Send ping results from Fortigate to Nagios

[SimpleNiko]

Hello everybody,
I'm new to Nagios and could use some help.
I have a Nagios server that monitors my ON-PREM environment.
It also monitors my Fortigate appliance and checks for downed VPN's using check_fortigate.pl plugin.
The thing is, it's not ideal to me since it's shows me all the VPN's as one service.
I would like to create a host for each VPN endpoint in order to monitor each VPN separately.
I don't have ICMP access from my Nagios server to each VPN endpoint but the Fortigate server does.
I'm looking for a way for the Nagios server to "Ask" the Fortigate server to ping each endpoint, and then send the results back to the Nagios server.
Is this possible?

Thank you in advance.

[Box293]

Yes, assuming the Fortigate server allows you to install an agent on it. You can then install NCPA on the server and issue check requests to it which in turn will do the ping checks and all the other things.

You could also use a worker like Mod-Gearman on the remote server which will request the Nagios server for checks to execute at that end.

Both solutions are similar but require different configurations and scale differently.

If you cannot install an agent on it then another solution is to use the check_by_ssh plugin to proxy checks through the server. Similar method to the NCPA idea.

Which one appeals to you the most, we can then give you more useful information?

[SimpleNiko]

Yes, assuming the Fortigate server allows you to install an agent on it. You can then install NCPA on the server and issue check requests to it which in turn will do the ping checks and all the other things.

You could also use a worker like Mod-Gearman on the remote server which will request the Nagios server for checks to execute at that end.

Both solutions are similar but require different configurations and scale differently.

If you cannot install an agent on it then another solution is to use the check_by_ssh plugin to proxy checks through the server. Similar method to the NCPA idea.

Which one appeals to you the most, we can then give you more useful information?

Hi Box293, thank you so much for your quick response.
Honestly, I'm really new to Nagios and I'm pretty much stepping into the former Sys Admin shoes here.
From my understanding, all linux based server which are monitored by our Nagios core server are monitored via check_by_SSH and password less SSH connection.
I think installing an agent would be problematic since the Fortigate appliance is managed by a 3rd party company our our client.

[SimpleNiko]

Hi Box293, Thank you so much for the quick response.
I'm quite new to Nagios and filling the black space created by our senior Sys admin that quit his job, but as far as I understand, all Linux based servers are monitored by password less SSH. I'm guessing check_by_SSH would be the way to go.

[Box293]

From your Nagios server you would ssh to the fortigate machine and do a check with a simple test:

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -H remoteip -C uptime

However to check pings on the remote system of other remote systems you'll need the nagios plugins installed on the fortigate device. Then use the check_icmp plugin:

Code: Select all

/usr/local/nagios/libexec/check_icmp -H remoteip_2 -w 3000.0,80% -c 5000.0,100% -p 5

So that would be something like:

/usr/local/nagios/libexec/check_by_ssh -H remoteip -C /usr/local/nagios/libexec/check_icmp -H remoteip_2 -w 3000.0,80% -c 5000.0,100% -p 5

Does this make sense?

[SimpleNiko]

Dear Box293,
This made perfect sense.
Your help is much appreciated!

[scottwilkerson]

Dear Box293,
This made perfect sense.
Your help is much appreciated!

Great!

Locking thread