• 0
Dennis Walcott

TACACS & Radius Server Monitoring

Question

We are interested in using LM Websites to monitor TACACS and Radius availability. The goal is to use static credentials to validate the ability to login. We prefer to login to the TACACS and Radius servers every 15 minutes and alert when login fails. We would prefer not to login to our network devices because it will fill the logs with test login information. I know the which ports we are using for both, but I don't know where to begin. I have searched the community and have not found a post with this question. How would I go about tackling this?

Respectfully

Dennis

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

@Dennis Walcott I've done something similar in another monitoring tool in a past life. I used a script that called a radius test client and made a request directly to the RADIUS server. Parse the results and return a simple 1 or 0 for failure or success.

I would probably go with a DataSource over a webcheck in this case.

You can use Expect to run the radius test client if it's installed on your collector.

https://www.logicmonitor.com/support/terminology-syntax/scripting-support/groovyexpect-text-based-interaction/

Share this post


Link to post
Share on other sites
  • 0

@Michael Rodrigues Thank you for the quick response. Your suggestion of using DataSource over webcheck makes sense. I have taken a look at using Expect, but after reading through the help documents I decided to engage LogicMonitor Support and possibly Professional Services. I will update this post once I have direction or a working solution.

Share this post


Link to post
Share on other sites
  • 0

@Dennis Walcott thought of a codeless way to do it.

If you have a command line utility that allows you to test RADIUS (I used radtest from freeradius) you can just install it on your collector and call it with the "upload script" type Datasource.

Presumably the cli utility will give you back something you can easily regex for in a datapoint, "SUCCESS" or "FAILURE" gets printed out if I remember correctly.1371442899_ScreenShot2019-05-24at4_59_30PM.thumb.png.642250051bac92554150fd22b7eac1e5.png

 

Share this post


Link to post
Share on other sites
  • 0

@Michael Rodrigues I had a similar thought. Downloaded tactest from tacacs.net. The cli is straightforward to use. This can be loaded on the primary and backup collectors and run from the script you've mentioned. If we don't figure out an elegant way to test via groovy we will use this method for both tacacs and radius. 

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.