Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passive Monitoring with Nagios Jim Prins

Published byLinda Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Passive Monitoring with Nagios Jim Prins"— Presentation transcript:

1 Passive Monitoring with Nagios Jim Prins jprins1229@gmail.com

2 Introduction Sr. Manager – Web Technologies @ Harman International Web Application & Server Monitoring 180 Hosts 1100+ Services Goal: All Green Lights!

3 Agenda – pt 1 Active vs Passive Checks Enabling Passive Checking in Nagios Enabling on Nagios Core & Nagios XI Configuring NRDP Server & Client Customizing Passive Checks Volatility State Stalking Freshness Checking

4 Agenda – pt 2 Example #1 – Airline Call Button Example #2 – Backup Monitoring Other Passive Examples Summary Questions/Answers

5 Active vs Passive Checks Active Checks Active from perspective of the Nagios application. Request initiated by the server Server authenticated by the client Client decides whether to respond Passive Checks Passive from perspective of the Nagios application. Request initiated by the client Client authenticated by the server Server decides whether to accept message

6 Use cases Good reasons for passive checks: Detect and respond each time event happens Passive Check w/ Volatility & State Stalking Detect and respond when something has stopped happening Passive Check w/ Freshness

7 Enabling Passive Checks Passive host and service checks are enabled in Nagios Core via config.cfg Default location: /usr/local/nagios/etc/nagios.cfg accept_passive_host_checks=1 accept_passive_service_checks=1

8 NRDP – Server Side Nagios Remote Data Processor (NRDP) Server: Usually runs on the Nagios server at http:// /nrdp http:// /nrdp Tokens and other server side configuration maintained at /usr/local/nrdp/server/config.inc.php $cfg['authorized_tokens']=array("0vn53mbj3lk4“, “0vn53mbj3lk6”); Installation Guide and Overview * http://assets.nagios.com/downloads/nrdp/docs/NRDP_Overview.pdfhttp://assets.nagios.com/downloads/nrdp/docs/NRDP_Overview.pdf

9 NRDP – Client Side Client: Installed into /usr/local/nrdp Sample Script: i.e. backup_complete.sh #!/bin/bash nrdp=/usr/local/nrdp/clients/send_nrdp.sh url=http://10.44.4.69/nrdp token=0vn53mbj3lk4 host=backup-server service=" Oracle DB Backup " state=0 output="OK – Backup Completed Successfully" ${nrdp} -u ${url} -t ${token} -H ${host} -s "${service}" -S ${state} -o "${output}" StateMeaning 0OK (GREEN) 1WARNING (YELLOW) 2CRITICAL (RED) 3UNKNOWN (GREY)

10 Volatility – pt 1 For non-volatile services, error state is maintained during each subsequent check until the symptom is resolved and the check returns OK. 10:00 Storage: C: Drive 98% Full 10:05 Storage: C: Drive 98% Full 10:10 Storage: C: Drive 98% Full 10:15 Storage: C: Drive 60% Full A service is volatile if every alert indicates a unique issue and warrants a response event or notification. 10:12 Security: Heartbleed vulnerability scan from 75.96.13.212 10:18 Security: Port scan detected from 195.96.13.212 * Note: A volatile service generally has no “good news” response.

11 Volatility – pt 2 Volatility is enabled by setting is_volatile 1 in host or service configuration. Enabling volatility causes the following to happen in response to EACH non-OK alert: Event Handler is Executed (if defined) Alerts are sent if appropriate Note: For volatile services, notification intervals are ignored

12 State Stalking – pt 1 By default, Nagios will log the output of a service check whenever the service’s STATUS changes: TimeStatusMessageLogged 09:55OKDisk C: 79% FullNot Logged 10:00WARNINGDisk C: 80% FullLogged 10:05WARNINGDisk C: 80% FullNot Logged 10:10OKDisk C: 65% FullLogged 10:15OKDisk C: 66% FullNot Logged

13 State Stalking – pt 2 With state stalking enabled, Nagios will log the output of a service check whenever the service’s OUTPUT changes: TimeStatusMessageNon-VolatileVolatile 09:55OKDisk C: 79% FullNot LoggedLogged 10:00WARNINGDisk C: 80% FullLogged 10:05WARNINGDisk C: 80% FullNot Logged 10:10OKDisk C: 65% FullLogged 10:15OKDisk C: 66% FullNot LoggedLogged

14 State Stalking – pt 3 Useful when monitoring Volatile services, as each unique event is useful to record. 10:00:02 – CRITICAL: Port Scan from 75.100.12.31 10:00:12 – CRITICAL: Port Scan from 75.100.12.31 10:04:03 – CRITICAL: Heartbleed Vulnerability Scan from 75.100.12.31 13:12:41 – CRITICAL: SQL Injection Attempt on index.php from 8.8.12.41 Enabled by setting stalking_options directive for host or service scan * http://nagios.sourceforge.net/docs/3_0/stalking.htmlhttp://nagios.sourceforge.net/docs/3_0/stalking.html

15 Freshness – pt 1 Monitoring passive checks for “freshness” is a great way to determine when something has STOPPED happening. Ex: Backup hasn’t checked in for the past 24 hours (or 86,400 seconds) check_freshness1 freshness_threshold86400

16 Freshness – pt 2 When the freshness threshold (in seconds) is exceeded, the check_command will be executed. check_commandstale_critical!!!!!!!! check_period24x7 *Note: Only during the check period above will a service be checked for freshness Command Definition (within /usr/local/nagios/etc/commands.cfg) define command { command_name stale_critical command_line$USER1$/check_dummy 2 "Passive service has not checked in!" }

17 Ex. 1 – Airline Call Button Requirement Define call button status as service, with ability to toggle on and off using passive checks Solution Call button ON should cause status WARNING Call button OFF should cause status OK

18 Ex. 1 – Airline Call Button Step 1: Define Passive Service Check define service{ host_nameairplane1.carrier.com service_descriptionCall Button – 1A is_volatile1 active_checks_enabled0 passive_checks_enabled1 …other options… }

19 Ex. 1 – Airline Call Button Step 2: Configure Script For Call Button Pressed #!/bin/bash nrdp=/usr/local/nrdp/clients/send_nrdp.sh url=http://10.44.4.69/nrdp token=0vn53mbj3lk4 host=airplane1.carrier.com service="Call Button – 1A" state=1 output=“WARNING – Call Button Pressed" ${nrdp} -u ${url} -t ${token} -H ${host} -s "${service}" -S ${state} -o "${output}“ StateMeaning 0OK (GREEN) 1WARNING (YELLOW) 2CRITICAL (RED) 3UNKNOWN (GREY)

20 Ex. 1 – Airline Call Button Step 3: Configure Script For Call Answered #!/bin/bash nrdp=/usr/local/nrdp/clients/send_nrdp.sh url=http://10.44.4.69/nrdp token=0vn53mbj3lk4 host=airplane1.carrier.com service="Call Button – 1A" state=0 output=“OK – Call Answered" ${nrdp} -u ${url} -t ${token} -H ${host} -s "${service}" -S ${state} -o "${output}" StateMeaning 0OK (GREEN) 1WARNING (YELLOW) 2CRITICAL (RED) 3UNKNOWN (GREY)

21 Ex. 2 – Backup Monitoring Requirement –DB backup should complete successfully at least 1 time per day. Let someone know if it doesn’t. Solution –Send passive acknowledgement upon successful backup completion. –Use freshness to alert us any time service has not checked in within 26 hours.

22 Ex. 2 – Backup Monitoring Step 1: Define Passive Service Check define service{ host_namebackup-server service_descriptionOracle DB Backup active_checks_enabled0 passive_checks_enabled1 check_freshness1 freshness_threshold93600 check_commandno-backup-report …other options… }

23 Ex. 2 – Backup Monitoring Step 2: Define Check Command File: /usr/local/nagios/etc/commands.cfg define command{ command_nameno-backup-report command_line/usr/local/nagios/libexec/check_dummy 2 "Results of backup job were not reported!" } Note: check_dummy does nothing but exit 2 (critical) and display the message in “quotes” StateMeaning 0OK (GREEN) 1WARNING (YELLOW) 2CRITICAL (RED) 3UNKNOWN (GREY)

24 Ex. 2 – Backup Monitoring Step 3: Configure Client to Send Acknowledgement #!/bin/bash nrdp=/usr/local/nrdp/clients/send_nrdp.sh url=http://10.44.4.69/nrdp token=0vn53mbj3lk4 host=backup-server service="Oracle DB Backup" state=0 output="OK – Backup Completed Successfully" ${nrdp} -u ${url} -t ${token} -H ${host} -s "${service}" -S ${state} -o "${output}" StateMeaning 0OK (GREEN) 1WARNING (YELLOW) 2CRITICAL (RED) 3UNKNOWN (GREY)

25 Other Passive Use Cases Inaccessible Device is behind a firewall and cannot be reached by Nagios. Unpredictable Device is mobile and IP address changes often. Scalability Aggregate multiple Nagios server statuses to a central server. (Distributed configuration)

26 Conclusion Passive Checks Supported in both Nagios Core and Nagios XI Initiated by the client, authenticated and validated by the server. Customizable with volatility, state stalking, and freshness checking. Useful for detecting when events happen (i.e. Security Alerts) as well as when events STOP happening (i.e. Backup Monitoring).

27 Conclusion NRDP – Nagios Remote Data Processor Server Component, Runs on Nagios Server Collects passive updates from clients and submits updates to Nagios Core Uses shared tokens for client/server authentication. * http://assets.nagios.com/downloads/nrdp/docs/NRDP_Overview.pdf http://assets.nagios.com/downloads/nrdp/docs/NRDP_Overview.pdf NSCA can be used as an alternative, especially for Windows clients.

28 Other Passive Examples FunctionVolatileState StalkingFreshnessFreshness Threshold “Lost” Magic number entry Disabled Enabled108 Minutes Team Member Status Reports EnabledDisabledEnabled1 Month Security EventEnabled DisabledN/A Backup SuccessDisabled Enabled26 Hours

29 Questions? Any questions? Thanks!

30 The End Jim Prins jprins1229@gmail.com

Download ppt "Passive Monitoring with Nagios Jim Prins"

Similar presentations

Nagios on Tier1 farm Jonathan Wheeler RAL Tier1 Fabric Team 20 th June 2008.

Nagios on Tier1 farm Jonathan Wheeler RAL Tier1 Fabric Team 20 th June 2008.
PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.

PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.
ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.

ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.
1 CHEP 2000, 10.02.2000Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, 29.11.2002 (*) Work in collaboration with.

1 CHEP 2000, Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, (*) Work in collaboration with.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
New UI Changes for Endpoint Security in LDMS 9.6 SP2.

New UI Changes for Endpoint Security in LDMS 9.6 SP2.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
CONTENTS:-  What is Event Log Service ?  Types of event logs and their purpose.  How and when the Event Log is useful?  What is Event Viewer?  Briefing.

CONTENTS:-  What is Event Log Service ?  Types of event logs and their purpose.  How and when the Event Log is useful?  What is Event Viewer?  Briefing.

Similar presentations

Ads by Google