Cisco

Cisco – Check firewall ASA and PIX

Write a Review

Description:

Check Cisco firewall ASA and PIX- Version 2.2 (07/03/2009)> Failover status> Sessions used (current and max)

Current Version

Last Release Date

June 3, 2009

Compatible With

Owner

Nagios Exchange

Website

http://www.amf-france.org/

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_cisco_firewall.sh

check_cisco_firewall.sh -=v2.2=-

Project Notes
This script check Cisco firewall (tested on Cisco PIX-515E and ASA-5500). Modules included : ### Mode 1 - Failover ### - fail over status for ptimary and secondary host => warning if primary = stanby and secondary = active => critical if primary or secondary = error => unknwon if failover is not configured ### Mode 2 - Sessions ### - number of sessions in use => warning or critical exit if superior - number of max session ever used check_cisco_firewall.sh -H hostname -V version -M failover|sessions [-w|-c|-C|-l|-u|-a|-d|-h] ### PARAMETERS ### -H Hostname (IP adresse or DNS name) -V Version (1|2c|3) -M Mode (failover|sessions) ### OPTIONNAL ### -w Warning_Level (number of sessions before warning) *** Use on session mode *** -c Critical_Level (number of sessions before critical) *** Use on session mode *** -C Community (name) *** Use on Version 1|2 *** -l Login (NoAuthNoPriv | AuthNoPriv | AuthPriv) *** Use on Version 3 *** -u Username *** Use on Version 3 *** -a Password *** Use on Version 3 *** -d Debug mode -h Help (print command usage, and quit) Sample commands: #./check_cisco_firewall.sh -H 192.168.0.1 -V 1 -M sessions -C Public -w 1000 -c 2000 OK - 45 sessions (max : 8209) | Current_Used=45 #./check_cisco_firewall.sh -H 192.168.0.1 -V 3 -l AuthNoPriv -u user -a password -M failover OK - Primary = Active, Secondary = Standby | Actives_Nodes=2 #./check_cisco_firewall.sh -h Display help #./check_cisco_firewall.sh xxxxxx -d Active debug mod
Reviews (7) Add a Review
Usefull
by Cyril, March 31, 2016

Usefull script, Thank you. You can add -On -Oe parameters to snmpwalk. Scripts will be ok if cisco mibs is present.


Works out of the box -V 3
by onlinewebchecks, April 30, 2015

Perfect, works out of the box -V 3 on ASA 5510, with NoAuthNoPriv. Thanks


Which IP address should use?
by phyo, December 31, 2014

Hi, Which IP Address should use? VIP Address or Primary IP Address? When I use VIP address, the output as follow. [root@nagios01 libexec]# ./check_cisco_firewall.sh -V 2c -C public -H 192.168.50.17 -M failover Unknown - Primary = Down, Secondary = Down | Actives_Nodes=0 [root@nagios01 libexec]# Thanks.


Had to delete "sed -n '2p'"
by vex, May 31, 2014

Hi there! Thanks for the wonderful work. Monitoring active/standby unit worked out of the box, but trying to get active sessions yielded "Error - Not numeric value : = Max_Used_Sessions", no matter if I used version 1 or 2c. So I simply deleted the whole if block around $Max_Used_Sessions and deleted "|sed -n '2p'" as the output of snmpwalk was always a single line. Function looks now like this: sessions_max() { Max_Used_Sessions=`/usr/bin/snmpwalk $walk_param $mib_sessions_max | cut -d' ' -f4` check_num $Max_Used_Sessions Max_Used_Sessions if [ $Used_Sessions -gt $Max_Used_Sessions ] then echo "Error - Too many sessions used : $Used_Sessions, but only $Max_Used_Sessions max sessions allowed!" exit $result_Unknwon fi }


works with ASA 5510 but ...
by zerrich@gmail.com, November 30, 2013

Hello I know this is not probably the best place where to ask for this, but I am totally new in nagios. I have brand new installation which is working perfect, already monitoring my ASA's and some cisco switches fo up/down, uptime, link states, etc. This is first script I ever tried to implement. Script is working for me only when I run it manually from the CLI (like: ./check_cisco_firewall.sh -H asax -C xxxxxx -V2c -M failover) . My problem is, that I am not able to make it working in nagios. I've tried several way (what I found around the internet) but I still got respond (null) or error 127. I guess my problem is that I for sure not configure it right in nagios. If you can advice me in this or point me to some simple basic how to how to configure scripts to nagios, I would be highly thankful. I run Nagios 3.2.3 and Plugins 1.5. Thanks in advance for any kind of help.


SNMPv3 support
by hannes.adollarsson, May 31, 2013

Only verified mode failover yet but it seem to be working fine. Only note is that I had to add -x and -a for SNMPv3 to work.


works on Cisco ASA 5510 Pair of devices
by chayden, November 30, 2012

I tested this on our redundant Cisco ASA 5510 pair and it worked fine. I didn't test the error as I didn't fail a full unit. Nor did I test the unknown if there isn't a failover configuration. I did however check that the snmp status returned 9 for the mib and gave an ok when the primary was active and that it returned warning when the primary went to standby. Thanks for this.


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
4.1 (10)
Favorites
2
Views
123,213