check_icmp behavior
Andreas Ericsson
ae at op5.se
Wed Aug 24 20:26:52 CEST 2005
Horvath Tamas wrote:
> Hi!
>
> The plugin output of "ICMP Unreachable" reply is OK. May I suggest to change
> check_icmp behavior to mark this kind of output as WARNING.
>
This isn't a good idea, as ICMP_UNREACH messages indicate that the host
really can't be reached. Any and all threshold values will be passed
when no responses are received.
> In which situation do I got this kind of reply? As I googled in Internet,
> the cause can be:
> - too busy router,
> - fragment needed, but don't fragment bit set.
>
Not true. Too busy router would result in too high response times (or
lost packets), while fragment needed but no fragment bit set would cause
a very specific icmp error message. check_icmp can't trigger "fragment
needed" errors, because the packets it sends are within the lowest
acceptable boundary for non-fragmented packets (64 bytes).
> I could not find those simptoms in my network. But about half of my
> responses are ICMP Unreachable, the others are normal OKs.
>
>
> My version of check_icmp plugin is:
>
> /opt/nagios/libexec/check_icmp -v
> check_icmp: Version 0.8.1 $Date: 2004/09/07 09:29:29 $
The latest modifications were made 2005-06-16. I believe one of the
things I added was forced packet interval when one of the packets
return, and a continuous trying (until packets_sent == packets_to_send
at least) even if an icmp error is received.
Try the check_icmp delivered in the package at
http://oss.op5.se/nagios/op5plugins-2005-08-22.tar.gz and see if that
works better for you. It might, but I'm not sure. If it doesn't, try
sniffing the net with some capable sniffer when things go sour for you
and let me know what you find.
> check_icmp: comments to ae at op5.se
>
> My topology is:
>
> Internet RAS
> | |
> ----------------------------------------------------Customer Public Network
> | |
> | |
> | |
> VPN concentrator Firewall CentralRouter----Customer WAN
>
> | | |
> | | |
> | | |
> ----------------------------------------------------Customer private LAN
> |
> |
> HostA
>
> We provide remote monitoring to our customer. Nagios host connect VPN
> Concentrator via IPSec. So I can only ping RAS indirectly. I go to HostA via
> SSH and run check_icmp against RAS. The route is the following:
> HostA-CentralRouter-Firewall-RAS.
>
> Everything works fine, but there are some "ICMP Unreachable from
> CentralRouter-IP for ICMP Echo sent to RAS-IP" messages.
>
> Thanks in advance!
>
> Tamas!
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list