Monitoring IPS/IPS devices.

[jsalsbury]

Good afternoon
I was wondering if anyone out there has figured out a way to monitor devices such as IDS or IPS devices with something other than ping checks? And so what kinda data are you getting back from them? I have my network team asking.

[Box293]

Generally these devices will need to have SNMP enabled and a custom plugin is used to query the device.

Although SNMP is not always the case, it may be an appliance that runs on windows and there is a plugin that communicates with the backend to perform queries.

Without knowing the actual brand name and model of the device it is hard to provide any specific information.

At the end of the day all nagios cares about is an exit code and some human friendly text. If you can communicate with a device over the network and query it for information then you can easily write a plugin to test what is "OK".

[jsalsbury]

Thanks very much for replying. We are looking at Firepower and Corelight IPS IDS. Does this help at all?

[Box293]

I searched for those on the Nagios Exchange and unfortunately they did not yield any results.

Which means you will have to write your own plugin, which isn't as hard as it sounds. Simply find one that does a similar job and make it do what you want.