Monitoring von Cisco ASA und IPS über NAGIOS

Anbei die Konfigurationsschritte um über Nagios Cisco ASA oder IPS Appliances zu überwachen.

Es muss Die Datei commands.cfg angepasst werden.Die entsprechenden Scripte, von der NAGIOS Community, check_cisco_asa.pl und check_cisco_ips.pl sind im Verzeichnis /libexec/ von NAGIOS erforderlich.  Anschließend müssen noch die Monitoring-Scripte für die beiden Appliances bearbeitet werden.

SNMP muss auf der ASA bzw. dem IPS aktiviert sein (mit entsprechenden Zugriffsrechten).

——–
commands.cfg:
——–

#Cisco ASA Commands
define command{
command_name    check_asa_interface
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -n $ARG2$
}

define command{
command_name    check_asa_version
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m d
}

define command{
command_name    check_asa_uptime
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m u
}
#Cisco IPS Commands
define command{
command_name    check_ips_cpu
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T cpu
}

define command{
command_name    check_ips_health
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T health
}

define command{
command_name    check_ips_mem
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T mem

———————————————————–

——–
Host-Config-File ASA
——–

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Status Interface Interface-Name
check_command           check_asa_interface!”SNMP-Community”!”Interface-Name”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Status Interface2 Interface2-Name
check_command           check_asa_interface!”SNMP-Community”!”Interface2-Name”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Uptime
check_command           check_asa_uptime!”SNMP-Community”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Version
check_command           check_asa_version!”SNMP-Community”!”
normal_check_interval   5
retry_check_interval       1
}

———————————————————–

——–
Host-Config-File IPS
——–

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     CPU-Load
check_command           check_ips_cpu!”Community-Name”!70%,50%,40%!90%,70%,50%
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     Sensor Health
check_command           check_ips_health!”Community-Name”!1,0,1,1!0,1,5,5
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     Sensor Memory Usage
check_command           check_ips_mem!”Community-Name”!60%!80%
normal_check_interval   5
retry_check_interval       1
}