Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
check_ipsec
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
Checks vpn connection status of an openswan or strongswan installation.
Usage: check_ipsec --tunnels
./check_ipsec --tunnels 10
OK - All 10 tunnels are up an running
You have to run this plugin with nrpe.
Add these lines to /etc/sudoers:
Cmnd_Alias IPSEC = /usr/lib/nagios/plugins/check_ipsec
nagios ALL=NOPASSWD:IPSEC
Usage: check_ipsec --tunnels
./check_ipsec --tunnels 10
OK - All 10 tunnels are up an running
You have to run this plugin with nrpe.
Add these lines to /etc/sudoers:
Cmnd_Alias IPSEC = /usr/lib/nagios/plugins/check_ipsec
nagios ALL=NOPASSWD:IPSEC
Reviews (1)
byscar4me, February 13, 2017
Core pre-req requirement not mentioned:
FPING
Ubuntu16 instance had to modify the FPING path to usrinfping (not usrsbinfping)
Also had to modify the grep string check for the latest strongSwan tunnel check:
ORIGINAL: tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e $CONN | wc -l`
UPDATED: tunneltest=`$IPSECBIN status | grep -e "ESTABLISHED" | wc -l`
Suggest using full path in GATEWAYLIST variable instead of relative path and just a filename.
Works effectively once tweaked for the deployed environment.
FPING
Ubuntu16 instance had to modify the FPING path to usrinfping (not usrsbinfping)
Also had to modify the grep string check for the latest strongSwan tunnel check:
ORIGINAL: tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e $CONN | wc -l`
UPDATED: tunneltest=`$IPSECBIN status | grep -e "ESTABLISHED" | wc -l`
Suggest using full path in GATEWAYLIST variable instead of relative path and just a filename.
Works effectively once tweaked for the deployed environment.