Using Nagios check_snmp plugin to get info from Forcepoint

[tomazz]

Hi all.

I have a question regarding custom service, which I wrote, but it seems, it's not working fine. I did read a post here on this forum:
https://support.nagios.com/forum/viewto ... =7&t=32742 which is explained great, but my service isn't pooling any data.

Here is the scenario:
I have a firewall Forcepoint NGFW, from which I wold like to get number of currently established IPsec SAs between the endpoint pair.
Here https://help.stonesoft.com/onlinehelp/S ... D9EB7.html I found this: fwVpnEp6IpsecSa

Further investigation led me to this, where I was able to see the OID (1.3.6.1.4.1.1369.5.2.1.13.1.7) for this service. http://oidref.com/1.3.6.1.4.1.1369.5.2.1.13.1.7

In Nagios I have this command:
define command{
command_name check_ipsec_sas
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -P 3 -L authPriv -U user -a MD5 -A MD5Password -x AES -X AESPAssword -o $ARG1$
}

and this service:
define service {
service_description NUMBER_OF_CURRENTLY_VPN_IPSEC
check_command check_ipsec_sas!1.3.6.1.4.1.1369.5.2.1.13.1.7
host_name host1
notes Number of currently established IPsec SAs
event_handler_enabled 0
use generic-service
contact_groups +admins
}

On the WEB I see my newly created service, status is green, unsder Status Information: SNMP OK - = No Such Instance currently exists at this OID

Can anyone point me to the right direction? Any help is much appreciated.

Regards. Tomi

[Box293]

A commonly overlooked thing is that an OID normally ends with .0 so try:

Code: Select all

1.3.6.1.4.1.1369.5.2.1.13.1.7.0

If it's not working then please show us a test from the command line with the full command and output.

[tomazz]

Thaks for quick answer. I addes zero "0" to end of my OID, but sadly no luck. Status information remains the same: SNMP OK - = No Such Instance currently exists at this OID.

I think I have another issue, because running the script in CLI it's not working:

Under cd /usr/lib64/nagios/plugins I run:
./check_snmp -H 164.8.15.41 -P 3 -l authPriv -u user -a MD5 -A MD5Password -x AES -X AESPassword -o 1.3.6.1.4.1.1369.5.2.1.13.1.7.0

I get:
External command error: No log handling enabled - turning on stderr logging
snmpget: No securityName specified

I will do a resarch on that, but if anyone has a quick solution..please share with me.

Many thanks in advance.
Tomi

[tomazz]

./check_snmp --version
check_snmp v1.4.16 (nagios-plugins 1.4.16)

Update the plugins to a newer version?

[gormank]

-P 3 sets the protocol to v3 which needs a uname and password if I recall.
I'd first snmpwalk to establish the basics are working.
snmpwalk -v2c -c <comminity string> <host address>

[Box293]

Yes I would upgrade the plugins, there were a few fixes to SNMP v3 implementation.

Your command looks good so I suspect it will work after upgrading plugins as that version is quite old.

[tomazz]

So I upgraded the plugins succesfully:

# ./check_snmp -V
check_snmp v2.3.3 (nagios-plugins 2.3.3)

As it seems, there is a problem with this OID:

[root@tyrion plugins]# ./check_snmp -H 164.8.15.41 -P 3 -L authPriv -a MD5 -U user -A MD5password -x AES -X AESpassword -o 1.3.6.1.4.1.1369.5.2.1.13.1.7
SNMP OK - No Such Instance currently exists at this OID |

[root@tyrion plugins]# ./check_snmp -H 164.8.15.41 -P 3 -L authPriv -a MD5 -U user -A MD5password -x AES -X AESpassword -o 1.3.6.1.4.1.1369.5.2.1.13.1.7.0
SNMP OK - No Such Instance currently exists at this OID |

So, moving od, to see how to fix this issue.

As always, any help appreciated.

[tomazz]

I sent the same question to Stonesoft Forcepoint support.

I'm guessing this OID just doesn't exist.

[Box293]

OK great let us know what you hear from them.

[mainmind83]

Hello, I have same problem but with iReasoning MIB Browser (with MIB loaded) is running, only fail with nagios plugin?

KO:
'/usr/lib64/nagios/plugins/check_snmp' '-C' 'private' '-H' '10.0.0.250' '-o' '.1.3.6.1.4.1.890.1.6.22.1.1' '-t' '10'

OK

'/usr/lib64/nagios/plugins/check_snmp' '-C' 'private' '-H' '10.0.0.250' '-o' 'SNMPv2-SMI::enterprises.890.1.6.22.1.1.0' '-t' '10'