Nagios or Icinga plugin for Mikrotik software and firmware version

Posted on 2019-03-02, 17:34, by bjorn, under Uncategorized.

When upgrading the software (RouterOS) on Mikrotik devices, you should usually also make sure the firmware (RouterBoot) is upgraded to the same level.

In the devices’ various management interfaces including command line, the OS will tell you that there are outstanding firmware patches if you ask it, like this:

/system routerboard print 
        routerboard: yes
   current-firmware: 3.24
   upgrade-firmware: 5.2.1

Or, if you’ve configured the unit for automatic firmware upgrade after a software upgrade, you will be greeted by a message like this at login time:

Firmware upgraded successfully, please reboot for changes to take effect!

Previously there were no logical way to compare matching versions between the OS software and the boot firmware, but some time ago the vendor started aligning the two components’ version numbers and that made today’s small endeavor much easier. When it’s this easy to check whether the firmware upgrade was forgotten after a software upgrade, it took just a few minutes to write a shell script to be used in Icinga or Nagios.

The script takes a couple of arguments: -H for hostname, -c for entering the SNMP community, and -v for versions 1 or 2c. Sorry, I haven’t made it SNMPv3 compatible yet. If you’ve forgotten a firmware upgrade, the script will issue a WARNING text with a corresponding exit value 1, but it also accepts a -C argument to return a CRITICAL state and exit value 2.

!/bin/bash
HOST="127.0.0.1"
COMMUNITY="public"
VERSION="2c"
CRITICAL=0
while getopts "H:c:v:C" opt; do
  case $opt in
    H)
      HOST=$OPTARG
      ;;
    c)
      COMMUNITY=$OPTARG
      ;;
    v)
      VERSION=$OPTARG
      ;;
    C)
      CRITICAL=1
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      ;;
  esac
done
FW=$(snmpwalk -Ov -On -Oq -Cc -c $COMMUNITY -v $VERSION $HOST .1.3.6.1.4.1.14988.1.1.7.4.0)
SW=$(snmpwalk -Ov -On -Oq -Cc -c $COMMUNITY -v $VERSION $HOST .1.3.6.1.4.1.14988.1.1.4.4.0)
if [ "$FW" == "$SW" ]; then
  echo "OK: Software and firmware versions match ($SW)"
  exit 0
else
  if [ $CRITICAL -gt 0 ]; then
    echo "CRITICAL: Software version $SW does not match firmware version $FW"
    exit 2
  else
    echo "WARNING: Software version $SW does not match firmware version $FW"
    exit 1
  fi
fi

A test run from the shell provides useful output:

./check_mikrotik_sw_fw -H devicename -c snmpsecret
WARNING: Software version 6.44 does not match firmware version 6.43.12

After configuring Icinga2 to check the Mikrotik devices, I got a nice overview of outstanding tasks:

Status at blog time. They are all upgraded now 😉

Coming up: Write a plugin to warn about units that don’t use the most recent versions. But that’ll be for another blog entry!

Tags: , , , , ,
«
»