On Mon, Oct 22, 2018 at 5:19 PM Kaushal Shriyan <[email protected]> wrote:
> Hi, > > I have the below Nagios plugin bash script > > #!/bin/bash >> # Written By Nicole >> # Any Comments or Questions please e-mail to [email protected] >> # >> # Plugin Name: check_ipsec >> # Version: 2.0 >> # Date: 26/08/2008 >> # >> # Usage: check_ipsec --tunnels <n> >> # >> # gateways.txt file must be located in same directory >> # and has to look like: >> # nameofconn1 192.168.0.1 >> # nameofconn2 192.168.1.1 >> # >> # ------------Defining Variables------------ >> PROGNAME=`basename $0` >> PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` >> REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'` >> #STRONG=`$IPSECBIN --version |grep strongSwan | wc -l` >> DOWN="" >> # ---------- Change to your needs ---------- >> PLUGINPATH="/usr/lib64/nagios/plugins" >> GATEWAYLIST="gateways.txt" >> IPSECBIN="/usr/sbin/ipsec" >> FPINGBIN="/usr/sbin/fping" >> # ping server in network on the other side of the tunnel >> PINGIP=1 # ping yes or no (1/0) >> # ------------------------------------------ >> . $PROGPATH/utils.sh >> >> # Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST >> if [ $# -eq 0 ]; >> then >> echo UNKNOWN - missing Arguments. Run check_ipsec --help >> exit $STATE_UNKNOWN >> fi >> test -e $IPSECBIN >> if [ $? -ne 0 ]; >> then >> echo CRITICAL - $IPSECBIN not exist >> exit $STATE_CRITICAL >> else >> STRONG=`$IPSECBIN --version |grep strongSwan | wc -l` >> fi >> if [ $PINGIP -eq 1 ] >> then >> test -e $FPINGBIN >> if [ $? -ne 0 ]; >> then >> echo CRITICAL - $FPINGBIN not exist >> exit $STATE_CRITICAL >> fi >> fi >> test -e $PROGPATH/$GATEWAYLIST >> if [ $? -ne 0 ]; >> then >> echo CRITICAL - $GATEWAYLIST not exist >> exit $STATE_CRITICAL >> fi >> print_usage() { >> echo "Usage:" >> echo " $PROGNAME --tunnels <number of configured tunnels>" >> echo " $PROGNAME --help" >> echo " $PROGNAME --version" >> echo " Created by Nicole, questions or problems e-mail >> [email protected]" >> echo "" >> } >> print_help() { >> print_revision $PROGNAME $REVISION >> echo "" >> print_usage >> echo " Checks vpn connection status of an openswan or strongswan >> installation." >> echo "" >> echo " --tunnels <number of configured tunnels>" >> echo " -T <number of configured tunnels>" >> echo " provides the tunnel status of the openswan or strongswan >> installation" >> echo "" >> echo " --help" >> echo " -h" >> echo " prints this help screen" >> echo "" >> echo " --version" >> echo " -V" >> echo " Print version and license information" >> echo "" >> } >> check_tunnel() { >> if [[ "$STRONG" -eq "1" ]] >> then >> eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e >> "newest IPSEC" | wc -l` >> else >> eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | >> grep -e "newest IPSEC" | wc -l` >> fi >> >> if [[ "$eroutes" -eq "$2" ]] >> then >> echo "OK - All $2 tunnels are up an running" >> exit $STATE_OK >> elif [[ "$eroutes" -gt "$2" ]] >> then >> echo "WARNING - More than $2 ($eroutes) tunnels are up an running" >> exit $STATE_WARNING >> else >> echo "CRITICAL - Only $eroutes tunnels from $2 are up an running - >> $(location)" >> exit $STATE_CRITICAL >> fi >> } >> >> location() { >> count=0 >> i=1 >> while read line; do >> CONN=`echo $line| awk '{print $1}'` >> IP=`echo $line| awk '{print $2}'` >> if [[ "$STRONG" -eq "1" ]] >> then >> tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep >> -e "newest IPSEC" |grep -e $CONN | wc -l` >> else >> tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established" >> | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l` >> fi >> if [[ "$tunneltest" -eq "0" ]] >> then >> count=$[$count+1] >> DOWN="$DOWN $CONN" >> fi >> if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]] >> then >> alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l` >> if [[ "$alive" -eq "0" ]] >> then >> count=$[$count+1] >> DOWN="$DOWN $CONN (no ping)" >> fi >> fi >> >> i=$[$i+1] >> done < $PLUGINPATH/$GATEWAYLIST >> echo $DOWN >> } >> >> case "$1" in >> --help) >> print_help >> exit $STATE_OK >> ;; >> -h) >> print_help >> exit $STATE_OK >> ;; >> --version) >> print_revision $PLUGIN $REVISION >> exit $STATE_OK >> ;; >> -V) >> print_revision $PLUGIN $REVISION >> exit $STATE_OK >> ;; >> --tunnels) >> check_tunnel $1 $2 >> ;; >> -T) >> check_tunnel $1 $2 >> ;; >> *) >> print_help >> exit $STATE_OK >> esac > > > [root@ plugins]#./check_ipsec --tunnels 2 > *OK - All 2 tunnels are up an running* > [root@ plugins]# > > *ipsec whack --globalstatus* >> config.setup.ike.ddos_threshold=25000 >> config.setup.ike.max_halfopen=50000 >> current.states.all=5 >> current.states.ipsec=2 >> current.states.ike=2 >> current.states.shunts=1 >> current.states.iketype.anonymous=0 >> current.states.iketype.authenticated=2 >> current.states.iketype.halfopen=0 >> current.states.iketype.open=0 >> current.states.enumerate.STATE_MAIN_R0=0 >> current.states.enumerate.STATE_MAIN_I1=0 >> current.states.enumerate.STATE_MAIN_R1=0 >> current.states.enumerate.STATE_MAIN_I2=0 >> current.states.enumerate.STATE_MAIN_R2=0 >> current.states.enumerate.STATE_MAIN_I3=0 >> current.states.enumerate.STATE_MAIN_R3=0 >> current.states.enumerate.STATE_MAIN_I4=2 >> current.states.enumerate.STATE_AGGR_R0=0 >> current.states.enumerate.STATE_AGGR_I1=0 >> current.states.enumerate.STATE_AGGR_R1=0 >> current.states.enumerate.STATE_AGGR_I2=0 >> current.states.enumerate.STATE_AGGR_R2=0 >> current.states.enumerate.STATE_QUICK_R0=0 >> current.states.enumerate.STATE_QUICK_I1=0 >> current.states.enumerate.STATE_QUICK_R1=0 >> current.states.enumerate.STATE_QUICK_I2=2 >> current.states.enumerate.STATE_QUICK_R2=0 >> current.states.enumerate.STATE_INFO=0 >> current.states.enumerate.STATE_INFO_PROTECTED=0 >> current.states.enumerate.STATE_XAUTH_R0=0 >> current.states.enumerate.STATE_XAUTH_R1=0 >> current.states.enumerate.STATE_MODE_CFG_R0=0 >> current.states.enumerate.STATE_MODE_CFG_R1=0 >> current.states.enumerate.STATE_MODE_CFG_R2=0 >> current.states.enumerate.STATE_MODE_CFG_I1=0 >> current.states.enumerate.STATE_XAUTH_I0=0 >> current.states.enumerate.STATE_XAUTH_I1=0 >> current.states.enumerate.STATE_IKEv2_BASE=0 >> current.states.enumerate.STATE_PARENT_I1=0 >> current.states.enumerate.STATE_PARENT_I2=0 >> current.states.enumerate.STATE_PARENT_I3=0 >> current.states.enumerate.STATE_PARENT_R1=0 >> current.states.enumerate.STATE_PARENT_R2=0 >> current.states.enumerate.STATE_V2_CREATE_I0=0 >> current.states.enumerate.STATE_V2_CREATE_I=0 >> current.states.enumerate.STATE_V2_REKEY_IKE_I0=0 >> current.states.enumerate.STATE_V2_REKEY_IKE_I=0 >> current.states.enumerate.STATE_V2_REKEY_CHILD_I0=0 >> current.states.enumerate.STATE_V2_REKEY_CHILD_I=0 >> current.states.enumerate.STATE_V2_CREATE_R=0 >> current.states.enumerate.STATE_V2_REKEY_IKE_R=0 >> current.states.enumerate.STATE_V2_REKEY_CHILD_R=0 >> current.states.enumerate.STATE_V2_IPSEC_I=0 >> current.states.enumerate.STATE_V2_IPSEC_R=0 >> current.states.enumerate.STATE_IKESA_DEL=0 >> current.states.enumerate.STATE_CHILDSA_DEL=0 >> total.ipsec.type.all=86 >> total.ipsec.type.esp=1514 >> total.ipsec.type.ah=0 >> total.ipsec.type.ipcomp=0 >> total.ipsec.type.esn=0 >> total.ipsec.type.tfc=0 >> total.ipsec.type.encap=0 >> total.ipsec.type.non_encap=1514 >> total.ipsec.traffic.in=7497596 >> total.ipsec.traffic.out=20134927 >> total.ike.ikev2.established=0 >> total.ike.ikev2.failed=0 >> total.ike.ikev1.established=2241 >> total.ike.ikev1.failed=16 >> total.ike.dpd.sent=0 >> total.ike.dpd.recv=0 >> total.ike.dpd.replied=420970 >> total.ike.traffic.in=40535112 >> total.ike.traffic.out=40601452 >> total.xauth.started=0 >> total.xauth.stopped=0 >> total.xauth.aborted=0 >> total.ikev1.encr.3DES_CBC=0 >> total.ikev1.encr.CAST_CBC=0 >> total.ikev1.encr.AES_CBC=2241 >> total.ikev1.encr.CAMELLIA_CBC=0 >> total.ikev1.encr.AES_CTR=0 >> total.ikev1.encr.AES_CCM_A=0 >> total.ikev1.encr.AES_CCM_B=0 >> total.ikev1.encr.AES_CCM_16=0 >> total.ikev1.encr.AES_GCM_A=0 >> total.ikev1.encr.AES_GCM_B=0 >> total.ikev1.encr.AES_GCM_C=0 >> total.ikev1.encr.CAMELLIA_CTR=0 >> total.ikev1.encr.CAMELLIA_CCM_A=0 >> total.ikev1.encr.CAMELLIA_CCM_B=0 >> total.ikev1.encr.CAMELLIA_CCM_C=0 >> total.ikev1.integ.MD5=0 >> total.ikev1.integ.SHA1=2241 >> total.ikev1.integ.SHA2_256=0 >> total.ikev1.integ.SHA2_384=0 >> total.ikev1.integ.SHA2_512=0 >> total.ikev1.group.MODP768=0 >> total.ikev1.group.MODP1024=2241 >> total.ikev1.group.MODP1536=0 >> total.ikev1.group.MODP2048=0 >> total.ikev1.group.MODP3072=0 >> total.ikev1.group.MODP4096=0 >> total.ikev1.group.MODP6144=0 >> total.ikev1.group.MODP8192=0 >> total.ikev1.group.ECP_256=0 >> total.ikev1.group.ECP_384=0 >> total.ikev1.group.ECP_521=0 >> total.ikev1.group.DH22=0 >> total.ikev1.group.DH23=0 >> total.ikev1.group.DH24=0 >> total.ikev1.group.ECP_192=0 >> total.ikev1.group.ECP_224=0 >> total.ikev1.group.BRAINPOOL_P224R1=0 >> total.ikev1.group.BRAINPOOL_P256R1=0 >> total.ikev1.group.BRAINPOOL_P384R1=0 >> total.ikev1.group.BRAINPOOL_P512R1=0 >> total.ikev1.group.CURVE25519=0 >> total.ikev1.group.CURVE448=0 >> total.ikev2.encr.3DES=0 >> total.ikev2.encr.CAST=0 >> total.ikev2.encr.NULL=0 >> total.ikev2.encr.AES_CBC=0 >> total.ikev2.encr.AES_CTR=0 >> total.ikev2.encr.AES_CCM_A=0 >> total.ikev2.encr.AES_CCM_B=0 >> total.ikev2.encr.AES_CCM_C=0 >> total.ikev2.encr.AES_GCM_A=0 >> total.ikev2.encr.AES_GCM_B=0 >> total.ikev2.encr.AES_GCM_C=0 >> total.ikev2.encr.NULL_AUTH_AES_GMAC=0 >> total.ikev2.encr.CAMELLIA_CBC=0 >> total.ikev2.encr.CAMELLIA_CTR=0 >> total.ikev2.encr.CAMELLIA_CCM_A=0 >> total.ikev2.encr.CAMELLIA_CCM_B=0 >> total.ikev2.encr.CAMELLIA_CCM_C=0 >> total.ikev2.encr.CHACHA20_POLY1305=0 >> total.ikev2.integ.HMAC_MD5_96=0 >> total.ikev2.integ.HMAC_SHA1_96=0 >> total.ikev2.integ.AES_XCBC_96=0 >> total.ikev2.integ.HMAC_MD5_128=0 >> total.ikev2.integ.HMAC_SHA1_160=0 >> total.ikev2.integ.AES_CMAC_96=0 >> total.ikev2.integ.AES_128_GMAC=0 >> total.ikev2.integ.AES_192_GMAC=0 >> total.ikev2.integ.AES_256_GMAC=0 >> total.ikev2.integ.HMAC_SHA2_256_128=0 >> total.ikev2.integ.HMAC_SHA2_384_192=0 >> total.ikev2.integ.HMAC_SHA2_512_256=86 >> total.ikev2.group.MODP768=0 >> total.ikev2.group.MODP1024=0 >> total.ikev2.group.MODP1536=0 >> total.ikev2.group.MODP2048=0 >> total.ikev2.group.MODP3072=0 >> total.ikev2.group.MODP4096=0 >> total.ikev2.group.MODP6144=0 >> total.ikev2.group.MODP8192=0 >> total.ikev2.group.ECP_256=0 >> total.ikev2.group.ECP_384=0 >> total.ikev2.group.ECP_521=0 >> total.ikev2.group.DH22=0 >> total.ikev2.group.DH23=0 >> total.ikev2.group.DH24=0 >> total.ikev2.group.ECP_192=0 >> total.ikev2.group.ECP_224=0 >> total.ikev2.group.BRAINPOOL_P224R1=0 >> total.ikev2.group.BRAINPOOL_P256R1=0 >> total.ikev2.group.BRAINPOOL_P384R1=0 >> total.ikev2.group.BRAINPOOL_P512R1=0 >> total.ikev2.group.CURVE25519=0 >> total.ikev2.group.CURVE448=0 >> total.ikev2.recv.invalidke.using.MODP768=0 >> total.ikev2.recv.invalidke.using.MODP1024=0 >> total.ikev2.recv.invalidke.using.MODP1536=0 >> total.ikev2.recv.invalidke.using.MODP2048=0 >> total.ikev2.recv.invalidke.using.MODP3072=0 >> total.ikev2.recv.invalidke.using.MODP4096=0 >> total.ikev2.recv.invalidke.using.MODP6144=0 >> total.ikev2.recv.invalidke.using.MODP8192=0 >> total.ikev2.recv.invalidke.using.ECP_256=0 >> total.ikev2.recv.invalidke.using.ECP_384=0 >> total.ikev2.recv.invalidke.using.ECP_521=0 >> total.ikev2.recv.invalidke.using.DH22=0 >> total.ikev2.recv.invalidke.using.DH23=0 >> total.ikev2.recv.invalidke.using.DH24=0 >> total.ikev2.recv.invalidke.using.ECP_192=0 >> total.ikev2.recv.invalidke.using.ECP_224=0 >> total.ikev2.recv.invalidke.using.BRAINPOOL_P224R1=0 >> total.ikev2.recv.invalidke.using.BRAINPOOL_P256R1=0 >> total.ikev2.recv.invalidke.using.BRAINPOOL_P384R1=0 >> total.ikev2.recv.invalidke.using.BRAINPOOL_P512R1=0 >> total.ikev2.recv.invalidke.using.CURVE25519=0 >> total.ikev2.recv.invalidke.using.CURVE448=0 >> total.ikev2.recv.invalidke.suggesting.MODP768=0 >> total.ikev2.recv.invalidke.suggesting.MODP1024=0 >> total.ikev2.recv.invalidke.suggesting.MODP1536=0 >> total.ikev2.recv.invalidke.suggesting.MODP2048=0 >> total.ikev2.recv.invalidke.suggesting.MODP3072=0 >> total.ikev2.recv.invalidke.suggesting.MODP4096=0 >> total.ikev2.recv.invalidke.suggesting.MODP6144=0 >> total.ikev2.recv.invalidke.suggesting.MODP8192=0 >> total.ikev2.recv.invalidke.suggesting.ECP_256=0 >> total.ikev2.recv.invalidke.suggesting.ECP_384=0 >> total.ikev2.recv.invalidke.suggesting.ECP_521=0 >> total.ikev2.recv.invalidke.suggesting.DH22=0 >> total.ikev2.recv.invalidke.suggesting.DH23=0 >> total.ikev2.recv.invalidke.suggesting.DH24=0 >> total.ikev2.recv.invalidke.suggesting.ECP_192=0 >> total.ikev2.recv.invalidke.suggesting.ECP_224=0 >> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P224R1=0 >> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P256R1=0 >> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P384R1=0 >> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P512R1=0 >> total.ikev2.recv.invalidke.suggesting.CURVE25519=0 >> total.ikev2.recv.invalidke.suggesting.CURVE448=0 >> total.ikev2.sent.invalidke.using.MODP768=0 >> total.ikev2.sent.invalidke.using.MODP1024=0 >> total.ikev2.sent.invalidke.using.MODP1536=0 >> total.ikev2.sent.invalidke.using.MODP2048=0 >> total.ikev2.sent.invalidke.using.MODP3072=0 >> total.ikev2.sent.invalidke.using.MODP4096=0 >> total.ikev2.sent.invalidke.using.MODP6144=0 >> total.ikev2.sent.invalidke.using.MODP8192=0 >> total.ikev2.sent.invalidke.using.ECP_256=0 >> total.ikev2.sent.invalidke.using.ECP_384=0 >> total.ikev2.sent.invalidke.using.ECP_521=0 >> total.ikev2.sent.invalidke.using.DH22=0 >> total.ikev2.sent.invalidke.using.DH23=0 >> total.ikev2.sent.invalidke.using.DH24=0 >> total.ikev2.sent.invalidke.using.ECP_192=0 >> total.ikev2.sent.invalidke.using.ECP_224=0 >> total.ikev2.sent.invalidke.using.BRAINPOOL_P224R1=0 >> total.ikev2.sent.invalidke.using.BRAINPOOL_P256R1=0 >> total.ikev2.sent.invalidke.using.BRAINPOOL_P384R1=0 >> total.ikev2.sent.invalidke.using.BRAINPOOL_P512R1=0 >> total.ikev2.sent.invalidke.using.CURVE25519=0 >> total.ikev2.sent.invalidke.using.CURVE448=0 >> total.ikev2.sent.invalidke.suggesting.MODP768=0 >> total.ikev2.sent.invalidke.suggesting.MODP1024=0 >> total.ikev2.sent.invalidke.suggesting.MODP1536=0 >> total.ikev2.sent.invalidke.suggesting.MODP2048=0 >> total.ikev2.sent.invalidke.suggesting.MODP3072=0 >> total.ikev2.sent.invalidke.suggesting.MODP4096=0 >> total.ikev2.sent.invalidke.suggesting.MODP6144=0 >> total.ikev2.sent.invalidke.suggesting.MODP8192=0 >> total.ikev2.sent.invalidke.suggesting.ECP_256=0 >> total.ikev2.sent.invalidke.suggesting.ECP_384=0 >> total.ikev2.sent.invalidke.suggesting.ECP_521=0 >> total.ikev2.sent.invalidke.suggesting.DH22=0 >> total.ikev2.sent.invalidke.suggesting.DH23=0 >> total.ikev2.sent.invalidke.suggesting.DH24=0 >> total.ikev2.sent.invalidke.suggesting.ECP_192=0 >> total.ikev2.sent.invalidke.suggesting.ECP_224=0 >> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P224R1=0 >> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P256R1=0 >> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P384R1=0 >> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P512R1=0 >> total.ikev2.sent.invalidke.suggesting.CURVE25519=0 >> total.ikev2.sent.invalidke.suggesting.CURVE448=0 >> total.ipsec.encr.3DES=0 >> total.ipsec.encr.CAST=0 >> total.ipsec.encr.NULL=0 >> total.ipsec.encr.AES_CBC=1514 >> total.ipsec.encr.AES_CTR=0 >> total.ipsec.encr.AES_CCM_A=0 >> total.ipsec.encr.AES_CCM_B=0 >> total.ipsec.encr.AES_CCM_C=0 >> total.ipsec.encr.AES_GCM_A=0 >> total.ipsec.encr.AES_GCM_B=0 >> total.ipsec.encr.AES_GCM_C=0 >> total.ipsec.encr.NULL_AUTH_AES_GMAC=0 >> total.ipsec.encr.CAMELLIA_CBC=0 >> total.ipsec.encr.CAMELLIA_CTR=0 >> total.ipsec.encr.CAMELLIA_CCM_A=0 >> total.ipsec.encr.CAMELLIA_CCM_B=0 >> total.ipsec.encr.CAMELLIA_CCM_C=0 >> total.ipsec.encr.CHACHA20_POLY1305=0 >> total.ipsec.integ.HMAC_MD5=0 >> total.ipsec.integ.HMAC_SHA1=1514 >> total.ipsec.integ.HMAC_SHA2_256=0 >> total.ipsec.integ.HMAC_SHA2_384=0 >> total.ipsec.integ.HMAC_SHA2_512=0 >> total.ipsec.integ.HMAC_RIPEMD=0 >> total.ipsec.integ.AES_XCBC=0 >> total.ipsec.integ.AES_128_GMAC=0 >> total.ipsec.integ.AES_192_GMAC=0 >> total.ipsec.integ.AES_256_GMAC=0 >> total.ikev1.sent.notifies.error.INVALID_PAYLOAD_TYPE=0 >> total.ikev1.sent.notifies.error.DOI_NOT_SUPPORTED=0 >> total.ikev1.sent.notifies.error.SITUATION_NOT_SUPPORTED=0 >> total.ikev1.sent.notifies.error.INVALID_COOKIE=0 >> total.ikev1.sent.notifies.error.INVALID_MAJOR_VERSION=0 >> total.ikev1.sent.notifies.error.INVALID_MINOR_VERSION=0 >> total.ikev1.sent.notifies.error.INVALID_EXCHANGE_TYPE=0 >> total.ikev1.sent.notifies.error.INVALID_FLAGS=0 >> total.ikev1.sent.notifies.error.INVALID_MESSAGE_ID=0 >> total.ikev1.sent.notifies.error.INVALID_PROTOCOL_ID=0 >> total.ikev1.sent.notifies.error.INVALID_SPI=0 >> total.ikev1.sent.notifies.error.INVALID_TRANSFORM_ID=0 >> total.ikev1.sent.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0 >> total.ikev1.sent.notifies.error.NO_PROPOSAL_CHOSEN=0 >> total.ikev1.sent.notifies.error.BAD_PROPOSAL_SYNTAX=0 >> total.ikev1.sent.notifies.error.PAYLOAD_MALFORMED=2 >> total.ikev1.sent.notifies.error.INVALID_KEY_INFORMATION=0 >> total.ikev1.sent.notifies.error.INVALID_ID_INFORMATION=0 >> total.ikev1.sent.notifies.error.INVALID_CERT_ENCODING=0 >> total.ikev1.sent.notifies.error.INVALID_CERTIFICATE=0 >> total.ikev1.sent.notifies.error.CERT_TYPE_UNSUPPORTED=0 >> total.ikev1.sent.notifies.error.INVALID_CERT_AUTHORITY=0 >> total.ikev1.sent.notifies.error.INVALID_HASH_INFORMATION=0 >> total.ikev1.sent.notifies.error.AUTHENTICATION_FAILED=0 >> total.ikev1.sent.notifies.error.INVALID_SIGNATURE=0 >> total.ikev1.sent.notifies.error.ADDRESS_NOTIFICATION=0 >> total.ikev1.sent.notifies.error.NOTIFY_SA_LIFETIME=0 >> total.ikev1.sent.notifies.error.CERTIFICATE_UNAVAILABLE=0 >> total.ikev1.sent.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0 >> total.ikev1.sent.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0 >> total.ikev1.recv.notifies.error.INVALID_PAYLOAD_TYPE=0 >> total.ikev1.recv.notifies.error.DOI_NOT_SUPPORTED=0 >> total.ikev1.recv.notifies.error.SITUATION_NOT_SUPPORTED=0 >> total.ikev1.recv.notifies.error.INVALID_COOKIE=0 >> total.ikev1.recv.notifies.error.INVALID_MAJOR_VERSION=0 >> total.ikev1.recv.notifies.error.INVALID_MINOR_VERSION=0 >> total.ikev1.recv.notifies.error.INVALID_EXCHANGE_TYPE=0 >> total.ikev1.recv.notifies.error.INVALID_FLAGS=0 >> total.ikev1.recv.notifies.error.INVALID_MESSAGE_ID=0 >> total.ikev1.recv.notifies.error.INVALID_PROTOCOL_ID=0 >> total.ikev1.recv.notifies.error.INVALID_SPI=0 >> total.ikev1.recv.notifies.error.INVALID_TRANSFORM_ID=0 >> total.ikev1.recv.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0 >> total.ikev1.recv.notifies.error.NO_PROPOSAL_CHOSEN=0 >> total.ikev1.recv.notifies.error.BAD_PROPOSAL_SYNTAX=0 >> total.ikev1.recv.notifies.error.PAYLOAD_MALFORMED=0 >> total.ikev1.recv.notifies.error.INVALID_KEY_INFORMATION=0 >> total.ikev1.recv.notifies.error.INVALID_ID_INFORMATION=0 >> total.ikev1.recv.notifies.error.INVALID_CERT_ENCODING=0 >> total.ikev1.recv.notifies.error.INVALID_CERTIFICATE=0 >> total.ikev1.recv.notifies.error.CERT_TYPE_UNSUPPORTED=0 >> total.ikev1.recv.notifies.error.INVALID_CERT_AUTHORITY=0 >> total.ikev1.recv.notifies.error.INVALID_HASH_INFORMATION=0 >> total.ikev1.recv.notifies.error.AUTHENTICATION_FAILED=0 >> total.ikev1.recv.notifies.error.INVALID_SIGNATURE=0 >> total.ikev1.recv.notifies.error.ADDRESS_NOTIFICATION=0 >> total.ikev1.recv.notifies.error.NOTIFY_SA_LIFETIME=0 >> total.ikev1.recv.notifies.error.CERTIFICATE_UNAVAILABLE=0 >> total.ikev1.recv.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0 >> total.ikev1.recv.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0 >> total.ikev2.sent.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0 >> total.ikev2.sent.notifies.error.INVALID_IKE_SPI=0 >> total.ikev2.sent.notifies.error.INVALID_MAJOR_VERSION=0 >> total.ikev2.sent.notifies.error.INVALID_SYNTAX=0 >> total.ikev2.sent.notifies.error.INVALID_MESSAGE_ID=0 >> total.ikev2.sent.notifies.error.INVALID_SPI=0 >> total.ikev2.sent.notifies.error.NO_PROPOSAL_CHOSEN=0 >> total.ikev2.sent.notifies.error.INVALID_KE_PAYLOAD=0 >> total.ikev2.sent.notifies.error.AUTHENTICATION_FAILED=0 >> total.ikev2.sent.notifies.error.SINGLE_PAIR_REQUIRED=0 >> total.ikev2.sent.notifies.error.NO_ADDITIONAL_SAS=0 >> total.ikev2.sent.notifies.error.INTERNAL_ADDRESS_FAILURE=0 >> total.ikev2.sent.notifies.error.FAILED_CP_REQUIRED=0 >> total.ikev2.sent.notifies.error.TS_UNACCEPTABLE=0 >> total.ikev2.sent.notifies.error.INVALID_SELECTORS=0 >> total.ikev2.sent.notifies.error.UNACCEPTABLE_ADDRESSES=0 >> total.ikev2.sent.notifies.error.UNEXPECTED_NAT_DETECTED=0 >> total.ikev2.sent.notifies.error.USE_ASSIGNED_HoA=0 >> total.ikev2.sent.notifies.error.TEMPORARY_FAILURE=0 >> total.ikev2.sent.notifies.error.CHILD_SA_NOT_FOUND=0 >> total.ikev2.sent.notifies.error.INVALID_GROUP_ID=0 >> total.ikev2.sent.notifies.error.AUTHORIZATION_FAILED=0 >> total.ikev2.recv.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0 >> total.ikev2.recv.notifies.error.INVALID_IKE_SPI=0 >> total.ikev2.recv.notifies.error.INVALID_MAJOR_VERSION=0 >> total.ikev2.recv.notifies.error.INVALID_SYNTAX=0 >> total.ikev2.recv.notifies.error.INVALID_MESSAGE_ID=0 >> total.ikev2.recv.notifies.error.INVALID_SPI=0 >> total.ikev2.recv.notifies.error.NO_PROPOSAL_CHOSEN=0 >> total.ikev2.recv.notifies.error.INVALID_KE_PAYLOAD=0 >> total.ikev2.recv.notifies.error.AUTHENTICATION_FAILED=0 >> total.ikev2.recv.notifies.error.SINGLE_PAIR_REQUIRED=0 >> total.ikev2.recv.notifies.error.NO_ADDITIONAL_SAS=0 >> total.ikev2.recv.notifies.error.INTERNAL_ADDRESS_FAILURE=0 >> total.ikev2.recv.notifies.error.FAILED_CP_REQUIRED=0 >> total.ikev2.recv.notifies.error.TS_UNACCEPTABLE=0 >> total.ikev2.recv.notifies.error.INVALID_SELECTORS=0 >> total.ikev2.recv.notifies.error.UNACCEPTABLE_ADDRESSES=0 >> total.ikev2.recv.notifies.error.UNEXPECTED_NAT_DETECTED=0 >> total.ikev2.recv.notifies.error.USE_ASSIGNED_HoA=0 >> total.ikev2.recv.notifies.error.TEMPORARY_FAILURE=0 >> total.ikev2.recv.notifies.error.CHILD_SA_NOT_FOUND=0 >> total.ikev2.recv.notifies.error.INVALID_GROUP_ID=0 >> total.ikev2.recv.notifies.error.AUTHORIZATION_FAILED=0 > > > *ipsec whack --trafficstatus* >> 006 #5023: "neustar-sterling-primary", type=ESP, add_time=1540207376, >> inBytes=9709, outBytes=3602, id='121.114.10.5' >> 006 #5019: "neustar-sterling-secondary", type=ESP, add_time=1540206027, >> inBytes=678, outBytes=246, id='121.114.11.5' > > > > What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec > whack --trafficstatus *as part of monitoring? > Thanks in Advance. > > Best Regards, > > Kaushal > >> >> Hi, Checking in again if someone can pitch in for my earlier post to this mailing list. Thanks in Advance What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec whack --trafficstatus *as part of monitoring? Best Regards, Kaushal
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
