A fork of https://github.com/wershlak/nagios_plugins focused on feature enhancements to the Cisco Stack plugin (which is originally a Python rewrite of check_snmp_cisco_stack.pl).
Current enhancements include:
- SNMP version 2(c) and 3 (SNMPv3) support.
- Support of all SNMP parameters, as detailed at https://net-snmp.svn.sourceforge.net/svnroot/net-snmp/trunk/net-snmp/python/README.
- Allows for any combination of SNMPv3 parameters.
- Provides for setting of timeouts, retries, remote port, and all other current and future parameters.
- Only connection-related options have been tested / are supported. Some advanced options may cause the program to behave unexpectedly.
- Support for Cisco VSS (Virtual Switching System) mode.
- Option for setting expected size range of stack ring.
- Show # of members in output, and show in sorted order.
- Supplying of secrets / passwords (community string / AuthPass / PrivPass) from a keyed file (or files) for security.
- Minor performance optimizations.
Full backwards compatibility with the forked version is currently maintained.
- Ensure that the Python library
netsnmpis installed.- For CentOS 7,
sudo yum install net-snmp-python.
- For CentOS 7,
- Copy scripts into the Nagios/Icinga plugin directory.
check_cisco_stack.pyis all that is currently required for the Cisco Stack plugin.
Traditional examples, INSECURE! Uses SNMPv1, and passwords passed on the command-line.
snmp-server community insecureCommunityString RO
./check_cisco_stack.py -H switch.example.com --snmp-Community insecureCommunityString
... or slightly better (still not using SNMPv3):
./check_cisco_stack.py -H switch.example.com --community-file ~/snmp.auth --community-key switch1
Where ~/snmp.auth is a "Java" properties file, such as:
switch1=somePassword1
switch2=somePassword2
Create a command definition
# 'check_cisco_stack' command definition
define command{
command_name check_cisco_stack
command_line $USER1$/check_cisco_stack.py -H $HOSTADDRESS$ $ARG1$
}
Define a service for the stack
define service{
use generic-service ; Inherit default values from a template
servicegroups <group name> ;
host_name <stack hostname>
service_description Cisco Stack
check_command check_cisco_stack! -H <ip address> -c <community>
}
(Good) Simple (strong authentication):
snmp-server group zzz-stackview v3 auth
snmp-server user zzz-stackmonitor zzz-stackview v3 auth sha somePassword
(Better) Add some principles of least privilege:
! cswSwitchInfoEntry.1
snmp-server view zzz-stackview 1.3.6.1.4.1.9.9.500.1.2.1.1.1 included
! cswSwitchInfoEntry.6
snmp-server view zzz-stackview 1.3.6.1.4.1.9.9.500.1.2.1.1.6 included
! cswGlobals.3
snmp-server view zzz-stackview 1.3.6.1.4.1.9.9.500.1.1.3 included
snmp-server group zzz-stackview v3 auth read zzz-stackview
snmp-server user zzz-stackmonitor zzz-stackview v3 auth sha somePassword
(Best) Add privacy (encryption), replacing only the last line from above:
snmp-server user zzz-stackmonitor zzz-stackview v3 auth sha someAuthPassword priv aes 128 somePrivPassword
Note that only "AES" (default 128, not 192 or 256) and "DES" (not 3DES) are supported. See http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption.
authNoPriv:
$ ./check_cisco_stack.py -H switch.example.com --snmp-Version 3 \
--snmp-SecName zzz-stackmonitor --snmp-SecLevel 'authNoPriv' \
--snmp-AuthProto SHA --auth-file ~/snmp.auth --auth-key switch1
authPriv:
$ ./check_cisco_stack.py -H switch.example.com --snmp-Version 3 \
--snmp-SecName zzz-stackmonitor --snmp-SecLevel 'authPriv' \
--snmp-AuthProto SHA --auth-file ~/snmp.auth --auth-key switch1-auth \
--snmp-PrivProto AES --priv-key switch1-priv
Cisco Stack OK - 5 Members:: 1: ready, 2: ready, 3: ready, 4: ready, 5: ready, Stack Ring is redundant.
or in VSS mode:
Cisco Stack OK - VSSwitchMode: multiNode, cvsSwitchConvertingStatus: false. VSL:: 102: UP (2/2), 103: UP (2/2). Chassis:: 2: active, up 111 days, 3:19:03, 3: standby, up 111 days, 3:19:03.
Bug reports and pull requests are welcome on GitHub at https://github.com/ziesemer/wershlak-nagios_plugins.
The gem is available as open source under the terms of the MIT License.