VPN tunnel monitoring died

[kmartin2007]

We have nagios core 4.4.5 running on CentOS 7 (core)

We monitor ~75 vpn tunnels we have connected to our clients and all of the sudden a huge chunk just stopped working with the error


CRITICAL! VPN peer X.X.X.X unavailable.
this is the command we use
define service{
use vpn-service
host_name DALASA01_Primary
service_description ARL_To_VW
check_command check_tunnel!X.X.X.X
}


However we have about 5 tunnels that are showing okay. and its the SAME command just different IP
Avera
Perform Extra Service Actions
OK 02-17-2020 12:51:48 23d 23h 25m 24s 1/3 OK! VPN peer X.X.X.X available.

define service{
use vpn-service
host_name DALASA01_Primary
service_description Avera
check_command check_tunnel!198.179.214.5
}

We inherited this box from the previous IT person and we have not made any changes to the vpn tunnel cfg file


I can ping the IP's that are showing down and they do respond back, our ASA shows them to be connected. Im at a loss here, any help would be appreciated

[Box293]

Can you please post your command definition for check_tunnel

[kmartin2007]

define command{
command_name check_tunnel
command_line $USER1$/check_asa_vpn.pl -H 10.10.15.5 -C oz -P $ARG1$

[kmartin2007]

found it


define command{
command_name check_tunnel
command_line $USER1$/check_asa_vpn.pl -H 10.10.15.5 -C oz -P $ARG1$

[Box293]

On your nagios server can you execute the following command as the nagios user:

Code: Select all

/usr/local/nagios/libexec/check_asa_vpn.pl -H 10.10.15.5 -C oz -P 198.179.214.5

FYI
$USER1$ = /usr/local/nagios/libexec but may be different in your environment (it's defined in resources.cfg)

[kmartin2007]

it shows up as okay.


we may have found the issue. It may be with the ASA, opened up the code of the check_asa command, and ran the snmp walk against the asa and it is only spitting out 9 active 'OK' tunnels.

[Box293]

Let us know how you go and if you need more help.