Skip to content

Instantly share code, notes, and snippets.

@spanthetree

spanthetree/check_juniper.sh

Last active March 11, 2019 21:05
Show Gist options
  • Save spanthetree/80ee52082b3f063e78cb to your computer and use it in GitHub Desktop.
Save spanthetree/80ee52082b3f063e78cb to your computer and use it in GitHub Desktop.
Download ZIP
Nagios plugin to check Juniper devices
Raw
check_juniper.sh
#!/bin/bash
##
# Bash script to check the status of a SRX cluster via Nagios.
# You can use -h to see the help file. This works by connecting via ssh to a junos device and running a specific command,
# defined in the options
#
# Inspiration for this script came from: http://www.scottyob.com/2012/07/09/monitoring-srx-chassis-cluster/
##
#########################
# Nagios exit states: #
#=======================#
# OK=0 #
# WARNING=1 #
# CRITICAL=2 #
# UNKNOWN=3 #
#########################
#function for user help
usage()
{
cat << EOF
usage:
$0 [ -H "IPADDR/HOSTNAME" -U "USERNAME" -a|-e|-c|-m|-n INT|-1 INT|-2 INT|-o "junoscommand" ]
Check the status of JSRP Cluster
OPTIONS:
-h show help
-H hostname
-U username
-a "show chassis alarms"
-e "show chassis environment"
-c "show chassis cluster status"
-m "show services ip-monitoring status"
-n "show ospf neigbor (specify an expected number of neighbors)"
-1 "show security ike security-associations (specify an expected number of SAs)"
-2 "show security ipsec security-associations (specify an exptected number of SAs)"
-o run a custom JunOS command. make sure you input command inside ""
EOF
}
host=
user=
cmd=
# get options and arguments from command line
while getopts "hH:U:aecmn12o:" opt; do
case $opt in
h) usage
exit 0
;;
H) host="$OPTARG" #host address
;;
U) user="$OPTARG" #username
;;
a) cmd="show chassis alarms"
;;
e) cmd="show chassis environment"
;;
c) cmd="show chassis cluster status"
;;
m) cmd="show services ip-monitoring status"
;;
n) cmd="show ospf neighbor"
;;
1) cmd="show security ike security-associations"
;;
2) cmd="show security ipsec security-associations"
;;
o) cmd="$OPTARG"
;;
esac
done
#if [[ $5 == "-o" && -n $6 ]]
#then
# echo "JunOS show command is: $6"
#else
# echo "JunOS show command is: $cmd"
#fi
# If you forgot to put in expected counts...
if [[ $cmd == *"ospf"* || $cmd == *"ike"* || $cmd == *"ipsec"* ]] && [[ -z $6 ]]
then
usage
echo ""
echo " ERROR: ***You must provide an expected count for this option***"
exit 3
elif [[ $5 == "-o" && -z $6 ]]
then
usage
echo ""
echo " ERROR: ***You must provide a JunOS command for this option*** "
exit 3
fi
###
# Based on the above options/args, run something specific
###
# First of all, If you'd like to run your own command...
if [[ $5 == "-o" ]]
then
ssh $user@$host $cmd
exit 3
fi
# If you're checking chassis alarms... check if there are any active alarms
if [[ $cmd == *"alarms"* ]]
then
alarmstatus=`ssh $user@$host "$cmd" | grep "alarm"`
if [[ $alarmstatus == *"No"* ]]
then
echo "No Alarms!"
exit 0
else
echo $alarmstatus
exit 2
fi
fi
# If you're checking environment...
# If you're checking chassis cluster status... check if node0 is primary in RG0
if [[ $cmd == *"cluster"* ]]
then
clusterstatus=`ssh $user@$host "$cmd" | awk 'NR == 5 {print $3}'`
if [[ $clusterstatus == "primary" ]]
then
echo "Node0 is primary in RG0"
exit 0
elif [[ $clusterstatus == "lost" ]]
then
echo "Node0 is LOST!"
exit 2
else
echo "Node0 has failed over"
exit 1
fi
fi
# If you're checking ip-monitoring status... check if status is PASS
if [[ $cmd == *"ip-monitor"* ]]
then
ipmon=`ssh $user@$host "$cmd" | awk 'NR == 6 {print $4}'`
if [[ $ipmon == "PASS" ]]
then
echo "Primary ISP is active"
exit 0
elif [[ $ipmon == "FAIL" ]]
then
echo "Primary ISP has FAILED"
exit 2
else
echo "Something went wrong.."
echo $ipmon
exit 2
fi
fi
# If you're checking ospf neigbors... count neighbors
if [[ $cmd == *"ospf"* ]]
then
if [[ `ssh $user@$host "$cmd"` != *"not running"* ]]
then
ospfnei=`ssh $user@$host "$cmd" | grep "st" | wc -l`
if [[ $ospfnei -gt $6 ]]
then
echo "Neighbor count is $ospfnei, which exceeds expectation of $6"
exit 1
elif [[ $ospfnei == $6 ]]
then
echo "Neighbor count is $ospfnei!"
exit 0
elif [[ $ospfnei != 0 && $ospfnei -lt $6 ]]
then
echo "Neighbor count is off! Neighbor count is: $ospfnei"
exit 1
elif [[ $ospfnei == 0 ]]
then
echo "There are no OSPF neighbors!"
exit 2
fi
else
echo "OSPF is not running!"
exit 1
fi
fi
# If you're checking ike... count ike associations
if [[ $cmd == *"ike"* ]]
then
ikesa=`ssh $user@$host "$cmd" | grep UP | wc -l`
if [[ $ikesa -gt $6 ]]
then
echo "SA count is $ikesa, which exceeds expectation of $6"
exit 1
elif [[ $ikesa == $6 ]]
then
echo "IKE SA count is $ikesa!"
exit 0
elif [[ $ikesa -lt $6 ]]
then
echo "WARNING! number of IKE SAs is: $ikesa"
exit 1
elif [[ $ikesa == 0 ]]
then
echo "There are no active IKE SAs!"
exit 2
fi
fi
# If you're checking ipsec... count ipsec associations
if [[ $cmd == *"ipsec"* ]]
then
ipsecsa=`ssh $user@$host "$cmd" | grep ESP | wc -l`
if [[ $ipsecsa -gt $6 ]]
then
echo "SA count is $ipsecsa, which exceeds expectation of $6"
exit 1
elif [[ $ipsecsa == $6 ]]
then
echo "IPSec SA count is $ipsecsa!"
exit 0
elif [[ $ipsecsa -lt $6 ]]
then
echo "WARNING! number of IPSec SAs is: $ipsecsa"
exit 1
elif [[ $ipsecsa == 0 ]]
then
echo "There are no IPSec SAs!"
exit 2
fi
fi
# If you've forgotten to put in args...
if [[ -z $user ]] || [[ -z $host ]] || [[ -z $cmd ]]
then
usage
exit 1
fi
# Something borked.. you should exit with a status message before hitting this line
echo "YOU SHALL NOT PASS!!"
usage
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment