EuropeanITCrow1
Apr 17, 2008Cirrus
SNMP Health Monitor
Hello *,
For my first post at DevCentral I want to show you an external monitor for checking SNMP values.
My customer has several VPN gateways using IPsec protocol.
IPsec can establish connections on two ports (4500 and 500 UDP) so it wasn’t possible to use connection limits:
Because a client may use port 500 for transferring keys but can also connect directly on port 4500 sessions cannot by counted reliably.
So my customer wanted to use SNMP queries as a health check to check the number of sessions for VPN gateways.
Because SNMP_DCA and SNMP_DCA_BASE monitors are considered as performance monitors I developed a small external monitor.
While developing my customer had several additional requirements:
1) Because access on the LTM is not allowed they want to activate/deactiviate nodes by using a webpage.
Return code False: Mark node as status session disable
Return code true: Mark node as status session enable
2) Checking the CPU utilization via SNMP
So, this is my result:
!/bin/bash
IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
curl --connect-timeout 1 -fNs http://XX.XX.XX.XX/lb/test.php?IP=${IP} | grep -i FALSE 2>&1 > /dev/null
mark node UP if expected response or no response was received
if [ $? -eq 1 ] No Answer or TRUE
then
Getting session count from GW
SESSION=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${OID}`
Getting CPU Utilization from GW
CPU=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${CPU_OID}`
if [ $? -eq 0 ] check if snmpget worked properly
then
if [ $SESSION -lt ${THRESHOLD} -a $CPU -lt ${CPU_THRESHOLD} ] Checking CPU Threshold
then echo "UP"
/bin/bigpipe node ${NODE} session enable
else /bin/bigpipe node ${NODE} session disable No more sessions for the GW
echo "UP" Keep the GW up
fi
fi
else
echo "UP"
/bin/bigpipe node ${NODE} session disable
fi
rm -f $PIDFILE
exit
I’m not sure if everything is fine, perhaps I should initialize all variables?
Does anybody see improvements I should implement?