Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 6567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring high availability nodes (slave) using SNMP

Ashraful Matin

Hi,

 

I have a UTM 9 HA cluster using active and passive. I am monitoring the active node using SNMP by running a ping test. I also want to monitor passive node at the same time. Is there any way I can reach the passive node from monitoring station using SNMP. Any help will be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Halloj Ashraful and welcome to the UTM Community!

    In 'Notifications', you can activate 'CRIT-080  HA System: There is no slave node, please check your HA System' to notify via SNMP.  Other than that, the only way would be to log into the command line on the Master, and ping the other node from there.  Why aren't the built-in HA alerts adequate - what's missing for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi,

    Thanks for your reply.

    In our SNMP monitoring solution, we don't use SNMP traps. So, I cannot use "WARN-080". 

    I have added two pictures from UTM's GUI.  Is it possible to read these from any SNMP OID.

     

     

    Or is there any way we can reserve a management interface which is not included in HA configuration, so that I can reach UTM devices individually.

    Help is always appreciated.

  • 0 in reply to Ashraful Matin

    Hi Ashraful,

     

    we're faceing the same problem.

    I've solved this for us (we're monitoring the UTMs via PRTG) with a PowerShell script. The scripts logs into the shell of the UTM via an SSH Key and collects some information with the command "ha_utils". After that the script closes the ssh session again and evaluates the colltected informationen.

    The script is pasted below:

    param
        (
        [ipaddress]$ipaddress,
        [int]$port
        )

    $AllProtocols = [System.Net.SecurityProtocolType]'Tls11,Tls12'
    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

    Import-Module 'C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.1\Posh-SSH.psd1'

    if (!$port)
        {
        $port=22
        }
    else
        {
        }

    $username = "root"
    $passwort = " "  | ConvertTo-SecureString -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($username,$passwort)

    $result=""
    New-SSHSession -Port $port -ComputerName $ipaddress -Credential $credential -AcceptKey  -KeyFile PATH | Out-Null
    $sessioncheck = Get-SSHSession -SessionId 0
    if ( !$sessioncheck )
    {
        Write-Host "0:Verbindungsfehler"
        exit 2
    }
    else
    {
    }

    $result=""
    $result=Invoke-SSHCommandStream -SessionId 0 -Command "ha_utils | grep SLAVE:"
    $array=$result -split "\s+"
    $slave_status=$array[5]

    if( $slave_status -eq 'ACTIVE' )
    {
            Write-Host "100:ACTIVE-READY"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 0
    }
    elseif ( $slave_status -eq 'SYNCING' )
    {
            Write-Host "50:ACTIVE-SYNCING"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }  
    elseif ( $slave_status -eq 'UP2DATE' )
    {
            Write-Host "50:ACTIVE-UP2DATE"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }
    elseif ( $slave_status -eq 'RESERVED' )
    {
            Write-Host "50:ACTIVE-RESERVED"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }    
    elseif ( $slave_status -eq 'DEAD' )
    {
            Write-Host "0:ACTIVE-DEAD"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 2
    }
    elseif ( $slave_status -eq 'UNLINKED' )
    {
            Write-Host "0:ACTIVE-UNLINKED"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 2
        }
    else
    {
            Write-Host "0:Inaktiv"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 0
    }

    The only problem at the moment with the script is that the case of an inactive HA isn't really checked well.

    I'd prefer a way to monitor HA Status over SNMP (not over SNMP TRAP) as well but sadly there isn't a way with a Sophos UTM. SNMP isn't worked out well at Sophos.

     

    Kind regards,

    Dominik

Reply
  • 0 in reply to Ashraful Matin

    Hi Ashraful,

     

    we're faceing the same problem.

    I've solved this for us (we're monitoring the UTMs via PRTG) with a PowerShell script. The scripts logs into the shell of the UTM via an SSH Key and collects some information with the command "ha_utils". After that the script closes the ssh session again and evaluates the colltected informationen.

    The script is pasted below:

    param
        (
        [ipaddress]$ipaddress,
        [int]$port
        )

    $AllProtocols = [System.Net.SecurityProtocolType]'Tls11,Tls12'
    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

    Import-Module 'C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.1\Posh-SSH.psd1'

    if (!$port)
        {
        $port=22
        }
    else
        {
        }

    $username = "root"
    $passwort = " "  | ConvertTo-SecureString -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($username,$passwort)

    $result=""
    New-SSHSession -Port $port -ComputerName $ipaddress -Credential $credential -AcceptKey  -KeyFile PATH | Out-Null
    $sessioncheck = Get-SSHSession -SessionId 0
    if ( !$sessioncheck )
    {
        Write-Host "0:Verbindungsfehler"
        exit 2
    }
    else
    {
    }

    $result=""
    $result=Invoke-SSHCommandStream -SessionId 0 -Command "ha_utils | grep SLAVE:"
    $array=$result -split "\s+"
    $slave_status=$array[5]

    if( $slave_status -eq 'ACTIVE' )
    {
            Write-Host "100:ACTIVE-READY"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 0
    }
    elseif ( $slave_status -eq 'SYNCING' )
    {
            Write-Host "50:ACTIVE-SYNCING"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }  
    elseif ( $slave_status -eq 'UP2DATE' )
    {
            Write-Host "50:ACTIVE-UP2DATE"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }
    elseif ( $slave_status -eq 'RESERVED' )
    {
            Write-Host "50:ACTIVE-RESERVED"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 1
    }    
    elseif ( $slave_status -eq 'DEAD' )
    {
            Write-Host "0:ACTIVE-DEAD"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 2
    }
    elseif ( $slave_status -eq 'UNLINKED' )
    {
            Write-Host "0:ACTIVE-UNLINKED"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 2
        }
    else
    {
            Write-Host "0:Inaktiv"
            Remove-SSHSession -SessionId 0 | Out-Null
            exit 0
    }

    The only problem at the moment with the script is that the case of an inactive HA isn't really checked well.

    I'd prefer a way to monitor HA Status over SNMP (not over SNMP TRAP) as well but sadly there isn't a way with a Sophos UTM. SNMP isn't worked out well at Sophos.

     

    Kind regards,

    Dominik

Children
No Data
Unfiltered HTML