monitor

Enable SNMP on a Juniper Switch (EX2200)

Scott, , , Leave a comment

The following was used to enable SNMP on Juniper EX2200 series switches. It will apply to JunOS based switches aswell. I use SNMP with Cacti, an oldie but a goodie. I also use the data to populate and create network weathermaps. That’s another post.

Create a ‘public’ SNMP community, and associate that with a list of intended clients/subnets.

Dive into configure mode on your switch and use something like the following :

configure
set snmp contact "Company IT"
set snmp name “NZ-Auck-ALB-01” 
set snmp description “Office”
set snmp location “Rack 1” contact “[email protected]”
set snmp community public authorization read-only
set snmp client-list list0 192.168.2.16/32
set snmp community public client-list-name list0
commit and-quit

The command “show snmp” should now give you something that looks a bit like this :

snmp
   name “NZ-Auck-ALB-01”;
   contact "Company IT";
   description “Albany Office”;
   location "Rack 1";
   client-list list0 {
       192.168.2.16/32;
   }
   community public {
       authorization read-only;
       client-list-name list0;
   }

You can do a quick test from one of the valid clients. Retrieve the switches uptime using “snmpget”.

snmpget -v2c -mALL 192.168.27.15 -c public .1.3.6.1.2.1.1.3.0

Boom. You’re good to get some data.

Enable SNMP on a Juniper Switch (EX2200)

Monitor Certificate Expiration with Sensu

Scott, , Leave a comment

Its very easy to monitor for certificate expiry using the “check_http” script. This is part of the “nagios-plugins” package.

A basic example:

    "checks": {
        "check_cert": {
            "handlers": ["default","email"],
            "command": "/usr/lib/nagios/plugins/check_http -H :::name::: -C 30,7",
            "interval": 1440,
            "subscribers": ["jenkins"]
        }
    }
}

This would check at 24hr intervals. A warning is issued when 30 days remain on the certificate. 7 days remaining will return a critical alert.

Plenty of time to get a replacement organised and installed. 🙂

Monitor Certificate Expiration with Sensu

DHCP Scope Check

Scott, , , Leave a comment
Here’s a Powershell script you can use with Sensu (or Nagios?) to monitor DHCP scopes. To help ensure you have few spare IP addresses to hand out. The moaning never ends when you run out.
The script will request all DHCP scopes, and check the percentage used. You can define a warning and critical percentage.

Defaults:
-server localhost
-w 80% returns a warning
-c 90% returns critical

/etc/sensu/plugins/check_dhcp.ps1

param ( [string]$server = localhost,
        [int]$warn = 80,
        [int]$crit= 90
)

try {

    foreach($scope in (Get-DhcpServerv4Scope -ComputerName $server)) {
    
        if(Get-DhcpServerv4ScopeStatistics -ComputerName $server -ScopeId $scope.ScopeId | where {$_.PercentageInUse -gt $warn }) {
            #Exit with a warning if more than 80 percent in use.
            write-host "WARNING:" $scope.ScopeId "("$scope.Name") has" (Get-DhcpServerv4ScopeStatistics -ComputerName eroaddc02 -ScopeId $scope.ScopeId | Select-Object -Expand Free) "IP(s) available."
            $warning = $warnalarm+1 #exit 2
    
        } elseif(Get-DhcpServerv4ScopeStatistics -ComputerName $server -ScopeId $scope.ScopeId | where {$_.PercentageInUse -gt $crit}) {
            #Exit with a critical if more than 90 percent in use.
            write-host "CRITICAL:" $scope.ScopeId "("$scope.Name") has" (Get-DhcpServerv4ScopeStatistics -ComputerName eroaddc02 -ScopeId $scope.ScopeId | Select-Object -Expand Free) "IP(s) available."
            $crit = $warnalarm+1 #exit 1
        } else { 
            # All scopes are OK.
            write-host "OK" $scope.ScopeId "("$scope.Name") has" (Get-DhcpServerv4ScopeStatistics -ComputerName eroaddc02 -ScopeId $scope.ScopeId | Select-Object -Expand Free) "IP(s) available."
        }

    }

    if($crit) { 
        write-host "$critalarm Critical(s)"
        exit 2 
    }
    if($warning) { 
        write-host "$warnalarm Warning(s)"
        exit 1 
    }
    write-host "All OK"
    exit 0
}

Catch [System.Exception] {
    Write-Host "Could not get DHCP information or script exception found."
    exit 3 
}

Example Sensu Check

/etc/sensu/conf.d/check_dhcp.conf

"checks": {
    "dhcp_scope": {
      "handlers": ["default","email"],
      "command": "/etc/sensu/plugins/check_dhcp.ps1 -server :::name::: -warn 60 -crit 90",
      "standalone": false,
      "interval": 60,
      "subscribers": ["dhcp"]
    }
}
DHCP Scope Check