Nagios Installation and Configuration: Part Two

NagiosIn the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins.

Nagios Configuration

Now that Nagios has been installed, it’s time to configure it. Sample configuration files have been installed in the /usr/local/nagios/etc directory. For the most part, the settings in the sample files should work fine for getting started with Nagios. You should, however change the e-mail address associated with the nagiosadmin contact definition to the address you’d like to use for receiving alerts. To do so, you change the email field in /usr/local/nagios/etc/objects/contacts.cfg with your favorite editor.

Next, install the Nagios web config file in the Apache conf.d directory:

make install-webconf

Create a nagionsadmin account for logging into the Nagios web interface. Remember the password you assign to this account.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Now restart Apache to make the new settings take effect.

/etc/init.d/apache2 reload


Next, extract the Nagios plugins source code tarball:

tar xzf nagios-plugins-2.0.3.tar.gz

cd nagios-plugins-2.0.3

Compile and install the plugins:

./configure –with-nagios-user=nagios –with-nagios-group=nagios

make

make install

Now configure nagios to automatically start when the system boots:

ln -s /etc/init.d/nagios /etc/rc5.d/599nagios

Verify the sample Nagios configuration files:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios:

/etc/init.d/nagios start

You should now be able to access the Nagios web interface at the URL below. You’ll be promoted for the username (nagiosadmin) and password you specified earlier:

http://localhost/nagios/

Click on the “Service Detail” navbar link to see details of what’s being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.

If you want to receive e-mail notifications for Nagios alerts, you need to install the mailx (Postfix) package:

sudo apt-get install mailx

sudo apt-get install postfix

You’ll have to edit the Nagios e-mail notification commands found in /usr/local/nagios/etc/objects/commands.cfg and change and /bin/mail references to /usr/bin/mail. Once you do that, you’ll need to restart Nagios to make the configuration changes live:

sudo /etc/init.d/nagios restart

In the next article, we’ll access Nagios via the web interface and configure it to work with pfSense.


External Links:

The official Nagios site

Nagios on Wikipedia

Nagios Installation and Configuration: Part One

NagiosNagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, and offers monitoring and alerting services. It alerts the users when things go wrong, and alerts them a second time when the problem has been resolved.

Nagios was originally designed to run under Linux, but it also runs well on other Unix variants. It is licensed under the terms of the GNU GPL version 2. It was originally created under the name NetSaint, and was written and maintained by Ethan Galstad along with a group of developers who are actively maintaining both the official (and unofficial) plugins. The name of NetSaint was changed in response to a legal challenge by owners of a similar trademark; Nagios is a recursive acronym which stands for “Nagios Ain’t Gonna Insist On Sainthood”.

Nagios includes the following capabilities, among others:

  • Monitoring of network services
  • Monitoring of host resources (processor load, disk usage, system logs) on a majority of network operating systems (including Microsoft Windows)
  • Monitoring of anything else like probes which have the ability to send collected data via a network to specifically written plugins
  • Monitoring via remotely run scripts via Nagios Remote Plugin Executor
  • Remote monitoring supported through SSH or SSL encrypted tunnels


Nagios Installation

The process of installing Nagios under Linux is fairly straightforward. First, you need to install some prerequisites, which you can get from the repositories. First, install Apache 2 and the Apache PHP libraries:

sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5

Next, install the GCC compiler and development libraries:

sudo apt-get install build-essential

Finally, you need to install the GD 2 development libraries. With some distributions, you install it like this:

sudo apt-get install libdg2-dev

But with some newer distros (including Ubuntu 7.10 and above), the name of the gd2 library has changed:

sudo apt-get install libgd2-xpm-dev

Next, you need to set up the Nagios account. Start by becoming the root user:

sudo -s

Now create a new user and give it a password:

/usr/sbin/useradd -m -s /bin/bash/nagios
passwd nagios

On some distros, you may need to add a group, but on newer server versions of Ubuntu, you can skip this step:

/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios

In either case, you will need to create a new nagcmd group for allowing external commands to be submitted through the web interface, and to add the nagios user and the Apache user to the group:

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd www-data

Now you need to download the nagios souce code tarball from the download section of the official Nagios web site. You probably also want to download the plugins tarball as well. Unpack the tarball:

tar xzf nagios-4.0.8.tar.gz
cd nagios-4.0.8

Then run the configure script, passing the name of the group you created earlier:

./configure –with-command-group=nagcmd

Compile the source code:

make all

Next, install the binaries, init script, sample config files and set permissions on the external command directory:

make install
make install-init
make install-config
make install-commandmode

This takes care of Nagios installation. In the next article, we will cover installation of the plugins and configuration.


External Links:

The official Nagios site

Nagios on Wikipedia

ntop Usage

ntop usagentop usage potentially can take many forms. You can use ntop as either a stand-alone application (via the web interface) or as a traffic measurement server. ntop can export traffic data in several ways: via the embedded SNMP agent, XML, RRD files, and via a PHP/Perl/Python/JSON data export. By means of the rrd-alarm companion application, ntop also allows users to emit alarms based on some traffic conditions.


ntop Usage: Typical Scenarios

To put ntop usage into context, here are some typical scenarios in which you can deploy ntop:

  • Simple host: This is probably the most common scenario: install ntop on your PC that’s part of a LAN you use for your daily tasks. In such a scenario, you will likely only see a portion of the traffic.
  • Border gateway: In this case, you will see only the traffic from and to your LAN. As your ntop will probably need to analyze several packets, you will want to use some of the command-line options (such as -b, -n, and -z) in order to reduce the amount of work needed to analyze all the traffic.
  • Mirror Line: In this case you will see packets that were not supposed to be received by the PC where ntop runs. Due to this, ntop usually cannot trust MAC addresses but just IPs. Thus, you’ll probably want to use the -o option.


ntop Usage: Command-Line Options

ntop usage from the command-line is fairly simple. ntop has numerous command-line options; here are some of the more common ones:

  • -a or –access-log-file: By default, ntop does not maintain a log of HTTP requests to the internal web server. Use this parameter to request logging and to specify the location of the file where these HTTP request are logged.
  • -b or –disable-decoders: This parameter disables protocol decoders. Protocol decoders examine and collect information about later 2 protocols such as NetBIOS or Netware SAP, as well as about specific TCP/IP, protocols, such as DNS, HTTP, and FTP. Decoding protocols is a significant consumer of resources. If the ntop host is underpowered or monitoring a very busy network, you may wish to disable protocol decoding via this parameter.
  • -d or –daemon: This parameter causes ntop to become a daemon; a task which runs in the background without connection to a specific terminal. If you want to use ntop on a constant basis, you probably want to use this option.
  • -n or –numeric-ip-addresses: By default, ntop resolves IP addresses using a combination of active (explicit) DNS queries and passive sniffing. Sniffing of DNS responses occurs when ntop receives a network packet containing the response to some other user’s DNS query. ntop captures this information and enters it into ntop’s DNS cache, in expectation of shortly seeing traffic addressed to that host. In this way, when ntop significantly reduces the number of DNS queries it makes, making ntop usage more lightweight.
  • -w or –http-server or -W or –https-server: ntop offers an embedded web server to present the information. An external HTTP server is not required nor supported. The ntop web server is embedded into the application. These parameters specify the port (and optionally the address of the ntop web server. For example, if started with -w 3000 (the default port), the URL to access ntop is http://hostname:3000/ If started with a full specification (e.g. -w 192.168.1.1:3000), ntop listens only on that address and port combination.
  • -z or –disable sessions: This parameter disables TCP session tracking in ntop usage. Use it for better performance or when you don’t need or care to track sessions.




When ntop is running, multiple users can access the traffic information using conventional web browsers. The main HTML page is divided into two frames. The left frame allows users to select the traffic view that will be displayed in the right frame. Available sections are: sort traffic by data sent, sort traffic by data received, traffic statistics, active hosts list, remote to local IP traffic, local to local IP traffic, list of active TCP sessions, IP protocol distribution statistics, IP protocol usage and IP traffic matrix.

External links:

ntop man page at www.ntop.org

ntop: An Introduction

ntopntop is a network probe that shows network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP and non-IP traffic generated by each host. It is a simple, open source (GPL), portable traffic measurement and monitoring tool, which supports various management activities, including network optimization and planning, and detection of network security violations. In interactive mode, it displays the network status on the user’s terminal; in web mode, it acts as a web server, creating an HTML dump of the network status. ntop was developed by Luca Deri, a research scientist and network manager at the University of Pisa. It started development in 1997, and the first public release was in 1998 (v. 0.4). Version 2.0 was released in 2002 and added support for commercial protocols such as NetFlow v5 and sFlow v2, and version 3.0 was released in 2004 and added RRD support, as well as IPv6 and SCSI/FiberChannel support. Binaries for ntop are currently available for Ubuntu and Red Hat/CentOS.


Advantages of ntop

There are several advantages to using ntop. It is portable and platform neutral; you can deploy it wherever you want with the same look and feel. There are minimal requirements needed to leverage its use. Finally, it is suitable for monitoring both a LAN (by default) and a WAN (if ntop is configured properly).

We can classify the network activity measured by ntop into two categories: traffic measurement and traffic characterization and monitoring. Traffic measurement covers data sent and received, including volume and packets, classified according to network and IP protocol, as well as multicast traffic, TCP session history, bandwidth measurement and analysis, VLAN and AS traffic statistics, and VoIP monitoring. Traffic characterization and monitoring involves observing network flows as well as protocol utilization, ARP and ICMP monitoring, and detection of popular P2P protocols. Monitoring such traffic can be an aid in network optimization and planning which encompasses identification of routers and Internet servers, traffic distribution, service mapping, and mapping network traffic.

In the next article, I will cover integration of ntop into your network.


External Links:

The official ntop site

© 2013 David Zientara. All rights reserved. Privacy Policy