[network::fortinet::fortigate::snmp::plugin]: mode interfaces return impossible traffic values #5708
Description
Quick description
Metric for traffic on the fortigate plugin returns value that are on a wrong scale (Tb/s instead of Mb/s)
How to reproduce
the issue is variable and does not appear everytime, it usually disappears when running the check in command line so debugging hard
- Environment:
Linux 4.18.0-553.66.1.el8_10.x86_64 Support of connecting via Unix-socket for MySQL checks #1 SMP Wed Aug 6 13:33:37 EDT 2025 x86_64 x86_64 x86_64 GNU/Linux
AlmaLinux release 8.10 (Cerulean Leopard) - Version of the plugin: centreon-plugin-Network-Firewalls-Fortinet-Fortigate-Snmp-20250700-1.el8.noarch
- Information about the monitored resource:
- fortigate 7.4.6 (also 7.4.4, occurs on multiple equipements)
- Command line:
/usr/lib/centreon/plugins/centreon_fortinet_fortigate.pl --plugin=network::fortinet::fortigate::snmp::plugin --mode=interfaces --hostname=x --snmp-version='2c' --snmp-community='x' --interface='^LAN$' --name --add-status --add-traffic --critical-status='%{admstatus} eq "up" and %{opstatus} ne "up"' --warning-in-traffic='' --critical-in-traffic='' --warning-out-traffic='' --critical-out-traffic='' --verbose --debug
here is 2 outputs
OK: Interface 'LAN' Status : up (admin: up), Traffic In : 975.98Gb/s (4879.91%), Traffic Out : 819.85Kb/s (0.00%) | 'traffic_in'=975981983317.91b/s;;;0;20000000000 'traffic_out'=819845.77b/s;;;0;20000000000
.1.3.6.1.2.1.2.2.1.5.45 = 4294967295
.1.3.6.1.2.1.2.2.1.7.45 = 1
.1.3.6.1.2.1.2.2.1.8.45 = 1
.1.3.6.1.2.1.2.2.1.10.45 = 4013101544
.1.3.6.1.2.1.2.2.1.16.45 = 11375360
.1.3.6.1.2.1.31.1.1.1.6.45 = 13541750018536
.1.3.6.1.2.1.31.1.1.1.10.45 = 11375360
.1.3.6.1.2.1.31.1.1.1.15.45 = 20000
Interface 'LAN' Status : up (admin: up), Traffic In : 975.98Gb/s (4879.91%), Traffic Out : 819.85Kb/s (0.00%)
OK: Interface 'LAN' Status : up (admin: up), Traffic In : 1.75Tb/s (8736.72%), Traffic Out : 1.47Mb/s (0.01%) | 'traffic_in'=1747344042106.32b/s;;;0;20000000000 'traffic_out'=1468052.65b/s;;;0;20000000000
.1.3.6.1.2.1.2.2.1.5.45 = 4294967295
.1.3.6.1.2.1.2.2.1.7.45 = 1
.1.3.6.1.2.1.2.2.1.8.45 = 1
.1.3.6.1.2.1.2.2.1.10.45 = 4179409332
.1.3.6.1.2.1.2.2.1.16.45 = 11377408
.1.3.6.1.2.1.31.1.1.1.6.45 = 13541916326324
.1.3.6.1.2.1.31.1.1.1.10.45 = 11377408
.1.3.6.1.2.1.31.1.1.1.15.45 = 20000
Interface 'LAN' Status : up (admin: up), Traffic In : 1.75Tb/s (8736.72%), Traffic Out : 1.47Mb/s (0.01%)
they were run a few seconds apart, there were 166307788 bytes difference on the traffic-in OID which is about 158MB or 1268Mbit. I don't have the exact delay between the 2 checks, but I would say about 15sec.
but the perfdata reported is 1.75Tb/s (the physical nic is a 2x10Gbps, which is the 20000 )
the issue is completely random on any fortinet traffic check, here is a graph, unreadable now because the "correct" value between 0 and 1Gbps are squashed by Terabits values
One thing to note, this seems to be happening since a few month, it is not a recent issue but no one reported it to me... I checked and I could see the issue appearing as far as 2025-02-28
I don't see the issue on any other interface traffic check, I don't understand (as the mode looks like basic snmp interface)
it could coincide with major OS update for FortiOS, and I was thinking maybe fortios reported wrong data, but apparently the counter are consistent with what we see on the FW UI, that debug value above was "real" traffic
I don't really understand how the calculation is done
also I tried purging all cachefile in case there was something wrong, the issue disappear for a time then things go back to enormous values