check_bgp_cisco

Check BGP Peer Status

#!/bin/bash

# Default
VERBOSE=0
DESC_FILE=""

# Parse arguments
while getopts "H:u:a:p:A:X:f:v" opt; do
  case $opt in
    H) HOST="$OPTARG" ;;
    u) USER="$OPTARG" ;;
    a) AUTH_PASS="$OPTARG" ;;
    p) PRIV_PASS="$OPTARG" ;;
    A) AUTH_PROTO="$OPTARG" ;;
    X) PRIV_PROTO="$OPTARG" ;;
    f) DESC_FILE="$OPTARG" ;;
    v) VERBOSE=1 ;;
    *) echo "Usage: $0 -H host -u user -a auth_pass -p priv_pass -A auth_proto -X priv_proto [-f description.csv] [-v]"; exit 3 ;;
  esac
done

# Validate inputs
if [[ -z "$HOST" || -z "$USER" || -z "$AUTH_PASS" || -z "$PRIV_PASS" || -z "$AUTH_PROTO" || -z "$PRIV_PROTO" ]]; then
  echo "UNKNOWN - Missing required arguments"
  exit 3
fi

# Load descriptions if provided
declare -A DESC_MAP
if [[ -n "$DESC_FILE" && -f "$DESC_FILE" ]]; then
  while IFS=',' read -r name ip; do
    DESC_MAP["$ip"]="$name"
  done < "$DESC_FILE"
fi

# OIDs
STATE_OID="1.3.6.1.2.1.15.3.1.2"
ADMIN_OID="1.3.6.1.2.1.15.3.1.3"
ASN_OID="1.3.6.1.2.1.15.3.1.9"

# SNMP walk
walk() {
  snmpwalk -v3 -u "$USER" -a "$AUTH_PROTO" -A "$AUTH_PASS" -x "$PRIV_PROTO" -X "$PRIV_PASS" -l authPriv "$HOST" "$1" 2>/dev/null
}

STATE_RAW=$(walk "$STATE_OID")
ADMIN_RAW=$(walk "$ADMIN_OID")
ASN_RAW=$(walk "$ASN_OID")

# Parse into maps
declare -A STATE_MAP ADMIN_MAP ASN_MAP

parse_snmp() {
  local raw="$1" oid="$2" - line ip val
  while IFS= read -r line; do
    ip=$(echo "$line" | sed -E "s/.*$oid\.//" | awk '{print $1}' | tr '.' ' ' | awk '{print $(NF-3)"."$(NF-2)"."$(NF-1)"."$NF}')
    val=$(echo "$line" | awk '{print $NF}')
    echo "$ip $val"
  done <<< "$raw"
}

while read -r ip val; do STATE_MAP["$ip"]=$val; done < <(parse_snmp "$STATE_RAW" "$STATE_OID")
while read -r ip val; do ADMIN_MAP["$ip"]=$val; done < <(parse_snmp "$ADMIN_RAW" "$ADMIN_OID")
while read -r ip val; do ASN_MAP["$ip"]=$val; done < <(parse_snmp "$ASN_RAW" "$ASN_OID")

# Evaluate
OK=0; WARN=0; CRIT=0; TOTAL=0; MSG=""

for ip in "${!STATE_MAP[@]}"; do
  ((TOTAL++))
  state=${STATE_MAP[$ip]}
  admin=${ADMIN_MAP[$ip]:-2}
  asn=${ASN_MAP[$ip]:-unknown}
  name=${DESC_MAP[$ip]:-}

  label="$ip"
  [[ -n "$name" ]] && label="$name ($ip)"

  case "$state" in
    6)
      ((OK++))
      [[ "$VERBOSE" -eq 1 ]] && MSG+="OK: $label (AS$asn) is ESTABLISHED\n"
      ;;
    1)
      if [[ "$admin" -eq 1 ]]; then
        ((WARN++))
        MSG+="WARNING: $label (AS$asn) is administratively shut down (Idle)\n"
      else
        ((CRIT++))
        MSG+="CRITICAL: $label (AS$asn) is IDLE\n"
      fi
      ;;
    [2-5])
      ((CRIT++))
      MSG+="CRITICAL: $label (AS$asn) is in state $state\n"
      ;;
    *)
      MSG+="UNKNOWN: $label (AS$asn) returned unexpected state $state\n"
      ;;
  esac
done

# Final status
if (( CRIT > 0 )); then
  echo -e "CRITICAL - $CRIT/$TOTAL BGP neighbors down\n$MSG"
  exit 2
elif (( WARN > 0 )); then
  echo -e "WARNING - $WARN/$TOTAL BGP neighbors not established\n$MSG"
  exit 1
else
  echo -e "OK - All $TOTAL BGP neighbors are ESTABLISHED"
  exit 0
fi

Python Version

#!/usr/bin/env python3

import argparse
import subprocess
import signal
import sys
import re

# Nagios exit codes
STATUS_OK = 0
STATUS_WARNING = 1
STATUS_CRITICAL = 2
STATUS_UNKNOWN = 3
TIMEOUT_SECONDS = 60  # default timeout

def handle_timeout(signum, frame):
    print(f"UNKNOWN - Script timed out after {TIMEOUT_SECONDS} seconds")
    sys.exit(STATUS_UNKNOWN)

def snmpwalk(oid, args):
    cmd = [
        "snmpwalk", "-v3", "-u", args.user,
        "-a", args.auth_proto, "-A", args.auth_pass,
        "-x", args.priv_proto, "-X", args.priv_pass,
        "-l", "authPriv", args.host, oid
    ]
    try:
        out = subprocess.check_output(cmd, stderr=subprocess.DEVNULL, text=True)
        return out.strip().splitlines()
    except:
        return []

def parse_entries(lines, base_oid):
    result = {}
    for line in lines:
        match = re.search(f"{re.escape(base_oid)}\\.(.*?)\\s*=\\s*(.*)", line)
        if match:
            raw_ip = match.group(1).strip()
            val = match.group(2).strip().split()[-1]
            ip_parts = raw_ip.split('.')[-4:]
            ip = ".".join(ip_parts)
            result[ip] = val
    return result

def load_desc_map(path):
    desc_map = {}
    try:
        with open(path, 'r') as f:
            for line in f:
                if ',' in line:
                    name, ip = line.strip().split(',', 1)
                    desc_map[ip.strip()] = name.strip()
    except:
        pass
    return desc_map

def main():
    global TIMEOUT_SECONDS
    parser = argparse.ArgumentParser(description="Check BGP neighbor status via SNMP")
    parser.add_argument("-H", "--host", required=True)
    parser.add_argument("-u", "--user", required=True)
    parser.add_argument("-a", "--auth-pass", required=True)
    parser.add_argument("-p", "--priv-pass", required=True)
    parser.add_argument("-A", "--auth-proto", choices=["MD5", "SHA"], required=True)
    parser.add_argument("-X", "--priv-proto", choices=["DES", "AES"], required=True)
    parser.add_argument("-f", "--desc-file", help="Optional CSV with name,ip mapping")
    parser.add_argument("-v", "--verbose", action="store_true")
    parser.add_argument("--timeout", type=int, default=60)
    args = parser.parse_args()

    TIMEOUT_SECONDS = args.timeout
    signal.signal(signal.SIGALRM, handle_timeout)
    signal.alarm(TIMEOUT_SECONDS)

    # OIDs
    STATE_OID = "1.3.6.1.2.1.15.3.1.2"
    ADMIN_OID = "1.3.6.1.2.1.15.3.1.3"
    ASN_OID   = "1.3.6.1.2.1.15.3.1.9"

    state_raw = snmpwalk(STATE_OID, args)
    admin_raw = snmpwalk(ADMIN_OID, args)
    asn_raw   = snmpwalk(ASN_OID, args)

    state_map = parse_entries(state_raw, STATE_OID)
    admin_map = parse_entries(admin_raw, ADMIN_OID)
    asn_map   = parse_entries(asn_raw, ASN_OID)
    desc_map  = load_desc_map(args.desc_file) if args.desc_file else {}

    ok = warn = crit = total = 0
    messages = []

    for ip, state in state_map.items():
        total += 1
        admin = admin_map.get(ip, "2")
        asn = asn_map.get(ip, "unknown")
        label = f"{desc_map.get(ip, '')} ({ip})" if ip in desc_map else ip

        try:
            state_val = int(state)
            admin_val = int(admin)
        except:
            messages.append(f"UNKNOWN: {label} (AS{asn}) returned invalid state")
            continue

        if state_val == 6:
            ok += 1
            if args.verbose:
                messages.append(f"OK: {label} (AS{asn}) is ESTABLISHED")
        elif state_val == 1:
            if admin_val == 1:
                warn += 1
                messages.append(f"WARNING: {label} (AS{asn}) is administratively down (Idle)")
            else:
                crit += 1
                messages.append(f"CRITICAL: {label} (AS{asn}) is IDLE")
        elif 2 <= state_val <= 5:
            crit += 1
            messages.append(f"CRITICAL: {label} (AS{asn}) is in state {state_val}")
        else:
            messages.append(f"UNKNOWN: {label} (AS{asn}) returned unexpected state {state_val}")

    if crit:
        print(f"CRITICAL - {crit}/{total} BGP neighbors down\n" + "\n".join(messages))
        sys.exit(STATUS_CRITICAL)
    elif warn:
        print(f"WARNING - {warn}/{total} BGP neighbors not established\n" + "\n".join(messages))
        sys.exit(STATUS_WARNING)
    else:
        print(f"OK - All {total} BGP neighbors are ESTABLISHED")
        if args.verbose:
            print("\n".join(messages))
        sys.exit(STATUS_OK)

if __name__ == "__main__":
    main()

PreviousScript NextPlay BGP simple version

Last updated 6 months ago

hashtagCheck BGP Peer Status

hashtagPython Version

Check BGP Peer Status

Python Version