Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Unable to monitor Cisco switch/ router interface status

https://support.nagios.com/forum/viewtopic.php?t=54658

Page 1 of 1

Unable to monitor Cisco switch/ router interface status

Posted: Wed Jul 10, 2019 1:46 am
by lalitam
Hi Team,

Am trying to set up monitoring on all our Cisco interfaces so that, I get notified of Status being UP/DOWN, if SFP is faulty or disconnected for some reason and so on. I manage to get bandwidth alerts on my devices but staus wont work.

I managed to get SNMP walk for the host interface am trying to monitor:

I am pretty new to Nagios and trying to make sense of this output, am I missing any parameter, also have installed the plugin "check_snmp_netint.pl" to Nagios but unable to run any check_snmp_netint commands from the shell.

*******************************************SNMPWALK**********************************************************

[xlalitam@ns01ngmonp01 ~]$ snmpwalk -v 3 -u XXXXXXX -l authPriv -a sha -A YYYYYYY -X YYYYYYYYY -H A.B.C.D

Configuration directives understood:
In snmpwalk.conf and snmpwalk.local.conf:
includeRequested (1|yes|true|0|no|false)
excludeRequested (1|yes|true|0|no|false)
printStatistics (1|yes|true|0|no|false)
dontCheckOrdering (1|yes|true|0|no|false)
timeResults (1|yes|true|0|no|false)
timeResultsSingle (1|yes|true|0|no|false)
In snmp.conf and snmp.local.conf:
extraX509SubDir string
x509CRLFile string
tlsAlgorithms string
localCert string
peerCert string
alias NAME TRANSPORT_DEFINITION
doDebugging (1|0)
debugTokens token[,token...]
logTimestamp (1|yes|true|0|no|false)
logOption string
mibdirs [mib-dirs|+mib-dirs|-mib-dirs]
mibs [mib-tokens|+mib-tokens]
mibfile mibfile-to-read
showMibErrors (1|yes|true|0|no|false)
commentToEOL (1|yes|true|0|no|false)
strictCommentTerm (1|yes|true|0|no|false)
mibAllowUnderline (1|yes|true|0|no|false)
mibWarningLevel integerValue
mibReplaceWithLatest (1|yes|true|0|no|false)
printNumericEnums (1|yes|true|0|no|false)
printNumericOids (1|yes|true|0|no|false)
escapeQuotes (1|yes|true|0|no|false)
dontBreakdownOids (1|yes|true|0|no|false)
quickPrinting (1|yes|true|0|no|false)
numericTimeticks (1|yes|true|0|no|false)
oidOutputFormat integerValue
suffixPrinting integerValue
extendedIndex (1|yes|true|0|no|false)
printHexText (1|yes|true|0|no|false)
printValueOnly (1|yes|true|0|no|false)
dontPrintUnits (1|yes|true|0|no|false)
hexOutputLength integerValue
dumpPacket (1|yes|true|0|no|false)
reverseEncodeBER (1|yes|true|0|no|false)
defaultPort integerValue
defCommunity string
noTokenWarnings (1|yes|true|0|no|false)
noRangeCheck (1|yes|true|0|no|false)
persistentDir string
tempFilePattern string
noDisplayHint (1|yes|true|0|no|false)
16bitIDs (1|yes|true|0|no|false)
clientaddr string
clientaddrUsesPort (1|yes|true|0|no|false)
serverSendBuf integerValue
serverRecvBuf integerValue
clientSendBuf integerValue
clientRecvBuf integerValue
noPersistentLoad (1|yes|true|0|no|false)
noPersistentSave (1|yes|true|0|no|false)
noContextEngineIDDiscovery (1|yes|true|0|no|false)
timeout integerValue
retries integerValue
defDomain application domain
defTarget application domain target
dontLoadHostConfig (1|yes|true|0|no|false)
defSecurityModel string
tsmUseTransportPrefix (1|yes|true|0|no|false)
defAuthType MD5|SHA
defPrivType DES|AES
defSecurityName string
defContext string
defPassphrase string
defAuthPassphrase string
defPrivPassphrase string
defAuthMasterKey string
defPrivMasterKey string
defAuthLocalizedKey string
defPrivLocalizedKey string
defVersion 1|2c|3
defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
trustCert trustCert FINGERPRINT|FILENAME
In snmpapp.conf and snmpapp.local.conf:
defDomain application domain
defTarget application domain target
engineID string
engineIDType num
engineIDNic string


Please do let me know, if at all any other data is required.

Kind Regards
LM

Re: Unable to monitor Cisco switch/ router interface status

Posted: Wed Jul 10, 2019 4:36 pm
by cdienger
What is the output when you try to run check_snmp_netint or check_snmp_int?

The snmpwalk output provided is seen when the syntax is off. Try 'snmpwalk -v3 -u XXXXXXX -l authPriv -a sha -A YYYYYYY -X YYYYYYYYY A.B.C.D' and see if that gives you better results.

Re: Unable to monitor Cisco switch/ router interface status

Posted: Wed Jul 10, 2019 5:54 pm
by lalitam
Using the below Syntax, I got the following result:

snmpwalk: Authentication failure (incorrect password, community or key)


To be able to run: "check_snmp_netint or check_snmp_int", how will I be able to enter global config mode as we call in Cisco platform, not much inti Nagios. Currently on my screen, it wont allow me to run these commands

[xlalitam@ns01ngmonp01 ~]$ check_snmp_netint
-bash: check_snmp_netint: command not found

Kind Regards
Lalita

Re: Unable to monitor Cisco switch/ router interface status

Posted: Thu Jul 11, 2019 3:32 pm
by cdienger
The incorrect password was given that time. You may need to pass it "-x" as well:

Code: Select all

snmpwalk -v3 -u XXXXXXX -l authPriv -a sha -A YYYYYYY -X YYYYYYYYY -x DES A.B.C.D
snmpwalk -v3 -u XXXXXXX -l authPriv -a sha -A YYYYYYY -X YYYYYYYYY -x AES A.B.C.D
For the plugins, you must be in the proper directory to run them. Try this:

Code: Select all

cd /usr/local/nagios/libexec/
./check_snmp_int
check_snmp_netint should also be copied to that directory and made executable before you can run it:

Code: Select all

cp check_snmp_netint /usr/local/nagios/libexec/
chmod 775 /usr/local/nagios/libexec/check_snmp_netint 
chown apache:nagios /usr/local/nagios/libexec/check_snmp_netint

Re: Unable to monitor Cisco switch/ router interface status

Posted: Thu Jul 11, 2019 6:22 pm
by lalitam
[root@ns01ngmonp01 ~]# chmod 775 /usr/local/nagios/libexec/check_snmp_netint
chmod: cannot access ‘/usr/local/nagios/libexec/check_snmp_netint’: No such file or directory
[root@ns01ngmonp01 ~]# chmod 775 /usr/local/nagios/libexec/check_snmp_netint
chmod: cannot access ‘/usr/local/nagios/libexec/check_snmp_netint’: No such file or directory
[root@ns01ngmonp01 ~]# chown apache:nagios /usr/local/nagios/libexec/check_snmp_netint
chown: cannot access ‘/usr/local/nagios/libexec/check_snmp_netint’: No such file or directory


[root@ns01ngmonp01 ~]# cd /usr/local/nagios/libexec/
[root@ns01ngmonp01 libexec]# ./check_snmp_int
-bash: ./check_snmp_int: No such file or directory

I am getting an error, saying no such directory.

Re: Unable to monitor Cisco switch/ router interface status

Posted: Fri Jul 12, 2019 3:42 pm
by ssax
Try this instead:

Code: Select all

cd /usr/local/nagios/libexec/
./check_snmp_int.pl

Code: Select all

cp check_snmp_netint.pl /usr/local/nagios/libexec/
chmod 775 /usr/local/nagios/libexec/check_snmp_netint.pl
chown apache:nagios /usr/local/nagios/libexec/check_snmp_netint.pl
Or you can run it directly like this:

Code: Select all

/usr/local/nagios/libexec/check_snmp_netint.pl -h
But this file needs to exist:

Code: Select all

/usr/local/nagios/libexec/check_snmp_netint.pl
See here as well:

https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Re: Unable to monitor Cisco switch/ router interface status

Posted: Sat Jul 13, 2019 12:39 am
by lalitam
I finally got the solution, downloaded advanced network interface status monitor plugin check_snmp_netint.pl

and worked around the parameters I have with SNMP V3.

Following is the command
$USER1$/check_snmp_netint.pl -H $HOSTADDRESS$ -l $ARG1$ -x $ARG2$ -L $ARG3$ -X $ARG2$ -f -q -n $ARG4$ $ARG5$

This plugin is pretty robust and allows to manage bandwidth as well as status of cisco gear interfaces.

Thank you so much for all the help :)

Following is the output:
[nagios@ns01ngmonp01 ~]$ /usr/local/nagios/libexec/check_snmp_netint.pl -H <host IP address> -l <username> -x <password> -L sha,aes -X <password -f -q -n GigabitEthernet1/0/48 -cisco=linkfault,show_portnames
Output: GigabitEthernet1/0/48:UP:(1 UP): OK |

Re: Unable to monitor Cisco switch/ router interface status

Posted: Mon Jul 15, 2019 3:25 pm
by cdienger
Glad to hear!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited