Now that we are a participating SP/IdP for eduroam we wanted to monitor the two top-level radius servers in use on their side. Their wiki suggests using the check_radius.pl plugin available on the Nagios plugin directory. I found it to be a little too limiting and not well-tailored for monitoring so I went ahead and made some modifications. Below is the source for it along with a summary of the changes I’ve made.
Changes
- Changed the default port value to 1812 from 18120
- Remove -e flag to execute an arbitrary script/binary if status != OK, this is just for monitoring.
- Add -S flag to specify secret file rather than providing it on the command-line
- Add -b flag to specify arbitrary path to radclient (was a hard-coded path in original)
- Modify -d flag to additionally pass the -x flag to radclient
- Modified behavior of -H flag to support comma-delimitted list of hostnames
- Modified output to show timing thresholds for all checks as well as each host’s status and time taken for response
Output
OK: (w:3;c:5;t:10) tlrs1.eduroam.us (0.056135 sec): OK; tlrs2.eduroam.us (0.08103 sec): OK
Source
check_radius on GitHub