Home Directory Plugins Hardware Network Gear Cisco Cisco - Check firewall ASA and PIX

Search Exchange

Search All Sites

Nagios Log Server Now Available - Download Now

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me

Cisco - Check firewall ASA and PIX

Bookmark and Share

Don't miss your chance to attend the 2015 Nagios World conference!

Don't miss your chance to attend the 2015 Nagios World Conference, Sep 28-30th. Informative Sessions, Networking, Food and Cocktails! Visit conference.nagios.com for more information or to register.

8 votes
check_cisco_firewall.shcheck_cisco_firewall.sh -=v2.2=-
Check Cisco firewall ASA and PIX- Version 2.2 (07/03/2009)> Failover status> Sessions used (current and max)
This script check Cisco firewall (tested on Cisco PIX-515E and ASA-5500).
Modules included :
### Mode 1 - Failover ###
- fail over status for ptimary and secondary host
=> warning if primary = stanby and secondary = active
=> critical if primary or secondary = error
=> unknwon if failover is not configured
### Mode 2 - Sessions ###
- number of sessions in use
=> warning or critical exit if superior
- number of max session ever used

check_cisco_firewall.sh -H hostname -V version -M failover|sessions [-w|-c|-C|-l|-u|-a|-d|-h]
-H Hostname (IP adresse or DNS name)
-V Version (1|2c|3)
-M Mode (failover|sessions)
-w Warning_Level (number of sessions before warning) *** Use on session mode ***
-c Critical_Level (number of sessions before critical) *** Use on session mode ***
-C Community (name) *** Use on Version 1|2 ***
-l Login (NoAuthNoPriv | AuthNoPriv | AuthPriv) *** Use on Version 3 ***
-u Username *** Use on Version 3 ***
-a Password *** Use on Version 3 ***
-d Debug mode
-h Help (print command usage, and quit)

Sample commands:
#./check_cisco_firewall.sh -H -V 1 -M sessions -C Public -w 1000 -c 2000
OK - 45 sessions (max : 8209) | Current_Used=45

#./check_cisco_firewall.sh -H -V 3 -l AuthNoPriv -u user -a password -M failover
OK - Primary = Active, Secondary = Standby | Actives_Nodes=2

#./check_cisco_firewall.sh -h
Display help

#./check_cisco_firewall.sh xxxxxx -d
Active debug mod
Reviews (6)
Perfect, works out of the box -V 3 on ASA 5510, with NoAuthNoPriv. Thanks
Which IP Address should use? VIP Address or Primary IP Address?
When I use VIP address, the output as follow.
[root@nagios01 libexec]# ./check_cisco_firewall.sh -V 2c -C public -H -M failover
Unknown - Primary = Down, Secondary = Down | Actives_Nodes=0
[root@nagios01 libexec]#

Hi there!

Thanks for the wonderful work. Monitoring active/standby unit worked out of the box, but trying to get active sessions yielded "Error - Not numeric value : = Max_Used_Sessions", no matter if I used version 1 or 2c.

So I simply deleted the whole if block around $Max_Used_Sessions and deleted "|sed -n '2p'" as the output of snmpwalk was always a single line.

Function looks now like this:

Max_Used_Sessions=`/usr/bin/snmpwalk $walk_param $mib_sessions_max | cut -d' ' -f4`

check_num $Max_Used_Sessions Max_Used_Sessions

if [ $Used_Sessions -gt $Max_Used_Sessions ]
echo "Error - Too many sessions used : $Used_Sessions, but only $Max_Used_Sessions max sessions allowed!"
exit $result_Unknwon
Hello I know this is not probably the best place where to ask for this, but I am totally new in nagios. I have brand new installation which is working perfect, already monitoring my ASA's and some cisco switches fo up/down, uptime, link states, etc. This is first script I ever tried to implement. Script is working for me only when I run it manually from the CLI (like: ./check_cisco_firewall.sh -H asax -C xxxxxx -V2c -M failover) . My problem is, that I am not able to make it working in nagios. I've tried several way (what I found around the internet) but I still got respond (null) or error 127. I guess my problem is that I for sure not configure it right in nagios. If you can advice me in this or point me to some simple basic how to how to configure scripts to nagios, I would be highly thankful. I run Nagios 3.2.3 and Plugins 1.5. Thanks in advance for any kind of help.
Only verified mode failover yet but it seem to be working fine.
Only note is that I had to add -x and -a for SNMPv3 to work.
I tested this on our redundant Cisco ASA 5510 pair and it worked fine. I didn't test the error as I didn't fail a full unit. Nor did I test the unknown if there isn't a failover configuration. I did however check that the snmp status returned 9 for the mib and gave an ok when the primary was active and that it returned warning when the primary went to standby. Thanks for this.