].diff()}=1)' + recovery_expression: '{Template Net Fortinet FortiGate SNMP:net.if.status[ifOperStatus.{#SNMPINDEX}].last()}<>2 or {$IFCONTROL:"{#IFNAME}"}=0' + graph_prototypes: + - + name: 'Interface {#IFNAME}({#IFALIAS}): Network traffic' + graph_items: + - + sortorder: '1' + drawtype: GRADIENT_LINE + color: 1A7C11 + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.in[ifHCInOctets.{#SNMPINDEX}]' + - + sortorder: '2' + drawtype: BOLD_LINE + color: 2774A4 + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.out[ifHCOutOctets.{#SNMPINDEX}]' + - + sortorder: '3' + color: F63100 + yaxisside: RIGHT + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.out.errors[ifOutErrors.{#SNMPINDEX}]' + - + sortorder: '4' + color: A54F10 + yaxisside: RIGHT + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.in.errors[ifInErrors.{#SNMPINDEX}]' + - + sortorder: '5' + color: FC6EA3 + yaxisside: RIGHT + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.out.discards[ifOutDiscards.{#SNMPINDEX}]' + - + sortorder: '6' + color: 6C59DC + yaxisside: RIGHT + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'net.if.in.discards[ifInDiscards.{#SNMPINDEX}]' + - + sortorder: '7' + color: AC8C14 + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'fgIntfEntEstDownBandwidth.[{#SNMPINDEX}]' + - + sortorder: '8' + color: 611F27 + item: + host: 'Template Net Fortinet FortiGate SNMP' + key: 'fgIntfEntEstUpBandwidth.[{#SNMPINDEX}]' + macros: + - + macro: '{$CPU.UTIL.CRIT}' + value: '80' + description: 'High CPU usage trigger threshold' + - + macro: '{$ICMP_LOSS_WARN}' + value: '20' + description: 'High ICMP ping loss trigger threshold' + - + macro: '{$ICMP_RESPONSE_TIME_WARN}' + value: '0.15' + description: 'High ICMP ping response time trigger threshold (s)' + - + macro: '{$IF.ERRORS.WARN}' + value: '2' + description: 'High error rate trigger threshold' + - + macro: '{$IF.UTIL.MAX}' + value: '90' + description: 'High bandwidth usage trigger threshold' + - + macro: '{$IFCONTROL}' + value: '1' + description: 'Control if up-down state change will trigger' + - + macro: '{$IF_ID1}' + value: '1' + description: 'Interface ID where Egress Shaping is configured' + - + macro: '{$IF_IN_ID1}' + value: '2' + description: 'Interface ID where Ingress Shaping is configured' + - + macro: '{$MEMORY.UTIL.MAX}' + value: '80' + description: 'High memory usage trigger threshold' + - + macro: '{$NET.IF.IFADMINSTATUS.MATCHES}' + value: '^.*' + description: 'Ignore notPresent(6) - LOOKS WRONG' + - + macro: '{$NET.IF.IFADMINSTATUS.NOT_MATCHES}' + value: ^2$ + description: 'Ignore down(2) administrative status' + - + macro: '{$NET.IF.IFALIAS.MATCHES}' + value: '.*' + description: 'Match all by default' + - + macro: '{$NET.IF.IFALIAS.NOT_MATCHES}' + value: CHANGE_IF_NEEDED + description: 'Change to exclude interfaces from discovery' + - + macro: '{$NET.IF.IFDESCR.MATCHES}' + value: '.*' + description: 'Match all by default' + - + macro: '{$NET.IF.IFDESCR.NOT_MATCHES}' + value: CHANGE_IF_NEEDED + description: 'Change to exclude interfaces from discovery' + - + macro: '{$NET.IF.IFNAME.MATCHES}' + value: '^.*$' + description: 'Match all by default' + - + macro: '{$NET.IF.IFNAME.NOT_MATCHES}' + value: '(^Software Loopback Interface|^NULL[0-9.]*$|^[Ll]o[0-9.]*$|^[Ss]ystem$|^Nu[0-9.]*$|^veth[0-9a-z]+$|docker[0-9]+|br-[a-z0-9]{12})' + description: 'Filter out loopbacks, nulls, docker veth links and docker0 bridge by default' + - + macro: '{$NET.IF.IFOPERSTATUS.MATCHES}' + value: '1' + description: 'Interfaces with up(1) Operational Status are discovered.' + - + macro: '{$NET.IF.IFOPERSTATUS.NOT_MATCHES}' + value: ^6$ + description: 'Ignore notPresent(6)' + - + macro: '{$NET.IF.IFTYPE.MATCHES}' + value: '.*' + description: 'Match all by default. Details at https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib' + - + macro: '{$NET.IF.IFTYPE.NOT_MATCHES}' + value: CHANGE_IF_NEEDED + description: 'Change to exclude interfaces from discovery' + - + macro: '{$SNMP.TIMEOUT}' + value: 5m + description: 'No SNMP data collection trigger threshold' + dashboards: + - + name: 'HA Statistics' + widgets: + - + type: GRAPH_PROTOTYPE + width: '24' + height: '5' + fields: + - + type: INTEGER + name: columns + value: '1' + - + type: INTEGER + name: rows + value: '1' + - + type: INTEGER + name: source_type + value: '2' + - + type: GRAPH_PROTOTYPE + name: graphid + value: + name: 'HA Cluster Member {#HA_ID} - Concurrent Connections' + host: 'Template Net Fortinet FortiGate SNMP' + - + type: GRAPH_PROTOTYPE + 'y': '5' + width: '24' + height: '5' + fields: + - + type: INTEGER + name: columns + value: '1' + - + type: INTEGER + name: rows + value: '1' - type: INTEGER name: source_type @@ -2860,13 +3785,15 @@ zabbix_export: ymin_type_1: FIXED graph_items: - + sortorder: '1' drawtype: DASHED_LINE color: F63100 + calc_fnc: MAX item: host: 'Template Net Fortinet FortiGate SNMP' key: fgSysDiskCapacity - - sortorder: '1' + sortorder: '2' color: FF8000 item: host: 'Template Net Fortinet FortiGate SNMP' @@ -2967,23 +3894,47 @@ zabbix_export: value: '1' newvalue: Alarm - - name: 'FORTINET-CORE-MIB::FnBoolState' + name: 'EtherLike-MIB::dot3StatsDuplexStatus' mappings: - value: '1' - newvalue: disabled + newvalue: unknown - value: '2' - newvalue: enabled + newvalue: halfDuplex + - + value: '3' + newvalue: fullDuplex - - name: 'FORTINET-FORTIGATE-MIB::FgHaLBSchedule' + name: 'FORTINET-CORE-MIB::FgHaState' mappings: - value: '1' - newvalue: none + newvalue: master - value: '2' - newvalue: hub + newvalue: backup + - + value: '3' + newvalue: standalone + - + name: 'FORTINET-CORE-MIB::FnBoolState' + mappings: + - + value: '1' + newvalue: disabled + - + value: '2' + newvalue: enabled + - + name: 'FORTINET-FORTIGATE-MIB::FgHaLBSchedule' + mappings: + - + value: '1' + newvalue: none + - + value: '2' + newvalue: hub - value: '3' newvalue: leastConnections @@ -3023,6 +3974,15 @@ zabbix_export: - value: '1' newvalue: synchronized + - + name: 'FORTINET-FORTIGATE-MIB::FgOpMode' + mappings: + - + value: '1' + newvalue: nat + - + value: '2' + newvalue: transparent - name: 'FORTINET-FORTIGATE-MIB::fgWcWtpConfigWtpAdmin' mappings: @@ -3068,6 +4028,888 @@ zabbix_export: - value: '4' newvalue: 'connected Image' + - + name: 'IF-MIB::ifOperStatus' + mappings: + - + value: '1' + newvalue: up + - + value: '2' + newvalue: down + - + value: '4' + newvalue: unknown + - + value: '5' + newvalue: dormant + - + value: '6' + newvalue: notPresent + - + value: '7' + newvalue: lowerLayerDown + - + name: 'IF-MIB::ifType' + mappings: + - + value: '1' + newvalue: other + - + value: '2' + newvalue: regular1822 + - + value: '3' + newvalue: hdh1822 + - + value: '4' + newvalue: ddnX25 + - + value: '5' + newvalue: rfc877x25 + - + value: '6' + newvalue: ethernetCsmacd + - + value: '7' + newvalue: iso88023Csmacd + - + value: '8' + newvalue: iso88024TokenBus + - + value: '9' + newvalue: iso88025TokenRing + - + value: '10' + newvalue: iso88026Man + - + value: '11' + newvalue: starLan + - + value: '12' + newvalue: proteon10Mbit + - + value: '13' + newvalue: proteon80Mbit + - + value: '14' + newvalue: hyperchannel + - + value: '15' + newvalue: fddi + - + value: '16' + newvalue: lapb + - + value: '17' + newvalue: sdlc + - + value: '18' + newvalue: ds1 + - + value: '19' + newvalue: e1 + - + value: '20' + newvalue: basicISDN + - + value: '21' + newvalue: primaryISDN + - + value: '22' + newvalue: propPointToPointSerial + - + value: '23' + newvalue: ppp + - + value: '24' + newvalue: softwareLoopback + - + value: '25' + newvalue: eon + - + value: '26' + newvalue: ethernet3Mbit + - + value: '27' + newvalue: nsip + - + value: '28' + newvalue: slip + - + value: '29' + newvalue: ultra + - + value: '30' + newvalue: ds3 + - + value: '31' + newvalue: sip + - + value: '32' + newvalue: frameRelay + - + value: '33' + newvalue: rs232 + - + value: '34' + newvalue: para + - + value: '35' + newvalue: arcnet + - + value: '36' + newvalue: arcnetPlus + - + value: '37' + newvalue: atm + - + value: '38' + newvalue: miox25 + - + value: '39' + newvalue: sonet + - + value: '40' + newvalue: x25ple + - + value: '41' + newvalue: iso88022llc + - + value: '42' + newvalue: localTalk + - + value: '43' + newvalue: smdsDxi + - + value: '44' + newvalue: frameRelayService + - + value: '45' + newvalue: v35 + - + value: '46' + newvalue: hssi + - + value: '47' + newvalue: hippi + - + value: '48' + newvalue: modem + - + value: '49' + newvalue: aal5 + - + value: '50' + newvalue: sonetPath + - + value: '51' + newvalue: sonetVT + - + value: '52' + newvalue: smdsIcip + - + value: '53' + newvalue: propVirtual + - + value: '54' + newvalue: propMultiplexor + - + value: '55' + newvalue: ieee80212 + - + value: '56' + newvalue: fibreChannel + - + value: '57' + newvalue: hippiInterface + - + value: '58' + newvalue: frameRelayInterconnect + - + value: '59' + newvalue: aflane8023 + - + value: '60' + newvalue: aflane8025 + - + value: '61' + newvalue: cctEmul + - + value: '62' + newvalue: fastEther + - + value: '63' + newvalue: isdn + - + value: '64' + newvalue: v11 + - + value: '65' + newvalue: v36 + - + value: '66' + newvalue: g703at64k + - + value: '67' + newvalue: g703at2mb + - + value: '68' + newvalue: qllc + - + value: '69' + newvalue: fastEtherFX + - + value: '70' + newvalue: channel + - + value: '71' + newvalue: ieee80211 + - + value: '72' + newvalue: ibm370parChan + - + value: '73' + newvalue: escon + - + value: '74' + newvalue: dlsw + - + value: '75' + newvalue: isdns + - + value: '76' + newvalue: isdnu + - + value: '77' + newvalue: lapd + - + value: '78' + newvalue: ipSwitch + - + value: '79' + newvalue: rsrb + - + value: '80' + newvalue: atmLogical + - + value: '81' + newvalue: ds0 + - + value: '82' + newvalue: ds0Bundle + - + value: '83' + newvalue: bsc + - + value: '84' + newvalue: async + - + value: '85' + newvalue: cnr + - + value: '86' + newvalue: iso88025Dtr + - + value: '87' + newvalue: eplrs + - + value: '88' + newvalue: arap + - + value: '89' + newvalue: propCnls + - + value: '90' + newvalue: hostPad + - + value: '91' + newvalue: termPad + - + value: '92' + newvalue: frameRelayMPI + - + value: '93' + newvalue: x213 + - + value: '94' + newvalue: adsl + - + value: '95' + newvalue: radsl + - + value: '96' + newvalue: sdsl + - + value: '97' + newvalue: vdsl + - + value: '98' + newvalue: iso88025CRFPInt + - + value: '99' + newvalue: myrinet + - + value: '100' + newvalue: voiceEM + - + value: '101' + newvalue: voiceFXO + - + value: '102' + newvalue: voiceFXS + - + value: '103' + newvalue: voiceEncap + - + value: '104' + newvalue: voiceOverIp + - + value: '105' + newvalue: atmDxi + - + value: '106' + newvalue: atmFuni + - + value: '107' + newvalue: atmIma + - + value: '108' + newvalue: pppMultilinkBundle + - + value: '109' + newvalue: ipOverCdlc + - + value: '110' + newvalue: ipOverClaw + - + value: '111' + newvalue: stackToStack + - + value: '112' + newvalue: virtualIpAddress + - + value: '113' + newvalue: mpc + - + value: '114' + newvalue: ipOverAtm + - + value: '115' + newvalue: iso88025Fiber + - + value: '116' + newvalue: tdlc + - + value: '117' + newvalue: gigabitEthernet + - + value: '118' + newvalue: hdlc + - + value: '119' + newvalue: lapf + - + value: '120' + newvalue: v37 + - + value: '121' + newvalue: x25mlp + - + value: '122' + newvalue: x25huntGroup + - + value: '123' + newvalue: trasnpHdlc + - + value: '124' + newvalue: interleave + - + value: '125' + newvalue: fast + - + value: '126' + newvalue: ip + - + value: '127' + newvalue: docsCableMaclayer + - + value: '128' + newvalue: docsCableDownstream + - + value: '129' + newvalue: docsCableUpstream + - + value: '130' + newvalue: a12MppSwitch + - + value: '131' + newvalue: tunnel + - + value: '132' + newvalue: coffee + - + value: '133' + newvalue: ces + - + value: '134' + newvalue: atmSubInterface + - + value: '135' + newvalue: l2vlan + - + value: '136' + newvalue: l3ipvlan + - + value: '137' + newvalue: l3ipxvlan + - + value: '138' + newvalue: digitalPowerline + - + value: '139' + newvalue: mediaMailOverIp + - + value: '140' + newvalue: dtm + - + value: '141' + newvalue: dcn + - + value: '142' + newvalue: ipForward + - + value: '143' + newvalue: msdsl + - + value: '144' + newvalue: ieee1394 + - + value: '145' + newvalue: if-gsn + - + value: '146' + newvalue: dvbRccMacLayer + - + value: '147' + newvalue: dvbRccDownstream + - + value: '148' + newvalue: dvbRccUpstream + - + value: '149' + newvalue: atmVirtual + - + value: '150' + newvalue: mplsTunnel + - + value: '151' + newvalue: srp + - + value: '152' + newvalue: voiceOverAtm + - + value: '153' + newvalue: voiceOverFrameRelay + - + value: '154' + newvalue: idsl + - + value: '155' + newvalue: compositeLink + - + value: '156' + newvalue: ss7SigLink + - + value: '157' + newvalue: propWirelessP2P + - + value: '158' + newvalue: frForward + - + value: '159' + newvalue: rfc1483 + - + value: '160' + newvalue: usb + - + value: '161' + newvalue: ieee8023adLag + - + value: '162' + newvalue: bgppolicyaccounting + - + value: '163' + newvalue: frf16MfrBundle + - + value: '164' + newvalue: h323Gatekeeper + - + value: '165' + newvalue: h323Proxy + - + value: '166' + newvalue: mpls + - + value: '167' + newvalue: mfSigLink + - + value: '168' + newvalue: hdsl2 + - + value: '169' + newvalue: shdsl + - + value: '170' + newvalue: ds1FDL + - + value: '171' + newvalue: pos + - + value: '172' + newvalue: dvbAsiIn + - + value: '173' + newvalue: dvbAsiOut + - + value: '174' + newvalue: plc + - + value: '175' + newvalue: nfas + - + value: '176' + newvalue: tr008 + - + value: '177' + newvalue: gr303RDT + - + value: '178' + newvalue: gr303IDT + - + value: '179' + newvalue: isup + - + value: '180' + newvalue: propDocsWirelessMaclayer + - + value: '181' + newvalue: propDocsWirelessDownstream + - + value: '182' + newvalue: propDocsWirelessUpstream + - + value: '183' + newvalue: hiperlan2 + - + value: '184' + newvalue: propBWAp2Mp + - + value: '185' + newvalue: sonetOverheadChannel + - + value: '186' + newvalue: digitalWrapperOverheadChannel + - + value: '187' + newvalue: aal2 + - + value: '188' + newvalue: radioMAC + - + value: '189' + newvalue: atmRadio + - + value: '190' + newvalue: imt + - + value: '191' + newvalue: mvl + - + value: '192' + newvalue: reachDSL + - + value: '193' + newvalue: frDlciEndPt + - + value: '194' + newvalue: atmVciEndPt + - + value: '195' + newvalue: opticalChannel + - + value: '196' + newvalue: opticalTransport + - + value: '197' + newvalue: propAtm + - + value: '198' + newvalue: voiceOverCable + - + value: '199' + newvalue: infiniband + - + value: '200' + newvalue: teLink + - + value: '201' + newvalue: q2931 + - + value: '202' + newvalue: virtualTg + - + value: '203' + newvalue: sipTg + - + value: '204' + newvalue: sipSig + - + value: '205' + newvalue: docsCableUpstreamChannel + - + value: '206' + newvalue: econet + - + value: '207' + newvalue: pon155 + - + value: '208' + newvalue: pon622 + - + value: '209' + newvalue: bridge + - + value: '210' + newvalue: linegroup + - + value: '211' + newvalue: voiceEMFGD + - + value: '212' + newvalue: voiceFGDEANA + - + value: '213' + newvalue: voiceDID + - + value: '214' + newvalue: mpegTransport + - + value: '215' + newvalue: sixToFour + - + value: '216' + newvalue: gtp + - + value: '217' + newvalue: pdnEtherLoop1 + - + value: '218' + newvalue: pdnEtherLoop2 + - + value: '219' + newvalue: opticalChannelGroup + - + value: '220' + newvalue: homepna + - + value: '221' + newvalue: gfp + - + value: '222' + newvalue: ciscoISLvlan + - + value: '223' + newvalue: actelisMetaLOOP + - + value: '224' + newvalue: fcipLink + - + value: '225' + newvalue: rpr + - + value: '226' + newvalue: qam + - + value: '227' + newvalue: lmp + - + value: '228' + newvalue: cblVectaStar + - + value: '229' + newvalue: docsCableMCmtsDownstream + - + value: '230' + newvalue: adsl2 + - + value: '231' + newvalue: macSecControlledIF + - + value: '232' + newvalue: macSecUncontrolledIF + - + value: '233' + newvalue: aviciOpticalEther + - + value: '234' + newvalue: atmbond + - + value: '235' + newvalue: voiceFGDOS + - + value: '236' + newvalue: mocaVersion1 + - + value: '237' + newvalue: ieee80216WMAN + - + value: '238' + newvalue: adsl2plus + - + value: '239' + newvalue: dvbRcsMacLayer + - + value: '240' + newvalue: dvbTdm + - + value: '241' + newvalue: dvbRcsTdma + - + value: '242' + newvalue: x86Laps + - + value: '243' + newvalue: wwanPP + - + value: '244' + newvalue: wwanPP2 + - + value: '245' + newvalue: voiceEBS + - + value: '246' + newvalue: ifPwType + - + value: '247' + newvalue: ilan + - + value: '248' + newvalue: pip + - + value: '249' + newvalue: aluELP + - + value: '250' + newvalue: gpon + - + value: '251' + newvalue: vdsl2 + - + value: '252' + newvalue: capwapDot11Profile + - + value: '253' + newvalue: capwapDot11Bss + - + value: '254' + newvalue: capwapWtpVirtualRadio + - + value: '255' + newvalue: bits + - + value: '256' + newvalue: docsCableUpstreamRfPort + - + value: '257' + newvalue: cableDownstreamRfPort + - + value: '258' + newvalue: vmwareVirtualNic + - + value: '259' + newvalue: ieee802154 + - + value: '260' + newvalue: otnOdu + - + value: '261' + newvalue: otnOtu + - + value: '262' + newvalue: ifVfiType + - + value: '263' + newvalue: g9981 + - + value: '264' + newvalue: g9982 + - + value: '265' + newvalue: g9983 + - + value: '266' + newvalue: aluEpon + - + value: '267' + newvalue: aluEponOnu + - + value: '268' + newvalue: aluEponPhysicalUni + - + value: '269' + newvalue: aluEponLogicalLink + - + value: '270' + newvalue: aluGponOnu + - + value: '271' + newvalue: aluGponPhysicalUni + - + value: '272' + newvalue: vmwareNicTeam + - + value: '277' + newvalue: docsOfdmDownstream + - + value: '278' + newvalue: docsOfdmaUpstream + - + value: '279' + newvalue: gfast + - + value: '280' + newvalue: sdci + - + value: '281' + newvalue: xboxWireless + - + value: '282' + newvalue: fastdsl + - + value: '283' + newvalue: docsCableScte55d1FwdOob + - + value: '284' + newvalue: docsCableScte55d1RetOob + - + value: '285' + newvalue: docsCableScte55d2DsOob + - + value: '286' + newvalue: docsCableScte55d2UsOob + - + value: '287' + newvalue: docsCableNdf + - + value: '288' + newvalue: docsCableNdr + - + value: '289' + newvalue: ptm + - + value: '290' + newvalue: ghn - name: 'IF-MIB::InetAddressType' mappings: @@ -3077,3 +4919,24 @@ zabbix_export: - value: '2' newvalue: ipv6 + - + name: 'Service state' + mappings: + - + value: '0' + newvalue: Down + - + value: '1' + newvalue: Up + - + name: zabbix.host.available + mappings: + - + value: '0' + newvalue: 'not available' + - + value: '1' + newvalue: available + - + value: '2' + newvalue: unknown diff --git a/tests/tf/compute.tf b/tests/tf/compute.tf index 6c5624d..9e8fa6b 100644 --- a/tests/tf/compute.tf +++ b/tests/tf/compute.tf @@ -1,9 +1,3 @@ -# Add ssh key -resource "aws_key_pair" "ssh-key" { - key_name = var.ec2_key_name - public_key = file(var.ec2_key_filename) -} - # Create Security Group - ZabbixServer resource "aws_security_group" "zabbix-server" { vpc_id = aws_vpc.vpc.id @@ -53,7 +47,7 @@ resource "aws_instance" "instance-zabbix-server" { ami = var.ec2_image_id vpc_security_group_ids = [aws_security_group.zabbix-server.id] subnet_id = aws_subnet.public-subnet-1.id - key_name = aws_key_pair.ssh-key.key_name + key_name = var.ec2_key_name associate_public_ip_address = true user_data = file("user-data.sh") @@ -64,9 +58,13 @@ resource "aws_instance" "instance-zabbix-server" { } # Create EIP for EC2 Instance ZabbixServer resource "aws_eip" "eip-instance-zabbix-server" { - # count = 1 + instance = aws_instance.instance-zabbix-server.id vpc = true + + tags = { + Name = "Zabbix-Server" + } } # Output @@ -78,6 +76,10 @@ output "User" { value = "Admin" } +output "SSH-User" { + value = "ubuntu" +} + output "Password" { value = "zabbix" } diff --git a/tests/tf/network.tf b/tests/tf/network.tf index f6d5acc..5d7e9c2 100644 --- a/tests/tf/network.tf +++ b/tests/tf/network.tf @@ -40,27 +40,6 @@ resource "aws_subnet" "private-subnet-1" { Name = "Zabbix-Private-Subnet-1" } } -# az2 -resource "aws_subnet" "public-subnet-2" { - vpc_id = aws_vpc.vpc.id - cidr_block = "10.215.0.64/27" - map_public_ip_on_launch = true - availability_zone = "${var.region}b" - - tags = { - Name = "Zabbix-Public-Subnet-2" - } -} -resource "aws_subnet" "private-subnet-2" { - vpc_id = aws_vpc.vpc.id - cidr_block = "10.215.0.96/27" - map_public_ip_on_launch = false - availability_zone = "${var.region}b" - - tags = { - Name = "Zabbix-Private-Subnet-2" - } -} # Create the Route Tables resource "aws_route_table" "public" { @@ -88,16 +67,9 @@ resource "aws_route_table_association" "public-subnet-association-1" { subnet_id = aws_subnet.public-subnet-1.id route_table_id = aws_route_table.public.id } -resource "aws_route_table_association" "public-subnet-association-2" { - subnet_id = aws_subnet.public-subnet-2.id - route_table_id = aws_route_table.public.id -} + # private resource "aws_route_table_association" "private-association-1" { subnet_id = aws_subnet.private-subnet-1.id route_table_id = aws_route_table.private.id } -resource "aws_route_table_association" "private-association-2" { - subnet_id = aws_subnet.private-subnet-2.id - route_table_id = aws_route_table.private.id -}