Anbei die Konfigurationsschritte um über Nagios Cisco ASA oder IPS Appliances zu überwachen.

Es muss Die Datei commands.cfg angepasst werden.Die entsprechenden Scripte, von der NAGIOS Community, check_cisco_asa.pl und check_cisco_ips.pl sind im Verzeichnis /libexec/ von NAGIOS erforderlich.  Anschließend müssen noch die Monitoring-Scripte für die beiden Appliances bearbeitet werden.

SNMP muss auf der ASA bzw. dem IPS aktiviert sein (mit entsprechenden Zugriffsrechten).

——–
commands.cfg:
——–

#Cisco ASA Commands
define command{
command_name    check_asa_interface
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -n $ARG2$
}

define command{
command_name    check_asa_version
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m d
}

define command{
command_name    check_asa_uptime
command_line    $USER1$/check_cisco_asa.pl -H $HOSTADDRESS$ -c $ARG1$ -m u
}
#Cisco IPS Commands
define command{
command_name    check_ips_cpu
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T cpu
}

define command{
command_name    check_ips_health
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T health
}

define command{
command_name    check_ips_mem
command_line    $USER1$/check_cisco_ips.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ -T mem

———————————————————–

——–
Host-Config-File ASA
——–

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Status Interface Interface-Name
check_command           check_asa_interface!”SNMP-Community”!”Interface-Name”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Status Interface2 Interface2-Name
check_command           check_asa_interface!”SNMP-Community”!”Interface2-Name”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Uptime
check_command           check_asa_uptime!”SNMP-Community”
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       ASA-Name
service_description     Version
check_command           check_asa_version!”SNMP-Community”!”
normal_check_interval   5
retry_check_interval       1
}

———————————————————–

——–
Host-Config-File IPS
——–

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     CPU-Load
check_command           check_ips_cpu!”Community-Name”!70%,50%,40%!90%,70%,50%
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     Sensor Health
check_command           check_ips_health!”Community-Name”!1,0,1,1!0,1,5,5
normal_check_interval   5
retry_check_interval       1
}

define service{
use                                       generic-service
host_name                       Sensor-Name
service_description     Sensor Memory Usage
check_command           check_ips_mem!”Community-Name”!60%!80%
normal_check_interval   5
retry_check_interval       1
}