Cisco ASA 5550 VPN tunnels

[benningtonr]

I want to see if there is a way to monitor the vpn tunnels on my asa, and also if there is a way to monitor BGP neighbors on my border router

[scottwilkerson]

VPN tunnel
The exact OID is going to depend on you exact piece of equipment but you should be able to do it using the SNMP wizard and the basic outline of information outlined in this blog post
http://www.appliedtrust.com/blog/2009/0 ... -cisco-asa

BGP
http://exchange.nagios.org/index.php?op ... chword=bgp

[benningtonr]

I think i have them working, i have all green for my tunnels, but I am unsure what exactly is being measured to send an alert.

[benningtonr]

I have the tunnels working, i think.

I have followed the instructions here: http://www.linuxscrew.com/2012/04/05/na ... check_bgp/

This is working at the cli, i need to integrate it to a service now, the direction:
Nagios’ commands.cfg config file and add there the following lines:

define command{
command_name check_cisco_bgp
command_line $USER1$/check_bgp.pl -H $HOSTADDRESS$ -C $ARG1$ -p $ARG2$
}
Then add these lines to services.cfg:

define service {
use generic-service
service_description BGP_KPN
host_name cisco-router-1
check_command check_cisco_bgp!myCommunity!192.168.10.1
}

Are for a different version of Nagios.

Can one of you please explain how that translates to building a service to monitor?

Thank you again for all the help.

[benningtonr]

I am having trouble filling in the yellow areas.

[scottwilkerson]

Config Name
Service Desc.
Display name

These are all you choice to describe the item.

As for the others, according to the help file
$ARG1$ = your SNMP community string on the ASA
$ARG2$ = IP of BGP Peer

Usage:
check_bgp.pl -H -C -p
check_bgp.pl --help
check_bgp.pl --version

-H (--hostname) Hostname to query - (required)
-C (--community) SNMP read community or v3 auth (defaults to public)

(v3 specified as username:authpassword:... )
username = SNMPv3 security name
authpassword = SNMPv3 authentication pass phrase (or hexidecimal key)
authprotocol = SNMPv3 authentication protocol (md5 (default) or sha)
privpassword = SNMPv3 privacy pass phrase (or hexidecmal key)
privprotocol = SNMPv3 privacy protocol (des (default) or aes)

-v (--snmp_version) 1 for SNMP v1

2 for SNMP v2c (default)
3 for SNMP v3

-p {--peer} IP of BGP Peer
-V (--version) Plugin version
-h (--help) usage help

[benningtonr]

ok, i am getting NULL for a response.

Here are my configs, what am i missing

[scottwilkerson]

Just to verify what do you get when you run the following from the command line

Code: Select all

cd /usr/local/nagios/libexec
./check_bgp.pl -H <ROUTER_ADDRESS> -C myCommunity -p 192.168.10.1

Also, please return the output of the following

Code: Select all

ls -l /usr/local/nagios/libexec/check_bgp.pl

[benningtonr]

[root@nagios libexec]# ./check_bgp.pl -H 192.168.98.6 -C community -p 38.104.236.9
OK - 38.104.236.9 (AS174) state is established(6). Established for 10d11h33m1s. Last error "Hold Timer Expired".
[root@nagios libexec]#
[root@nagios libexec]# ls -l /usr/local/nagios/libexec/check_bgp.pl
-rwxr-xr-x 1 root root 8391 Aug 10 09:41 /usr/local/nagios/libexec/check_bgp.pl
[root@nagios libexec]#

[scottwilkerson]

Do you have a host selected in the service you setup?