Network Monitoring

To make it even more difficult, Nagios distinguishes between core configuration files and plug- in configuration files, add- on files that can be used as an extension to the default fun

Network Monitoring

Knowing When It Goes Wrong

Without Watching It

As an administrator, it is your responsibility to know when things are about to go

wrong You can, of course, go sit by your server all day and figure out if everything is going all right, but you probably have better things to do Nagios offers services to monitor the

network for you In this chapter you’ll learn how to install and use Nagios

Starting with Nagios

Nagios is a network- wide monitoring tool In this chapter you’ll learn how to set it up

on your servers Once it is set up, you can watch the status of servers in your network via

a web browser Don’t want to watch a web browser all time? That’s fine, because you can

configure Nagios to send relevant security alerts to some specified users on the network if something goes wrong Nagios allows you to monitor local server events, such as running out of disk space, as network events

Before you install Nagios, make sure that you have a web server configured (you can

read more about configuring Apache Web Server in Chapter 11 of my book Beginning

Ubuntu Server Administration, from Apress) and running Nagios uses a web interface to

show its information, so you can’t do without that Once you have confirmed it is up and

running, install the j]ceko packages:

]lp)capejop]hhj]ceko.j]ceko)lhqcejoj]ceko)ei]cao

This command installs about 40 MB of data on your server Once that is done, you

have to complete the installation by setting up authentication Nagios uses the file

+ap_+j]ceko.+dpl]oos`*qoano, but this file is not created automatically The following command creates it for you, puts a user with the name j]ceko]`iej in it, and prompts for

a password:

dpl]oos`)_+ap_+j]ceko.+dpl]oos`*qoanoj]ceko]`iej

There are two configuration files related to user authentication First, +ap_+

j]ceko.+]l]_da.*_kjb contains all settings that allow Nagios to communicate with

Apache Listing 6-1 shows its contents

Listing 6-1 /etc/nagios2/apache2.conf Sets Up Communication Between Nagios and Apache

in the _ce*_bc file Listing 6-2 shows its contents

N Note For better readability, I have removed all comment lines Consult the configuration file on disk to

see the comment lines as well

Listing 6-2 cgi.cfg Contains the Authorizations of the admin User

At this point, you have a very basic Nagios server up and running Before you start

to configure it, you need to find out if it works properly From a workstation, start your

browser and connect to the following URL:

dppl6++ukqn[j]ceko[oanran+j]ceko

This should give you a login prompt at which you can enter the name and password

of the admin user you have just created After entering these, you should see the Nagios

web interface, as shown in Figure 6-1 Don’t bother clicking around in it, because you

haven’t set up anything yet Therefore, you won’t see much for the moment Read the

fol-lowing sections to find out how to configure Nagios

Figure 6-1 After installing Nagios, connect to it to see if it works.

N Note The Nagios web interface gives access to some documentation that is installed on your server as well You can use this documentation, but be aware that the paths on Ubuntu Server are different from the pathnames referred to in the documentation

Configuring Nagios

Nagios uses lots of configuration files The most difficult part of managing Nagios is to

find the right configuration file for a specific purpose To make it even more difficult,

Nagios distinguishes between core configuration files and plug- in configuration files,

add- on files that can be used as an extension to the default functionality of Nagios

Location of the Configuration Files

When you first start working with Nagios, it looks like configuration files are located just

about everywhere! To help you pinpoint the locations of these files, the following list

identifies the most common directories in which Nagios stores information:

s+ap_+j]ceko.: This is the master configuration directory It contains the most

important configuration files, among which you will find the j]ceko*_bc

config-uration file

s+qon+he^+j]ceko+lhqcejo: As mentioned, Nagios works with plug- ins Every plug- in allows you to monitor an additional service For example, Nagios by itself doesn’t

know how to monitor Oracle If, however, the Oracle plug- in has been installed in

this directory (which is the case after a default installation), the plug- in can

man-age Oracle

s+ap_+j]ceko.+_kjb*`: This directory contains some of the most important

Nag-ios configuration files If the file you are looking for is not in here, also check

+ap_+j]ceko)lhqcejo+_kjbig

s+ap_+j]ceko)lhqcejo+_kjbec: This directory contains the configuration files for the

plug- ins that are installed on your server

s+r]n+he^+j]ceko.: Nagios writes its output to this directory When Nagios has been

up and running for some time, you’ll find *kqp files in this directory These files

contain the information that is used by the Nagios web interface

s+r]n+hkc+j]ceko.: This is the directory where Nagios writes its log files Use it if

anything goes wrong with your Nagios environment

Before diving deep into the different configuration files, you should also be aware

of the +ap_+j]ceko.+_kii]j`o*_bc file To do its work, Nagios uses its own command set

The _kii]j`o*_bc file defines the most important commands Listing 6-3 gives a partial

example

Listing 6-3 /etc/nagios2/commands.cfg Defines the Most Common Nagios Commands

OANRE?AOP=PAPULA Xp OANRE?AATA?QPEKJPEIA Xp OANRE?AH=PAJ?U ±

Xp OANRE?AKQPLQP Xp OANRE?ALANB@=P= Xj::+r]n+he^+j]ceko.+oanre_a)lanb`]p]*kqp

y

Nagios commands are well structured If you feel you are missing any functionality in the default Nagios command set, you can create your own Nagios commands as well The _kii]j`o*_bc file contains some hints on how to do that

The Master Configuration File: nagios.cfg

The master configuration file that Nagios uses is +ap_+j]ceko.+j]ceko*_bc This file determines where Nagios should read and write specific information By using _bc[behastatements, it also tells Nagios what additional configuration files to read For example, these statements can refer to configuration files for specific modules that you want to use By default, all of these configuration files are disabled, which means that Nagios basically monitors nothing Of course, it makes sense to enable them, but only after you have modified the configuration file according to your needs Listing 6-4 shows the part

of j]ceko*_bc that indicates what configuration files to use Be aware, though, that these are only example files, and in some cases refer to files that don’t even exist at the location that is indicated

Listing 6-4 From nagios.cfg, Additional Configuration Files Are Included

As a Nagios administrator, it is also useful if you know about the other important

lines in the j]ceko*_bc file The following list provides an overview of the most important

definitions it contains:

shkc[beha9+r]n+hkc+j]ceko.+j]ceko*hkc: This parameter tells Nagios where to log its information.

s_bc[`en9+ap_+j]ceko.+_kjb*`: This line tells Nagios to include all configuration files

in the specified directory

s_bc[beha9+ap_+j]ceko.+_kii]j`o*_bc: This line tells Nagios to load the tion file _kii]j`o*_bc as well Likewise, other _bc[beha lines are used to refer to additional configuration files that Nagios should include

sop]pqo[beha9+r]n+_]_da+j]ceko.+op]pqo*`]p: This file contains current status mation about all hosts and services that are monitored The CGI scripts from the Nagios web server interpret this file and display its contents in a graphical way

s_da_g[atpanj]h[_kii]j`9,: This default line makes sure that no external commands can be executed If you want to manage Nagios using a web server (which should always be the case), you need to enable this option by giving it the value 1

shkc[nkp]pekj[iapdk`9`: This line specifies in what way the Nagios log file should be rotated By default, this will happen daily Valid values for this parameter follow:

j: Don’t rotate the log

param-Creating Essential Nagios Configuration Files

Nagios needs some minimal configuration files, and they should reside in one of the directories defined in the j]ceko*_bc file using the _bc[`en directive The default location

to put them would be +ap_+j]ceko.+_kjb*` Make sure that you create at least the ing configuration files:

s_kjp]_po*_bc: This file defines which people should get a message in case of trouble

s_kjp]_pcnkqlo*_bc: All contacts specified in _kjp]_po*_bc should be a member of at least one contact group Use this file to define the contact group

spailh]pao*_bc: This file defines templates that can be used by other configuration

files

sdkopo*_bc: Use this file to define the hosts that Nagios will monitor

sdkopcnkqlo*_bc: In large networks, it is useful to subdivide hosts into host groups,

such as servers, switches, routers, and so on

soanre_ao*_bc: The file defines specific services that you want to monitor for each

host

speialanek`o*_bc: This file defines time periods used in all configuration files

Now it is time to start the real work, which unfortunately involves a lot of typing In

the rest of this chapter, we will work on a small example network in which four Linux

servers are used Three of these are on the internal network, and one of them is on the

Internet Nagios can monitor other operating systems as well, but let’s try to set up

Linux- based host monitoring first The following servers are monitored:

s-5.*-24*-*55: DHCP, NFS, web, Nagios, SSH

s-5.*-24*-*-,,: Samba, SSH

s-5.*-24*-*-,-: Web, FTP, SSH

s4,*25*5/*.-2: Web, SSH

Creating a Contacts File

Start with the creation of the _kjp]_po*_bc file As specified in +ap_+j]ceko.+j]ceko*_bc,

this file should reside in +ap_+j]ceko., so make sure to create it there Listing 6-5 gives an

example of what this file may look like

Listing 6-5 Example contacts.cfg File

dkop[jkpebe_]pekj[_kii]j`odkop)jkpebu)^u[ai]eh

ai]ehhej`]<hk_]hdkop

y

The interesting part of this configuration file is that there are quite a few

cross- references That is, the _kjp]_po*_bc file depends on what you do in other

configuration files For instance, the lines oanre_a[jkpebe_]pekj[lanek` and

dkop[jkpebe_]pekj[lanek` are periods that you will define later in the peialanek`o*_bc file

In the example _kjp]_po*_bc file in Listing 6-6, you also see that some

oanre_a[jkpebe_]pekj[klpekjo and dkop[jkpebe_]pekj[klpekjo parameters are used The following oanre_a[jkpebe_]pekj[klpekjo parameters can be used:

sj: Do not notify at all

ss: Notify on WARNING states

sq: Notify on UNKNOWN states

s_: Notify on CRITICAL states

sn: Notify when the service recovers and returns to OK state

Likewise, the following dkop[jkpebe_]pekj[klpekjo parameters can be used:

sj: Do not notify at all

s`: Notify on DOWN host states

sq: Notify if host is unreachable

sn: Notify when host recovers

Defining a Contacts Group

After defining the contacts file, you may want to create a contact group as well This makes it easier in large implementations to address all contacts at once Listing 6-6 shows what a contact group may look like

Listing 6-6 Example of a Contact Group

Defining Hosts and Host Groups

After defining whom to contact if things go wrong, you have to define hosts and, if so

required, hostnames The hosts you define will inherit some of their settings from the

host template On Ubuntu 8.04, you’ll find this template in the file +ap_+j]ceko.+_kjb*`+

cajane_)dkopo[j]ceko.*_fg Normally you don’t need to edit the settings in this file You

just need to refer to it when defining your hosts This hosts configuration file may look

similar to the example shown in Listing 6-7

Listing 6-7 Example hosts.cfg File

s_da_g[_kii]j`: Refers to the command that Nagios uses to check if the host is up

In all cases, it should refer to the _da_g)dkopo)]hera command

si]t[_da_g[]ppailpo: Defines how many checks Nagios should run as a maximum

If a host still doesn’t reply after reaching this threshold, Nagios will consider it unavailable

sjkpebe_]pekj[ejpanr]h: Defines, in minutes, how often you should receive a

notifi-cation if the problem still exists Use the value 0 if you want just one notifinotifi-cation to

be sent after the problem is discovered

sjkpebe_]pekj[lanek`: Defines during which time period notifications should be

sent to the contacts It is a good idea to use 24x7 here, to make sure that

notifica-tions will be sent at all times

sjkpebe_]pekj[klpekjo: Defines in what situations notifications should be sent out

The following options are available:

`: Notify if host is down

q: Notify if host is unreachable

n: Send notification when host recovers

j: Do not send notifications

After defining hosts, you must specify the host groups that your hosts belong to

There are many approaches to creating host groups, and a host may be a member of

more than one host group Ultimately, your business needs will dictate which host

groups to use In the example in Listing 6-8, you can see that three different approaches are used to define host groups First, there is a host group that contains all hosts, and

then there are functional host groups, and last there are host groups based on locations that are used

Listing 6-8 Host Groups Make Managing Hosts Easier

Defining Services to Monitor

Now that your hosts and host groups are defined, it’s time to work on the services In the oanre_ao*_bc file, you define what particular services you want to monitor Normally, making sure that all relevant services are defined is a lot of work In Nagios, you can monitor network services as well as local services For instance, there is a service to check available local disk space, or you can check based on any network protocol as well Before you start to work on the oanre_ao*_bc file, you should understand what it does

In the services file, different services are checked To do this, Nagios needs plug- ins You’ll find a list of all available plug- ins in the +qon+he^+j]ceko+lhqcejo directory I rec-ommend that you have a look at this directory and get an idea of the possibilities that are offered You can run every plug- in from this directory as an independent executable, which gives you an idea of the plug- in possibilities Some plug- ins just run and that’s all, whereas other plug- ins can have lots of options that enable you to determine what exactly the plug- in should do Listing 6-9 gives you an example of the help output from the _da_g[`eog plug- in Many plug- ins have complex options like this one, so make sure that you are aware of the options that exist for the plug- ins you want to use before you config-ure the oanre_ao*_bc file

Listing 6-9 Nagios Plug- ins Often Have Lots of Options to Define What You Want Them to Do