What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

SSH Sensor for Unifi Ipsec monitoring

Votes:

0

Hi,

We are using Unifi Ipsec tunnels but there is no way to monitor it. The only way to see or the tunnel is up is via SSH, you can get the details via this command "show vpn ipsec sa".

Output:

peer-***.***.***.***-tunnel-0: #2, ESTABLISHED, IKEv2, **************************
-vbash: peer-***.***.***.***-tunnel-0:: command not found
  local  '***.***.***.***' @ ***.***.***.***
  remote '***.***.***.***' @ ***.***.***.***
  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  established 14150s ago, rekeying in 13945s
  peer-***.***.***.***-tunnel-6: #7, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96
    installed 485 ago, rekeying in 2246s, expires in 3115s
    in  cdbe5835, 30775130 bytes, 150960 packets,     0s ago
    out 9d6756ea, 29664699 bytes, 150544 packets,     0s ago
    local  172.*.*.*/24

I just wanna create a script that runs the command and then gives output established or Down

Kind regards

Wietse

prtg script ssh-script

Created on Feb 22, 2021 12:21:50 PM

Last change on Feb 23, 2021 8:39:23 AM by Florian Lesage [Paessler Support]



7 Replies

Votes:

0

Hello,

Thank you for your message.

Regarding what you would like to achieve, I invite you to use the SSH Script sensor to execute a script on your Ubiquiti device. Here is an example of script which might fit your needs:

#!/bin/sh

(show vpn ipsec sa | grep ESTABLISHED)  2>&1 1>/dev/null

if [ $? -eq 0 ]; then 
  echo "0:$?:UP"
else
  echo "1:$?:DOWN"
fi

The script must be located under /var/prtg/scripts and must have execution right (chmod +x your_script).

Please, notice that we do not provide support for custom scripts.

Regards.

Created on Feb 23, 2021 8:45:25 AM by Florian Lesage [Paessler Support]



Votes:

0

Hi,

Thanks for your fast reply i will give it a shot

Created on Feb 23, 2021 9:06:42 AM

Last change on Feb 23, 2021 9:25:29 AM by Florian Lesage [Paessler Support]



Votes:

0

If you do not have the necessary rights to create the folder as well as the script on your device, then I can only invite you to write a custom script on the PRTG server / probe server and execute the SSH command (show vpn ipsec sa) from it.

Then, you only have to search for the keyword "ESTABLISHED" in the result returned by the command and then send the data in PRTG. Here is the manual regarding custom sensors: https://www.paessler.com/manuals/prtg/custom_sensors

You can use one of the [[https://www.paessler.com/manuals/prtg/available_sensor_types#exeEXE/Script sensors]] or the Python Script Advanced sensor to execute the custom script.

Regards.

Created on Feb 23, 2021 9:21:09 AM by Florian Lesage [Paessler Support]

Last change on Feb 23, 2021 9:21:56 AM by Florian Lesage [Paessler Support]



Votes:

0

Hi,

I managed to get the folders created but you code above gives me the following error:

./ipsec.sh : line 3: show: command not found 1:1:DOWN

I m a total noob in this kind of scripts.

Created on Feb 23, 2021 9:49:40 AM



Votes:

0

With your current user, can you execute the command you provided (show vpn ipsec sa) from the /var/prtg/scripts folder ?

The script should be able to execute that command as you did earlier and then return the status of the VPN. Therefore, I'm afraid that I can only provide a limited support here.

Regards.

Created on Feb 23, 2021 10:11:38 AM by Florian Lesage [Paessler Support]



Votes:

0

Hi,

it is possible to run the command (show vpn ipsec sa) from /var/prtg/scripts

so that works fine it's just when we put it in a script it doesn't work.

Created on Feb 23, 2021 10:16:54 AM



Votes:

0

Thank you for the information.

Then, I can only invite you to check the current shell you are using by using echo $0 or ps $$ and modify the instruction #!/bin/sh accordingly.

If it still doesn't work, then I'm afraid that I can't help further. You should then give a try to a script on the PRTG server and execute the SSH command remotely from there.

Created on Feb 23, 2021 11:49:45 AM by Florian Lesage [Paessler Support]

Last change on Feb 23, 2021 11:50:01 AM by Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.