Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_arp.sh
Owner
Hits
98724
#! /bin/bash
# THIS SCRIPT IS --VERY-- PARANOID. IT IS ONLY HAPPY WHEN YOU HAVE ONE (1) MAC PER IP ADDRESS.
# IF YOU HAVE ONE (1) MACHINE WITH MULTIPLE VIRTUAL INTERFACES, THAT MACHINE MAY TRIGGER A FALSE ALARM.
# IF YOU DO HAVE MORE THAN ONE IP PER MAC, ADJUST THE OK, WARNING, & CRITICAL LEVELS BELOW.
gta=`/sbin/arp -n | grep ether | awk '{ print $3 }'`
gtl=`echo "$gta" | sort -u | wc -l`
tot="0"
for s in `echo "$gta" | sort -u`
do
gts=`echo "$gta" | grep $s | wc -l`
tot=`expr $tot + $gts`
done
ttl=`expr $tot - $gtl`
out="$ttl DUPLICATE ARP ENTRIES"
if [ $ttl -lt 1 ]
then
echo "OK - $out"
exit 0
fi
if [ $ttl -lt 2 ]
then
echo "WARNING - $out!"
exit 1
fi
if [ $ttl -gt 1 ]
then
echo "CRITICAL - $out!!"
exit 2
fi
# THIS SCRIPT IS --VERY-- PARANOID. IT IS ONLY HAPPY WHEN YOU HAVE ONE (1) MAC PER IP ADDRESS.
# IF YOU HAVE ONE (1) MACHINE WITH MULTIPLE VIRTUAL INTERFACES, THAT MACHINE MAY TRIGGER A FALSE ALARM.
# IF YOU DO HAVE MORE THAN ONE IP PER MAC, ADJUST THE OK, WARNING, & CRITICAL LEVELS BELOW.
gta=`/sbin/arp -n | grep ether | awk '{ print $3 }'`
gtl=`echo "$gta" | sort -u | wc -l`
tot="0"
for s in `echo "$gta" | sort -u`
do
gts=`echo "$gta" | grep $s | wc -l`
tot=`expr $tot + $gts`
done
ttl=`expr $tot - $gtl`
out="$ttl DUPLICATE ARP ENTRIES"
if [ $ttl -lt 1 ]
then
echo "OK - $out"
exit 0
fi
if [ $ttl -lt 2 ]
then
echo "WARNING - $out!"
exit 1
fi
if [ $ttl -gt 1 ]
then
echo "CRITICAL - $out!!"
exit 2
fi
Reviews (2)
bydivad27182, January 9, 2019
1) for me, at least, the arp command is /usr/sbin/arp
2) it might be better to just replace everything from the gta= line to the ttl= line with something like:
ttl=$( /usr/sbin/arp -n | grep ether | awk '{ print $3 }' | sort | uniq -d | wc -l )
This is 10 times faster (on my relatively small net), but only counts 1 for each mac that appears two or more times. If you want a MAC appearing three times to give a count of two, try:
gta=`/usr/sbin/arp -n | grep ether | awk '{ print $3 }'`
gtl=`echo "$gta" | sort -u | wc -l`
tot=`echo "$gta" | wc -l`
ttl=$(( $tot - $gtl ))
2) it might be better to just replace everything from the gta= line to the ttl= line with something like:
ttl=$( /usr/sbin/arp -n | grep ether | awk '{ print $3 }' | sort | uniq -d | wc -l )
This is 10 times faster (on my relatively small net), but only counts 1 for each mac that appears two or more times. If you want a MAC appearing three times to give a count of two, try:
gta=`/usr/sbin/arp -n | grep ether | awk '{ print $3 }'`
gtl=`echo "$gta" | sort -u | wc -l`
tot=`echo "$gta" | wc -l`
ttl=$(( $tot - $gtl ))
Please guide how to use this script with Nagios ?. Ideally i want this script to give me alarm in Nagios for any duplicate IP address detected in network.
Secondly I have tried testing the script on a linux machine and simulated a duplicate IP address machine, but it doesn't work.
Many thanks in advance.
Secondly I have tried testing the script on a linux machine and simulated a duplicate IP address machine, but it doesn't work.
Many thanks in advance.
