Intro to Network Monitoring
Using Nagios Network
Analyzer and NSTI
Spenser Reinhardt
sreinhardt@nagios.com
2
General Overview
SNMP Basics
Nagios SNMP Trap Interface (NSTI)
Nagios Network Analyzer (NNA)
Integration
3
What Is SNMP?
Simple Network Management Protocol
SNMP is a application layer protocol for
management and information gat...
4
Basic Terminology
Manager – Generally the device requesting or
setting data on a SNMP Agent. Can also receive
traps.
Age...
5
MIBs and OIDs, Oh my!
Management Information Base (MIB)
MIBs define what information is potentially
available on a parti...
6
Polling, Traps Vs Gets
GetRequest:
Manager to agent, request for data at a specified
OID.
Response:
Returns the data req...
7
Firewall Restrictions
GetRequest
Manager to Agent: Random src to 161 UDP v1 & v2c
Manager to Agent: Random src to 10161 ...
8
Services
Agents
*nix – snmpd
Windows – SNMP Service
Managers
Net-SNMP
MRTG
Traps
snmptt
snmptrapd
9
Configuration and Logging
SNMPd
Config - /etc/snmp/snmpd.conf
Logging - /var/log/messages
SNMPtt
Config - /etc/snmp/snmp...
10
One More Important Location
/usr/share/snmp/mibs
Mibs are stored here
Nagios, snmp and many other applications read
fro...
11
This matters to me why?
Basis for agentless remote monitoring on many
devices.
Often faster than wmi and agent based in...
12
Nagios SNMP Trap Interface (NSTI)
13
NSTI - Overview
Created by Nick Scott
And a lot of pushing by me! (Thanks Nick)
Works with snmptt and snmptrapd to coll...
14
Important Files
Logging
/var/log/httpd/error_log
/var/log/mysqld.log
Snmptt logs
Configuration
/usr/local/{nagiosti,nst...
15
Potential Woes
SNMPTT not logging
Permissions on /var/spool/snmptt/
Settings in /etc/snmp/snmptt.ini
Mysql Issues
/usr/...
16
So What Can I Actually Use This For?
Correlating issues only available via traps
Feeding traps to XI or core, and maint...
17
Collecting Windows Logins
18
Windows Service Restarts
19
Nagios Network Analyzer
20
NNA - Overview
Network flow collector
Correlation of network traffic
Statistical network information
Advanced querying ...
21
Important Locations and Files
/usr/local/nagiosna/
Main configs, binaries, and storage of rrds
Nfcap
Daemon to collect ...
22
Demo!
http://nagiosna.demos.nagios.com/nagiosna/index.php
23
Questions?
Thank you!
Upcoming SlideShare
Loading in …5
×

Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Using Nagios Network Analyzer and NSTI

1,623 views

Published on

Spenser Reinhardt's presentation on Intro to Network Monitoring Using Nagios Network Analyzer and NSTI.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,623
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Using Nagios Network Analyzer and NSTI

  1. 1. Intro to Network Monitoring Using Nagios Network Analyzer and NSTI Spenser Reinhardt sreinhardt@nagios.com
  2. 2. 2 General Overview SNMP Basics Nagios SNMP Trap Interface (NSTI) Nagios Network Analyzer (NNA) Integration
  3. 3. 3 What Is SNMP? Simple Network Management Protocol SNMP is a application layer protocol for management and information gathering from network based devices. It works by querying an agent for a specific address(oid) that contains information specific to that device. In some cases modification of device settings and configuration is possible via SNMP.
  4. 4. 4 Basic Terminology Manager – Generally the device requesting or setting data on a SNMP Agent. Can also receive traps. Agent – Local or remote client that receives and processes requests, and potentially generates traps to be sent to a manager. Versions SNMPv1 – Base standard for snmp SNMPv2c – BulkGetRequest, performance, and security improvements. SNMPv3 – Cryptographic, Authentication and Integrity
  5. 5. 5 MIBs and OIDs, Oh my! Management Information Base (MIB) MIBs define what information is potentially available on a particular device. They also define the structure of addressing and data within the SNMP subsystem. Object Identifier (OID) OIDs are variables referenced by name or numeric address. They determine a specific aspect of the MIB to capture or modify information on the SNMP subsystem
  6. 6. 6 Polling, Traps Vs Gets GetRequest: Manager to agent, request for data at a specified OID. Response: Returns the data requested as an acknowledgment to a GetRequest Trap: An asynchronous notification from agent to manager, generated by the agent upon system events.
  7. 7. 7 Firewall Restrictions GetRequest Manager to Agent: Random src to 161 UDP v1 & v2c Manager to Agent: Random src to 10161 UDP v3 Response Agent to Manager: Random src to Port from GetRequest UDP Traps Agent to Manager: Random src to 162 UDP v1 & v2c Agent to Manager: Random src to 1062 UDP v3
  8. 8. 8 Services Agents *nix – snmpd Windows – SNMP Service Managers Net-SNMP MRTG Traps snmptt snmptrapd
  9. 9. 9 Configuration and Logging SNMPd Config - /etc/snmp/snmpd.conf Logging - /var/log/messages SNMPtt Config - /etc/snmp/snmptt.conf Config - /etc/snmp/snmptt.ini Logging - /var/log/snmptt/ SNMPtrapd Config - /etc/snmp/snmptrapd.conf Logging - /var/log/snmptt/
  10. 10. 10 One More Important Location /usr/share/snmp/mibs Mibs are stored here Nagios, snmp and many other applications read from here Uploaded via nagiosxi web ui here Used for Gets and Traps Should be owned by root.nagios
  11. 11. 11 This matters to me why? Basis for agentless remote monitoring on many devices. Often faster than wmi and agent based installs. Little to no delay when devices send traps until notification. Many Nagios plugins built around snmp.
  12. 12. 12 Nagios SNMP Trap Interface (NSTI)
  13. 13. 13 NSTI - Overview Created by Nick Scott And a lot of pushing by me! (Thanks Nick) Works with snmptt and snmptrapd to collect traps, and store them via mysql Provides a visual interface for viewing large amounts of traps Very light-weight and easy on resources
  14. 14. 14 Important Files Logging /var/log/httpd/error_log /var/log/mysqld.log Snmptt logs Configuration /usr/local/{nagiosti,nsti} Depends on the version in use
  15. 15. 15 Potential Woes SNMPTT not logging Permissions on /var/spool/snmptt/ Settings in /etc/snmp/snmptt.ini Mysql Issues /usr/local/nsti/etc/nsti.cfg /etc/snmp/snmptt.in Traps no longer sending to XI also Settings in /etc/snmp/snmptrapd.conf
  16. 16. 16 So What Can I Actually Use This For? Correlating issues only available via traps Feeding traps to XI or core, and maintaining past events Windows event log monitoring via traps Network device status changes
  17. 17. 17 Collecting Windows Logins
  18. 18. 18 Windows Service Restarts
  19. 19. 19 Nagios Network Analyzer
  20. 20. 20 NNA - Overview Network flow collector Correlation of network traffic Statistical network information Advanced querying and reporting Compressed rrds and low cpu usage
  21. 21. 21 Important Locations and Files /usr/local/nagiosna/ Main configs, binaries, and storage of rrds Nfcap Daemon to collect flows Needs to be started before sources can work
  22. 22. 22 Demo! http://nagiosna.demos.nagios.com/nagiosna/index.php
  23. 23. 23 Questions? Thank you!

×