VPN Monitoring
Kerry Milestone
Kerry.Milestone at CacheLogic.com
Thu Jun 14 12:27:10 CEST 2007
Hello Michael,
this I think are what I was after. When doing a snmpwalk, these oids
are failing as not being present. infact, the entire enterprise mib is
failing which suggests that I shall be looking closer at the firewall's
config & setup as to why.
i have a check BGP script running which checks for advertise neighbours
and fails should they no longer appear, ie the check script is given
known ip addresses and is kind of what I am wanting to do. I guess even
knowing the number of normal active tunnels, and alerting should this
number change would be a close enough equivalent.
After perusing the CheckPoint documentation, it would seem that I can
utilise the cpvTnlMonTable as within this, it has cpvTnlMonStatus - The
status of the peer.
Regards,
Kerry.
Michael Schwartzkopff wrote:
> Am Mittwoch, 13. Juni 2007 11:02 schrieb Kerry Milestone:
>
>> are looking at the VPN status. basic at this stage, but whether it is
>> up or not.
>>
>
> Hi,
>
> What exactly do you want to monitor? You could use:
>
> Monitoring (nagios):
> cpvCurrEspSAsIn: "IPsec current Inbound ESP SAs"
> cpvCurrEspSAsOut: "IPsec current Outbound ESP SAs"
>
> Reporting (MRTG):
> cpvIpsecEspEncBytes: "IPsec ESP encrypted bytes"
> cpvIpsecEspDecBytes: "IPsec ESP decrypted bytes"
>
> You also could monitor tunnels with specific partners via cpvTnlMon.
>
> Or do you want to monitor if vpn deamon is running?
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list