Sophos XG / XGS Check for CheckMK

matthias1232 · May 2, 2023, 3:28pm

Hi CheckMK Community,

i developed a new SNMP Check for CheckMK.

Its used to Monitor Sophos XG / XGS Firewalls.

Feel free to test it and give me your Bug Reports.
Its only tested on some Devices until now.

Tested with CheckMK Enterprise 2.0.0p26 and 2.2.0b4

Download:
Releases · matthias1232/kpc_sophosxg · GitHub

To get the check working you need to enable and configure SNMP on your Sophos XG Firewall.
Use this check at your own risk!

Some Description:

Sophos XG/XGS Check for CheckMK

#Powered by K&P Computer - www.kpc.de

SNMP Check for Sophos XG/XGS Firewalls:

Check:

-Licenses

-Services

-Show Device Info including Firmware Version

-HA State

Screenhots:

Licenses:

HA State:

Services:

Device Infos (Firmware etc.):

matthias1232 · June 27, 2023, 11:23pm

Now also available on the CheckMK Exchange

https://exchange.checkmk.com/p/kpc-sophosxg

Splunkler · July 24, 2023, 1:06pm

Thank you! The check works - we now have HA monitoring in CheckMK. Great!

Do you think it is possible to check the space of /tmp partition also? Even if it’s temporary stuff, when it’s full, the firewall’s database get stuck.

matthias1232 · July 24, 2023, 7:15pm

@Splunkler , there are some infos available in the MIB, but i’m not sure what it monitors exactly because i would need to test it.

Splunkler · July 27, 2023, 4:07pm

having a support case open for it at Sophos currently
maybe they can help out. will let you know.

Splunkler · August 7, 2023, 9:31am

Sophos wrote, /tmp monitoring is currently not possible. They created a feature request SFSW-I-1561 for it. Let’s hope, they modify their SNMP implementation in a reasonable time.
Already, your monitoring script saved our as* last week with an other partition runing full.
Thank you!

rprengel · August 7, 2023, 11:15am

Hallo,
could you post the name of this tool you are using to display the values?
Ralf

matthias1232 · August 7, 2023, 1:12pm

matthias1232 · October 31, 2023, 11:01am

New version is now on Github and Exchange.

Added HA current and peer Device Keys in HA Monitoring + HA Port Info and HA Mode.
Added Firmware Check WARN (usefull for Distributed Monitoring with many firewalls when you want to check all firewalls for a specific Firmware version.

andreas-doehler · November 2, 2023, 2:22pm

I would strongly recommend to cleanup these checks.

Advertisement inside every check output → WHY??
One Check Script for Services and one for License would be enough - these checks can generate items.

matthias1232 · November 2, 2023, 6:36pm

@andreas-doehler

I can try to improve the package and reduce the scripts to a minimal when i get some more time for this. But the check works for now.

The last request was implementing all appliance keys and i did it now. Im not sure when i have time to improve all scripts again.

The adverts… hmm yes i can understand that but i did it in my working hours and we need this check for our customers, so it‘s not my decision to remove our support Information or not. Customers with problems should contact us for support and i put the information in the detailed output.

But my company allowed me to put the check on github and exchange, so everyone can at least use it for free and also fork it to change the code as long you dont remove our company name and my name as Authors from the Source Code and create an own mkp Package.

Thats all i can offer for now