MONITORING BGP WITH NAGIOS

-

  1. Make perl script given below.
  2. Go to command.cfg. 
  3. define command{
           command_name    check-bgp17
           command_line    $USER1$/check_bgp1.pl -H $HOSTADDRESS$ -C <SNMP STRING> -p $ARG1$
          }
  4. Use the command in services.cfg
  5. Used the same with Version 3.2.3




Use the following Perl Script

#!/usr/bin/perl

use strict;
use warnings;
use lib "/usr/local/nagios/libexec"  ;
use utils qw($TIMEOUT %ERRORS &print_revision &support);
use vars qw($PROGNAME);

# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
    print ("ERROR: Plugin took too long to complete (alarm)\n");
    exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);

my $PROGNAME = "check_bgp.pl";
sub print_help ();
sub print_usage ();
use POSIX qw(floor);
sub seconds_to_string($);

my ($opt_h,$opt_V);
my $community = "public";
my $snmp_version = 2;
my ($hostname,$bgppeer);;

use Getopt::Long;
&Getopt::Long::config('bundling');
GetOptions(
    "V"   => \$opt_V,    "version"    => \$opt_V,
    "h"   => \$opt_h,    "help"       => \$opt_h,
    "C=s" => \$community,    "community=s" => \$community,
    "H=s" => \$hostname,    "hostname=s" => \$hostname,
    "p=s" => \$bgppeer,    "peer=s" => \$bgppeer,
    "v=i" => \$snmp_version,"snmp_version=i" => \$snmp_version
);
# -h & --help print help
if ($opt_h) { print_help(); exit $ERRORS{'OK'}; }
# -V & --version print version
if ($opt_V) { print_revision($PROGNAME,'$Revision: 0.2 $ '); exit $ERRORS{'OK'}; }
# Invalid hostname print usage
if (!utils::is_hostname($hostname)) { print_usage(); exit $ERRORS{'UNKNOWN'}; }
# No BGP peer specified, print usage
if (!defined($bgppeer)) { print_usage(); exit $ERRORS{'UNKNOWN'}; }

# Setup SNMP object
use Net::SNMP qw(INTEGER OCTET_STRING IPADDRESS OBJECT_IDENTIFIER NULL);
my ($snmp, $snmperror);
if ($snmp_version != 1) {
    ($snmp, $snmperror) = Net::SNMP->session(
        -hostname => $hostname,
        -version => "snmpv2c",
        -community => $community
    );
} else {
    ($snmp, $snmperror) = Net::SNMP->session(
        -hostname => $hostname,
        -version => "snmpv1",
        -community => $community
    );
}

my $state = 'UNKNOWN';
my $output = "$bgppeer status retrieval failed.";
# Begin plugin check code
{
    my $bgpPeerState = "1.3.6.1.2.1.15.3.1.2";
    my $bgpPeerAdminStatus = "1.3.6.1.2.1.15.3.1.3";
    my $bgpPeerRemoteAs = "1.3.6.1.2.1.15.3.1.9";
    my $bgpPeerLastError = "1.3.6.1.2.1.15.3.1.14";
    my $bgpPeerFsmEstablishedTime = "1.3.6.1.2.1.15.3.1.16";

    my %bgpPeerStates = (
        -1 => 'unknown(-1)',
        1 => 'idle(1)',
        2 => 'connect(2)',
        3 => 'active(3)',
        4 => 'opensent(4)',
        5 => 'openconfirm(5)',
        6 => 'established(6)'
    );

    my %bgpPeerAdminStatuses = (
        1=>'stop(1)',
        2=>'start(2)'
    );

    my %bgpErrorCodes = (
        '01 00' => 'Message Header Error',
        '01 01' => 'Message Header Error - Connection Not Synchronized',
        '01 02' => 'Message Header Error - Bad Message Length',
        '01 03' => 'Message Header Error - Bad Message Type',
        '02 00' => 'OPEN Message Error',
        '02 01' => 'OPEN Message Error - Unsupported Version Number',
        '02 02' => 'OPEN Message Error - Bad Peer AS',
        '02 03' => 'OPEN Message Error - Bad BGP Identifier',
        '02 04' => 'OPEN Message Error - Unsupported Optional Parameter',
        '02 05' => 'OPEN Message Error', #deprecated
        '02 06' => 'OPEN Message Error - Unacceptable Hold Time',
        '03 00' => 'UPDATE Message Error',
        '03 01' => 'UPDATE Message Error - Malformed Attribute List',
        '03 02' => 'UPDATE Message Error - Unrecognized Well-known Attribute',
        '03 03' => 'UPDATE Message Error - Missing Well-known Attribute',
        '03 04' => 'UPDATE Message Error - Attribute Flags Error',
        '03 05' => 'UPDATE Message Error - Attribute Length Erro',
        '03 06' => 'UPDATE Message Error - Invalid ORIGIN Attribute',
        '03 07' => 'UPDATE Message Error', #deprecated
        '03 08' => 'UPDATE Message Error - Invalid NEXT_HOP Attribute',
        '03 09' => 'UPDATE Message Error - Optional Attribute Error',
        '03 0A' => 'UPDATE Message Error - Invalid Network Field',
        '03 0B' => 'UPDATE Message Error - Malformed AS_PATH',
        '04 00' => 'Hold Timer Expired',
        '05 00' => 'Finite State Machine Error',
        '06 00' => 'Cease',
        '06 01' => 'Cease - Maximum Number of Prefixes Reached',
        '06 02' => 'Cease - Administrative Shutdown',
        '06 03' => 'Cease - Peer De-configured',
        '06 04' => 'Cease - Administrative Reset',
        '06 05' => 'Cease - Connection Rejected',
        '06 06' => 'Cease - Other Configuration Change',
        '06 07' => 'Cease - Connection Collision Resolution',
        '06 08' => 'Cease - Out of Resources'
    );

    my @snmpoids;
    push (@snmpoids,"$bgpPeerState.$bgppeer");
    push (@snmpoids,"$bgpPeerAdminStatus.$bgppeer");
    push (@snmpoids,"$bgpPeerRemoteAs.$bgppeer");
    push (@snmpoids,"$bgpPeerLastError.$bgppeer");
    push (@snmpoids,"$bgpPeerFsmEstablishedTime.$bgppeer");
    my $result = $snmp->get_request(
        -varbindlist => \@snmpoids
    );
    if (!defined($result)) {
        my $answer = $snmp->error;
        $snmp->close;
        print ("UNKNOWN: SNMP error: $answer\n");
        exit $ERRORS{'UNKNOWN'};
    }

    if ($result->{"$bgpPeerState.$bgppeer"} ne "noSuchInstance") {
        $output = "$bgppeer (AS".
            $result->{"$bgpPeerRemoteAs.$bgppeer"}.
            ") state is ".
            $bgpPeerStates{$result->{"$bgpPeerState.$bgppeer"}};

        my $lasterror;
        my $lasterrorcode = $result->{"$bgpPeerLastError.$bgppeer"};
        if (hex($lasterrorcode) != 0) {
            $lasterrorcode = substr($lasterrorcode,2,2)." ".substr($lasterrorcode,4,2);
            my ($code,$subcode) = split(" ",$lasterrorcode);
            if (!defined($bgpErrorCodes{$lasterrorcode})) {
                $lasterror = $bgpErrorCodes{"$code 00"};
            } else {
                $lasterror = $bgpErrorCodes{$lasterrorcode};
            }
            if (!defined($lasterror)) {
                $lasterror = "Unknown ($code $subcode)";
            }
        }

        my $establishedtime = seconds_to_string($result->{"$bgpPeerFsmEstablishedTime.$bgppeer"});

        if ($result->{"$bgpPeerState.$bgppeer"} == 6) {
            $state = 'OK';
            $output .= ". Established for $establishedtime.";
        } elsif ($result->{"$bgpPeerAdminStatus.$bgppeer"} == 1) { #stop
            $state = 'WARNING'; # admin down do warning
            $output .= " (administratively down). Last established $establishedtime.";
        } else {
            $state = 'CRITICAL';
            $output .= ". Last established $establishedtime.";
        }

        if (defined($lasterror)) {
            $output .= " Last error \"$lasterror\".";
        }
    }
}
print "$state - $output\n";
exit $ERRORS{$state};

sub print_help() {
    print_revision($PROGNAME,'$Revision: 0.2 $ ');
    print "Copyright (c) 2006 Larry Low\n";
    print "This program is licensed under the terms of the\n";
    print "GNU General Public License\n(check source code for details)\n";
    print "\n";
    printf "Check BGP peer status via SNMP.\n";
    print "\n";
    print_usage();
    print "\n";
    print " -H (--hostname)   Hostname to query - (required)\n";
    print " -C (--community)  SNMP read community (defaults to public)\n";
    print " -v (--snmp_version) 1 for SNMP v1\n";
    print "                     2 for SNMP v2c (default)\n";
    print " -p {--peer}       IP of BGP Peer\n";
    print " -V (--version)    Pluging version\n";
    print " -h (--help)       usage help\n";
    print "\n";
    support();
}

sub print_usage() {
    print "Usage: \n";
    print "  $PROGNAME -H <HOSTNAME> [-C <community>] -p <bgppeer>\n";
    print "  $PROGNAME [-h | --help]\n";
    print "  $PROGNAME [-V | --version]\n";
}

sub seconds_to_string($) {
    my $time = shift;
    my $timestr = "";
    if ($time > (365.24225*24*60*60)) {
        my $years = floor($time / (365.24225*24*60*60));
        $time -= $years*365.24225*24*60*60;
        $timestr .= $years."y";
    }
    if ($time > (24*60*60)) {
        my $days = floor($time / (24*60*60));
        $time -= $days*24*60*60;
        $timestr .= $days."d";
    }
    if ($time > (60*60)) {
        my $hours = floor($time / (60*60));
        $time -= $hours*60*60;
        $timestr .= $hours."h";
    }
    if ($time > 60) {
        my $minutes = floor($time / 60);
        $time -= $minutes*60;
        $timestr .= $minutes."m";
    }
    $timestr .= $time."s";
    return $timestr;
}

Comments

Post a Comment

Popular posts from this blog

Upgrading the firmware on a standalone Fortigate unit or units in an HA cluster

-
Understanding upgrade paths: Each firmware version has an upgrade path requirement from older versions. Most of the time when you are in a MR (major release) patch level, you can upgrade straight to any patch level within the MR. ex: 1) currently, a fortigate unit is running 4.0 MR3 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You can simply upgrade it directly to 4.0 MR3 patch 11. Most of the time when you are upgrading from a MR to the next MR, you can upgrade straight to any patch level in the next MR as long as you are at the highest patch level in the lower/previous MR. ex: 1) currently, a fortigate unit is running 4.0 MR2 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You must first upgrade it to 4.0 MR2 patch 13 (highest 4.0 MR2 patch). 4) Then you can upgrade to 4.0 MR3 patch 11. You should ALWAYS refer to the release notes of the firmware release you wish to upgrade your unit. Even, for comfort, just open a ticket...
Read more

Traffic Shaping With Fortigate

-
FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di...
Read more