Last active
March 11, 2019 21:05
-
-
Save spanthetree/80ee52082b3f063e78cb to your computer and use it in GitHub Desktop.
Nagios plugin to check Juniper devices
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## | |
# Bash script to check the status of a SRX cluster via Nagios. | |
# You can use -h to see the help file. This works by connecting via ssh to a junos device and running a specific command, | |
# defined in the options | |
# | |
# Inspiration for this script came from: http://www.scottyob.com/2012/07/09/monitoring-srx-chassis-cluster/ | |
## | |
######################### | |
# Nagios exit states: # | |
#=======================# | |
# OK=0 # | |
# WARNING=1 # | |
# CRITICAL=2 # | |
# UNKNOWN=3 # | |
######################### | |
#function for user help | |
usage() | |
{ | |
cat << EOF | |
usage: | |
$0 [ -H "IPADDR/HOSTNAME" -U "USERNAME" -a|-e|-c|-m|-n INT|-1 INT|-2 INT|-o "junoscommand" ] | |
Check the status of JSRP Cluster | |
OPTIONS: | |
-h show help | |
-H hostname | |
-U username | |
-a "show chassis alarms" | |
-e "show chassis environment" | |
-c "show chassis cluster status" | |
-m "show services ip-monitoring status" | |
-n "show ospf neigbor (specify an expected number of neighbors)" | |
-1 "show security ike security-associations (specify an expected number of SAs)" | |
-2 "show security ipsec security-associations (specify an exptected number of SAs)" | |
-o run a custom JunOS command. make sure you input command inside "" | |
EOF | |
} | |
host= | |
user= | |
cmd= | |
# get options and arguments from command line | |
while getopts "hH:U:aecmn12o:" opt; do | |
case $opt in | |
h) usage | |
exit 0 | |
;; | |
H) host="$OPTARG" #host address | |
;; | |
U) user="$OPTARG" #username | |
;; | |
a) cmd="show chassis alarms" | |
;; | |
e) cmd="show chassis environment" | |
;; | |
c) cmd="show chassis cluster status" | |
;; | |
m) cmd="show services ip-monitoring status" | |
;; | |
n) cmd="show ospf neighbor" | |
;; | |
1) cmd="show security ike security-associations" | |
;; | |
2) cmd="show security ipsec security-associations" | |
;; | |
o) cmd="$OPTARG" | |
;; | |
esac | |
done | |
#if [[ $5 == "-o" && -n $6 ]] | |
#then | |
# echo "JunOS show command is: $6" | |
#else | |
# echo "JunOS show command is: $cmd" | |
#fi | |
# If you forgot to put in expected counts... | |
if [[ $cmd == *"ospf"* || $cmd == *"ike"* || $cmd == *"ipsec"* ]] && [[ -z $6 ]] | |
then | |
usage | |
echo "" | |
echo " ERROR: ***You must provide an expected count for this option***" | |
exit 3 | |
elif [[ $5 == "-o" && -z $6 ]] | |
then | |
usage | |
echo "" | |
echo " ERROR: ***You must provide a JunOS command for this option*** " | |
exit 3 | |
fi | |
### | |
# Based on the above options/args, run something specific | |
### | |
# First of all, If you'd like to run your own command... | |
if [[ $5 == "-o" ]] | |
then | |
ssh $user@$host $cmd | |
exit 3 | |
fi | |
# If you're checking chassis alarms... check if there are any active alarms | |
if [[ $cmd == *"alarms"* ]] | |
then | |
alarmstatus=`ssh $user@$host "$cmd" | grep "alarm"` | |
if [[ $alarmstatus == *"No"* ]] | |
then | |
echo "No Alarms!" | |
exit 0 | |
else | |
echo $alarmstatus | |
exit 2 | |
fi | |
fi | |
# If you're checking environment... | |
# If you're checking chassis cluster status... check if node0 is primary in RG0 | |
if [[ $cmd == *"cluster"* ]] | |
then | |
clusterstatus=`ssh $user@$host "$cmd" | awk 'NR == 5 {print $3}'` | |
if [[ $clusterstatus == "primary" ]] | |
then | |
echo "Node0 is primary in RG0" | |
exit 0 | |
elif [[ $clusterstatus == "lost" ]] | |
then | |
echo "Node0 is LOST!" | |
exit 2 | |
else | |
echo "Node0 has failed over" | |
exit 1 | |
fi | |
fi | |
# If you're checking ip-monitoring status... check if status is PASS | |
if [[ $cmd == *"ip-monitor"* ]] | |
then | |
ipmon=`ssh $user@$host "$cmd" | awk 'NR == 6 {print $4}'` | |
if [[ $ipmon == "PASS" ]] | |
then | |
echo "Primary ISP is active" | |
exit 0 | |
elif [[ $ipmon == "FAIL" ]] | |
then | |
echo "Primary ISP has FAILED" | |
exit 2 | |
else | |
echo "Something went wrong.." | |
echo $ipmon | |
exit 2 | |
fi | |
fi | |
# If you're checking ospf neigbors... count neighbors | |
if [[ $cmd == *"ospf"* ]] | |
then | |
if [[ `ssh $user@$host "$cmd"` != *"not running"* ]] | |
then | |
ospfnei=`ssh $user@$host "$cmd" | grep "st" | wc -l` | |
if [[ $ospfnei -gt $6 ]] | |
then | |
echo "Neighbor count is $ospfnei, which exceeds expectation of $6" | |
exit 1 | |
elif [[ $ospfnei == $6 ]] | |
then | |
echo "Neighbor count is $ospfnei!" | |
exit 0 | |
elif [[ $ospfnei != 0 && $ospfnei -lt $6 ]] | |
then | |
echo "Neighbor count is off! Neighbor count is: $ospfnei" | |
exit 1 | |
elif [[ $ospfnei == 0 ]] | |
then | |
echo "There are no OSPF neighbors!" | |
exit 2 | |
fi | |
else | |
echo "OSPF is not running!" | |
exit 1 | |
fi | |
fi | |
# If you're checking ike... count ike associations | |
if [[ $cmd == *"ike"* ]] | |
then | |
ikesa=`ssh $user@$host "$cmd" | grep UP | wc -l` | |
if [[ $ikesa -gt $6 ]] | |
then | |
echo "SA count is $ikesa, which exceeds expectation of $6" | |
exit 1 | |
elif [[ $ikesa == $6 ]] | |
then | |
echo "IKE SA count is $ikesa!" | |
exit 0 | |
elif [[ $ikesa -lt $6 ]] | |
then | |
echo "WARNING! number of IKE SAs is: $ikesa" | |
exit 1 | |
elif [[ $ikesa == 0 ]] | |
then | |
echo "There are no active IKE SAs!" | |
exit 2 | |
fi | |
fi | |
# If you're checking ipsec... count ipsec associations | |
if [[ $cmd == *"ipsec"* ]] | |
then | |
ipsecsa=`ssh $user@$host "$cmd" | grep ESP | wc -l` | |
if [[ $ipsecsa -gt $6 ]] | |
then | |
echo "SA count is $ipsecsa, which exceeds expectation of $6" | |
exit 1 | |
elif [[ $ipsecsa == $6 ]] | |
then | |
echo "IPSec SA count is $ipsecsa!" | |
exit 0 | |
elif [[ $ipsecsa -lt $6 ]] | |
then | |
echo "WARNING! number of IPSec SAs is: $ipsecsa" | |
exit 1 | |
elif [[ $ipsecsa == 0 ]] | |
then | |
echo "There are no IPSec SAs!" | |
exit 2 | |
fi | |
fi | |
# If you've forgotten to put in args... | |
if [[ -z $user ]] || [[ -z $host ]] || [[ -z $cmd ]] | |
then | |
usage | |
exit 1 | |
fi | |
# Something borked.. you should exit with a status message before hitting this line | |
echo "YOU SHALL NOT PASS!!" | |
usage | |
exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment