Network interface duplex does not match across cluster members-bluecoat-sgos

sgos
bluecoat
error
high-availability
Network interface duplex does not match across cluster members-bluecoat-sgos
0

#1

Network interface duplex does not match across cluster members-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Indeni will identify when two devices are part of a cluster and alert if their network interface duplex are different.

Remediation Steps:
Ensure the network interface duplex setting matches across devices in a cluster.

How does this work?
This script logs into the Bluecoat Proxy through SSH and retrieves the output of the “show interface all” command. The output includes the duplex of the network interfaces.

Why is this important?
Capture the interface duplex in human readable format such as full or half. In modern network environments it is very uncommon to see half-duplex interfaces, and that should be an indication for a potential problem.

Without Indeni how would you find this?
It is possible to poll this data through SNMP. If a duplex mismatch is detected on a port syslog messages will be generated.

bluecoat-show-interface-all

#! META
name: bluecoat-show-interface-all
description: Fetch interface information
type: monitoring
monitoring_interval: 15 minute
requires:
    vendor: "bluecoat"
    os.name: "sgos"

#! COMMENTS

network-interface-ipv4-address:
    skip-documentation: true

network-interface-ipv4-subnet:
    skip-documentation: true

network-interface-type:
    skip-documentation: true

network-interface-duplex:
    why: |
       Capture the interface duplex in human readable format such as full or half. In modern network environments it is very uncommon to see half-duplex interfaces, and that should be an indication for a potential problem.
    how: |
       This script logs into the Bluecoat Proxy through SSH and retrieves the output of the "show interface all" command. The output includes the duplex of the network interfaces.
    without-indeni: |
       It is possible to poll this data through SNMP. If a duplex mismatch is detected on a port syslog messages will be generated.
    can-with-snmp: true
    can-with-syslog: true

network-interface-admin-state:
    why: |
        An administrator might set a network interface to be disabled for troubleshooting, but should he he forget about doing this network trunks might be running at reduced capacity.
    how: |
        This script logs into the Bluecoat Proxy through SSH and retrieves the output of the "show interface all" command. The output includes the admin state of the network interfaces.
    without-indeni: |
        An administrator could login to the device through SSH and manually issue the command "show interface all".
    can-with-snmp: true
    can-with-syslog: false

#! REMOTE::SSH
show interface all

#! PARSER::AWK

BEGIN {

    netMaskToCIDR["0.0.0.0"] = 0
    netMaskToCIDR["128.0.0.0"] = 1
    netMaskToCIDR["192.0.0.0"] = 2
    netMaskToCIDR["224.0.0.0"] = 3
    netMaskToCIDR["240.0.0.0"] = 4
    netMaskToCIDR["248.0.0.0"] = 5
    netMaskToCIDR["252.0.0.0"] = 6
    netMaskToCIDR["254.0.0.0"] = 7
    netMaskToCIDR["255.0.0.0"] = 8
    netMaskToCIDR["255.128.0.0"] = 9
    netMaskToCIDR["255.192.0.0"] = 10
    netMaskToCIDR["255.224.0.0"] = 11
    netMaskToCIDR["255.240.0.0"] = 12
    netMaskToCIDR["255.248.0.0"] = 13
    netMaskToCIDR["255.252.0.0"] = 14
    netMaskToCIDR["255.254.0.0"] = 15
    netMaskToCIDR["255.255.0.0"] = 16
    netMaskToCIDR["255.255.128.0"] = 17
    netMaskToCIDR["255.255.192.0"] = 18
    netMaskToCIDR["255.255.224.0"] = 19
    netMaskToCIDR["255.255.240.0"] = 20
    netMaskToCIDR["255.255.248.0"] = 21
    netMaskToCIDR["255.255.252.0"] = 22
    netMaskToCIDR["255.255.254.0"] = 23
    netMaskToCIDR["255.255.255.0"] = 24
    netMaskToCIDR["255.255.255.128"] = 25
    netMaskToCIDR["255.255.255.192"] = 26
    netMaskToCIDR["255.255.255.224"] = 27
    netMaskToCIDR["255.255.255.240"] = 28
    netMaskToCIDR["255.255.255.248"] = 29
    netMaskToCIDR["255.255.255.252"] = 30
    netMaskToCIDR["255.255.255.254"] = 31
    netMaskToCIDR["255.255.255.255"] = 32
}

#  Ethernet interface 0:0
/interface\ [0-9]+:[0-9]+$/ {
    tags["name"] = $NF
}

#    Status:               enabled
/^\s+Status:/ {
    enabled = ($NF == "enabled")
    writeDoubleMetricWithLiveConfig("network-interface-admin-state", tags, "gauge", "900", enabled, "Network Interfaces - Enabled/Disabed", "state", "name")
    next
}

#    Internet address:     192.168.192.10 netmask 255.255.255.0
/^\s+Internet address:\s+[0-9]+\./{

    writeComplexMetricStringWithLiveConfig("network-interface-ipv4-address", tags, $3, "Network Interfaces - IPv4 Address")

    if ($NF in netMaskToCIDR){
        writeComplexMetricString("network-interface-ipv4-subnet", tags, netMaskToCIDR[$NF])
    } else {
        badMask = "Bad Netmask: " $NF
        writeComplexMetricString("network-interface-ipv4-subnet", tags, badMask)
    }

    next
}

#    MTU size:             1500
/^\s+MTU size:/ {
    writeComplexMetricString("network-interface-mtu", tags, $NF)
    next
}

#    Link status:          autosensed to full duplex, virtual network
/^\s+Link status:/ {

    if ($0 ~ / full duplex,/) {
        writeComplexMetricString("network-interface-duplex", tags, "full")
    } else if ($0 ~ /half duplex/) {
        writeComplexMetricString("network-interface-duplex", tags, "half")
    }

    if( $0 ~ /virtual network$/ ){
        writeComplexMetricString("network-interface-type", tags, "virtual")
    }

    next

}

CrossVendorClusterInterfaceDuplexVsx

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}

/**
  *
  */
case class CrossVendorClusterInterfaceDuplexVsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "CrossVendorClusterInterfaceDuplexVsx",
  ruleFriendlyName = "Clustered Devices: Network interface duplex does not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if their network interface duplex are different.",
  metricName = "network-interface-duplex",
  applicableMetricTag = "name",
  descriptionMetricTag = "vs.name",
  metaCondition = DataEquals("vsx", "true"),
  isArray = false,
  alertDescription = "Devices that are part of a cluster must have the same network interface duplex setting. Review the differences below.",
  baseRemediationText = "Ensure the network interface duplex setting matches across devices in a cluster.")()


case class CrossVendorClusterInterfaceDuplexNonVsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "CrossVendorClusterInterfaceDuplexNonVsx",
  ruleFriendlyName = "Clustered Devices: Network interface duplex does not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if their network interface duplex are different.",
  metricName = "network-interface-duplex",
  applicableMetricTag = "name",
  metaCondition = !DataEquals("vsx", "true"),
  isArray = false,
  alertDescription = "Devices that are part of a cluster must have the same network interface duplex setting. Review the differences below.",
  baseRemediationText = "Ensure the network interface duplex setting matches across devices in a cluster.")()