VPN Monitoring

Kerry Milestone Kerry.Milestone at CacheLogic.com
Thu Jun 14 12:27:10 CEST 2007


Hello Michael,

this I think are what I was after.  When doing a snmpwalk, these oids
are failing as not being present.  infact, the entire enterprise mib is
failing which suggests that I shall be looking closer at the firewall's
config & setup as to why.

i have a check BGP script running which checks for advertise neighbours
and fails should they no longer appear, ie the check script is given
known ip addresses and is kind of what I am wanting to do.  I guess even
knowing the number of normal active tunnels, and alerting should this
number change would be a close enough equivalent. 

After perusing the CheckPoint documentation, it would seem that I can
utilise the cpvTnlMonTable as within this, it has cpvTnlMonStatus - The
status of the peer.

Regards,
Kerry.





Michael Schwartzkopff wrote:
> Am Mittwoch, 13. Juni 2007 11:02 schrieb Kerry Milestone:
>   
>> are looking at the VPN status.  basic at this stage, but whether it is
>> up or not.
>>     
>
> Hi,
>
> What exactly do you want to monitor? You could use:
>
> Monitoring (nagios):
> cpvCurrEspSAsIn: "IPsec current Inbound ESP SAs"
> cpvCurrEspSAsOut: "IPsec current Outbound ESP SAs"
>
> Reporting  (MRTG):
> cpvIpsecEspEncBytes: "IPsec ESP encrypted bytes"
> cpvIpsecEspDecBytes: "IPsec ESP decrypted bytes"
>
> You also could monitor tunnels with specific partners via cpvTnlMon.
>
> Or do you want to monitor if vpn deamon is running?
>
>   

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list