Spenser Reinhardt's presentation on Intro to Network Monitoring Using Nagios Network Analyzer and NSTI.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
3. 3
What Is SNMP?
Simple Network Management Protocol
SNMP is a application layer protocol for
management and information gathering from
network based devices.
It works by querying an agent for a specific
address(oid) that contains information specific to
that device. In some cases modification of device
settings and configuration is possible via SNMP.
4. 4
Basic Terminology
Manager – Generally the device requesting or
setting data on a SNMP Agent. Can also receive
traps.
Agent – Local or remote client that receives and
processes requests, and potentially generates traps to
be sent to a manager.
Versions
SNMPv1 – Base standard for snmp
SNMPv2c – BulkGetRequest, performance, and
security improvements.
SNMPv3 – Cryptographic, Authentication and
Integrity
5. 5
MIBs and OIDs, Oh my!
Management Information Base (MIB)
MIBs define what information is potentially
available on a particular device. They also define the
structure of addressing and data within the SNMP
subsystem.
Object Identifier (OID)
OIDs are variables referenced by name or numeric
address. They determine a specific aspect of the
MIB to capture or modify information on the SNMP
subsystem
6. 6
Polling, Traps Vs Gets
GetRequest:
Manager to agent, request for data at a specified
OID.
Response:
Returns the data requested as an acknowledgment to
a GetRequest
Trap:
An asynchronous notification from agent to
manager, generated by the agent upon system
events.
7. 7
Firewall Restrictions
GetRequest
Manager to Agent: Random src to 161 UDP v1 & v2c
Manager to Agent: Random src to 10161 UDP v3
Response
Agent to Manager: Random src to Port from GetRequest UDP
Traps
Agent to Manager: Random src to 162 UDP v1 & v2c
Agent to Manager: Random src to 1062 UDP v3
10. 10
One More Important Location
/usr/share/snmp/mibs
Mibs are stored here
Nagios, snmp and many other applications read
from here
Uploaded via nagiosxi web ui here
Used for Gets and Traps
Should be owned by root.nagios
11. 11
This matters to me why?
Basis for agentless remote monitoring on many
devices.
Often faster than wmi and agent based installs.
Little to no delay when devices send traps until
notification.
Many Nagios plugins built around snmp.
13. 13
NSTI - Overview
Created by Nick Scott
And a lot of pushing by me! (Thanks Nick)
Works with snmptt and snmptrapd to collect traps,
and store them via mysql
Provides a visual interface for viewing large
amounts of traps
Very light-weight and easy on resources
15. 15
Potential Woes
SNMPTT not logging
Permissions on /var/spool/snmptt/
Settings in /etc/snmp/snmptt.ini
Mysql Issues
/usr/local/nsti/etc/nsti.cfg
/etc/snmp/snmptt.in
Traps no longer sending to XI also
Settings in /etc/snmp/snmptrapd.conf
16. 16
So What Can I Actually Use This For?
Correlating issues only available via traps
Feeding traps to XI or core, and maintaining past
events
Windows event log monitoring via traps
Network device status changes
20. 20
NNA - Overview
Network flow collector
Correlation of network traffic
Statistical network information
Advanced querying and reporting
Compressed rrds and low cpu usage
21. 21
Important Locations and Files
/usr/local/nagiosna/
Main configs, binaries, and storage of rrds
Nfcap
Daemon to collect flows
Needs to be started before sources can work