The device that is detecting the "attack" is a content switch, which sits in front of all the hosts. There isn't a particular command that is triggering the alert.
Here are two that I have seen for sure: define service { name check_nt_cpu check_command check_nt_cpu!1111!foo!10,90,95,60,80,95,1440,80,95 max_check_attempts 3 normal_check_interval 3 retry_check_interval 3 active_checks_enabled 1 passive_checks_enabled 1 check_period 24x7 parallelize_check 1 obsess_over_service 0 check_freshness 0 event_handler_enabled 1 flap_detection_enabled 1 process_perf_data 1 retain_status_information 1 retain_nonstatus_information 1 notification_interval 5 notification_period 24x7 notifications_enabled 1 register 0 notification_options w,u,c,r } define service { name pmo-service-24x7 max_check_attempts 3 normal_check_interval 3 retry_check_interval 3 active_checks_enabled 1 passive_checks_enabled 1 check_period 24x7 parallelize_check 1 obsess_over_service 0 check_freshness 0 event_handler_enabled 1 flap_detection_enabled 1 process_perf_data 1 retain_status_information 1 retain_nonstatus_information 1 notification_interval 5 notification_period 24x7 notifications_enabled 1 register 0 notification_options w,u,c,r } These are just templates but contain all the info that is important to this discussion. These are the same as the 1.2 host as well. On 9/14/06, Donnell Lewis <[EMAIL PROTECTED]> wrote: > Did the 'ping' command check itself change from the 2 different > versions ? Check in checkcommands.cfg, see if the command definition is > the same between the two. > > -DL > > On Thu, 2006-09-14 at 17:07 +0100, [EMAIL PROTECTED] wrote: > > [EMAIL PROTECTED] wrote on 14/09/2006 17:00:29: > > > > > Good morning, > > > > > > I have 2 nagios servers. One is running 1.2 and the other is running > > > 2.5. Both are running in parallel while I migrate to the 2.5 machine. > > > Our content switch is detecting that the 2.5 machine is SYN attacking > > > hosts. Both servers have very similar monitoring sets and similar > > > configurations. I have gone through the config and nothing stands > > > out. Obviously, the 2.5 machine is pounding the servers more heavily > > > but I can't figure out why. Below is my config. > > > > > > > Good evening! > > > > <config snipped> > > > > What checks are you running against the server that is detecting the SYN > > attacks? > > > > The config you posted is the general nagios config, we would need to see > > the services.cfg portions for the affected host(s) > > > > Cheers > > > > > > This message and any attachments (the "message") is > > intended solely for the addressees and is confidential. > > If you receive this message in error, please delete it and > > immediately notify the sender. Any use not in accord with > > its purpose, any dissemination or disclosure, either whole > > or partial, is prohibited except formal approval. The internet > > can not guarantee the integrity of this message. > > BNP PARIBAS (and its subsidiaries) shall (will) not > > therefore be liable for the message if modified. > > > > ********************************************************************************************** > > > > BNP Paribas Private Bank London Branch is authorised > > by CECEI & AMF and is regulated by the Financial Services > > Authority for the conduct of its investment business in > > the United Kingdom. > > > > BNP Paribas Securities Services London Branch is authorised > > by CECEI & AMF and is regulated by the Financial Services > > Authority for the conduct of its investment business in > > the United Kingdom. > > > > BNP Paribas Fund Services UK Limited is authorised and > > regulated by the Financial Services Authority > > > > > > ------------------------------------------------------------------------- > > Using Tomcat but need to do more? Need to support web services, security? > > Get stuff done quickly with pre-integrated technology to make your job > > easier > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > > Nagios-users mailing list > > Nagios-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/nagios-users > > ::: Please include Nagios version, plugin version (-v) and OS when > > reporting any issue. > > ::: Messages without supporting info will risk being sent to /dev/null > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null