Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_ipsec2
Current Version
1.0rc1
Last Release Date
2015-03-11
Compatible With
- Nagios 2.x
- Nagios 3.x
Owner
Website
License
GPL
Hits
50656
Files:
| File | Description |
|---|---|
| check_ipsec2.sh | check_ipsec2.sh |
sudoers entry:
nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_ipsec2
nrpe_local.cfg entry:
command[check_ipsec2]=sudo /usr/lib/nagios/plugins/check_ipsec2 $ARG1$
/etc/nagios/ipsec_gateways.txt entry:
CON-192.168.48.0 192.168.48.1
Service definition:
define service {
use generic-service
host_name vpngw.domain.tld
service_description Check CON-192.168.48.0
check_command check_ipsec2!"-c CON-192.168.48.0 -p -s"
}
or
define service {
use generic-service
host_name vpngw.domain.tld
service_description Check Tunnels
check_command check_ipsec2!"-a 4"
}
Command definition:
define command{
command_name check_ipsec2
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_ipsec2 -a $ARG1$
}
Usage:
$PROGNAME [-hprsv] [-a number of connections] [-c IPSEC connection name]
-a (Check all connections)
-c (Check specific connection)
-p (Ping remote gateway. Used only with -c)
-r (Restart IPSEC if down)
-s (Reacquire SA for connection. Used only with both -c and -p)
-h (Show this help screen)
-v (Show version)
-a and -c cannot be used together.
-s can only be used with -c.
-p can only be used with -c.
Reviews (2)
byarunshetty, March 28, 2017
Although the script worked flawlessly locally, I had to edit it as follows to correct the logic:
if [[ "$eroutes" -eq "2" ]]
then
echo "OK - All 2 tunnels are up an running"
exit $STATE_OK
elif [[ "$eroutes" -gt "2" ]]
then
echo "WARNING - More than 2 ($eroutes) tunnels are up an running"
exit $STATE_WARNING
else
echo "CRITICAL - Only $eroutes tunnels from 2 are up an running - $(location)"
exit $STATE_CRITICAL
fi
Besides this, I had to do the following to fetch the results via NRPE plugin remotely:
chown nagios /var/run/pluto/pluto.clt
Now I'm able to view the proper results over my NAGIOS monitoring console.
Hope this helps someone.
if [[ "$eroutes" -eq "2" ]]
then
echo "OK - All 2 tunnels are up an running"
exit $STATE_OK
elif [[ "$eroutes" -gt "2" ]]
then
echo "WARNING - More than 2 ($eroutes) tunnels are up an running"
exit $STATE_WARNING
else
echo "CRITICAL - Only $eroutes tunnels from 2 are up an running - $(location)"
exit $STATE_CRITICAL
fi
Besides this, I had to do the following to fetch the results via NRPE plugin remotely:
chown nagios /var/run/pluto/pluto.clt
Now I'm able to view the proper results over my NAGIOS monitoring console.
Hope this helps someone.
byunited-networking, February 2, 2016
Hi,
we want to use this script to remotely check VPN tunnels' status, executing this script with NRPE on an IPcop host.
But there is no command which in our IPcop v2.1.9, although http://www.cobin.de/binary.php has a locate addon. We therefore replaced "which " with the full paths of files in check_ipcop2.sh.
Also, in the scripts function check_connection(), in the line:
eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "$2" | wc -l`
we believe the $2 should actually read $1.
With these modifications, we were able to use the script locally:
$ /var/ipcop/addons/nrpe/plugins/check_ipsec2_mod.sh -c tunnelname
OK - tunnelname Connection is up and running
Sadly, the same check done remotely on the Nagios host, with that same commandline above defined for NRPE as command check_tunnelname, does return a different result:
/usr/local/nagios/libexec/check_nrpe -H ipcop-hostaddr -c check_tunnelname
CRITICAL - tunnelname Connection is down
This may only be a user rights problem, as the local test was done as root, but the nrpe service runs as user nagios. But there is no command su or sudo in our IPcop v2.1.9 (hence no /etc/sudoers), and we know of no suitable addon.
--
regards,
-- United Networking
we want to use this script to remotely check VPN tunnels' status, executing this script with NRPE on an IPcop host.
But there is no command which in our IPcop v2.1.9, although http://www.cobin.de/binary.php has a locate addon. We therefore replaced "which " with the full paths of files in check_ipcop2.sh.
Also, in the scripts function check_connection(), in the line:
eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "$2" | wc -l`
we believe the $2 should actually read $1.
With these modifications, we were able to use the script locally:
$ /var/ipcop/addons/nrpe/plugins/check_ipsec2_mod.sh -c tunnelname
OK - tunnelname Connection is up and running
Sadly, the same check done remotely on the Nagios host, with that same commandline above defined for NRPE as command check_tunnelname, does return a different result:
/usr/local/nagios/libexec/check_nrpe -H ipcop-hostaddr -c check_tunnelname
CRITICAL - tunnelname Connection is down
This may only be a user rights problem, as the local test was done as root, but the nrpe service runs as user nagios. But there is no command su or sudo in our IPcop v2.1.9 (hence no /etc/sudoers), and we know of no suitable addon.
--
regards,
-- United Networking
