Thank you! The check works - we now have HA monitoring in CheckMK. Great!
Do you think it is possible to check the space of /tmp partition also? Even if it’s temporary stuff, when it’s full, the firewall’s database get stuck.
Sophos wrote, /tmp monitoring is currently not possible. They created a feature request SFSW-I-1561 for it. Let’s hope, they modify their SNMP implementation in a reasonable time.
Already, your monitoring script saved our as* last week with an other partition runing full.
Thank you!
Added HA current and peer Device Keys in HA Monitoring + HA Port Info and HA Mode.
Added Firmware Check WARN (usefull for Distributed Monitoring with many firewalls when you want to check all firewalls for a specific Firmware version.
I can try to improve the package and reduce the scripts to a minimal when i get some more time for this. But the check works for now.
The last request was implementing all appliance keys and i did it now. Im not sure when i have time to improve all scripts again.
The adverts… hmm yes i can understand that but i did it in my working hours and we need this check for our customers, so it‘s not my decision to remove our support Information or not. Customers with problems should contact us for support and i put the information in the detailed output.
But my company allowed me to put the check on github and exchange, so everyone can at least use it for free and also fork it to change the code as long you dont remove our company name and my name as Authors from the Source Code and create an own mkp Package.
Hi Matthias, thanks A LOT for your job, this is great! Do you think it’s possible on the string for the firmware check to just warning if the firewall is not on the 20.0.x release? Cause If I put 20.0.0 on the string, the firewall with 20.0.3 version are in warning state.
Thanks again, that’s pure gold!
EDIT: Ok I’ve changed a little bit the py:
if warning_firmware_check in devicefwversion or warning_firmware_check ==“0”:
thanks for your message.
tbh i just added this String for our own internal purposes on a Distributed Monitoring Solution to check our Customers for a specific version. But good to hear that you already found a Solution for it.
we are using this plugin to monitoring our XG/XGS - since we are using Route based VPN we got also the “xfrm” Interfaces when discover services.
Is there any chance to change the Name of that Interface? So that it would be postible to identify what interface is that.
when i developed this check, we where on Sophos XGS version 18 and VPN Monitoring was not implemented in the SNMP output. I read something about, that starting from Sophos XGS v19 or v20 some VPN Features are included now in the SNMP mib files.
I need to download the mib file for the actual Sophos XGS and we can check what we can do.
@andreas-doehler also overworked all the checks some months ago, maybe he implemented some extra Checks or found this information already you need?
