Monitoring network services in Nagios

Nagios also offers plugins that monitor different network services. These include commands for checking FTP, DHCP protocol, and WWW servers. It is also possible for Nagios to monitor itself.

Checking FTP server

Nagios allows you to verify whether an FTP server is listening for connections using the check_ftp command. This plugin is identical to check_tcp, with the difference that the port is optional, and by default a valid FTP welcome message is expected:

check_ftp -H host -p port [-w <warning time>] [-c <critical time>]
              [-s <send string>] [-e <expect string>]
              [-q <quit string>][-m <maximum bytes>] [-d <delay>]
              [-t <timeout seconds>] [-r <refuse state>]
              [-M <mismatch state>] [-v] [-4|-6] [-j]
              [-D <warn days cert expire>[,<crit days cert expire>]]
              [-S <use SSL>] [-E]

The port argument can be omitted and defaults to 21, or 990 for SSL-based connections. A sample command definition for checking FTP accepting connections is as follows:

  define command 
  { 
    command_name  check_ftp 
    command_line  $USER1$/check_ftp -H $HOSTADDRESS$ 
  } 

Using the -s and -e flags, it is also possible to verify if a specified username and password is allowed to log in:

  define command 
  { 
    command_name  check_ftplogin 
    command_line  $USER1$/check_ftp -H $HOSTADDRESS$ -E -s 
        "USER $ARG1\r\nPASS $ARG2$\r\n" -d 5 -e "230" 
  } 

This example is quite similar to POP3 authentication as the commands are the same. The only difference is that the requested response is 230 as this is a code for a successful response to the PASS command.

Verifying DHCP protocol

If your network has a server or a router that provides the users with IP addresses via DHCP, it would be wise to make sure that this server is also working correctly. Nagios offers a plugin that attempts to request an IP address via a DHCP protocol, which can be used for this purpose. The syntax is a bit different from other plugins:

check_dhcp [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]           
           [-i interface] [-m mac]

This command accepts the options described in the following table:

Option

Description

-s, --serverip

The IP of the server that needs to reply with an IP (option might be repeated)

-r, --requestedip

Indicates that at least one DHCP server needs to offer the specified IP address

-m, --mac

The MAC address that should be used in the DHCP request

-i, --interface

The name of the interface that is to be used for checking (for example eth0)

-u, --unicast

Unicast, for testing a DHCP relay request; requires -s

Options for DHCP checking are very powerful—they can be used to check if any server is responding to the DHCP requests, for example:

  define command 
  { 
    command_name  check_dhcp 
    command_line  $USER1$/check_dhcp 
  } 

This plugin can also be used to verify if specific servers work, if a specified MAC address will receive an IP address, if a specific IP address is returned, or a combination of these check, as shown below:

  define command 
  { 
    command_name  check_dhcp_mac 
    command_line  $USER1$/check_dhcp -s 
       $HOSTADDRESS$ -m $ARG1$ -r $ARG2$ 
  } 

This check will ensure that a specific machine provides a specific IP for requesting a specific MAC address. This allows checks to be created for specific DHCP rules, which is crucial in the case of networks that need to provide specific devices with IP addresses, which other services depend upon.

It is also worth noting that such tests are safe from a network’s perspective as the IP received from the server is not acknowledged by the Nagios plugin. Therefore, a check for a specific MAC address can be done even if a network card with the same address is currently connected. DHCP works over broadcast IP requests; therefore, it is not recommended that you set up testing this service often as it might cause excessive traffic for larger networks.

Monitoring Nagios processes

It is possible for Nagios to monitor whether or not it is running on the local machine. This works by checking the Nagios log file for recent entries, as well as reading the output from the ps system command to ensure that the Nagios daemon is currently running. This plugin is mainly used in combination with NRPE or SSH, which are described in more detail in Chapter 10, Monitoring Remote Hosts. However, it can also be deployed to check the same Nagios that is scheduling the command—mainly to make sure that the log files contain recent entries. The syntax and options are as follows:

check_nagios -F <status log file> -t <timeout_seconds>              -e <expire_minutes> -C <process_string>

Option

Description

-F, --filename

IP of the server that needs to reply with an IP (option might be repeated)

-e, --expires

The number of minutes after which the log file is assumed to be stale

-C, --command

Command or partial command to search for in the process list

All the preceding arguments listed are required. The check for the --expires option is done by comparing the date and time of the latest entry in the log with the current date and time. The log file is usually called nagios.log and is stored in the directory that was passed in the --localstatedir option during Nagios compilation. For an installation performed according to the steps given in Chapter 2, Installing Nagios 4, the path will be /var/nagios/nagios.log. The Nagios process for such a setup would be /opt/nagios/bin/nagios. An example definition of a command receiving all of the information as arguments is as follows:

  define command 
  { 
    command_name  check_nagios 
    command_line  $USER1$/check_nagios -F $ARG1$ -C 
        $ARG2$ -e $ARG3$ 
  } 

The first argument is the path to the log file, the second is the path to the Nagios daemon binary, and the last one is the maximum acceptable number of minutes since the last log was updated.

Testing websites

Making sure that websites are up and running 24/7 is vital to many large companies. Verifying that the returned pages contain correct data may be even more important for companies conducting e-commerce. Nagios offers plugins to verify that a web server works. It can also make sure that your SSL certificate is still valid and can also verify the contents of specific pages to check that they contain specific text. This command accepts various parameters, as follows:

check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>] 
           [-J <client certificate file>] [-K <private key>] 
           [-w <warn time>] [-c <critical time>] [-t <timeout>] 
           [-L] [-E] [-a auth] [-b proxy_auth] 
           [-f <ok|warning|critcal|follow|sticky|stickyport>] 
           [-e <expect>] [-d string] [-s string] [-l] 
           [-r <regex> | -R <case-insensitive regex>] 
           [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] 
           [-N] [-M <age>] [-A string] [-k string] [-S <version>]             
           [--sni] [-C <warn_age>[,<crit_age>]] 
           [-T <content-type>] [-j method] 

The following table lists the options that either differ from their usual behavior or are not common in other commands:

Option

Description

-H, --hostname

The hostname that should be used for the Host http header; the port might be appended, so it is also present in the http header

-I, --IP-address

The IP address to connect to; if not specified, --hostname is used

-u, --url

The URL to GET or POST (defaults to /)

-j, --method

The HTTP method to use, such as GET, HEAD, POST, PUT, and DELETE

-P, --post

Post the encoded http via POST; content is specified as argument

-N, --no-body

Do not wait for the document, only parse the http headers

-M, --max-age

Warn if the document is older than the number of seconds provided; this parameter can also be specified as (for example) “15 m” for minutes, “8 h” for hours, or “7 d” for days

-T,--content-type

Specify the http Content-Type header

-e, --expect

The text to expect in the first line of the http response; If specified, the plugin will not handle status code logic (i.e. won’t warn about 404)

-s, --string

Search for the specified text in result html

-r, --ereg

Search for a specified regular expression in html (case sensitive)

-R, --eregi

Search for a specified regular expression in html (case insensitive)

-l, --linespan

Allow the regular expression to span across new lines

--invert-regex

return a state of CRITICAL if the text is found, and OK if it is not found

-a, --authorization

Authorize on the page using the basic authentication type; must be passed in the form of <username>:<password>

-b, --proxy-authorization

Authorize for the proxy server; must be passed in the form of <username>:<password>

-A, --useragent

Pass the specified value as the User-Agent http header

-k, --header

Add other parameters to be sent in the http header (might be repeated)

-f, --onredirect

How to handle redirects; can be one of ok, warning, critical, or follow

-m, --pagesize

The minimum and maximum html page sizes in bytes, as <min>:<max>

-C, --certificate

Specifies how long the certificate has to be valid in days; should be in the form of critical_days or critical_days,warning_days

--sni

Server Name Indication; enables SSL/TLS hostname extension support; this allows verifying SSL-enabled websites with multiple sites on a single IP address

For example, to verify if a main page has at least the specified number of bytes and is returned promptly, the following check can be done:

  define command 
  { 
    command_name  check_http_basic 
    command_line  $USER1$/check_http -H $HOSTADDRESS$ -f 
      follow -m $ARG1$:1000000 -w $ARG2$ -c $ARG3$ 
  } 

More complex tests of the WWW infrastructure should be carried out frequently. For example, to verify if an SSL-enabled page works correctly and quickly, a more complex test might be required. The following command will verify the SSL certificate and the page size and will look for a specific string in the page body:

  define command 
  { 
    command_name  check_https 
    command_line  $USER1$/check_http -H $HOSTADDRESS$ -S 
      -C 14 -u $ARG1$ -f follow -m $ARG1$:$ARG2$ -R $ARG3$
  } 

Checking web pages at a higher level is described in more detail in Chapter 13, Programming Nagios, and uses plugins custom-written for this purpose.

Related Articles

How to add swap space on Ubuntu 21.04 Operating System

How to add swap space on Ubuntu 21.04 Operating System

The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

read more

Lorem ipsum dolor sit amet consectetur

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

twenty + two =