<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 22, 2018 at 5:19 PM Kaushal Shriyan <<a href="mailto:kaushalshriyan@gmail.com">kaushalshriyan@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi,<div><br></div><div>I have the below Nagios plugin bash script</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">#!/bin/bash<br># Written By Nicole<br># Any Comments or Questions please e-mail to <a href="mailto:ml@nicole-haehnel.de" target="_blank">ml@nicole-haehnel.de</a><br>#<br># Plugin Name: check_ipsec<br># Version: 2.0<br># Date: 26/08/2008<br>#<br># Usage: check_ipsec --tunnels <n><br>#<br># gateways.txt file must be located in same directory<br># and has to look like:<br># nameofconn1<span style="white-space:pre-wrap">     </span>192.168.0.1<br># nameofconn2<span style="white-space:pre-wrap">      </span>192.168.1.1<br>#<br># ------------Defining Variables------------<br>PROGNAME=`basename $0`<br>PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`<br>REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'`<br>#STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`<br>DOWN=""<br># ---------- Change to your needs ----------<br>PLUGINPATH="/usr/lib64/nagios/plugins"<br>GATEWAYLIST="gateways.txt"<br>IPSECBIN="/usr/sbin/ipsec"<br>FPINGBIN="/usr/sbin/fping"<br># ping server in network on the other side of the tunnel<br>PINGIP=1<span style="white-space:pre-wrap">                </span># ping yes or no (1/0)<br># ------------------------------------------<br>. $PROGPATH/utils.sh<br><br># Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST<br>if [ $# -eq 0 ];<br>then<br>   echo UNKNOWN - missing Arguments. Run check_ipsec --help<br>   exit $STATE_UNKNOWN<br>fi<br>test -e $IPSECBIN<br>if [ $? -ne 0 ];<br>then<br><span style="white-space:pre-wrap"> </span>echo CRITICAL - $IPSECBIN not exist<br><span style="white-space:pre-wrap">   </span>exit $STATE_CRITICAL<br>else<br><span style="white-space:pre-wrap">    </span>STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`<br>fi<br>if [ $PINGIP -eq 1 ]<br>then<br><span style="white-space:pre-wrap"> </span>test -e $FPINGBIN<br><span style="white-space:pre-wrap">     </span>if [ $? -ne 0 ];<br><span style="white-space:pre-wrap">      </span>then<br><span style="white-space:pre-wrap">          </span>echo CRITICAL - $FPINGBIN not exist<br><span style="white-space:pre-wrap">           </span>exit $STATE_CRITICAL<br><span style="white-space:pre-wrap">  </span>fi<br>fi<br>test -e $PROGPATH/$GATEWAYLIST<br>if [ $? -ne 0 ];<br>then<br>   echo CRITICAL - $GATEWAYLIST not exist<br>   exit $STATE_CRITICAL<br>fi<br>print_usage() {<br>        echo "Usage:"<br>        echo " $PROGNAME --tunnels <number of configured tunnels>"<br>        echo " $PROGNAME --help"<br>        echo " $PROGNAME --version"<br>        echo " Created by Nicole, questions or problems e-mail <a href="mailto:ml@nicole-haehnel.de" target="_blank">ml@nicole-haehnel.de</a>"<br><span style="white-space:pre-wrap">             </span>echo ""<br>}<br>print_help() {<br>        print_revision $PROGNAME $REVISION<br>        echo ""<br>        print_usage<br>        echo " Checks vpn connection status of an openswan or strongswan installation."<br><span style="white-space:pre-wrap">           </span>echo ""<br>        echo " --tunnels <number of configured tunnels>"<br><span style="white-space:pre-wrap">               </span>echo " -T <number of configured tunnels>"<br>        echo " provides the tunnel status of the openswan or strongswan installation"<br><span style="white-space:pre-wrap">                </span>echo ""<br>        echo " --help"<br><span style="white-space:pre-wrap">               </span>echo " -h"<br>        echo " prints this help screen"<br><span style="white-space:pre-wrap">           </span>echo ""<br>        echo " --version"<br><span style="white-space:pre-wrap">            </span>echo " -V"<br>        echo " Print version and license information"<br>        echo ""<br>}<br>check_tunnel() {<br><span style="white-space:pre-wrap"> </span>if [[ "$STRONG" -eq "1" ]]<br><span style="white-space:pre-wrap">        </span>then<br><span style="white-space:pre-wrap">  </span>    eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`<br><span style="white-space:pre-wrap">        </span>else<br><span style="white-space:pre-wrap">  </span>    eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`<br><span style="white-space:pre-wrap">        </span>fi<br><br><span style="white-space:pre-wrap">  </span>if [[ "$eroutes" -eq "$2" ]]<br><span style="white-space:pre-wrap">      </span>then<br><span style="white-space:pre-wrap">          </span>echo "OK - All $2 tunnels are up an running"<br><span style="white-space:pre-wrap">                </span>exit $STATE_OK<br><span style="white-space:pre-wrap">        </span>elif [[ "$eroutes" -gt "$2" ]]<br><span style="white-space:pre-wrap">    </span>then<br><span style="white-space:pre-wrap">          </span>echo "WARNING - More than $2 ($eroutes) tunnels are up an running"<br>                exit $STATE_WARNING<br><span style="white-space:pre-wrap">     </span>else<br><span style="white-space:pre-wrap">          </span>echo "CRITICAL - Only $eroutes tunnels from $2 are up an running - $(location)"<br><span style="white-space:pre-wrap">             </span>exit $STATE_CRITICAL<br><span style="white-space:pre-wrap">  </span>fi<br>}<br><br>location() {<br>count=0<br>i=1<br>while read line; do<br><span style="white-space:pre-wrap">      </span>CONN=`echo $line| awk '{print $1}'`<br><span style="white-space:pre-wrap">   </span>IP=`echo $line| awk '{print $2}'`<br><span style="white-space:pre-wrap">     </span>if [[ "$STRONG" -eq "1" ]]<br><span style="white-space:pre-wrap">        </span>then<br><span style="white-space:pre-wrap">  </span>    tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e $CONN | wc -l`<br><span style="white-space:pre-wrap">      </span>else<br><span style="white-space:pre-wrap">  </span>    tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l`<br><span style="white-space:pre-wrap">  </span>fi<br><span style="white-space:pre-wrap">    </span>if [[ "$tunneltest" -eq "0" ]]<br>    then<br>        count=$[$count+1]<br>        DOWN="$DOWN $CONN"<br>    fi<br>    if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]]<br>    then<br>        alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l`<br>        if [[ "$alive" -eq "0" ]]<br>        then<br>            count=$[$count+1]<br>            DOWN="$DOWN $CONN (no ping)"<br>        fi<br>    fi<br><br>i=$[$i+1]<br>done < $PLUGINPATH/$GATEWAYLIST<br>echo $DOWN<br>}<br><br>case "$1" in<br>--help)<br>        print_help<br>        exit $STATE_OK<br>        ;;<br>-h)<br>        print_help<br>        exit $STATE_OK<br>        ;;<br>--version)<br>        print_revision $PLUGIN $REVISION<br>        exit $STATE_OK<br>        ;;<br>-V)<br>        print_revision $PLUGIN $REVISION<br>        exit $STATE_OK<br>        ;;<br>--tunnels)<br>        check_tunnel $1 $2<br>        ;;<br>-T)<br>        check_tunnel $1 $2<br>        ;;<br>*)<br>        print_help<br>        exit $STATE_OK<br>esac</blockquote><div><br></div><div>[root@ plugins]#./check_ipsec --tunnels 2</div><div><b>OK - All 2 tunnels are up an running</b></div><div>[root@ plugins]# </div></div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><b>ipsec whack --globalstatus</b><br>config.setup.ike.ddos_threshold=25000<br>config.setup.ike.max_halfopen=50000<br>current.states.all=5<br>current.states.ipsec=2<br>current.states.ike=2<br>current.states.shunts=1<br>current.states.iketype.anonymous=0<br>current.states.iketype.authenticated=2<br>current.states.iketype.halfopen=0<br>current.states.iketype.open=0<br>current.states.enumerate.STATE_MAIN_R0=0<br>current.states.enumerate.STATE_MAIN_I1=0<br>current.states.enumerate.STATE_MAIN_R1=0<br>current.states.enumerate.STATE_MAIN_I2=0<br>current.states.enumerate.STATE_MAIN_R2=0<br>current.states.enumerate.STATE_MAIN_I3=0<br>current.states.enumerate.STATE_MAIN_R3=0<br>current.states.enumerate.STATE_MAIN_I4=2<br>current.states.enumerate.STATE_AGGR_R0=0<br>current.states.enumerate.STATE_AGGR_I1=0<br>current.states.enumerate.STATE_AGGR_R1=0<br>current.states.enumerate.STATE_AGGR_I2=0<br>current.states.enumerate.STATE_AGGR_R2=0<br>current.states.enumerate.STATE_QUICK_R0=0<br>current.states.enumerate.STATE_QUICK_I1=0<br>current.states.enumerate.STATE_QUICK_R1=0<br>current.states.enumerate.STATE_QUICK_I2=2<br>current.states.enumerate.STATE_QUICK_R2=0<br>current.states.enumerate.STATE_INFO=0<br>current.states.enumerate.STATE_INFO_PROTECTED=0<br>current.states.enumerate.STATE_XAUTH_R0=0<br>current.states.enumerate.STATE_XAUTH_R1=0<br>current.states.enumerate.STATE_MODE_CFG_R0=0<br>current.states.enumerate.STATE_MODE_CFG_R1=0<br>current.states.enumerate.STATE_MODE_CFG_R2=0<br>current.states.enumerate.STATE_MODE_CFG_I1=0<br>current.states.enumerate.STATE_XAUTH_I0=0<br>current.states.enumerate.STATE_XAUTH_I1=0<br>current.states.enumerate.STATE_IKEv2_BASE=0<br>current.states.enumerate.STATE_PARENT_I1=0<br>current.states.enumerate.STATE_PARENT_I2=0<br>current.states.enumerate.STATE_PARENT_I3=0<br>current.states.enumerate.STATE_PARENT_R1=0<br>current.states.enumerate.STATE_PARENT_R2=0<br>current.states.enumerate.STATE_V2_CREATE_I0=0<br>current.states.enumerate.STATE_V2_CREATE_I=0<br>current.states.enumerate.STATE_V2_REKEY_IKE_I0=0<br>current.states.enumerate.STATE_V2_REKEY_IKE_I=0<br>current.states.enumerate.STATE_V2_REKEY_CHILD_I0=0<br>current.states.enumerate.STATE_V2_REKEY_CHILD_I=0<br>current.states.enumerate.STATE_V2_CREATE_R=0<br>current.states.enumerate.STATE_V2_REKEY_IKE_R=0<br>current.states.enumerate.STATE_V2_REKEY_CHILD_R=0<br>current.states.enumerate.STATE_V2_IPSEC_I=0<br>current.states.enumerate.STATE_V2_IPSEC_R=0<br>current.states.enumerate.STATE_IKESA_DEL=0<br>current.states.enumerate.STATE_CHILDSA_DEL=0<br>total.ipsec.type.all=86<br>total.ipsec.type.esp=1514<br>total.ipsec.type.ah=0<br>total.ipsec.type.ipcomp=0<br>total.ipsec.type.esn=0<br>total.ipsec.type.tfc=0<br>total.ipsec.type.encap=0<br>total.ipsec.type.non_encap=1514<br><a href="http://total.ipsec.traffic.in" target="_blank">total.ipsec.traffic.in</a>=7497596<br>total.ipsec.traffic.out=20134927<br>total.ike.ikev2.established=0<br>total.ike.ikev2.failed=0<br>total.ike.ikev1.established=2241<br>total.ike.ikev1.failed=16<br>total.ike.dpd.sent=0<br>total.ike.dpd.recv=0<br>total.ike.dpd.replied=420970<br><a href="http://total.ike.traffic.in" target="_blank">total.ike.traffic.in</a>=40535112<br>total.ike.traffic.out=40601452<br>total.xauth.started=0<br>total.xauth.stopped=0<br>total.xauth.aborted=0<br>total.ikev1.encr.3DES_CBC=0<br>total.ikev1.encr.CAST_CBC=0<br>total.ikev1.encr.AES_CBC=2241<br>total.ikev1.encr.CAMELLIA_CBC=0<br>total.ikev1.encr.AES_CTR=0<br>total.ikev1.encr.AES_CCM_A=0<br>total.ikev1.encr.AES_CCM_B=0<br>total.ikev1.encr.AES_CCM_16=0<br>total.ikev1.encr.AES_GCM_A=0<br>total.ikev1.encr.AES_GCM_B=0<br>total.ikev1.encr.AES_GCM_C=0<br>total.ikev1.encr.CAMELLIA_CTR=0<br>total.ikev1.encr.CAMELLIA_CCM_A=0<br>total.ikev1.encr.CAMELLIA_CCM_B=0<br>total.ikev1.encr.CAMELLIA_CCM_C=0<br>total.ikev1.integ.MD5=0<br>total.ikev1.integ.SHA1=2241<br>total.ikev1.integ.SHA2_256=0<br>total.ikev1.integ.SHA2_384=0<br>total.ikev1.integ.SHA2_512=0<br>total.ikev1.group.MODP768=0<br>total.ikev1.group.MODP1024=2241<br>total.ikev1.group.MODP1536=0<br>total.ikev1.group.MODP2048=0<br>total.ikev1.group.MODP3072=0<br>total.ikev1.group.MODP4096=0<br>total.ikev1.group.MODP6144=0<br>total.ikev1.group.MODP8192=0<br>total.ikev1.group.ECP_256=0<br>total.ikev1.group.ECP_384=0<br>total.ikev1.group.ECP_521=0<br>total.ikev1.group.DH22=0<br>total.ikev1.group.DH23=0<br>total.ikev1.group.DH24=0<br>total.ikev1.group.ECP_192=0<br>total.ikev1.group.ECP_224=0<br>total.ikev1.group.BRAINPOOL_P224R1=0<br>total.ikev1.group.BRAINPOOL_P256R1=0<br>total.ikev1.group.BRAINPOOL_P384R1=0<br>total.ikev1.group.BRAINPOOL_P512R1=0<br>total.ikev1.group.CURVE25519=0<br>total.ikev1.group.CURVE448=0<br>total.ikev2.encr.3DES=0<br>total.ikev2.encr.CAST=0<br>total.ikev2.encr.NULL=0<br>total.ikev2.encr.AES_CBC=0<br>total.ikev2.encr.AES_CTR=0<br>total.ikev2.encr.AES_CCM_A=0<br>total.ikev2.encr.AES_CCM_B=0<br>total.ikev2.encr.AES_CCM_C=0<br>total.ikev2.encr.AES_GCM_A=0<br>total.ikev2.encr.AES_GCM_B=0<br>total.ikev2.encr.AES_GCM_C=0<br>total.ikev2.encr.NULL_AUTH_AES_GMAC=0<br>total.ikev2.encr.CAMELLIA_CBC=0<br>total.ikev2.encr.CAMELLIA_CTR=0<br>total.ikev2.encr.CAMELLIA_CCM_A=0<br>total.ikev2.encr.CAMELLIA_CCM_B=0<br>total.ikev2.encr.CAMELLIA_CCM_C=0<br>total.ikev2.encr.CHACHA20_POLY1305=0<br>total.ikev2.integ.HMAC_MD5_96=0<br>total.ikev2.integ.HMAC_SHA1_96=0<br>total.ikev2.integ.AES_XCBC_96=0<br>total.ikev2.integ.HMAC_MD5_128=0<br>total.ikev2.integ.HMAC_SHA1_160=0<br>total.ikev2.integ.AES_CMAC_96=0<br>total.ikev2.integ.AES_128_GMAC=0<br>total.ikev2.integ.AES_192_GMAC=0<br>total.ikev2.integ.AES_256_GMAC=0<br>total.ikev2.integ.HMAC_SHA2_256_128=0<br>total.ikev2.integ.HMAC_SHA2_384_192=0<br>total.ikev2.integ.HMAC_SHA2_512_256=86<br>total.ikev2.group.MODP768=0<br>total.ikev2.group.MODP1024=0<br>total.ikev2.group.MODP1536=0<br>total.ikev2.group.MODP2048=0<br>total.ikev2.group.MODP3072=0<br>total.ikev2.group.MODP4096=0<br>total.ikev2.group.MODP6144=0<br>total.ikev2.group.MODP8192=0<br>total.ikev2.group.ECP_256=0<br>total.ikev2.group.ECP_384=0<br>total.ikev2.group.ECP_521=0<br>total.ikev2.group.DH22=0<br>total.ikev2.group.DH23=0<br>total.ikev2.group.DH24=0<br>total.ikev2.group.ECP_192=0<br>total.ikev2.group.ECP_224=0<br>total.ikev2.group.BRAINPOOL_P224R1=0<br>total.ikev2.group.BRAINPOOL_P256R1=0<br>total.ikev2.group.BRAINPOOL_P384R1=0<br>total.ikev2.group.BRAINPOOL_P512R1=0<br>total.ikev2.group.CURVE25519=0<br>total.ikev2.group.CURVE448=0<br>total.ikev2.recv.invalidke.using.MODP768=0<br>total.ikev2.recv.invalidke.using.MODP1024=0<br>total.ikev2.recv.invalidke.using.MODP1536=0<br>total.ikev2.recv.invalidke.using.MODP2048=0<br>total.ikev2.recv.invalidke.using.MODP3072=0<br>total.ikev2.recv.invalidke.using.MODP4096=0<br>total.ikev2.recv.invalidke.using.MODP6144=0<br>total.ikev2.recv.invalidke.using.MODP8192=0<br>total.ikev2.recv.invalidke.using.ECP_256=0<br>total.ikev2.recv.invalidke.using.ECP_384=0<br>total.ikev2.recv.invalidke.using.ECP_521=0<br>total.ikev2.recv.invalidke.using.DH22=0<br>total.ikev2.recv.invalidke.using.DH23=0<br>total.ikev2.recv.invalidke.using.DH24=0<br>total.ikev2.recv.invalidke.using.ECP_192=0<br>total.ikev2.recv.invalidke.using.ECP_224=0<br>total.ikev2.recv.invalidke.using.BRAINPOOL_P224R1=0<br>total.ikev2.recv.invalidke.using.BRAINPOOL_P256R1=0<br>total.ikev2.recv.invalidke.using.BRAINPOOL_P384R1=0<br>total.ikev2.recv.invalidke.using.BRAINPOOL_P512R1=0<br>total.ikev2.recv.invalidke.using.CURVE25519=0<br>total.ikev2.recv.invalidke.using.CURVE448=0<br>total.ikev2.recv.invalidke.suggesting.MODP768=0<br>total.ikev2.recv.invalidke.suggesting.MODP1024=0<br>total.ikev2.recv.invalidke.suggesting.MODP1536=0<br>total.ikev2.recv.invalidke.suggesting.MODP2048=0<br>total.ikev2.recv.invalidke.suggesting.MODP3072=0<br>total.ikev2.recv.invalidke.suggesting.MODP4096=0<br>total.ikev2.recv.invalidke.suggesting.MODP6144=0<br>total.ikev2.recv.invalidke.suggesting.MODP8192=0<br>total.ikev2.recv.invalidke.suggesting.ECP_256=0<br>total.ikev2.recv.invalidke.suggesting.ECP_384=0<br>total.ikev2.recv.invalidke.suggesting.ECP_521=0<br>total.ikev2.recv.invalidke.suggesting.DH22=0<br>total.ikev2.recv.invalidke.suggesting.DH23=0<br>total.ikev2.recv.invalidke.suggesting.DH24=0<br>total.ikev2.recv.invalidke.suggesting.ECP_192=0<br>total.ikev2.recv.invalidke.suggesting.ECP_224=0<br>total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P224R1=0<br>total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P256R1=0<br>total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P384R1=0<br>total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P512R1=0<br>total.ikev2.recv.invalidke.suggesting.CURVE25519=0<br>total.ikev2.recv.invalidke.suggesting.CURVE448=0<br>total.ikev2.sent.invalidke.using.MODP768=0<br>total.ikev2.sent.invalidke.using.MODP1024=0<br>total.ikev2.sent.invalidke.using.MODP1536=0<br>total.ikev2.sent.invalidke.using.MODP2048=0<br>total.ikev2.sent.invalidke.using.MODP3072=0<br>total.ikev2.sent.invalidke.using.MODP4096=0<br>total.ikev2.sent.invalidke.using.MODP6144=0<br>total.ikev2.sent.invalidke.using.MODP8192=0<br>total.ikev2.sent.invalidke.using.ECP_256=0<br>total.ikev2.sent.invalidke.using.ECP_384=0<br>total.ikev2.sent.invalidke.using.ECP_521=0<br>total.ikev2.sent.invalidke.using.DH22=0<br>total.ikev2.sent.invalidke.using.DH23=0<br>total.ikev2.sent.invalidke.using.DH24=0<br>total.ikev2.sent.invalidke.using.ECP_192=0<br>total.ikev2.sent.invalidke.using.ECP_224=0<br>total.ikev2.sent.invalidke.using.BRAINPOOL_P224R1=0<br>total.ikev2.sent.invalidke.using.BRAINPOOL_P256R1=0<br>total.ikev2.sent.invalidke.using.BRAINPOOL_P384R1=0<br>total.ikev2.sent.invalidke.using.BRAINPOOL_P512R1=0<br>total.ikev2.sent.invalidke.using.CURVE25519=0<br>total.ikev2.sent.invalidke.using.CURVE448=0<br>total.ikev2.sent.invalidke.suggesting.MODP768=0<br>total.ikev2.sent.invalidke.suggesting.MODP1024=0<br>total.ikev2.sent.invalidke.suggesting.MODP1536=0<br>total.ikev2.sent.invalidke.suggesting.MODP2048=0<br>total.ikev2.sent.invalidke.suggesting.MODP3072=0<br>total.ikev2.sent.invalidke.suggesting.MODP4096=0<br>total.ikev2.sent.invalidke.suggesting.MODP6144=0<br>total.ikev2.sent.invalidke.suggesting.MODP8192=0<br>total.ikev2.sent.invalidke.suggesting.ECP_256=0<br>total.ikev2.sent.invalidke.suggesting.ECP_384=0<br>total.ikev2.sent.invalidke.suggesting.ECP_521=0<br>total.ikev2.sent.invalidke.suggesting.DH22=0<br>total.ikev2.sent.invalidke.suggesting.DH23=0<br>total.ikev2.sent.invalidke.suggesting.DH24=0<br>total.ikev2.sent.invalidke.suggesting.ECP_192=0<br>total.ikev2.sent.invalidke.suggesting.ECP_224=0<br>total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P224R1=0<br>total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P256R1=0<br>total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P384R1=0<br>total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P512R1=0<br>total.ikev2.sent.invalidke.suggesting.CURVE25519=0<br>total.ikev2.sent.invalidke.suggesting.CURVE448=0<br>total.ipsec.encr.3DES=0<br>total.ipsec.encr.CAST=0<br>total.ipsec.encr.NULL=0<br>total.ipsec.encr.AES_CBC=1514<br>total.ipsec.encr.AES_CTR=0<br>total.ipsec.encr.AES_CCM_A=0<br>total.ipsec.encr.AES_CCM_B=0<br>total.ipsec.encr.AES_CCM_C=0<br>total.ipsec.encr.AES_GCM_A=0<br>total.ipsec.encr.AES_GCM_B=0<br>total.ipsec.encr.AES_GCM_C=0<br>total.ipsec.encr.NULL_AUTH_AES_GMAC=0<br>total.ipsec.encr.CAMELLIA_CBC=0<br>total.ipsec.encr.CAMELLIA_CTR=0<br>total.ipsec.encr.CAMELLIA_CCM_A=0<br>total.ipsec.encr.CAMELLIA_CCM_B=0<br>total.ipsec.encr.CAMELLIA_CCM_C=0<br>total.ipsec.encr.CHACHA20_POLY1305=0<br>total.ipsec.integ.HMAC_MD5=0<br>total.ipsec.integ.HMAC_SHA1=1514<br>total.ipsec.integ.HMAC_SHA2_256=0<br>total.ipsec.integ.HMAC_SHA2_384=0<br>total.ipsec.integ.HMAC_SHA2_512=0<br>total.ipsec.integ.HMAC_RIPEMD=0<br>total.ipsec.integ.AES_XCBC=0<br>total.ipsec.integ.AES_128_GMAC=0<br>total.ipsec.integ.AES_192_GMAC=0<br>total.ipsec.integ.AES_256_GMAC=0<br>total.ikev1.sent.notifies.error.INVALID_PAYLOAD_TYPE=0<br>total.ikev1.sent.notifies.error.DOI_NOT_SUPPORTED=0<br>total.ikev1.sent.notifies.error.SITUATION_NOT_SUPPORTED=0<br>total.ikev1.sent.notifies.error.INVALID_COOKIE=0<br>total.ikev1.sent.notifies.error.INVALID_MAJOR_VERSION=0<br>total.ikev1.sent.notifies.error.INVALID_MINOR_VERSION=0<br>total.ikev1.sent.notifies.error.INVALID_EXCHANGE_TYPE=0<br>total.ikev1.sent.notifies.error.INVALID_FLAGS=0<br>total.ikev1.sent.notifies.error.INVALID_MESSAGE_ID=0<br>total.ikev1.sent.notifies.error.INVALID_PROTOCOL_ID=0<br>total.ikev1.sent.notifies.error.INVALID_SPI=0<br>total.ikev1.sent.notifies.error.INVALID_TRANSFORM_ID=0<br>total.ikev1.sent.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0<br>total.ikev1.sent.notifies.error.NO_PROPOSAL_CHOSEN=0<br>total.ikev1.sent.notifies.error.BAD_PROPOSAL_SYNTAX=0<br>total.ikev1.sent.notifies.error.PAYLOAD_MALFORMED=2<br>total.ikev1.sent.notifies.error.INVALID_KEY_INFORMATION=0<br>total.ikev1.sent.notifies.error.INVALID_ID_INFORMATION=0<br>total.ikev1.sent.notifies.error.INVALID_CERT_ENCODING=0<br>total.ikev1.sent.notifies.error.INVALID_CERTIFICATE=0<br>total.ikev1.sent.notifies.error.CERT_TYPE_UNSUPPORTED=0<br>total.ikev1.sent.notifies.error.INVALID_CERT_AUTHORITY=0<br>total.ikev1.sent.notifies.error.INVALID_HASH_INFORMATION=0<br>total.ikev1.sent.notifies.error.AUTHENTICATION_FAILED=0<br>total.ikev1.sent.notifies.error.INVALID_SIGNATURE=0<br>total.ikev1.sent.notifies.error.ADDRESS_NOTIFICATION=0<br>total.ikev1.sent.notifies.error.NOTIFY_SA_LIFETIME=0<br>total.ikev1.sent.notifies.error.CERTIFICATE_UNAVAILABLE=0<br>total.ikev1.sent.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0<br>total.ikev1.sent.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0<br>total.ikev1.recv.notifies.error.INVALID_PAYLOAD_TYPE=0<br>total.ikev1.recv.notifies.error.DOI_NOT_SUPPORTED=0<br>total.ikev1.recv.notifies.error.SITUATION_NOT_SUPPORTED=0<br>total.ikev1.recv.notifies.error.INVALID_COOKIE=0<br>total.ikev1.recv.notifies.error.INVALID_MAJOR_VERSION=0<br>total.ikev1.recv.notifies.error.INVALID_MINOR_VERSION=0<br>total.ikev1.recv.notifies.error.INVALID_EXCHANGE_TYPE=0<br>total.ikev1.recv.notifies.error.INVALID_FLAGS=0<br>total.ikev1.recv.notifies.error.INVALID_MESSAGE_ID=0<br>total.ikev1.recv.notifies.error.INVALID_PROTOCOL_ID=0<br>total.ikev1.recv.notifies.error.INVALID_SPI=0<br>total.ikev1.recv.notifies.error.INVALID_TRANSFORM_ID=0<br>total.ikev1.recv.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0<br>total.ikev1.recv.notifies.error.NO_PROPOSAL_CHOSEN=0<br>total.ikev1.recv.notifies.error.BAD_PROPOSAL_SYNTAX=0<br>total.ikev1.recv.notifies.error.PAYLOAD_MALFORMED=0<br>total.ikev1.recv.notifies.error.INVALID_KEY_INFORMATION=0<br>total.ikev1.recv.notifies.error.INVALID_ID_INFORMATION=0<br>total.ikev1.recv.notifies.error.INVALID_CERT_ENCODING=0<br>total.ikev1.recv.notifies.error.INVALID_CERTIFICATE=0<br>total.ikev1.recv.notifies.error.CERT_TYPE_UNSUPPORTED=0<br>total.ikev1.recv.notifies.error.INVALID_CERT_AUTHORITY=0<br>total.ikev1.recv.notifies.error.INVALID_HASH_INFORMATION=0<br>total.ikev1.recv.notifies.error.AUTHENTICATION_FAILED=0<br>total.ikev1.recv.notifies.error.INVALID_SIGNATURE=0<br>total.ikev1.recv.notifies.error.ADDRESS_NOTIFICATION=0<br>total.ikev1.recv.notifies.error.NOTIFY_SA_LIFETIME=0<br>total.ikev1.recv.notifies.error.CERTIFICATE_UNAVAILABLE=0<br>total.ikev1.recv.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0<br>total.ikev1.recv.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0<br>total.ikev2.sent.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0<br>total.ikev2.sent.notifies.error.INVALID_IKE_SPI=0<br>total.ikev2.sent.notifies.error.INVALID_MAJOR_VERSION=0<br>total.ikev2.sent.notifies.error.INVALID_SYNTAX=0<br>total.ikev2.sent.notifies.error.INVALID_MESSAGE_ID=0<br>total.ikev2.sent.notifies.error.INVALID_SPI=0<br>total.ikev2.sent.notifies.error.NO_PROPOSAL_CHOSEN=0<br>total.ikev2.sent.notifies.error.INVALID_KE_PAYLOAD=0<br>total.ikev2.sent.notifies.error.AUTHENTICATION_FAILED=0<br>total.ikev2.sent.notifies.error.SINGLE_PAIR_REQUIRED=0<br>total.ikev2.sent.notifies.error.NO_ADDITIONAL_SAS=0<br>total.ikev2.sent.notifies.error.INTERNAL_ADDRESS_FAILURE=0<br>total.ikev2.sent.notifies.error.FAILED_CP_REQUIRED=0<br>total.ikev2.sent.notifies.error.TS_UNACCEPTABLE=0<br>total.ikev2.sent.notifies.error.INVALID_SELECTORS=0<br>total.ikev2.sent.notifies.error.UNACCEPTABLE_ADDRESSES=0<br>total.ikev2.sent.notifies.error.UNEXPECTED_NAT_DETECTED=0<br>total.ikev2.sent.notifies.error.USE_ASSIGNED_HoA=0<br>total.ikev2.sent.notifies.error.TEMPORARY_FAILURE=0<br>total.ikev2.sent.notifies.error.CHILD_SA_NOT_FOUND=0<br>total.ikev2.sent.notifies.error.INVALID_GROUP_ID=0<br>total.ikev2.sent.notifies.error.AUTHORIZATION_FAILED=0<br>total.ikev2.recv.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0<br>total.ikev2.recv.notifies.error.INVALID_IKE_SPI=0<br>total.ikev2.recv.notifies.error.INVALID_MAJOR_VERSION=0<br>total.ikev2.recv.notifies.error.INVALID_SYNTAX=0<br>total.ikev2.recv.notifies.error.INVALID_MESSAGE_ID=0<br>total.ikev2.recv.notifies.error.INVALID_SPI=0<br>total.ikev2.recv.notifies.error.NO_PROPOSAL_CHOSEN=0<br>total.ikev2.recv.notifies.error.INVALID_KE_PAYLOAD=0<br>total.ikev2.recv.notifies.error.AUTHENTICATION_FAILED=0<br>total.ikev2.recv.notifies.error.SINGLE_PAIR_REQUIRED=0<br>total.ikev2.recv.notifies.error.NO_ADDITIONAL_SAS=0<br>total.ikev2.recv.notifies.error.INTERNAL_ADDRESS_FAILURE=0<br>total.ikev2.recv.notifies.error.FAILED_CP_REQUIRED=0<br>total.ikev2.recv.notifies.error.TS_UNACCEPTABLE=0<br>total.ikev2.recv.notifies.error.INVALID_SELECTORS=0<br>total.ikev2.recv.notifies.error.UNACCEPTABLE_ADDRESSES=0<br>total.ikev2.recv.notifies.error.UNEXPECTED_NAT_DETECTED=0<br>total.ikev2.recv.notifies.error.USE_ASSIGNED_HoA=0<br>total.ikev2.recv.notifies.error.TEMPORARY_FAILURE=0<br>total.ikev2.recv.notifies.error.CHILD_SA_NOT_FOUND=0<br>total.ikev2.recv.notifies.error.INVALID_GROUP_ID=0<br>total.ikev2.recv.notifies.error.AUTHORIZATION_FAILED=0</blockquote><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><b>ipsec whack --trafficstatus</b><br>006 #5023: "neustar-sterling-primary", type=ESP, add_time=1540207376, inBytes=9709, outBytes=3602, id='121.114.10.5'<br>006 #5019: "neustar-sterling-secondary", type=ESP, add_time=1540206027, inBytes=678, outBytes=246, id='121.114.11.5' </blockquote><div><br></div><div><br></div><div>What attributes i should refer to from <b>ipsec whack --globalstatus </b>and <b>ipsec whack --trafficstatus </b>as part of monitoring?</div></div><div>Thanks in Advance.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Kaushal</div></div></div></div></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br></blockquote></div></blockquote><div><br></div><div>Hi,</div><div><br></div><div>Checking in again if someone can pitch in for my earlier post to this mailing list. Thanks in Advance</div><div><br></div><div>What attributes i should refer to from <b>ipsec whack --globalstatus </b>and <b>ipsec whack --trafficstatus </b>as part of monitoring?<br></div><div><br></div><div>Best Regards,</div><div><br></div><div>Kaushal </div></div></div>