Home Directory Plugins Hardware Network Gear Cisco Cisco - Check firewall ASA and PIX

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Cisco - Check firewall ASA and PIX

Rating
10 votes
Favoured:
2
Hits
123193
Files:
FileDescription
check_cisco_firewall.shcheck_cisco_firewall.sh -=v2.2=-
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Check Cisco firewall ASA and PIX- Version 2.2 (07/03/2009)> Failover status> Sessions used (current and max)
This script check Cisco firewall (tested on Cisco PIX-515E and ASA-5500).
Modules included :
### Mode 1 - Failover ###
- fail over status for ptimary and secondary host
=> warning if primary = stanby and secondary = active
=> critical if primary or secondary = error
=> unknwon if failover is not configured
### Mode 2 - Sessions ###
- number of sessions in use
=> warning or critical exit if superior
- number of max session ever used


check_cisco_firewall.sh -H hostname -V version -M failover|sessions [-w|-c|-C|-l|-u|-a|-d|-h]
### PARAMETERS ###
-H Hostname (IP adresse or DNS name)
-V Version (1|2c|3)
-M Mode (failover|sessions)
### OPTIONNAL ###
-w Warning_Level (number of sessions before warning) *** Use on session mode ***
-c Critical_Level (number of sessions before critical) *** Use on session mode ***
-C Community (name) *** Use on Version 1|2 ***
-l Login (NoAuthNoPriv | AuthNoPriv | AuthPriv) *** Use on Version 3 ***
-u Username *** Use on Version 3 ***
-a Password *** Use on Version 3 ***
-d Debug mode
-h Help (print command usage, and quit)



Sample commands:
#./check_cisco_firewall.sh -H 192.168.0.1 -V 1 -M sessions -C Public -w 1000 -c 2000
OK - 45 sessions (max : 8209) | Current_Used=45

#./check_cisco_firewall.sh -H 192.168.0.1 -V 3 -l AuthNoPriv -u user -a password -M failover
OK - Primary = Active, Secondary = Standby | Actives_Nodes=2

#./check_cisco_firewall.sh -h
Display help

#./check_cisco_firewall.sh xxxxxx -d
Active debug mod
Reviews (7)
byCyril, March 29, 2016
Usefull script, Thank you.
You can add -On -Oe parameters to snmpwalk.
Scripts will be ok if cisco mibs is present.
Perfect, works out of the box -V 3 on ASA 5510, with NoAuthNoPriv. Thanks
Hi,
Which IP Address should use? VIP Address or Primary IP Address?
When I use VIP address, the output as follow.
[root@nagios01 libexec]# ./check_cisco_firewall.sh -V 2c -C public -H 192.168.50.17 -M failover
Unknown - Primary = Down, Secondary = Down | Actives_Nodes=0
[root@nagios01 libexec]#

Thanks.
Hi there!

Thanks for the wonderful work. Monitoring active/standby unit worked out of the box, but trying to get active sessions yielded "Error - Not numeric value : = Max_Used_Sessions", no matter if I used version 1 or 2c.

So I simply deleted the whole if block around $Max_Used_Sessions and deleted "|sed -n '2p'" as the output of snmpwalk was always a single line.

Function looks now like this:

sessions_max()
{
Max_Used_Sessions=`/usr/bin/snmpwalk $walk_param $mib_sessions_max | cut -d' ' -f4`

check_num $Max_Used_Sessions Max_Used_Sessions

if [ $Used_Sessions -gt $Max_Used_Sessions ]
then
echo "Error - Too many sessions used : $Used_Sessions, but only $Max_Used_Sessions max sessions allowed!"
exit $result_Unknwon
fi
}
Hello I know this is not probably the best place where to ask for this, but I am totally new in nagios. I have brand new installation which is working perfect, already monitoring my ASA's and some cisco switches fo up/down, uptime, link states, etc. This is first script I ever tried to implement. Script is working for me only when I run it manually from the CLI (like: ./check_cisco_firewall.sh -H asax -C xxxxxx -V2c -M failover) . My problem is, that I am not able to make it working in nagios. I've tried several way (what I found around the internet) but I still got respond (null) or error 127. I guess my problem is that I for sure not configure it right in nagios. If you can advice me in this or point me to some simple basic how to how to configure scripts to nagios, I would be highly thankful. I run Nagios 3.2.3 and Plugins 1.5. Thanks in advance for any kind of help.
Only verified mode failover yet but it seem to be working fine.
Only note is that I had to add -x and -a for SNMPv3 to work.
I tested this on our redundant Cisco ASA 5510 pair and it worked fine. I didn't test the error as I didn't fail a full unit. Nor did I test the unknown if there isn't a failover configuration. I did however check that the snmp status returned 9 for the mib and gave an ok when the primary was active and that it returned warning when the primary went to standby. Thanks for this.