Page 1 of 4
Cisco ASA 5550 VPN tunnels
Posted: Thu Aug 09, 2012 11:51 am
by benningtonr
I want to see if there is a way to monitor the vpn tunnels on my asa, and also if there is a way to monitor BGP neighbors on my border router
Re: Cisco ASA 5550 VPN tunnels
Posted: Thu Aug 09, 2012 12:49 pm
by scottwilkerson
VPN tunnel
The exact OID is going to depend on you exact piece of equipment but you should be able to do it using the SNMP wizard and the basic outline of information outlined in this blog post
http://www.appliedtrust.com/blog/2009/0 ... -cisco-asa
BGP
http://exchange.nagios.org/index.php?op ... chword=bgp
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 7:06 am
by benningtonr
I think i have them working, i have all green for my tunnels, but I am unsure what exactly is being measured to send an alert.
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 8:48 am
by benningtonr
I have the tunnels working, i think.
I have followed the instructions here:
http://www.linuxscrew.com/2012/04/05/na ... check_bgp/
This is working at the cli, i need to integrate it to a service now, the direction:
Nagios’ commands.cfg config file and add there the following lines:
define command{
command_name check_cisco_bgp
command_line $USER1$/check_bgp.pl -H $HOSTADDRESS$ -C $ARG1$ -p $ARG2$
}
Then add these lines to services.cfg:
define service {
use generic-service
service_description BGP_KPN
host_name cisco-router-1
check_command check_cisco_bgp!myCommunity!192.168.10.1
}
Are for a different version of Nagios.
Can one of you please explain how that translates to building a service to monitor?
Thank you again for all the help.
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 9:05 am
by benningtonr
I am having trouble filling in the yellow areas.
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 9:15 am
by scottwilkerson
Config Name
Service Desc.
Display name
These are all you choice to describe the item.
As for the others, according to the help file
$ARG1$ = your SNMP community string on the ASA
$ARG2$ = IP of BGP Peer
Usage:
check_bgp.pl -H -C -p
check_bgp.pl --help
check_bgp.pl --version
-H (--hostname) Hostname to query - (required)
-C (--community) SNMP read community or v3 auth (defaults to public)
(v3 specified as username:authpassword:... )
username = SNMPv3 security name
authpassword = SNMPv3 authentication pass phrase (or hexidecimal key)
authprotocol = SNMPv3 authentication protocol (md5 (default) or sha)
privpassword = SNMPv3 privacy pass phrase (or hexidecmal key)
privprotocol = SNMPv3 privacy protocol (des (default) or aes)
-v (--snmp_version) 1 for SNMP v1
2 for SNMP v2c (default)
3 for SNMP v3
-p {--peer} IP of BGP Peer
-V (--version) Plugin version
-h (--help) usage help
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 9:59 am
by benningtonr
ok, i am getting NULL for a response.
Here are my configs, what am i missing
Re: Cisco ASA 5550 VPN tunnels
Posted: Fri Aug 10, 2012 2:07 pm
by scottwilkerson
Just to verify what do you get when you run the following from the command line
Code: Select all
cd /usr/local/nagios/libexec
./check_bgp.pl -H <ROUTER_ADDRESS> -C myCommunity -p 192.168.10.1
Also, please return the output of the following
Code: Select all
ls -l /usr/local/nagios/libexec/check_bgp.pl
Re: Cisco ASA 5550 VPN tunnels
Posted: Mon Aug 13, 2012 7:03 am
by benningtonr
[root@nagios libexec]# ./check_bgp.pl -H 192.168.98.6 -C community -p 38.104.236.9
OK - 38.104.236.9 (AS174) state is established(6). Established for 10d11h33m1s. Last error "Hold Timer Expired".
[root@nagios libexec]#
[root@nagios libexec]# ls -l /usr/local/nagios/libexec/check_bgp.pl
-rwxr-xr-x 1 root root 8391 Aug 10 09:41 /usr/local/nagios/libexec/check_bgp.pl
[root@nagios libexec]#
Re: Cisco ASA 5550 VPN tunnels
Posted: Mon Aug 13, 2012 7:44 am
by scottwilkerson
Do you have a host selected in the service you setup?