Check Cisco ASA Connections with Nagios

Night time trafficOnce you’ve setup your Cisco ASA, you will want to monitor it to ensure that it’s operating normally. The plugin nm_check_asa_connections for Nagios, and compatible products, can warn your if the number of current connections gets too high. A very high connection count might indicate that there’s an attack under way on one of your servers, you have some hosts on your inside which are part of a botnet and is attacking someone else, or perhaps you’re just about to grow out of your current firewall and need an upgrade to a more powerful box.

The plugin is part of Nelmon, and requires some Python modules to be installed before you can use it.

Aside from the standard settings inherited from the Nelmon SNMP plugins, nm_check_asa_connections uses the -w and -c arguments.

This is an example using SNMPv2 where the plugin would report a warning state for 230000 connections and critical state for 245000 connections.

./nm_check_asa_connections -H 172.16.12.1 -P 2c -C C1sc0 -w 230000 -c 245000

An example using SNMPv3 with AES for encryption and SHA for integrity returning a warning state for 720000 and critical for 740000 connections.

./nm_check_asa_connections -H 172.16.12.1 -P 3 -L authPriv -a SHA -x AES -U snmp_user -A Authpass123 -X Privpass456 -w 720000 -c 740000

Download

Download Nelmon – The nm_check_asa_connections is located in the plugins directory.