Scaling check_nwc_health to cover all ints on a device

Hi,
I’d like to request some guidance regarding scaling out the monitoring of hardware, specifically network interfaces on switches/firewalls etc using check_nwc_health

I’ve successfully installed check_nwc_health into my Icinga2 environment, added the check into Director and can execute various checks when the mode returns data regarding a single entity. For example the health of a switch, or metrics pertaining to a single interface.

However, I don’t want to have to repeat the configuration for each interface per switch. That wouldn’t be sensible or scalable. I’m assuming there is a more logical way of consuming the list of interfaces on a switch and passing that to a check. I’ve seen this come up before in threads, but nobody clearly answers how it should be approached. I also want to remain in Director, rather than break out into config files.

Any specific recommendations or guidance would be appreciated.

Thanks

Hi,

if your network team would write some information into the port description and that corresponds to a naming scheme, you can use the option for using regex.

e.g. (interface-status with snmp v3)

./check_nwc_health.pl
“–authprotocol” = “”
“–hostname” = “RouterXY”
“–mode” = “interface-status”
“–multiline” = {}
“–name3” = “^xyz”
“–privpassword” = “”
“–privprotocol” = “”
“–protocol” = “3”
“–regexp” = {}
“–timeout” = “”
“–username” = “”

Check also this check: https://github.com/NETWAYS/check_interfaces for checking the interface status. In our experience this one is faster as the check_nwc_health (perl script vs c program ) .

Thanks
They are unlikely to go through a name all the switch user interfaces etc.
Is there no way of doing it without that restriction?

What restrictions do you mean?

If you write into the port description the name of the device which is connected on the port, you can search for it. For automation you need something for looking for. With the regex filter, the scripts checks only the ports where this match. Another way I don’t know with this check.

they arent going to add a description to the user ints on an edge switch

that’s bad. maybe you find some flags or information to search for with the check.

it shouldnt be requirement to monitor via Icinga though. The likes of Zabbix and other products don’t need this.

I don’t know Zabbix. But that has nothing to do with icinga. Icinga runs only the script (your own or from somebody from the community). How to run is a requirement of the script you want to use. Other scripts have other requirements and parameter to run. Icinga trigger the script and processes the check result.
If you would run this script without a filter you will get a lot of errors. e.g. for ports where nothing is connected. Because how should this script know what is “normal”? e.g. that port 1 should be always connected, port 2 also and port 3 never on switch a, and port 1 should never connected, port 2 should connected and port 3 also on switch b etc.?

If this script is nothing for your environment maybe you create a dictionary to the host objects with the ports you want to monitor. After you create an apply for rule for this. And as check command you could use “check_snmp” or “check_snmp_int” from https://github.com/dnsmichi/manubulon-snmp.

but how does that translate to Director?

take a look here: https://icinga.com/docs/director/latest/doc/14-Fields-example-interfaces-array/ and after here https://icinga.com/docs/director/latest/doc/15-Service-apply-for-example/

If you have a database or file with the ports to monitor, you can import this into the director.

Thanks, following that through, and its worked. It’s a bit of pain having to setup the array, but beyond that it works. It could do with being documented as guide somewhere.

Since you’ve now found it working, please do so and add a new #howto . Here’s some instructions to get you started: Guidelines for writing howtos