Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager and Nagios Network Analyzer


Published on

Sam Lansing's presentation on Getting Started With Incident Manager and Nagios Network Analyzer.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager and Nagios Network Analyzer

  1. 1. Getting Started With Nagios Incident Manager and Nagios Network Analyzer Presenter: Sam Lansing
  2. 2. Introduction ● Tech Support at Nagios Enterprises ● Member for 1 ½ years ● Testing, documentation, and a dash of development. ● Feel free to interrupt me for questions, though we will have time at the end.
  3. 3. The Nagios Family ● Originally sprung to life with Nagios Core ● Over the last 2-3 years 4 programs have joined Core ● Core, XI, Fusion, IM, NNA
  4. 4. Brief Overview ● Overview of Nagios IM and NNA ● Getting Off The Ground ● Basic Use Cases “IM” - No frills attached ticketing solution - Great addition to help desks - Easily handle problems in XI at the same time and automatic resolutions on both ends.
  5. 5. Brief Overview ● Basic use cases “NNA” - Point A to B traffic watching - Graphical displays of traffic routing - Everything from switches, to firewalls, and workstations to printers - Custom Queries to pull data relevant to you - Query your FQDN's and IP's from source to destination, packet to packet, flow to flow - Figure out what or who is sucking your bandwidth away
  6. 6. Nagios IM Nagios XI + Ticketing = Winning
  7. 7. Nagios IM cont. ● Recognized the need for a easy to set up and use ticketing system which would natively interact with Nagios XI and future products. ● Drew up plans, and 10 months of development later here we are.
  8. 8. Nagios IM cont. ● Nagios IM bridges the gap between Nagios admins and helpdesk / ticketing ● Allowing you to transition alerts from Nagios XI to a ticketing system and disseminate from there without your help desk needing access to Nagios XI. ● Deeper customization and control.
  9. 9. Nagios IM cont. ● Nagios XI Component ● API key generated in IM ● Pulls status information from the XI back end
  10. 10. XI Component Settings
  11. 11. XI Component Settings Cont.
  12. 12. Nagios IM Interface Incidents page: Allows you to see a paged list of current and past incidents as well as their Creation date, last update time, type, status and priority.
  13. 13. Overview of an Incident Using the ticket format you defined within the Nagios XI component, Nagios IM dynamically populates tickets with the incident's information.
  14. 14. Overview of an Incident Cont. Status Section: View ticket details as well as change it's current status, and attach a file such as a screen shot having to do with the current issue. History Section: Allows you to create messages on the ticket to keep others up to date.
  15. 15. Reports ● Find general stats about your incidents ● Calculate Mean time to Resolution ● See first response times ● View closed incidents
  16. 16. Reports Examples ● Mean Time to Resolution ● Calculate the time it took your team to resolve issues down to the second
  17. 17. Reports Examples Cont. ● First Response Times ● Track the time from when the incident was opened, to first response.
  18. 18. Reports Examples Cont. ● First Response Times ● Track the time from when the incident was opened, to first response.
  19. 19. Reports Examples Cont. ● View Closed Incidents ● See when incidents were opened, closed, and any notes placed on them during their lifetime.
  20. 20. API ● Back end API information, access to the core incident manipulation functionality of the application, including fetching, creating, and updating incidents ● Helps guide you through it's use
  21. 21. API Cont. ● Full access to incident information and calls ● View how IM manages, pushes, alerts, and changes incidents as they are created, deleted, or altered
  22. 22. Nagios IM Administration ● Create Users, form Teams, change how incidents are directed ● Access the Callback API, change mail and notification settings
  23. 23. Incident Manager Closing ● Free fully featured 60-day trial available at - ● Try it in your Nagios environment, see how it effects your teams work flow and reactivity.
  24. 24. Nagios Network Analyzer What is it? ● Powerful network analysis software ● Allows users to identify possible network security threats, as well as data tracking and trending ● Ability to drill down to the packet with custom queries for granular network analysis ● Push SNMP notifications to monitoring and trap management systems
  25. 25. Nagios Network Analyzer What Is It? ● Tracks Netflow samples - Netflow: NetFlow is a network protocol developed by Enterasys Networks (formerly Cabletron) and Cisco Systems for collecting IP traffic information. ● Pull from Workstations, servers, and networking equipment
  26. 26. Nagios Network Analyzer Cont. ● Assess your network's strength by using NNA as a centralized view. -Src IP, Src Port, Dst IP, Dst Port and more ● Custom tailor reports for specific connections, packet flows, and aberrant behavior.
  27. 27. Network Analyzer Interface ● Home Dashboard
  28. 28. Network Analyzer Interface ● Sources
  29. 29. Network Analyzer Interface ● Sources Cont. ● View current Flow Type, performance data Disk Usage, past 30 minutes of traffic at a glance
  30. 30. Network Analyzer Video ● Basic Source Exploration Video
  31. 31. Custom Checks ● Use NNA to periodically check Sources and Source Groups against Warning / Critical thresholds ● By the: - Bytes - Bytes/Sec - Flows - Packets
  32. 32. Nagios XI/Core Checks ● Add your Core and XI server(s) as well as custom NNA Hosts/Services for monitoring ● Forward alerts via NRDP, SNMP Traps, and Email ● If you would like to use your own alerting tools, leverage the NNA API to grab the data
  33. 33. Queries ● Custom Queries allow you to: - Search for flows between specific IP's and ports, from destination to source - Select a specific timeframe to query within - Target, and drill down to the data the matters to you - More on queries will be talked about in Intro to Network Monitoring
  34. 34. Network Analyzer Help ● Fully featured Help section so you don't feel lost in the interface. ● User, and Administrator guides ● Links to our Support Wiki, Forum, and documentation Library
  35. 35. Configure ● User Management ● Create users: - Define Contact information - Select interface access levels - Allow or disallow API access ● Change licensing information
  36. 36. Network Analyzer Closing ● Thank you for joining me! ● You can also set up a free fully featured 60- day trial of NNA from: - ● Access to the community forum for support: -
  37. 37. Questions?