Page 1 of 2
check_ssg_nsrp nagios script
Posted: Tue Apr 10, 2012 1:31 pm
by ekrengel
Hi All,
Not sure if this is the right forum to post, but I am having issues developing a new nagios script to check our Juniper SSG's NSRP status, which is basically their HA feature for an active/active or active/backup scenario. Currently, the script runs fine manually...but when used with Nagios hosts/services, I get a null response in the nagios console. I'm assuming that I don't have the exit codes setup correctly in the script. Can anyone help me troubleshoot?
Running the script manually I get:
Code: Select all
root::biznoc {/usr/local/nagios/libexec}-> ./check_ssg_cluster -H FLOATINGIP
OK: Current master is 2284160
(Primary SSG).
Script itself:
Code: Select all
#!/usr/bin/perl
my $PROGNAME = "check_ssg_cluster.pl";
my $VERSION = '$Revision: 1.0 $';
use strict;
use vars qw($PROGNAME $VERSION %state_names $state);
use Getopt::Long qw(:config no_ignore_case);
use utils qw($TIMEOUT %ERRORS &print_revision &support);
sub help
{
print "Usage: $PROGNAME <options>\n\n";
print "options:\n";
print "\t-H <host> - hostname(you have to define a ScreenOS Device)\n";
print "\t-C <community> - community(default: private)\n";
print "\t-v <snmp-version> - snmp version(default: 1)\n";
print "\t-w <warning> - warning-level(default: Secondary SSG)\n";
print "\t-m <MiB-file> - path to the mib-file(default: /usr/share/snmp/mibs/JUNIPER-NSRP-MIB.txt)\n";
print "\t-h - prints this help-screen\n";
}
# Nagios exit states
our %states = (
OK => 0,
WARNING => 1,
CRITICAL => 2,
UNKNOWN => 3
);
# Nagios state names
%state_names = (
0 => 'OK',
1 => 'WARNING',
2 => 'CRITICAL',
3 => 'UNKNOWN'
);
$state = 'UNKNOWN';
my ($COMMUNITY, $SNMPWALK, $SNMPVERSION, $MIBFILE, $CRITICAL, $IP, $HELP);
GetOptions
(
"h" => \$HELP, "help" => \$HELP,
"C=s" => \$COMMUNITY, "community=s" => \$COMMUNITY,
"v=i" => \$SNMPVERSION, "snmpversion=i" => \$SNMPVERSION,
"c=s" => \$CRITICAL, "crit=i" => \$CRITICAL,
"H=s" => \$IP, "host=s" => \$IP,
"m=s" => \$MIBFILE, "mib=s" => \$MIBFILE
) or exit $states{$state};
if( defined $HELP)
{
help();
exit $states{$state};
}
unless(defined $IP)
{
print "no host defined!\n";
exit $states{$state};
}
$COMMUNITY = "public" if not defined $COMMUNITY;
$SNMPWALK = "/usr/bin/snmpwalk" if not defined $SNMPWALK;
$SNMPVERSION = 1 if not defined $SNMPVERSION;
$MIBFILE = "/usr/share/snmp/mibs/JUNIPER-NSRP-MIB.txt" if not defined $MIBFILE;
my $PRIMARY_SSG = 2284160;
my $SECONDARY_SSG = 2285824;
my $WARNING = 2285824;
unless(-e $SNMPWALK)
{
print "snmpwalk is not installed!\n";
exit $states{$state};
}
unless(-e $MIBFILE)
{
print "mib-file does not exist!\n";
exit $states{$state};
}
my $master_cluster = `$SNMPWALK -c $COMMUNITY -v $SNMPVERSION -m $MIBFILE $IP netscreenNsrpGeneral.nsrpGeneralLocalUnitId.0 | awk '{print \$4}'`;
if($WARNING == $master_cluster)
{
print "WARNING: Current Master is $master_cluster (Secondary SSG); failover has occurred…\n";
$state = 'WARNING';
exit $states{$state};
}
elsif($PRIMARY_SSG == $master_cluster)
{
print "OK: Current master is $master_cluster (Primary SSG).\n";
$state = 'OK';
exit $states{$state};
}
else
{
print "UNKNOWN: The current HA status is unknown.\n";
$state = 'UNKNOWN';
exit $states{$state};
}
Re: check_ssg_nsrp nagios script
Posted: Tue Apr 10, 2012 6:56 pm
by jsmurphy
I've only just glanced over it but I think your problem may be:
Code: Select all
our %states = (
OK => 0,
WARNING => 1,
CRITICAL => 2,
UNKNOWN => 3
);
should be:
Code: Select all
our %states = (
'OK' => 0,
'WARNING' => 1,
'CRITICAL' => 2,
'UNKNOWN' => 3
);
Re: check_ssg_nsrp nagios script
Posted: Tue Apr 10, 2012 7:49 pm
by ekrengel
Thanks. I just made that change but still a no go with the "null" status.
Re: check_ssg_nsrp nagios script
Posted: Wed Apr 11, 2012 9:44 pm
by jsmurphy
I might have a play with this script proper tomorrow or early next week as we run some Juniper stuff and could probably make some good use of it and I'll let you know what I find. I didn't really get to do more than quickly glance at it the other day
Re: check_ssg_nsrp nagios script
Posted: Wed Apr 11, 2012 10:04 pm
by ekrengel
Ok thanks! I was just manipulating another juniper script I had, but there might be an easier way to make this work. Let me know if you have any other useful scripts for juniper that you know of. Currently we only monitor the CPU usage, sessions and ping.
And you'd have to change the values of your unit ID's of course too. You can get those with the snmpwalk command in the script.
Re: check_ssg_nsrp nagios script
Posted: Wed Apr 18, 2012 8:40 am
by ekrengel
Did you get a chance to play around with this yet?
Re: check_ssg_nsrp nagios script
Posted: Wed Apr 18, 2012 7:14 pm
by jsmurphy
Unfortunately the day after I said that I fell ill, I actually just copied it onto the server earlier this morning so I'm going to have a go of it today
Update: So turns out our Netsec boys have since removed all our NS stuff and it's all JunOS now apparently, that said I had a better look at the script and did a little bit of proof of concept testing (and made sure it was exiting correctly)... the below might work for you... I haven't changed much and it seems to be working as best I can tell. You might want to consider using the perl SNMP libraries and using the static OID so the mib file isn't necessary if you want to put this up on Nagios exchange
:
Code: Select all
#!/usr/bin/perl
my $PROGNAME = "check_ssg_cluster.pl";
my $VERSION = '$Revision: 1.0 $';
use strict;
use warnings;
use vars qw($PROGNAME $VERSION %state_names $state);
use Getopt::Long qw(:config no_ignore_case);
use utils qw($TIMEOUT %ERRORS &print_revision &support);
sub help
{
print "Usage: $PROGNAME <options>\n\n";
print "options:\n";
print "\t-H <host> - hostname(you have to define a ScreenOS Device)\n";
print "\t-C <community> - community(default: private)\n";
print "\t-v <snmp-version> - snmp version(default: 1)\n";
print "\t-w <warning> - warning-level(default: Secondary SSG)\n";
print "\t-m <MiB-file> - path to the mib-file(default: /usr/share/snmp/mibs/JUNIPER-NSRP-MIB.txt)\n";
print "\t-h - prints this help-screen\n";
}
# Nagios exit states
my %states = (
'OK' => 0,
'WARNING' => 1,
'CRITICAL' => 2,
'UNKNOWN' => 3
);
$state = 'UNKNOWN';
my ($COMMUNITY, $SNMPWALK, $SNMPVERSION, $MIBFILE, $CRITICAL, $IP, $HELP);
GetOptions
(
"h" => \$HELP, "help" => \$HELP,
"C=s" => \$COMMUNITY, "community=s" => \$COMMUNITY,
"v=i" => \$SNMPVERSION, "snmpversion=i" => \$SNMPVERSION,
"c=s" => \$CRITICAL, "crit=i" => \$CRITICAL,
"H=s" => \$IP, "host=s" => \$IP,
"m=s" => \$MIBFILE, "mib=s" => \$MIBFILE
) or exit $states{$state};
if( defined $HELP)
{
help();
print "Exit state: " . $states{$state} . "\n";
exit $states{$state};
}
unless(defined $IP)
{
print "no host defined!\n";
exit $states{$state};
}
$COMMUNITY = "public" if not defined $COMMUNITY;
$SNMPWALK = "/usr/bin/snmpwalk" if not defined $SNMPWALK;
$SNMPVERSION = 1 if not defined $SNMPVERSION;
$MIBFILE = "/usr/share/snmp/mibs/JUNIPER-NSRP-MIB.txt" if not defined $MIBFILE;
my $PRIMARY_SSG = 2284160;
my $SECONDARY_SSG = 2285824;
unless(-e $SNMPWALK)
{
print "snmpwalk is not installed!\n";
exit $states{$state};
}
unless(-e $MIBFILE)
{
print "mib-file does not exist!\n";
exit $states{$state};
}
my $master_cluster = `$SNMPWALK -c $COMMUNITY -v $SNMPVERSION -m $MIBFILE $IP netscreenNsrpGeneral.nsrpGeneralLocalUnitId.0 | awk '{print \$4}'`;
if($SECONDARY_SSG == $master_cluster)
{
print "WARNING: Current Master is $master_cluster (Secondary SSG); failover has occurred…\n";
$state = 'WARNING';
exit $states{$state};
}
elsif($PRIMARY_SSG == $master_cluster)
{
print "OK: Current master is $master_cluster (Primary SSG).\n";
$state = 'OK';
exit $states{$state};
}
else
{
print "UNKNOWN: The current HA status is unknown.\n";
$state = 'UNKNOWN';
exit $states{$state};
}
Re: check_ssg_nsrp nagios script
Posted: Mon Apr 23, 2012 10:19 am
by ekrengel
Still not working for me, but thanks for help. I'll keep playing around with it.
Re: check_ssg_nsrp nagios script
Posted: Mon Apr 23, 2012 3:59 pm
by agriffin
Do you have embedded perl enabled? If so, try disabling it and see if that helps.
Re: check_ssg_nsrp nagios script
Posted: Mon Apr 23, 2012 5:12 pm
by ekrengel
It is enabled...but if I disabled it, will it effect other scripts with nagios that are written in perl?