Anbei die Konfigurationsschritte um über Nagios Cisco ASA oder IPS Appliances zu überwachen.
Es muss Die Datei commands.cfg angepasst werden.Die entsprechenden Scripte, von der NAGIOS Community, check_cisco_asa.pl und check_cisco_ips.pl sind im Verzeichnis /libexec/ von NAGIOS erforderlich. Anschließend müssen noch die Monitoring-Scripte für die beiden Appliances bearbeitet werden.
SNMP muss auf der ASA bzw. dem IPS aktiviert sein (mit entsprechenden Zugriffsrechten).
——–
commands.cfg:
——–
#Cisco ASA Commands
define command{
command_name check_asa_interface
command_line $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -n $ARG2$
}
define command{
command_name check_asa_version
command_line $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m d
}
define command{
command_name check_asa_uptime
command_line $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m u
}
#Cisco IPS Commands
define command{
command_name check_ips_cpu
command_line $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T cpu
}
define command{
command_name check_ips_health
command_line $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T health
}
define command{
command_name check_ips_mem
command_line $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T mem
———————————————————–
——–
Host-Config-File ASA
——–
define service{
use generic-service
host_name ASA-Name
service_description Status Interface Interface-Name
check_command check_asa_interface!”SNMP-Community”!”Interface-Name”
normal_check_interval 5
retry_check_interval 1
}
define service{
use generic-service
host_name ASA-Name
service_description Status Interface2 Interface2-Name
check_command check_asa_interface!”SNMP-Community”!”Interface2-Name”
normal_check_interval 5
retry_check_interval 1
}
define service{
use generic-service
host_name ASA-Name
service_description Uptime
check_command check_asa_uptime!”SNMP-Community”
normal_check_interval 5
retry_check_interval 1
}
define service{
use generic-service
host_name ASA-Name
service_description Version
check_command check_asa_version!”SNMP-Community”!”
normal_check_interval 5
retry_check_interval 1
}
———————————————————–
——–
Host-Config-File IPS
——–
define service{
use generic-service
host_name Sensor-Name
service_description CPU-Load
check_command check_ips_cpu!”Community-Name”!70%,50%,40%!90%,70%,50%
normal_check_interval 5
retry_check_interval 1
}
define service{
use generic-service
host_name Sensor-Name
service_description Sensor Health
check_command check_ips_health!”Community-Name”!1,0,1,1!0,1,5,5
normal_check_interval 5
retry_check_interval 1
}
define service{
use generic-service
host_name Sensor-Name
service_description Sensor Memory Usage
check_command check_ips_mem!”Community-Name”!60%!80%
normal_check_interval 5
retry_check_interval 1
}