[Openswan Users] tunnel monitoring and alerting
Erich Titl
erich.titl at think.ch
Wed May 27 17:21:54 EDT 2009
richard witt schrieb:
> What is everyone else using to alert when tunnels go down? We have
> MANY site to site tunnels and it seems here lately that some of them
> tend to drop for some reason and we are not alerted until the next
> day. I was thinking about just using some kind of regex tool like SEC
> to monitor the logs and then fire off an alert, but SNMP with nagios
> or solarwinds would probably be a better solution if we could get
> those to work.
I am running a little script on the "client" side of the connection
which pings a system behind the server, kind of a poor man's DPD, but it
does not depend on the availability and quality of DPD. It checks for
the ICMP return and after a certain number of misses it fires a tunnel
restart. If that fails too for a long time, it triggers the system's
watchdog. It works quite well for me.
>
> We would also like the ability to monitor the tunnels for the amount
> of traffic going across them. We are constantly having to "prove" that
> the tunnels are working fine and that the "slowness" is actually the
> applications that are going across the tunnels and their response
> times. We currently use Cacti to monitor all of our
> switches/routers/servers for this kind of information but i have not
> see where we can monitor the tunnel traffic between sites. Any
> suggestions/help would be appreciated.
Smokeping or something similar, MRTG for the traffic
cheers
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3396 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090527/f39c00e2/attachment-0001.bin
More information about the Users
mailing list