josh riggs [email protected] utilizing open source network monitoring
TRANSCRIPT
What is a network monitoring system?
Monitors network hardware and software for issues
Used to notify network administrators of outages or failures
Protocols: SNMP, HTTP, SMTP/IMAP & SSH
Nagios
• Runs on Linux and Unix variants• Current Stable version 3.2• Configuration is file-based/template ready• Allows you to automatically restart failed
applications, services, servers, and devices when problems are detected.
• Accessed through a web interface
Advantages of Nagios
• Open Source (Free)• Plug-in system for writing a custom ‘check’
in any language you prefer• Can tell the difference between a and a
down/unreachable host• Automatic log file rotation, performance
data processing, and a web interface!• Community and professional support• Customizable
Event Handlers
• Event handlers are optional system commands (scripts or executables) that are run whenever a host or service state change occurs.
• An obvious use for event handlers is the ability for Nagios to proactively fix problems before anyone is notified. Some other uses for event handlers include: – Restarting a failed service – Entering a trouble ticket into a helpdesk system – Logging event information to a database – Cycling power on a host* – etc.
Web Interface
Web Interface
• Live Demo
NDOUtils
• NDOUtils allows you to export current and historical data from one or more Nagios instances to a MySQL database.
• Several community add-ons use this as one of their data sources.
NagVis
• http://www.nagvis.org• Key Features
– Display of single Hosts and Services– Visualize a complete Host- or Servicegroup with one icon– Display the summary state of a Host and all its services– Display only the real problems– Sub-map icons which represent a complete NagVis Map in one icon (drill
down)– Visualization of complete IT processes using self drawn graphics– Online documentation of IT environments including current states– Multilingual capabilities– Web configuration interface (WUI)
Nagvis
• Live Demo
Nagvis
• Map Examples
Nagvis
• Map Examples
Nagvis
• Map Examples
Monitoring Linux Machines
• NPRE– Monitors
• CPU Load• Memory Usage• Swap Usage• Disk Usage• Process State
Monitoring Linux Machines
• The NRPE addon is designed to allow you to execute Nagios plugins on remote Linux/Unix machines.
• The main reason for doing this is to allow Nagios to monitor "local" resources (like CPU load, memory usage, etc.)
• Since these resources are not usually exposed to external machines, an agent like NRPE must be installed on the remote Linux/Unix machines.
Monitoring Windows Machines
• NSClient++– This is an agent that is installed on the
Windows Machine and acts as a proxy between the Windows Machine and Nagios Server
– NSClient++ is installed as a service and actually does the monitoring and sends the results to the Nagios Plugin
NSClient++
• NSClient++ is required to monitor private services on a windows machine such as
– Memory Usage– CPU Usage– Disk Usage– Service States– Running Processes
Monitoring Common Network Services
• Public services running on Windows Machines such as HTTP, POP3, FTP are monitored directly from the Nagios server with different plugins
Other Devices Nagios can Monitor
• Netware Servers• Switches• Routers• Access Points• Printers• Spam Appliances• Etc
Nagios Plugins
• Plugins are compiled executables or scripts (Perl scripts, shell scripts, etc.) that can be run from a command line to check the status or a host or service. Nagios uses the results from plugins to determine the current status of hosts and services on your network.
Nagios Plugins
• Monitoring Exchange
Macros
• One of the main features that make Nagios so flexible is the ability to use macros in command definitions. Macros allow you to reference information from hosts, services, and other sources in your commands.
• Before Nagios executes a command, it will replace any macros it finds in the command definition with their corresponding values.
Macros
• Standard Macros in Nagios
• Before Nagios executes a command, it will replace any macros it finds in the command definition with their corresponding values.
Configuring Nagios
• Main Configuration File– Location of Object Configuration Files– User to run daemon as– Enable or Disable notifications– Logging Options– Check Timeouts– Date and Time zone information– Administrator Email
Configuring Nagios• Host Definition
– Sample:define host { host_name bogus-router
alias Bogus Router #1 address 92.168.1.254 parents server-backbone check_command check-host-alive check_interval 5 retry_interval 1 max_check_attempts 5 check_period 24x7 contact_groups router-admins notification_interval 30
notification_period 24x7 notification_options d,u,r }
Configuring Nagios• Service Definition
– Sampledefine service{
host_name linux-server service_description check-disk-sda1 check_command check-disk!/dev/sda1 max_check_attempts 5 check_interval 5 retry_interval 3 check_period 24x7 notification_interval 30 notification_period 24x7 notification_options w,c,r contact_groups linux-admins
}
Configuring Nagios• Contact Definition
– Sampledefine contact {
contact_name jdoe
alias John Doe
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email [email protected]
pager [email protected]
}
Configuring Nagios
• Time Periods Definition– Sampledefine timeperiod {
timeperiod_name workhours
alias Normal Work Hours
Monday 07:00 – 18:00
Tuesday 07:00 – 18:00
Wednesday 07:00 – 18:00
Thursday 07:00 – 18:00
Friday 07:00 – 18:00
}
Configuring Nagios
• Command Definitions– Sample
Define command {
command_name check_pop
command_line /usr/local/nagios/libexec/check_pop -H $HOSTADDRESS$
}
Nagios
• Questions ?