The following sample script describes how to monitor Cisco IPsec Phase-1 IKE Site-to-Site Tunnel status. The monitor observes the tunnels that are provided while assigning a template.

The following sections describe the different components of the sample script.

Apply script on each device individually and not through device management policy.

Importing libraries

Import all libraries in this section based on your requirement. The required import libraries are:

  • import groovy.transform.CompileStatic
  • import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import groovy.transform.CompileStatic;
import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI;

Defining a user-defined class

The user-defined class enables you to declare and initialize global variables.

Use the same metric name on the Setup > Monitoring > Monitors > Create a Monitor screen and in the script.

class CiscoIpSecTunnelStatus {
	private static final String VPN_TUNNEL_STATUS = (String) "cisco.vpn.ike.tunnel.status";
	private static final String VPN_REMOTE_PEER_IDENTITY = (String) "cisco.vpn.remote.peer.identity";
	private static final String VPN_REMOTE_PEER_NAME = (String) "cisco.vpn.name";
	
	private static final String VPN_DOWN_STATUS = (String) "2";
	private static final String VPN_UP_STATUS = (String) "1";
	
	private static final String EMPTY_STRING = (String) "";

	private static final String VPN_TUNNEL_REMOTE_PEER_TABLE = (String) "1.3.6.1.4.1.9.9.171.1.2.3.1.7";

Implementing the business logic

Implement business logic using the following required function:
void execute(SnmpExtendedAPI api) throws Exception {

Do not change the method signature.

void execute(SnmpExtendedAPI api) throws Exception {

Parsing user-defined input

Parse user-defined input using the following API methods depending on the component or monitor level scope:

  • api.getComponentScopeMap();
  • api.getComponentScopeMap(index);
  • api.getMonitorScopeValue(key);
Parsing Using User-Defined Input

Parsing Using User-Defined Input

List<HashMap<String, String>> compList = (List<HashMap<String, String>>) api.getComponentScopeMap();
	if (compList == null || compList.size() <= 0)
			return;
	for (int i = 0; i <= compList.size() - 1; i++)
	
	{
		HashMap<String, String> compMap = (HashMap<String, String>) compList.get(i);
		if (compMap != null && compMap.size() > 0) 
		{
			String compRemoteIp = (String) compMap.get(VPN_REMOTE_PEER_IDENTITY);
				String compName = (String) compMap.get(VPN_REMOTE_PEER_NAME);
				if (compName == null || EMPTY_STRING.equals(compName) || compRemoteIp == null || EMPTY_STRING.equals(compRemoteIp))
				{
					continue;
				}
				reqVpnEntries.put(compRemoteIp, compName);
		}
	}

Querying SNMP OIDs

Query SNMP OIDs using one of the following API methods based on your requirement:

  • api.getSnmpRequest(String sOid);
  • api.getSnmpRequest(String[] sOids);
  • api.getSnmpRequest(String sOid, String format);
  • api.getSnmpTable(String sOid);
  • api.getSnmpTable(String sOid, String format);
HashMap<String, String> resultant = (HashMap<String, String>) api.getSnmpTable(VPN_TUNNEL_REMOTE_PEER_TABLE);

Processing the SNMP OID results

Use one of the following API methods to store or delete previous poll values in the cache:

  • api.getPersistantValue(uuid);
  • api.deletePersistantValue(String uuid);

Use the following API methods to get device details into the script

  • api.getResourceIp();
  • api.getResourceName();
  • api.getResourceUuid();

Use the following API methods based on user requirement:

  • api.getBigDecimalMetricValue(String instance, String metric);
  • api.getInstanceNames();
  • api.getMetrics(String instance);
  • api.getStringMetricValue(String instance, String metric);
if (resultant != null)
{
	for (String peerVariable : resultant.values()) 
	{
		if (peerVariable != null && !peerVariable.isEmpty()) 
		{
			currentPeers.add(peerVariable);
		}
	}
}

Adding output metric values

Add output metric values in a standard JSON format using the following API methods based on your requirement:

  • api.addOutputMetric(HashMap<String, HashMap<String, String» metricResultMap);
  • api.addOutputMetric(String compName, HashMap<String, String> metricResultMap);
  • api.addOutputMetric(String metric, String value);
  • api.addOutputMetric(String metric, String instance, String value);
  • api.addOutputMetric(String metric, String instance, int value);
  • api.addOutputMetric(String metric, String instance, long value);
  • api.addOutputMetric(String metric, String instance, double value);
  • api.addOutputMetric(String metric, String instance, float value);
for (String reqVpnIP : reqVpnEntries.keySet())
{
	if (currentPeers.contains(reqVpnIP))
	{
		HashMap<String, String> temp = new HashMap<>();
		temp.put(VPN_TUNNEL_STATUS, VPN_UP_STATUS); // Here: 1=>OK and
		// 2=>Critical
				temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
				api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
			
	} 
	else
	{
		HashMap<String, String> temp = new HashMap<>();
		temp.put(VPN_TUNNEL_STATUS, VPN_DOWN_STATUS); // Here: 1=>OK andG
														// 2=>Critical
		temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
		api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
	}
}

Original sample script

import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import groovy.transform.CompileStatic;
import com.vistara.gateway.plugin.snmp.monitor.SnmpExtendedAPI;

class CiscoIpSecTunnelStatus {
	private static final String VPN_TUNNEL_STATUS = (String) "cisco.vpn.ike.tunnel.status";
	private static final String VPN_REMOTE_PEER_IDENTITY = (String) "cisco.vpn.remote.peer.identity";
	private static final String VPN_REMOTE_PEER_NAME = (String) "cisco.vpn.name";
	
	private static final String VPN_DOWN_STATUS = (String) "2";
	private static final String VPN_UP_STATUS = (String) "1";
	
	private static final String EMPTY_STRING = (String) "";

	private static final String VPN_TUNNEL_REMOTE_PEER_TABLE = (String) "1.3.6.1.4.1.9.9.171.1.2.3.1.7";

	@CompileStatic
	void execute(SnmpExtendedAPI api) throws Exception {

		HashSet<String> currentPeers = new HashSet<>();
		HashMap<String, String> reqVpnEntries = new HashMap<>();

		/*
		 * Step 1: Fetching user given component inputs using API Call and
		 * prepares reqVpnEntries hash with VPN_REMOTE_PEER_IP as key and
		 * VPN_REMOTE_PEER_NAME as value
		 * 
		 */

		List<HashMap<String, String>> compList = (List<HashMap<String, String>>) api.getComponentScopeMap();
		if (compList == null || compList.size() <= 0)
			return;

		for (int i = 0; i <= compList.size() - 1; i++) {
			HashMap<String, String> compMap = (HashMap<String, String>) compList.get(i);
			if (compMap != null && compMap.size() > 0) {
				String compRemoteIp = (String) compMap.get(VPN_REMOTE_PEER_IDENTITY);
				String compName = (String) compMap.get(VPN_REMOTE_PEER_NAME);
				if (compName == null || EMPTY_STRING.equals(compName) || compRemoteIp == null || EMPTY_STRING.equals(compRemoteIp)){
					continue;
				}
				reqVpnEntries.put(compRemoteIp, compName);
			}
		}

		/*
		 * Step 2: SNMPWALK for IKE Remote Peer IP table and prepares
		 * currentPeers hashset
		 * 
		 */

		HashMap<String, String> resultant = (HashMap<String, String>) api.getSnmpTable(VPN_TUNNEL_REMOTE_PEER_TABLE);

		
		if (resultant != null){
			for (String peerVariable : resultant.values()) {
				if (peerVariable != null && !peerVariable.isEmpty()) {
					currentPeers.add(peerVariable);
				}
			}
		}

		for (String reqVpnIP : reqVpnEntries.keySet()) {
			if (currentPeers.contains(reqVpnIP)) {
				HashMap<String, String> temp = new HashMap<>();
				temp.put(VPN_TUNNEL_STATUS, VPN_UP_STATUS); // Here: 1=>OK and
													// 2=>Critical
				temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
				api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
			} else {
				HashMap<String, String> temp = new HashMap<>();
				temp.put(VPN_TUNNEL_STATUS, VPN_DOWN_STATUS); // Here: 1=>OK andG
													// 2=>Critical
				temp.put(VPN_REMOTE_PEER_IDENTITY, reqVpnIP);
				api.addOutputMetric(reqVpnEntries.get(reqVpnIP), temp);
			}
		}
	}
}