Forum Discussion

EuropeanITCrow1's avatar
EuropeanITCrow1
Icon for Cirrus rankCirrus
Apr 17, 2008

SNMP Health Monitor

Hello *,

 

 

For my first post at DevCentral I want to show you an external monitor for checking SNMP values.

 

 

My customer has several VPN gateways using IPsec protocol.

 

IPsec can establish connections on two ports (4500 and 500 UDP) so it wasn’t possible to use connection limits:

 

Because a client may use port 500 for transferring keys but can also connect directly on port 4500 sessions cannot by counted reliably.

 

 

So my customer wanted to use SNMP queries as a health check to check the number of sessions for VPN gateways.

 

 

Because SNMP_DCA and SNMP_DCA_BASE monitors are considered as performance monitors I developed a small external monitor.

 

 

While developing my customer had several additional requirements:

 

1) Because access on the LTM is not allowed they want to activate/deactiviate nodes by using a webpage.

 

Return code False: Mark node as status session disable

 

Return code true: Mark node as status session enable

 

 

2) Checking the CPU utilization via SNMP

 

 

So, this is my result:

 

 


!/bin/bash
IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
 IP=`echo ${1} | sed 's/::ffff://'`
 PORT=${2}
PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
  kill of the last instance of this monitor if hung and log current pid
 if [ -f $PIDFILE ]
 then
 kill -9 `cat $PIDFILE` > /dev/null 2>&1
 fi
 echo "$$" > $PIDFILE
curl --connect-timeout 1 -fNs http://XX.XX.XX.XX/lb/test.php?IP=${IP} | grep -i FALSE 2>&1 > /dev/null
  mark node UP if expected response or no response was received
 if [ $? -eq 1 ]  No Answer or TRUE
 then
   Getting session count from GW
   SESSION=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${OID}`
   Getting CPU Utilization from GW
   CPU=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${CPU_OID}`
  if [ $? -eq 0 ] check if snmpget worked properly
  then
     if [ $SESSION -lt ${THRESHOLD} -a $CPU -lt ${CPU_THRESHOLD} ] Checking CPU Threshold
           then echo "UP"
           /bin/bigpipe node ${NODE} session enable
      else /bin/bigpipe node ${NODE} session disable  No more sessions for the GW
           echo "UP"          Keep the GW up
    fi
  fi
 else
         echo "UP"
                  /bin/bigpipe node ${NODE} session disable
fi
 rm -f $PIDFILE
 exit

 

 

I’m not sure if everything is fine, perhaps I should initialize all variables?

 

Does anybody see improvements I should implement?

 

management
monitoring

6 Replies

Sort By
  • EuropeanITCrow1's avatar
    EuropeanITCrow1
    Icon for Cirrus rankCirrus
    Aug 20, 2008
    I've got a small improvement:

     

    Depending on your interval and timeout value one should use

     

     

    SESSION=`/usr/bin/snmpget -v2c -t 1 -r 1 -c ${COMMUNITY} -OqUv ${IP} ${OID}` and

     

    CPU=`/usr/bin/snmpget -v2c -t 1 -r 1 -c ${COMMUNITY} -OqUv ${IP} ${CPU_OID}`

     

  • Mikhail_Smirnov's avatar
    Mikhail_Smirnov
    Icon for Nimbostratus rankNimbostratus
    May 25, 2010
    I've written a similar script for enabling/disabling pool members using bigpipe command. Everything is ok when I run it from CLI shell but It doesn't work when using it from external monitor. Does monitor have enough rights to run bigpipe commands? It looks like the monitor doesn't.

     

     

    Btw monitor based on the script of topic starter cannot be applied to nodes but only to pool members. (At least on 10.1.0).

     

  • Mikhail_Smirnov's avatar
    Mikhail_Smirnov
    Icon for Nimbostratus rankNimbostratus
    May 27, 2010
    In my case it looks like a broken image. Guys from F5 support have tried my simplest example script like

     

    -----

     

    !/bin/bash

     

     

    echo "UP"

     

    bigpipe pool SamplePool member 192.168.10.51:3389 session enable

     

     

    (On my platform I disabled member 192.168.10.51:3389 first, and this member were staying disabled after I apply EAV with this script to this member)

     

    -----

     

    one a same platform/version and got positive results. I'll re-image my strongbox and look for results.

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 27, 2010
    I think you'd need to run all of the commands in the script before you echo anything to stdout. I've seen in external monitors where no further code runs after the stdout output.

     

     

    
!/bin/bash

 Run commands
bigpipe pool SamplePool member 192.168.10.51:3389 session enable

 Send something to stdout to show successful completion of the monitoring attempt
echo "UP"

     

     

    Aaron
  • Mikhail_Smirnov's avatar
    Mikhail_Smirnov
    Icon for Nimbostratus rankNimbostratus
    May 27, 2010
    I've already tried it. It looks like bigpipe command in EAV is silently ignored and other code after "UP" works as expected. I'll try to boot from another partition and try my config there.

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 27, 2010
    Yes, it's expected behavior where the script is stopped after anything is sent to stdout. So if you echo "UP" nothing else in the script will run. Therefore, you'd need to put all code you want run before you echo anything to standard output.

     

     

    I added a Codeshare example which demonstrates this:

     

    http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/TemplateForExternalLtmMonitors.html

     

     

    Aaron