HiveBrain v1.2.0
Get Started
← Back to all entries
patternbashMinor

Nagios check to see if a certain IP appears in a trace route

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
routenagioscheckseeappearscertaintrace

Problem

I needed a test to know which firewall in out HA environment was currently active. We have a webFilter connected to our "primary" so if the firewall fails over the webfilter is taking out of path and internet access is completely open during that time.

I have a bash script that will feed two IP addresses. I am aware there is no data validation. This was done to reduce processing time. Run the trace using the first IP address and see if we can grep the second from the result. If the result is a non-zero string then return and OK result else return a Critical result. The exit codes are used by the Nagios Monitoring system to determine state and actions which is why there are custom error codes.

#!/usr/bin/env bash

# Nagios exit codes. These are used to determine state
nagiosStateOK=0
nagiosStateWarning=1
nagiosStateCritical=2
nagiosStateUnknown=3

# Initialize result
traceResult=''

# The address that we are going to run the tracert to
target="$1"
# Check for this address in the trace
locate="$2"

traceResult=$(traceroute -n -w 2 $target | grep $locate)

if [[ -n "$traceResult" ]];then
        echo "$locate found in path. Still running on primary"
        exit $nagiosStateOK
else
        echo "$locate not found in path. Probably failed over"
        exit $nagiosStateCritical
fi

Solution

Your use of $locate as a regular expression for grep is sloppy. If $locate is 2.3.45.25, for example, a hop through 70.233.45.251 would be considered successful.

I suggest using grep -F " $locate " — with -F to interpret the argument as a fixed string rather than as a regex, and with spaces before and after the IP address.

Context

StackExchange Code Review Q#151850, answer score: 4

Revisions (0)

No revisions yet.