Friday, 30 August 2013

Nagios: Monitor your Network Infrastructure

You can monitor your firewall, routers, network switches etc. using Nagios.  These days most of the switches and routers supports SNMP, and you can monitor port status with the check_snmp plugin and bandwidth using MRTG with the check_mrtgtraf plugin. You need to install plugin if you want to monitor your firewall.

I assume you have already installed and configured Nagios on the Nagios monitoring server. If not follow the instructions here. Once your Nagios server is ready you 'll need to follow these steps to monitor your network infrastructure.

1. Enable Switch configuration file in Nagios.cfg 

Edit the nagios configuration file, unckeck switch.cfg.

# vim /usr/local/nagios/etc/nagios.cfg


2. Define hosts for Switch/Router/Firewall

Open the configuration file and change the host_name, alias, and address fields to appropriate values for the switch.

# vim /usr/local/nagios/etc/objects/switch.cfg

# Define the switch that we'll be monitoring

define host{
        use                    generic-switch                      ; Inherit default values from a template
        host_name       catalyst-4500                       ; The name we're giving to this switch
        alias                  Cisco Catalyst 4500 Switch  ; A longer name associated with the switch
        address                            ; IP address of the switch
        hostgroups       switches                                 ; Host groups this switch is associated with

Open the configuration file and change the host_name, alias, and address fields to appropriate values for the firewall as well as router.

3. Monitoring services for Switch/Router/Firewall

Add the following service definition to monitor packet loss and round trip average between the Nagios host and the switch every 5 minutes under normal conditions.

# Create a service to PING to switch

define service{
        use                             generic-service ; Inherit values from a template
        host_name               catalyst-4500   ; The name of the host the service is associated with
        service_description  PING                ; The service description
        check_command     check_ping!200.0,20%!600.0,60%  ; The command used to monitor the service
        normal_check_interval   5               ; Check the service every 5 minutes under normal conditions
        retry_check_interval       1               ; Re-check the service every minute until its final/hard state is determined

This service will be:
CRITICAL if the round trip average (RTA) is greater than 600 milliseconds or the packet loss is 60% or more 
WARNING if the RTA is greater than 200 ms or the packet loss is 20% or more
OK if the RTA is less than 200 ms and the packet loss is less than 20%

# Monitor uptime via SNMP

        host_name                  catalyst-4500
        service_description     Uptime
        check_command         check_snmp!-C public -o sysUpTime.0

# Monitor Port 1 status via SNMP

define service{
        use                               generic-service ; Inherit values from a template
        host_name                 catalyst-4500
        service_description     Port 1 Link Status
        check_command        check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB

Repeat this procedure for router as well. To monitor firewall you'll need to download the  appropriate plugin and define the services. If you are using Cisco ASA you can download the plugin from here.

4. Monitor your Bandwidth

You need to install MRTG if you want to monitor bandwidth usage on your switches or routers. You can set the alert when traffic rates exceed thresholds you specify. You need to use check_mrtgtraf plugin for this. The MRTG log file mentioned below should point to the MRTG log file on your system.

# Monitor bandwidth via MRTG logs

define service{
        use                             generic-service ; Inherit values from a template
        host_name               catalyst-4500
        service_description  Port 1 Bandwidth Usage
        check_command                                check_local_mrtgtraf!/var/lib/mrtg/!AVG!1000000,1000000!5000000,5000000!10

In the example above, the "/var/lib/mrtg/" option that gets passed to the check_local_mrtgtraf command tells the plugin which MRTG log file to read from. The "AVG" option tells it that it should use average bandwidth statistics. The "1000000,2000000" options are the warning thresholds (in bytes) for incoming traffic rates. The "5000000,5000000" are critical thresholds (in bytes) for outgoing traffic rates. The "10" option causes the plugin to return a CRITICAL state if the MRTG log file is older than 10 minutes (it should be updated every 5 minutes).

5. Verify configuration and restart Nagios.

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

# /etc/init.d/nagios restart
Stopping nagios:                                           [  OK  ]
Starting nagios:                                            [  OK  ]

Note 1:
If you want to monitor all the ports of the switch then make an entry of all the ports while defining the services.

check_command         check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB, -o ifOperStatus.2 -r 1 -m RFC1213-MIB, -o ifOperStatus.3 -r 1 -m RFC1213-MIB ...

Note 2:
You can monitor your router/firewall using SNMP if you know the object  identifier (OID) for the router/firewall, which you can find using snmpwalk.

snmpwalk -v1 -c public -m ALL .1, where is the ip address of your router/firewall.

Note 3:
You can monitor your remote linux/windows host using SNMP, but I'm not sure of reliability of SNMP. One reason is SNMP is based on less secure UDP and the other is there is no acknowledgement defined for snmp traps.

Note 4:
There are few occasions we prefer UDP over TCP, especially when we don't require any acknowledgement or few packet loss doesn't make any difference.

1. used for broadcast and multicast, as TCP doesn't support broadcast/multicast.

2. faster, there is no acknowledgement defined, and no need to resend  the lost packets makes UDP faster and is widely used for videoconferencing.

No comments:

Post a Comment