Tag Archives: esxi

Nagios check_esxi_snapshots

This script is using pySphere api for esxi and do loop through all vms and checks for snapshots.

from pysphere import VIServer
import sys

ok = 0
warn = 1
crit = 2
status = { 'OK' : 0 , 'WARNING' : 1, 'CRITICAL' : 2 , 'UNKNOWN' : 3}

server = sys.argv[1]
user = sys.argv[2]
pwd = sys.argv[3]

s = VIServer()
s.connect(server, user, pwd)
names = ""
result = s._retrieve_properties_traversal(
property_names=['name', 'rootSnapshot'],
for props in result:
has_snapshots = False
name = ""
for ps in props.PropSet:
if ps.Name=='rootSnapshot' and ps.Val.ManagedObjectReference:
has_snapshots = True
if ps.Name=='name':
name = ps.Val
if has_snapshots:
names = names + name + ', '
if warn == True:

if crit == True:
print names, 'has a snapshot'
print status['CRITICAL']
print names, "are running with snapshot"
print status['WARNING']

print 'status OK, no snapshots'

esxi snmp v3

I want to monitor our esxi hipervisors through SNMP but also I want to be encrypted 🙂 after all this information floating over the Internet so it is good to be at least encrypted somehow. That’s why we going to use SNMP v3 Enabling SSH on ESXi

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Services, then select SSH Server
  • Click Options and select Start and Stop with host
  • Click the Start button once to start the service for now

Opening the firewall to allow SSH connections

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Firewall, then select SSH Server
  • Click SSH Server, select Firewall and allow an IP-range

and now the magic… for  engin ID we need to use hexadecimal value.

esxcli system snmp set --engineid 766d77617265
esxcli system snmp set --authentication SHA1
esxcli system snmp set --privacy AES128
esxcli system snmp hash -r -A secret1234 -X secret5678
esxcli system snmp set --users root/AuthHash/PrivHash/priv
esxcli system snmp set --enable true

And that’s all, you can test is it working with snmpwalk

snmpwalk -v3 -u root -l AuthPriv -a SHA -A Auth -x AES -X Priv %HOST%

Ohh.. snap, I forgot to do one last thing 🙂
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address %IP%
esxcli network firewall ruleset set --ruleset-id snmp --enabled true