Re: [Nagios-users] check_ipsec check_pptp
Hi! On Mon, Jul 09, 2007 at 06:44:27PM -0700, Rogelio Bastardo wrote: I've googled for both check_ipsec and check_pptp, but have found nothing Anyone know of any good ways to check VPN connections with Nagios? Ping? If you can reach the remote end, the tunnel can be assumed to be up. HTH, Patrick -- punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 [EMAIL PROTECTED] http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Monitoring Postfix
We use check_mailq from the standard nagios-plugins package. I've used check_mailq also (with great success). That assumes, of course, that this plugin is running *on* the Postfix server in question. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_ipsec check_pptp
Ping? If you can reach the remote end, the tunnel can be assumed to be up. Inside the tunnel, I can do that. But I'm thinking of a scenario where I might set up a VPN (e.g. PIX, Check Point, etc) and then continually check it every hour or so with a test user. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] using Nagios to detect rogue DHCP servers?
Has anyone used Nagios to detect rogue DHCP severs? I've got a complicated campus environment where people do things such as plug in Linksys routers (the wrong way) and hand out DHCP addresses. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
yes I've done this, by writing a bash script to wrap the check_dhcp plugin and change the status code and output if more than the right number of dhcp servers responded (also, you make sure the dhcp server that responded is the right one using the check_dhcp plugin option.) -h Hari Sekhon Rogelio Bastardo wrote: Has anyone used Nagios to detect rogue DHCP severs? I've got a complicated campus environment where people do things such as plug in Linksys routers (the wrong way) and hand out DHCP addresses. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
Going out and DHCREQUEST'ing and validating may be intermittent in accuracy; you'd be best off with a SPAN port, tcpdump watching all DHCP Client and DHCP Server traffic. DHC-Offers should match a source MAC address(es) you certify. Otherwise, ask your switching fabric to shutdown the port matching the CAM table entry with the rouge MAC address. ~BAS On Tue, 2007-07-10 at 10:45 +0100, Hari Sekhon wrote: yes I've done this, by writing a bash script to wrap the check_dhcp plugin and change the status code and output if more than the right number of dhcp servers responded (also, you make sure the dhcp server that responded is the right one using the check_dhcp plugin option.) -h Hari Sekhon Rogelio Bastardo wrote: Has anyone used Nagios to detect rogue DHCP severs? I've got a complicated campus environment where people do things such as plug in Linksys routers (the wrong way) and hand out DHCP addresses. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Graph Issue
Jeff, The ncfg files for linux graphs does not work with Windows (except for PING), you have to create/modify your windows ncfg file. Run the command (plugin) in a terminal window , and the value you get after the | will be the value you need to pickup in the ncfg file. graph_perf_regex = expression goes here Service name is important too, it has to match the service name in the defined service. There is a lot of reading to do on expression, unfortunately I don't have any ncfg files for the CPU Load, and it is a lot of work to create them. After a lot of work and also help from here, I got this to work for disk space: #The out put looked like this: | 'c:\ Used Space'=2.44Gb;3.55;3.75;0.00;3.95 #And the ncfg file: define ngraph { graph_legendUsed Space graph_perf_regexUsed Space=([0-9]*\.[0-9]*) graph_value DiskUsed hideyes rrd_color 00a000 rrd_plottypeAREA service_nameDisk-C } Hope this helps. - Palle -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Shumard - DefenseWeb Technologies Sent: Friday, July 06, 2007 1:15 PM To: nagios-users@lists.sourceforge.net Subject: [Nagios-users] Nagios Graph Issue I have installed and configured Nagios Graph and so far have graphs being generated for Load on our Linux hosts with out problems. When I try and configure the graphs for our Windows Hosts for CPU Usage I keep getting the following error. No blocks for 'CPU LOAD' found. Here is what I have configured for the Nagios Graph which I thought would work but doesn't. service_nameCPU LOAD I am not sure why this is not working. If anyone knows what the problem would be then please respond. Thank you in advance for your help. Thank you, Jeff Jeff Shumard UNIX Administrator DefenseWeb Technologies, Inc. 4150 Mission Blvd., Suite 220 San Diego, CA 92109 Office: 858-272-8505 x5897 Mobile: 619-997-5560 Fax: 858-228-3667 Email:[EMAIL PROTECTED] WWW: www.defenseweb.com -- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To contact our email administrator directly, send to [EMAIL PROTECTED] -- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
Going out and DHCREQUEST'ing and validating may be intermittent in accuracy; can you explain why this would be intermittent in accuracy? If there is another dhcp server present on the subnet, you will get an offer from it as well, I have used this quite a lot and caught a colleague of mine who installed vmware. you'd be best off with a SPAN port, tcpdump watching all DHCP Client and DHCP Server traffic. requires a whole new plugin written from scratch, I haven't seen a tcpdump like plugin. Therefore much more difficult and more time required, as well as more computationally intensive to watch all traffic for another dhcpoffer, when actually you'll get the same result. -h - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Rémi MARIN est absent(e).
Je serai absent(e) à partir du 08/07/2007 de retour le 18/07/2007. Je répondrai à votre message dès mon retour. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Problem with NSClient++/check_nt and checking all automatic services
I'm in the process of switching from NRPE_NT to NSClient++ to monitor Windows hosts. The last check I'm trying to convert is the ability to monitor all automatic Windows services and notify if any of those are not running. On the Nagios server side I'm using version 1.4.9 of check_nt. If I run the following command: check_nt -H win_server -v SERVICESTATE -p 12489 -s password -l CheckAll I get a lot of services listed. All of them are shown as stopped and check_nt returns an error indicating that it thinks there's something wrong. When I check the status on those services (the ones I can easily identify by short name) I see that they're all stopped because they're disabled. According to the Wiki entry for CheckAll as a SERVICESTATE option, it is supposed to Check to see that all services set to auto-start are started and all set to disabled are not started. I actually don't care about disabled services being stopped, but according to this description, NSClient++ should notice it. However, it looks like it's not correctly noticing that these service are stopped because they're disabled. I'm thinking that the only way I might be able to do this would be to enumerate all Windows services that should be automatic (making for one huge command line). Besides being a big pain, this would mean that I'd miss any new services. Am I doing something wrong? Thanks Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Graph Issue
Thanks for your help. I figured out what I was doing wrong and fixed it already. Thank you, Jeff -Original Message- From: Palle Jensen [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 5:38 AM To: Jeff Shumard - DefenseWeb Technologies; nagios-users@lists.sourceforge.net Subject: RE: [Nagios-users] Nagios Graph Issue Jeff, The ncfg files for linux graphs does not work with Windows (except for PING), you have to create/modify your windows ncfg file. Run the command (plugin) in a terminal window , and the value you get after the | will be the value you need to pickup in the ncfg file. graph_perf_regex = expression goes here Service name is important too, it has to match the service name in the defined service. There is a lot of reading to do on expression, unfortunately I don't have any ncfg files for the CPU Load, and it is a lot of work to create them. After a lot of work and also help from here, I got this to work for disk space: #The out put looked like this: | 'c:\ Used Space'=2.44Gb;3.55;3.75;0.00;3.95 #And the ncfg file: define ngraph { graph_legendUsed Space graph_perf_regexUsed Space=([0-9]*\.[0-9]*) graph_value DiskUsed hideyes rrd_color 00a000 rrd_plottypeAREA service_nameDisk-C } Hope this helps. - Palle -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Shumard - DefenseWeb Technologies Sent: Friday, July 06, 2007 1:15 PM To: nagios-users@lists.sourceforge.net Subject: [Nagios-users] Nagios Graph Issue I have installed and configured Nagios Graph and so far have graphs being generated for Load on our Linux hosts with out problems. When I try and configure the graphs for our Windows Hosts for CPU Usage I keep getting the following error. No blocks for 'CPU LOAD' found. Here is what I have configured for the Nagios Graph which I thought would work but doesn't. service_nameCPU LOAD I am not sure why this is not working. If anyone knows what the problem would be then please respond. Thank you in advance for your help. Thank you, Jeff Jeff Shumard UNIX Administrator DefenseWeb Technologies, Inc. 4150 Mission Blvd., Suite 220 San Diego, CA 92109 Office: 858-272-8505 x5897 Mobile: 619-997-5560 Fax: 858-228-3667 Email:[EMAIL PROTECTED] WWW: www.defenseweb.com -- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To contact our email administrator directly, send to [EMAIL PROTECTED] -- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Reverse checks possible?
On Jul 9, 2007, at 6:19 PM, Demetri Mouratis wrote: On Mon, 9 Jul 2007, Rogelio Bastardo wrote: On 7/9/07, Patrick Morris [EMAIL PROTECTED] wrote: Sure. See the negate plugin. Thanks! For whatever reason, I'm not getting what I'm expecting. Oddly, I get the same OK result, regardless of whether or not I use the negate command. e.g. [EMAIL PROTECTED] plugins]# ./check_http -H www.google.com HTTP OK HTTP/1.0 200 OK - 6045 bytes in 0.101 seconds |time=0.101285s;;;0.00 size=6045B;;;0 [EMAIL PROTECTED] plugins]# and [EMAIL PROTECTED] plugins]# ./negate /usr/lib/nagios/plugins/ check_http -H www.google.com HTTP OK HTTP/1.0 200 OK - 6043 bytes in 0.616 seconds |time=0.615904s;;;0.00 size=6043B;;;0 Not sure what exactly I'm doing wrong Look at the return code. # echo $? -D Exactly- the negate plugin flips the return code, which is what nagios actually uses to determine the unknown/critical/ok/warning state of a host/service, not the returned status text. The reason for this is that it would be rather difficult, if not impossible, to negate the text itself- what is the opposite of A? While the status text may seem to be one of a set number of options (UNKNOWN, OK, WARNING, CRITICAL) in reality it is just a bunch of text that is whatever the author of the plugin wanted it to be, and therefore has no real negative --- Israel Brewster Computer Support Technician Frontier Flying Service Inc. 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x293 --- -- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
requires a whole new plugin written from scratch, I haven't seen a tcpdump like plugin. Therefore much more difficult and more time required, as well as more computationally intensive to watch all traffic for another dhcpoffer, when actually you'll get the same result. What about writing a custom plugin that uses this GPL prog to return the warning/critical/ok/pending values? https://roguedetect.bountysource.com/ From the website: Rogue Detect sends DHCPDISCOVER packets to the network and listens for DHCPservers to respond and checks responses against authorized dhcp servers. Itâs written in Perl. By default it supports sending reports to syslog, email, standard out or a customer script of your chosing. Each reporting method has itâs own independent reporting level. Their wiki is here: https://roguedetect.bountysource.com/wiki notes at the bottom of the wiki: Sending a DHCPDISCOVER packet causes any DHCPSERVERS listning to allocate an IP address for a few seconds, while they wait for the detector to ACKtheir offer. Since we never do send an ACK, the IP is not allocated to us. Hence, it should be ok to run this on the network.. but do so at your OWN RISK!! This package is nice in that you do not have to have a clear view of the network to run it (ie, it works behind a switch). You DO have to be within broadcast range, which usually means on the same subnet as the DHCP server. In some cases scaning port 68 (67?) on every machine may be the better answer to finding dhcp servers, but with this program, as apposed to a passive one like snort, you do not have to be able to see traffic not destined for you. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Can't locate utils.pm
Hello ev1, everytime when i untar a plugin and i want to check it, i receive the error : Can't locate utils.pm in @INC (@INC contains: /usr/lib/nagios/libexec /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi But the file (utils.pm) is in /usr/lib/nagios/libexec and others plugin what needs it are working properly now, but the notify_sms still with troubles when i execute it. Any tips would be great! Regards! Ps: the API id of the sms is the number of the cell what is going to receive the message or the gateway could be a name ? Thanks in advance!. __ Preguntá. Respondé. Descubrí. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Respuestas (Beta). ¡Probalo ya! http://www.yahoo.com.ar/respuestas - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
What about writing a custom plugin that uses this GPL prog to return the warning/critical/ok/pending values? That sounds very reasonable; there's always the possibility that you won't see, within your run time threshold, offers from a rouge server due to race conditions or other crud (slow networks, etc.). Of course, then you have a lot of proactive bogus DHCP Client activity coming from your Nagios system. The best solution of course, but not always the most feasible, is a SPAN port in your core: Simply: $ sudo tcpdump -n -e -vvv 'src port bootps !ether src 0:50:da:28:37:62' Replace the MAC with your know DHCP server. Matches are rouge. If you see them, get out the jumper cables. ~BAS - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] NagiosGrapher Linux Load
Does anyone else have the same problem that I am seeing with the graphs, on Linux Load? The graph area is not matching what the totals are getting from the server or from the values I am printing out of the bottom of the graph. The graph is showing much higher values and the average is also showing higher on the graph. I am using STACK to show all the values of 15min, 5min, and 1min on the same graph. Does anyone know how to resolve this as well? Thank you, Jeff - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] domain hijacking: using Nagios to monitor 100s (possibly 1000s) of domains / hosts
On Tue, Jul 10, 2007 at 12:53:57PM -0700, Rogelio Bastardo wrote: I've got several hundred important domains that need to be checked for domain hijacking. I'm assuming that this is as easy as check_dns -H domain.com -s (nameserver) -A (expected IP) How well will method scale to several thousand? Someone I know recently said that he has to worry about close to 300,000 domains getting possibly hijacked. Is this beyond Nagios at this point? Is nagios the right sort of tool for this ? Would you not be better writing a perl script to do this ? -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include std_disclaimer.h - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] domain hijacking: using Nagios to monitor 100s(possibly 1000s) of domains / hosts
-Original Message- From: [EMAIL PROTECTED] [mailto:nagios-users- [EMAIL PROTECTED] On Behalf Of Rogelio Bastardo Sent: Tuesday, July 10, 2007 2:54 PM To: Nagios Users mailinglist Subject: [Nagios-users] domain hijacking: using Nagios to monitor 100s(possibly 1000s) of domains / hosts I've got several hundred important domains that need to be checked for domain hijacking. I'm assuming that this is as easy as check_dns -H domain.com -s (nameserver) -A (expected IP) How well will method scale to several thousand? I don't see why it would be a problem. What nameserver are you going to be testing? -A indicates that you'll be checking the nameserver hosting the domain. That won't tell you if your domain has been hijacked though. The DNS server hosting the domain will always answer that it is authoritative, no matter if the rest of the Internet thinks it is or not. Any other nameserver you test will fail since you're requiring Authority. If you're going to test a recursive nameserver, use -a instead. Presumably you're more interested in the nameservers that the rest of the world thinks are authoritative. You'd probably want to use check_dig against a recursive nameserver (or the root servers) to verify that the NS records they're reporting are accurate. Something like check_dig -T ns -H recursiveserver.yourdomain.foo -l yourdomain.foo -a nameserver.yourdomain.foo You should, of course, perform any research necessary to determine if the above tests against the nameservers (particularly the root nameservers) are prohibited before implementing it. -- Marc - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] using Nagios to detect rogue DHCP servers?
Indeed. Looking at the source of dhcpdetector.pl (https://svn.bountysource.com/roguedetect/trunk/dhcpdetector.pl) it shouldn't be too hard to modify it into a nagios plugin (trivial even). The relevant code block: sub send_log { my $severity = shift @_; my $message = shift @_; if (!$message) { $message = 'ERROR: No Message Recieved, logging failure'; } # If the above conditions are met and # the send_msg is set then go ahead and # log it using the specified log mojo if ($syslog_level = $severity) { syslog('LOG_INFO',$message); } if ($email_level = $severity) { send_mail($alert_email,[RogueDetect] Log Report,$message); } if ($page_level = $severity) { send_mail($page_email,RogueDetect Failure!,$message); } if ($print_level = $severity) { print $message . \n; } Should be fairly easy to hook into this, print the correct message and set an exit code from here From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogelio Bastardo Sent: Wednesday, 11 July 2007 4:12 AM To: Hari Sekhon Cc: Nagios Users mailinglist Subject: Re: [Nagios-users] using Nagios to detect rogue DHCP servers? requires a whole new plugin written from scratch, I haven't seen a tcpdump like plugin. Therefore much more difficult and more time required, as well as more computationally intensive to watch all traffic for another dhcpoffer, when actually you'll get the same result. What about writing a custom plugin that uses this GPL prog to return the warning/critical/ok/pending values? https://roguedetect.bountysource.com/ From the website: Rogue Detect sends DHCPDISCOVER packets to the network and listens for DHCP servers to respond and checks responses against authorized dhcp servers. It’s written in Perl. By default it supports sending reports to syslog, email, standard out or a customer script of your chosing. Each reporting method has it’s own independent reporting level. Their wiki is here: https://roguedetect.bountysource.com/wiki notes at the bottom of the wiki: Sending a DHCPDISCOVER packet causes any DHCPSERVERS listning to allocate an IP address for a few seconds, while they wait for the detector to ACK their offer. Since we never do send an ACK, the IP is not allocated to us. Hence, it should be ok to run this on the network.. but do so at your OWN RISK!! This package is nice in that you do not have to have a clear view of the network to run it (ie, it works behind a switch). You DO have to be within broadcast range, which usually means on the same subnet as the DHCP server. In some cases scaning port 68 (67?) on every machine may be the better answer to finding dhcp servers, but with this program, as apposed to a passive one like snort, you do not have to be able to see traffic not destined for you. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null