I am able to see if a VPN tunnel is up using check_snmp. The OID for one of my tunnels is .1.3.6.1.4.1.9.9.171.1.2.3.1.35.3002962.
When the tunnel is up, no problems. The problem, is when the tunnel is down, because the OID is gone.
working:
/usr/lib/nagios/plugins/check_snmp -H 10.10.10.1 -C public -o .1.3.6.1.4.1.9.9.171.1.2.3.1.35.3002962
returns:
SNMP OK - 1 | iso.3.6.1.4.1.9.9.171.1.2.3.1.35.300296=1
Tunnel down and OID missing:
External command error: Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: iso.3.6.1.4.1.9.9.171.1.2.3.1.35.30029
Any ideas?
UPDATE:
Looks like I am going to have to write my own. The OID's for the tunnel change, so using a straight check_snmp won't work. Still can't find out why the check_asa_vpn add in errors out.
Best Answer
Seems it is a normal behaviour for OID
.1.3.6.1.4.1.9.9.171.1.2.3.1.35
Its value is
INTEGER: 1
when tunnel is up, but thisOID
disappears when tunnel is down.So your check should handle this : if
OID
is not found then raise an alert because tunnel is down :http://www.nycnetworkers.com/management/monitor-cisco-asa-vpn-tunnel-state-via-snmp
By the way, you could monitor OID
1.3.6.1.4.1.9.9.171.1.2.3.1.7
instead.This gives the peer of both side of the tunnel : local and remote.
https://www.appliedtrust.com/blog/2009/08/monitoring-site-site-vpns-cisco-asa
Also, there is a ready to go Perl Nagios plugin that uses this OID : https://exchange.nagios.org/directory/Plugins/Network-and-Systems-Management/check_asa_vpn/details