Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

F5 Check Failing

https://support.nagios.com/forum/viewtopic.php?t=63231

Page 1 of 2

F5 Check Failing

Posted: Fri Aug 06, 2021 10:10 am
by aylesworth
Hello,

We have a couple checks that look at an F5 load balancer pair, on this new instance of Nagios XI it fails, on the old version of Core it works just fine. The F5's are configured to allow SNMP access from the entire subnet, so I don't believe that allowance is part of the issue.

Here's the command/output from the old server, names and IPs have been changed:
[root@Nagios-Core libexec]# ./check_snmp_gtm_server.sh [snmp key here] [IP here] f5-Primary
OK - bigip health check of f5-Primary passed

And the command/output from the new server:
[nagios@Nagios-XI ~]$ /usr/local/nagios/libexec/check_snmp_gtm_server.sh [snmp key here] [IP here] f5-Primary
CRITICAL - bigip health check of f5-Primary failed

This happens when run as root or su - nagios

Not quite sure how to proceed.

Thanks!

Re: F5 Check Failing

Posted: Fri Aug 06, 2021 5:00 pm
by pbroste
Hello @aylesworth

Thanks for reaching out, looks like the plugin in unable to pull the data or incorrect data.

what do you get when you run the plugin with verbose:

Code: Select all

bash -v /usr/local/nagios/libexec/check_snmp_gtm_server.sh [snmp key here] [IP here] f5-Primary
or

Code: Select all

bash -x /usr/local/nagios/libexec/check_snmp_gtm_server.sh [snmp key here] [IP here] f5-Primary
Thanks,
Perry

Re: F5 Check Failing

Posted: Wed Aug 11, 2021 11:15 am
by aylesworth
Hi Perry,

Thanks for the response, and sorry for the delay. Here's the output of both, I've redacted the string, ip and hostnames like before, but they're proper in the output.

Code: Select all

[root@NagiosXI ~]# bash -v /usr/local/nagios/libexec/check_snmp_gtm_server.sh [snmp string] [ip] [host]
#!/bin/bash
#
# This script is used to check GTM Server status - mainly
# to see if one BigIP running GTM thinks other BigIPs are OK.

snmpstring=$1
bigip=$2
remotebigip=$3

export MIBS=ALL

result=`snmpwalk -v 2c -c $snmpstring $bigip F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState 2>&1 | grep $remotebigip | sed 's/^.*INTEGER: //' | sed 's/(.)//'`
snmpwalk -v 2c -c $snmpstring $bigip F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState 2>&1 | grep $remotebigip | sed 's/^.*INTEGER: //' | sed 's/(.)//'

if [[ $? -ne 0 ]]; then
	echo "UNKNOWN - $result"
	exit 3
fi

if [[ $result == 'green' ]]; then
	echo "OK - bigip health check of $remotebigip passed"
	exit 0
else
	echo "CRITICAL - bigip health check of $remotebigip failed"
	exit 2
fi
CRITICAL - bigip health check of [hostname] failed

[root@NagiosXI ~]# bash -x /usr/local/nagios/libexec/check_snmp_gtm_server.sh [snmp string] [ip] [host]
+ snmpstring=[string]
+ bigip=[ip]
+ remotebigip=[hostname]
+ export MIBS=ALL
+ MIBS=ALL
++ snmpwalk -v 2c -c [snmp-string] [ip] F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState
++ sed 's/^.*INTEGER: //'
++ grep [hostname]
++ sed 's/(.)//'
+ result=
+ [[ 0 -ne 0 ]]
+ [[ '' == \g\r\e\e\n ]]
+ echo 'CRITICAL - bigip health check of [hostname] failed'
CRITICAL - bigip health check of [hostname] failed
+ exit 2
This is from the XI server, the Core server reports output as expected with OK.

Re: F5 Check Failing

Posted: Thu Aug 12, 2021 10:25 am
by pbroste
Hello @aylesworth

Thanks for following up and providing the results. Curious that it was working on the old but not on the new, so we wonder if there are any security applications like SELinux, AppArmor, etc... blocking things. Would you please check your /var/log's to see if there is any messages associated if not already done so.

Thanks,
Perry

Re: F5 Check Failing

Posted: Wed Sep 08, 2021 12:07 pm
by aylesworth
Hey Perry,

I don't see anything in var/log having to do with the f5, is there any file/directory within var/log in particular I should be looking in?

Thanks!

Re: F5 Check Failing

Posted: Thu Sep 09, 2021 10:59 am
by pbroste
Hello @aylesworth

Thanks for following up, appears that we are not seeing any errors or warnings logged so let's go ahead and run the snmpwalk on that and follow up on the results:

We want to see a list from this:

Code: Select all

snmpwalk -v 2c -c <yourrocommunitystring>  <youraddressofdevice> F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState
The script is looking for results from the following:

Code: Select all

snmpwalk -v 2c -c <yourrocommunitystring> <youraddressonbigip> F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState 2>&1 | grep <youraddressonremotebigip> | sed 's/^.*INTEGER: //' | sed 's/(.)//'
And

Code: Select all

snmpwalk -v 2c -c <yourrocommunitystring> <youraddressbigip> F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState 2>&1 | grep <youraddressonremotebigip | sed 's/^.*INTEGER: //' | sed 's/(.)//'
Please follow up with the results.
Thanks,
Perry

Re: F5 Check Failing

Posted: Fri Sep 10, 2021 12:44 pm
by aylesworth
Hi Perry,

The first command failed with the following result:
MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs
Cannot find module (F5-BIGIP-GLOBAL-MIB): At line 0 in (none)
F5-BIGIP-GLOBAL-MIB::gtmServerStatusAvailState: Unknown Object Identifier

The second two returned blank.

Thanks!

Re: F5 Check Failing

Posted: Fri Sep 10, 2021 3:31 pm
by pbroste
Hello @aylesworth

Thanks for following up, appears that the F5-BIGIP-GLOBAL-MIB is not available. Attached is the F5-BIGIP-GLOBAL-MIB mibs file to be placed in the /usr/share/snmp/mibs/.

Then re-run the commands found in the previous post.

Thanks,
Perry

Re: F5 Check Failing

Posted: Fri Sep 10, 2021 3:40 pm
by aylesworth
Thanks Perry,

Am I dropping the whole tar into that directory or one of the contained files?

Thanks!

Re: F5 Check Failing

Posted: Fri Sep 10, 2021 4:58 pm
by pbroste
Hello @ayleworth

Either will work drop the F5-BIGIP-GLOBAL-MIB or drop the extracted contents it will read from the match.

Thanks,
Perry
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited