central management of network and call services
TRANSCRIPT
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
Advanced Multimedia Communication
JANUARY 26, 2016 . . .
MOHAMMAD NAZMUL HOSSAIN MD MHABUB HOSSAIN
MOHAMMAD ASHIQUR RAHMAN MD SHAHINUL HAQUE CHOWDHURY
P a g e | 1
P a g e | 2
Contents 1.1 Abstract: .................................................................................................................................................. 3
2.1 Background & Setup of the project: ....................................................................................................... 3
2.2 Network Diagram: ........................................................................................................................... 3
2.3 IP addressing and Sub-netting: ............................................................................................................... 4
3.1 Servers Setup: ......................................................................................................................................... 5
3.2 HTTP Server Setup ........................................................................................................................... 5
3.2.1 Introduction to LAMPP: ............................................................................................................... 5
3.2.2 Installation steps: ......................................................................................................................... 5
3.2.3 index.php: .................................................................................................................................... 9
3.2.4 login_parse.php: .......................................................................................................................... 9
3.2.5 connect.php: .............................................................................................................................. 10
3.2.6 logout_parse.php: ...................................................................................................................... 10
3.3 FTP Server Setup: .......................................................................................................................... 10
3.4 Call Server Setup: .................................................................................................................................. 16
3.4.1 sip.conf: ...................................................................................................................................... 18
3.4.2 extensions.conf: ......................................................................................................................... 19
4.1 Switch Setup: ........................................................................................................................................ 20
5.1 Monitor: ................................................................................................................................................ 23
5.2 Nagios: .................................................................................................................................................. 23
5.3 Nagios install: ........................................................................................................................................ 23
5.4 Nagios Configuration: ........................................................................................................................... 26
5.4.1 Localhost.cfg: ............................................................................................................................. 26
5.4.2 Commands.cfg: .......................................................................................................................... 27
5.5 How to install a Plug-in: ........................................................................................................................ 27
5.6 NRPE Server: ......................................................................................................................................... 29
5.6.1 Direct Checks .............................................................................................................................. 29
5.6.2 via Proxy Checks ......................................................................................................................... 30
5.6.3 Remote pc nrpe add-on install: .................................................................................................. 30
5.7 Flapping: ........................................................................................................................................ 35
5.8 Observing results on Nagios page: ................................................................................................ 36
6.1 Conclusion: ............................................................................................................................................ 38
Appendix: .................................................................................................................................................... 39
Apendix A: ........................................................................................................................................... 39
P a g e | 3
1.1 Abstract: The objective of this project is to make servers of web service, ftp service, VoIP video call service, and
manage them centrally from a host in private connection or from remote connection. We will also monitor
the services, we are going to install, from this central PC. If there is a problem found like no connectivity,
then the monitor agent will notify the network administrator showing the error message.
2.1 Background & Setup of the project: We have installed ASTERISK 11 for call server in a PC contains Ubuntu 14.04 OS. It is an open source
software for Linux/Unix based operating system for VoIP (Voice over Internet Protocol) service.
HTTP server is set up by using XAMPP (LAMPP for Linux). It has built in apache server and MySQL
database.
FTP server is setup by using the ProFTPD open source software.
Monitor is done by using both Nagios and Wireshark software. We mainly focused on Nagios core.
The remote connection can be established through Secure Shell (SSH) connection which will connect to
the servers through Router (or Routers).
2.2 Network Diagram:
Fig 2.2.1: Network diagram
You can see our detailed network diagram in the fig. Here the blue colored PC is our Monitoring PC and is
connected to the switch port. The switch is Cisco branded model is: Catalyst 2960. Its VLAN 99 is enabled
P a g e | 4
for remote SSH connection. The red colored PC is our main server. Here Asterisk is installed as a call server.
In this PC we have installed Oracle Virtual Machine where we have created two (2) more virtual hosts for
HTTP & FTP server.
Two IP phones which have video service enabled are connected to the Asterisk server through the Switch.
There is a local Wi-Fi Router we have also used to connect our Smartphones and Laptop.
There is also an internet connection in the switch so that we can connect to the internet any time to
download our required things and search the web.
To set an individual IP to the every virtual machine to get independent connectivity to the machines we
must enable a 2nd Adapter (Adapter 2) for that machine and set the Attached to option as Bridged Adapter.
After that the virtual machines will be able to connect to the network individually.
Fig 2.2.2: SSH connection
2.3 IP addressing and Sub-netting:
Device (Hostname) Interfaces Used Software IP Address Gateway
Monitor Server NIC Nagios 10.10.0.135/25 10.10.0.129
Call Server NIC Asterisk 10.10.0.130/25 10.10.0.129
http Server VM XAMPP 10.10.0.131/25 10.10.0.129
ftp Server VM ProFTPD 10.10.0.132/25 10.10.0.129
IP Phone NIC Grandstream 10.10.0.140/25 10.10.0.129
IP Phone NIC Grandstream 10.10.0.141/25 10.10.0.129
Switch Vlan99 Catalyst 2960 10.10.0.200/25 10.10.0.129
Wi-Fi Router Wireless Linksys 10.10.1.129/25
Internet Linksys 10.10.0.129/25
Table 2.3.1: IP addressing and Sub-netting
P a g e | 5
3.1 Servers Setup:
3.2 HTTP Server Setup
3.2.1 Introduction to LAMPP: The HTTP server has setup using LAMPP (Common name XAMPP) software. LAMPP is an open source
software for Linux based operating system. This software mainly contains built in Apache http server for
web service, ProFTPD for file transfer service, MySQL Database and the interpreters for scripting
languages. An interpreter is a computer program that directly executes instructions written in a
programming language, without previously compiling them into a machine language program.
XAMPP stand for
X = Any of the different operating systems
A = Apache
M = MySQL
P = PHP
P = Perl
For Linux based operating system it is called LAMPP (L is for LINUX).
The latest XAMPP we have used in this project available in version 1.8.3-4 has the following features:
Apache 2.4.7
MySQL 5.6.14
PHP 5.5.6
PEAR + SQLite 2.8.17/3.7.17 + multibyte support (mbstring)
Perl 5.16.3
phpMyAdmin 4.0.9
OpenSSL 1.0.1e
ProFTPD 1.3.4c
GD 2.0.35
Freetype2 2.4.8 To setup LAMPP server in linux based operating system we have to follow these steps.
3.2.2 Installation steps:
Step 1: Open terminal and download XAMPP 1.8.3-4 package.
For 32-bit:
wget http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/1.8.3/xampp-
linux-1.8.3-2-installer.run/download
For 64-bit:
wget http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/1.8.3/xampp-
P a g e | 6
linux—x64-1.8.3-2-installer.run/download
Or as another way we can download directly from the XAMPP website.
http://sourceforge.net/projects/xampp/
Step 2: After that, Change XAMPP package installer to executable with following command:
sudo chmod 777 xampp-linux—x64-1.8.3-2-installer.run
Step 3: Then start the installer with the following command:
Sudo ./xampp-linux—x64-1.8.3-2-installer.run
Then the window of installation wizard will appear.
Fig 3.2.2.1: XAMPP installation window
After the installation finished go to Linux terminal and then go to the folder ‘/opt/lamp’ and type this
command
sudo ./manager-linux-x64.run
The XAMPP window will appear then.
P a g e | 7
Fig 3.2.2.2: XAMPP start window
In this window at the Manage Servers tab we will get the options to start or stop the servers.
Fig 3.2.2.3: XAMPP manage servers
To check the servers of LAMPP whether running or not, or to start or to stop the process we can also do
it from the terminal window. To do this go to terminal window, login as full administration permission
using sudo su command and then execute the following commands:
To go to LAMPP folder cd /opt/lampp
To check LAMPP status ./lampp status
To start the service ./lampp start
To stop the service ./lamp stop
P a g e | 8
If there is another http server software is already installed in the operating system named ‘apache2’, then
the apache server of the LAMPP will not start. We can check this by executing the following command.
service apache2 status
If it is running stop it by executing this command
service apache2 stop
Fig 3.2.2.4: command to stop apache2 server
After Apache server and MySQL runs properly it is time to make a web page. For us we have made a login
page to access the services. We have used the ‘php’ and ‘html’ language to make the web page. The files
for web page including ‘index.php’ can be placed to the ‘/opt/lamp/htdocs’ folder. But to access these
files here we must give the proper permission to these files. To do this go to LAMPP folder and then
execute following command.
chmod 777 htdocs
To make the database of username and passwords we have to open the browser and type
‘localhost/phpmayadmin’. This will open the phpMyAdmin page where we can create SQL Database for
users and their corresponding passwords.
We have wrote four (4) pages for our web page named ‘index.php’, ‘login_parse.php’, ‘connect.php’ and
‘logout_parse.php’. The source codes for these files are given bellow.
P a g e | 9
3.2.3 index.php:
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login</title>
</head>
<body>
<div id="wrapper">
<h2>AMC Lab login page</h>
<P>This is a landing page of our network</p>
<?php
if (!isset($_SESSION['uid'])) {
echo "<form action='login_parse.php' method='post'>
Username: <input type='text' name='username' />
Password: <input type='password' name='password' />
<input type='submit' name='submit' value='Log In' />
";
} else {
echo "<p>You are logged in as ".$_SESSION['username']." • <a
href='logout_parse.php'>Logout</a>";
}
?>
</div>
</body>
</html>
3.2.4 login_parse.php:
<?php
session_start();
include_once(connect.php);
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='".$username."' AND
password='".$password."' LIMIT 1";
$res = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: index.php");
exit();
} else {
echo "Invalid login information. Please return to the
previous page.";
P a g e | 10
exit();
}
}
?>
3.2.5 connect.php:
<?php
$host = "localhost";
$username = "root";
$password = "";
$db = "amc_lab";
mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($db);
?>
3.2.6 logout_parse.php:
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
3.3 FTP Server Setup: For FTP server we have used ProFTPD open source software on Ubuntu machine.
Fig 3.3.1: ProFTPD for FTP service
On the following way, we have installed the FTP server on a Oracle VM VirtualBox:
Step 1:
Open the terminal and type:
sudo apt-get install proftpd
P a g e | 11
Fig 3.3.2: Initialization of ProFTPD instsllation
Step 2:
Press "Enter" to confirm the default type "autonomous"
Fig 3.3.3: ProFTPD configuration
Step 3:
After the installation, just edit the configuration file. For this use your favorite text editor. In the example
below we are using gedit with the command:
sudo gedit/etc/proftpd/proftpd.conf
P a g e | 12
Fig 3.3.4: Proftpd configure file
Step 4:
Now look for the item "ServerName", around the 15 line, and change the name "AMC-Lab" to the name
of our FTP private messenger.
Step 5:
Now look for the item "User" at approximately line 68. The default user name is proftpd, and the group is
like "nogroup" In here, we keep it same as default.
Fig 3.3.5: Proftpd configure file
Step 6:
FTP user already exists on Ubuntu, we just need to set his password. We did it with the command.
Step 7:
Create the ftp group:
Step 8:
Now change the file "/ etc / passwd" to be able to use the ftp
user's line ftp user in this file looks like this:
P a g e | 13
admin: x: 118:65534 :: //srv /ftp:/bin/false
After make change:
admin: x: 118:65534 :: //home/ftp:/bin/false
Did this using the following command:
sudo gedit/etc/passwd
Fig 3.3.6: passwd configuration file
Step 9:
Create the folder we will use for FTP user using the following command:
sudo mkdir mhabub
P a g e | 14
Step 10:
Change the folder permissions as needed. We may want the folder to be download only, or read, or it is
for upload as well, i.e. read and write. For that we using the following command:
sudo chmod 755 admin
or
sudo chmod 777 admin
Permission 755: 7 5 5 or [rwx rx rx] : Owner with full permission, group permission to read
and execute, others with permission to read and execute.
Permissions 777: 7 7 7 or [rwx rwx rwx]: Owner with full permission, group full permission, others with
full permission.
Step 11:
To give that permission to the folder now has simply run the command:
ls –la admin
Step 12:
After choosing permission restart the service.
sudo restart/etc/init.d/proftpd
After restarting, we can check the status with the command
sudo /etc/init.d/proftpd status
Step13:
Testing the FTP
Another machine to access this FTP server, opening the file browser or the internet and typing the address
of this FTP.
In the example below:
ftp://10.10.0.132
P a g e | 15
Fig 3.3.7: FTP login page
Fig 3.3.8: ftp home page
Also, we can open folder on the FTP and also copy and paste:
P a g e | 16
Fig 3.3.9: Folder view on ftp server
We can create other folders with the same procedure, and create other users to access these folders. We
can also check if the transferred files into the folder are there on your server.
Fig 3.3.10: contents in the ftp server
3.4 Call Server Setup: For call server we have used Asterisk server. It is an open source Linux based software which is widely
used for VoIP call service using ‘sip’ or ‘iax’ protocol. To install this software in Linux based operating
system we have to follow these steps. For us we have installed this software in Ubuntu operating system.
P a g e | 17
Step 1. At first we have to resolve basic dependencies.
apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev libxml2-
dev linux-headers-$(uname -r) libsqlite3-dev uuid-dev
Step 2. Download the source tarballs. These commands will get the current version of
DAHDI, libpri and Asterisk.
cd /usr/src/
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-com
plete-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
Step 3. Extract the files from the tarballs
tar zxvf dahdi-linux-complete*
tar zxvf libpri*
tar zxvf asterisk*
Step 4. Install DAHDI
cd /usr/src/dahdi-linux-complete*
make && make install && make config
Step 5. Install libpri
cd /usr/src/libpri*
make && make install
Step 6. To install Asterisk. Select the options when the menuselect command runs. Then select
“Save & Exit” and the install will continue.
cd /usr/src/asterisk*
./configure && make menuselect && make && make install && make config && make samples
Step 1. Start DAHDI
/etc/init.d/dahdi start
Start Asterisk and connect to the CLI
P a g e | 18
/etc/asterisk/asterisk start
asterisk -rvvvvv
To make users we have to go to /etc/asterisk/sip.conf file. For our project we have used the sip
configuration like bellow.
3.4.1 sip.conf:
; Registering a user in sip.conf [office-phones](!) type=friend ; type friend means user can recieve & place calls. type is 'peer' for incoming only ; & 'user' for outgoings only context=outcoming-sip host=dynamic ; secret=1234 ; Password nat=yes qualify=yes canreinvite=no videosupport=yes callgroup=1 pickupgroup=1 dtmfmode=auto disallow=all ; users will choose wrong codecs if allow=all allow=alaw allow=ulaw allow=gsm allow=g729 allow=Speex allow=h261 allow=h263 allow=h263p ;allow=g711u allow=h264 [Manager](office-phones) callerid="Manager" <800> ; Registering user 'Manager' with phone no. '800' [2nd-manager](office-phones) callerid="2nd-manager" <801> ; Registering user '2nd-manager' with phone no. '801' [towfiq](office-phones) callerid="Towfiq" <802> ; Registering user 'Towfiq' with phone no. '802'
P a g e | 19
[Ashiq](office-phones) callerid="Ashiq" <803> ; Registering user 'Rakib' with phone no. '803' [farhad](office-phones) callerid=”farhad" <804> ; Registering user 'Farhad' with phone no. '804' [Asst.Manager](office-phones) callerid="2nd-pc" <805> ; Registering user 'Asst. Manager]' with phone no. '805' [sony](office-phones) callerid="sony" <806> ; Registering user 'Guest' with phone no. '806' [sahin](office-phones) callerid="sahin" <807> ; Registering user 'Guest' with phone no. '807' [hossain](office-phones) callerid="hossain" <808> ; Registering user 'Guest' with phone no. '808' [bipasha](office-phones) callerid="bipasha" <809> ; Registering user 'Server' with phone no. '809'
3.4.2 extensions.conf:
; ::::::::::::::::::::::::::::::::::::::::::::: ; ::::::: :: Dialplan :: ::::::::: ; ::::::::::::::::::::::::::::::::::::::::::::: ; Registering numbers in extensions.conf [general] static=yes writeprotect=no clearglobalvars=no [subscriber-sip] exten => 800,1,Log(NOTICE,"800 ACCOUNT") exten => 800,2,Dial(SIP/Manager,120,Tt) exten => 801,1,Log(NOTICE,"801 ACCOUNT") exten => 801,2,Dial(SIP/2nd-manager,120,Tt) exten => 802,1,Log(NOTICE,"802 ACCOUNT") exten => 802,2,Dial(SIP/Towfiq,120,Tt) exten => 803,1,Log(NOTICE,"803 ACCOUNT") exten => 803,2,Dial(SIP/Ashiq,120,Tt) exten => 804,1,Log(NOTICE,"804 ACCOUNT") exten => 804,2,Dial(SIP/farhad,120,Tt) exten => 805,1,Log(NOTICE,"805 ACCOUNT")
P a g e | 20
exten => 805,2,Dial(SIP/Asst.Manager],120,Tt) exten => 806,1,Log(NOTICE,"806 ACCOUNT") exten => 806,2,Dial(SIP/sony,120,Tt) exten => 807,1,Log(NOTICE,"807 ACCOUNT") exten => 807,2,Dial(SIP/sahin,120,Tt) exten => 808,1,Log(NOTICE,"808 ACCOUNT") exten => 808,2,Dial(SIP/hossain,120,Tt) exten => 809,1,Log(NOTICE,"809 ACCOUNT") exten => 809,2,Dial(SIP/bipasha,120,Tt) [hangup-sip] exten => _X!,1,HangUp() [outcoming-sip] include => subscriber-sip include => hangup-sip
4.1 Switch Setup: We have used cisco Switch (Catalyst 2960) for our project. To access to Switch from Ubuntu terminal we
need to install minicom software. To install minicom run the following command.
sudo apt-get install minicom
After installation finish we need to configure usb port for minicom at which switch is connected. To do
this at first we have to run this command.
dmesg grep | tty
And the following window will come.
P a g e | 21
Fig 4.1.1: Observe connected USB port
Now start the minicom by using the following command.
minicom -s
Then the following window will come.
Fig 4.1.2: Serial port setup
Then select “Serial port setup” and enter. Then change the serial device to ‘/dev/ttyUSB0’ and
Bps/Par/Bits to 9600 8N1.
P a g e | 22
Fig 4.1.3: Configure serial device
After changes applied we have to select Exit and then minicom will access to the switch as shown below.
Fig 4.1.4: Switch access by minicom
To monitor with Wireshark we have configured one port of switch as a monitor port which is connected
to the PC installed with wireshark. To do this follow the following:
Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface fastEthernet0/1
Switch(config)# monitor session 1 destination interface fastEthernet0/10
Above we have configured fastEthernet 0/1 as a source whose traffic to be monitored and fastEthernet
0/10 as destination port where wireshark has been installed.
P a g e | 23
5.1 Monitor: Now the main part of our project to central monitor and management. For this purpose we have mainly
focused on NAGIOS tool. We have used the Wireshark also to monitor the traffic.
To get the traffic from every hosts to the Wireshark we have to configure the Switch at first. Generally
Wireshark catches and examines the traffic only whose are entering or leaving through the LAN port of
the Computer. But traffic from other hosts or servers do not come to the PC’s LAN port itself. These traffics
must be guided to the PC where the Wireshark has installed.
There is a term called intrusion detection system (IDS) in network security. It is a device or a software
application which monitors network or system activities and produces electronic reports to a
management station. To make the PC as an IDS where Wireshark has installed we have to make the
corresponding port of the switch as a monitor port. To see how we have configured the corresponding
switch-port as a monitor port please see the Switch configuration part at make port as a monitor port.
Now come to the Nagios part.
5.2 Nagios: Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical
IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they
affect end-users and customers.
Fig 5.2.1: Nagios Core
Nagios allows to detect and resolve problems before they have a negative effect on Networks. It can
completely monitor and receive alerts for Networks services, servers, switches and applications, and even
mitigate any future issues. Nagios is fully flexible and scalable, and gives total peace-of-mind that IT
systems will continue running without causing any interruptions
5.3 Nagios install: Nagios Core serves as the basic event scheduler, event processor, and alert manager for elements that
are monitored. It features several APIs that are used to extend its capabilities to perform additional tasks,
is implemented as a daemon written in C for performance reasons, & is designed to run natively on
Linux/Unix systems.
Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical
IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they
affect end-users and customers.
P a g e | 24
By using Nagios, we can:
Plan for infrastructure upgrades before outdated systems cause failures
Respond to issues at the first sign of a problem
Automatically fix problems when they are detected
Coordinate technical team responses
Ensure your organization’s SLAs are being met
Ensure IT infrastructure outages have a minimal effect on your organization’s bottom line
Monitor your entire infrastructure and business processes
Now we will discuss how to install Nagios in Linux operating system.
Step 1: Install the prerequisite add-ons for Nagios core.
To make Nagios work properly we have to have these add-ons in our PC. These are the prerequisite add-
ons for Nagios core. To do this go to Ubuntu terminal login ad full administrator using ‘sudo su’ command
and the run the command as stated bellow:
sudo apt-get install \ > wget \ > build-essential > apache2 \ > apache2-utils \ > php5-gd \ > libgd2-xpm-dev \ > libapache2-mod-php5 \ > postfix
Proceed all steps with ‘ok’ and ‘yes’ command.
Now Nagios needs a user to run as. So we have to add a user and group for it.
sudo usedadd --system --home /usr/local/nagios --M Nagios sudo groupadd --system nagcmd sudo usermod -a -G nagcmd Nagios sudo usermod -a -G nagcmd www-data
This will give Nagios what it needs to run as its own user.
Now let’s pull down the Nagios-core code and the Nagios-plugin code. And then install
mkdir ~/downloads cd ~/downloads wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.1.1.tar.gz wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz tar xzf nagios-4.1.1.tar.gz cd nagios-4.1.1 ./configure --with-command-group=nagcmd make all
P a g e | 25
make install make install-init make install-config make install-commandmode make install-webconf
Afterwards, a user account for logging into Nagios interface was created in a given directory by issuing:
sudo mkdir /usr/local/nagios/etc
And a new password will be created:
sudo htpasswd –c /usr/local/nagios/etc/htpasswd.users nagiosadmin
This password is required to login to the Nagios web interface. After the created password, Apache2 was restarted to make the new settings take effect:
sudo /etc/init.d/apache2 restart
The next task is to compile and install the Nagios plug-ins. This was achieved by extracting the Nagios plug-ins source code tarball, and changing the directory to the extracted folder. The command issued is shown below:
tar xzf nagios-plug-ins-1.4.11.tar.gz cd nagios-plug-ins-1.4.11 ./configure --with-nagios-user=nagios --with-nagios-group=nagios make make install
Nagios was configured to automatically start when the system boosts with this line of command:
sudo ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios
To verify the sample Nagios configuration files, command was run.
sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
And if the output from the last issued command shows no errors, then Nagios can be started with the command:
/etc/init.d/nagios start
At this stage, Nagios server can be accessed through the web browser by typing: http://hostname/nagios or http://127.0.0.1/nagios. The fig shows Nagios access interface with username as ‘nagiosadmin’ and password, which was issued during the installation. After clicking OK button in the above screenshot, front page of Nagios server will be displayed along with its features itemized in the left sections. This is as shown in fig below.
P a g e | 26
The above screenshot illustrates basic setup of Nagios server. However, there is need for further configuration of the Nagios server according to the network requirements. This can be achieved by working on the configuration files of the Nagios. To this end, it is necessary to understand the configuration files in Nagios and these are described in the next part.
5.4 Nagios Configuration: During manual installation of Nagios as discussed in the previous section, some configuration files are installed by default in the ‘/usr/local/nagios/etc/’ directory. However, there are several other configuration files that need to be created or edited before monitoring can be started in Nagios. Though, configuring Nagios can be complex and take quite a while, but it allows a great deal of flexibility on completion.
TABLE 6. Nagios objects
Object Used for hosts servers or devices being monitored
hostgroups group of hosts
services services being monitored
servicegroups groups of services
timeperiod scheduling of checks and notifications
commands checking hosts and services notifying contacts event handling
contacts individuals to alert
contactgroups groups of contacts
We have configured two configuration files.
Commands.cfg
Localhost.cfg
5.4.1 Localhost.cfg: Define a host for the local machine.
define host{ use linux-server host_name callserver alias Call Server
address 10.10.0.130 }
Define hostgroup for linux machines.
define hostgroup{ hostgroup_name grp6server alias Group 6 Servers members webserver,ftpserver,callserver,dns.server }
P a g e | 27
Define a service to ping the host or server machines.
define service{ use local-service host_name callserver service_description PING
check_command check_ping!100.0,20%!500.0.60% }
5.4.2 Commands.cfg:
Define a command to see a host is alive by pinging it.
# ‘check-host-alive’ command definition define command{ command_name check-host-alive command_line $USER1$/check_ping –H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5 }
5.5 How to install a Plug-in: First we searched through Google with the line asterisk nagios plugin .Then we got the bellow link where
we found so many plug-in for asterisk.
https://exchange.nagios.org/directory/Plugins/Telephony/Asterisk
P a g e | 28
Fig 5.5.1: Plugin download
Then we took one plug-in which is check_asterisk_peers . Click check_asterisk_peers then we found
download file and we took version 2.0 and got the file in our Download folder.
After that we open a new terminal in Ubuntu and copy this file to ‘libexec’ folder through this command
cp /home/amcprak/Downloads/check_asterisk_peers /usr/local/nagios/libexec/
All the plug-in we have to put in ‘libexec’ folder.
Now our job is to change the command for this plug-in and we use bellow command to access commands
configuration file
gedit /usr/local/nagios/etc/objects/commands.cfg
Then we add check_asterisk_peers plug-in command configuration file like this way
#’check_asterisk_peers’ command definition Define commands{ Command_name check_asterisk_peers Command_line $USER1$/check_asterisk_peers $ARG1$ -p ‘’Manager 2nd –manager’’ –t sip
}
P a g e | 29
In command_line we use –p and –t which means: -- peers -p = A space separated list of peers to check. Use the peer name given in the configuration, without the surrounding brackets. --type -t =The type of peers to check. Valid values are sip, iax. Defaults to sip. To see the service in nagios platform we have to define the service name in localhost configuration file. Bellow command is use to access the local host configuration file
gedit /usr/local/nagios/etc/objects/localhost.cfg
Bellow command is used to define the service name in local host configuration file
define service{ Use local-service Host_name callserver Service_description check SIP peers Check_command check_asterisk_peers }
Now we login through Mozilla firefox by using web address of Nagios.
http://lcalhost/nagios
Then we put USER ID---nagiosadmin and PASSWORD—123456 then we saw the bellow figure where we
found our plug-in which one we add at localhost configuration file as a call server. where we found some
other default plug-in.
5.6 NRPE Server: The term NRPE stands for Nagios Remote Plugin Executor. Nagios is a tool by which we can check each
every services of the local hosts and servers and also remote hosts and servers if there is enough
permission available for Nagios. Generally ping service does not requires any extra permission to execute.
It runs on icmp request and response process. But for the other services, for example Asterisk server call
service, Nagios cannot execute commands to this server remotely by itself.
To do this we have Nagios Remote Plugin Executor (NRPE) Server. At first we will discuss how to install
NRPE server.
To monitor services in localhost we have to install Nagios plugins in the ‘libexec’ folder. From where Nagios
execute the plugin and get the required data. But to monitor the remote server/host we have to put that
plugin in the “/usr/lib/nagios/plugins/” folder of that host PC. Then Nagios will get reports ftom that
remote PC by executing that plugin.
5.6.1 Direct Checks The most straight forward use of the NRPE add-on is to monitor "local" or "private" resources on a remote Linux/Unix Machine. This includes things like CPU load, memory usage, swap usage, current users, disk usage, process states, etc.
P a g e | 30
Fig 5.6.1.1: Nagios direct check through nrpe server
5.6.2 via Proxy Checks We can also use the NRPE add-on to indirectly check "public" services and resources of remote servers that might not be reachable directly from the monitoring host. For instance, if the remote host that the NRPE daemon and plugins are installed-on can talk to the remote web server (but the monitoring host cannot), we can configure the NRPE daemon to allow Nagios to monitor the remote web server indirectly. The NRPE daemon is essentially acting as proxy in this case.
Fig 5.6.2.1: Nagios indirect check through nrpe server
5.6.3 Remote pc nrpe add-on install: Now let’s see how to install the NRPE add-on in remote PC. Following we have discussed the process to
install NRPE add-on to the remote host or server.
Step 1. Install NRPE and Nagios Plugins
NRPE is available under default apt repositories of Ubuntu systems. Execute the following command to install it. And also install the Nagios-plugins. sudo apt-get install nagios-nrpe-server nagios-plugins
Step 2. Configure NRPE
In NRPE configuration, first we need to configure nrpe to which nagios servers it accepts requests. For example our nagios server ip is 10.10.0.135, then add this ip to allowed hosts list. Edit NRPE configuration file /etc/nagios/nrpe.cfg and make changes like. allowed_hosts=127.0.0.1, 10.10.0.130
P a g e | 31
We can add more Nagios servers in allowed hosts by comma separated list. Now restart NRPE service. Now it’s ready to listen requests from Nagios server.
$ sudo service nagios-nrpe-server restart
Let’s login to your Nagios server and verify that your Nagios server can communicate with NRPE service properly. Execute following command from nagios server plugin directory, and we are assuming that your nrpe client-server IP is 10.10.0.130.
# ./check_nrpe -H 192.168.1.11
# NRPE v2.15
The output “NRPE v2.15” shows that nagios server successfully communicated with nrpe.
Then at Nagios PC we have to configure the “commands.cfg” file like this.
# ‘check_nrpe’ command definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H 10.10.0.130 -c $ARG1$; }
We are now ready to start adding services to the Nagios configuration that should be monitored on the remote machine.
After this we have to configure the “localhost.cfg” configuration file like this.
define service{ use generic-service host_name callserver service_description Check_SIP Peers check_command check_nrpe!check_asterisk_peers }
Above there is yellow marked ‘check_asterisk_peers’ which is the plugin at remote pc where NRPE is
installed. By the line “host_name callserver” defined to execute this check command to that callserver
PC.
Then we have added the required command to execute the plugin in the nrpe.cfg file at NRPE server. The
command to add the plugin (check_asterisk_peers) service will be like this.
command[check_asterisk_peers]=/usr/lib/nagios/plugins/check_asterisk_peers –p “Manager 2nd-manager”
P a g e | 32
Then after running the following command in the Nagios PC’s terminal we will see the peers if available
or not. At the previous box we can see the peers ‘Manager’ and ‘2nd-manager’ have configured after ‘-p’
notation. So if the peers available we will see the following output:
Ok: Manager, 2nd-manager
Fig 5.6.3.1: Nagios plugin execute at nrpe server
And output result for this configuration in the Nagios graphical interface would be like this:
Fig 5.6.3.2: Service output at Nagios page
P a g e | 33
Fig 5.5.3.3: Nagios Service details view
Now we will add another user to the command at nrpe.cfg file named ‘Ashiq’ which is not currently logged
in and will see what the output would be for disconnected peer.The command in the nrpe.cfg file will be
like this:
command[check_asterisk_peers]=/usr/lib/nagios/plugins/check_asterisk_peers –p “Manager 2nd-manager Ashiq”
The output is at terminal is like this
ERROR: Ashiq: UNKNOWN Ok: Manager, 2nd-manager
Fig 5.6.3.4: Peer Ashiq disconnected
P a g e | 34
And output result for this configuration in the Nagios graphical interface would be like this:
Fig 5.6.3.5: Service status critical because of peer Ashiq disconnected
Work flow of NRPE with Nagios:
The work flow of NRPE server with Nagios server is like this.
1. At first Nagios execute the check_nrpe plugin from its libexec folder.
2. Then the check_nrpe plugin will send the command(s) (e.g. check_asterisk_peers) to the remote
NRPE server as ‘host_name’ (e.g. callserver) is defined in the ‘localhost.cfg’ file.
3. Next if the requested command (e.g. check_asterisk_peers) is available in the folder
‘/usr/lib/nagios/plugins’ at NRPE server PC and the ‘nrpe.cfg’ is configured accordingly, then the
command will be executed.
4. After execution the plugin (check_asterisk_peers) will get results and create corresponding
reports.
5. Then the NRPE server will sends back the report to Nagios PC, from where it was requested.
6. At last Nagios will display the acquired results on Linux terminal or on Nagios page opened in the
browser.
7. The connection between Nagios and NRPE server is established based on SSL (Secure Service Layer
protocol)
P a g e | 35
5.7 Flapping:
Fig 5.7.1: Service flapping monitor Another important option we have monitored in Nagios is ‘Flapping’. If we enter any service by clicking
on it to see the details of that service we will see a line ‘Is this service flapping?’. It can be either ‘yes’ or
‘no’ and there will be a percent notation.
Fig 5.7.2: Service state change Transitions for last 21 states
Flapping percentage is calculated using this formula,
𝐹𝑙𝑎𝑝𝑝𝑖𝑛𝑔 (%) =No. of state changes
possible 20 state changes× 100
To understand the calculation we will observe the graph of fig. It shows four (4) kinds of states. Green is
‘OK’, yellow is ‘Warning’, red is Critical and orange is ‘warning’. We have to take the changes of states. In
this figure the states changed 7 times. For examples state changed from ‘OK’ (green) to ‘Warning’ (yellow)
after t3. So according to the equation,
Flapping
P a g e | 36
𝐹𝑙𝑎𝑝𝑝𝑖𝑛𝑔 (%) =7 state changes
possible 20 state changes× 100
=7
20× 100
=35%
5.8 Observing results on Nagios page:
Fig 5.8.1: Nagios Hosts page
On Nagios Hosts page we can see all our hosts we have created in the ‘localhost.conf’ file. Here at the
status column shown whether the host is up or down. Actually it is the icmp response (ping) which is
requested by the Nagios ping plugin. At the status information column we can see ping is ok or not, packet
loss in % and round trip time (RTA) in milliseconds.
Fig 5.8.2: Nagios Grid page
On Nagios Grid page we can see all the services in specific status color. Services are shown in groups at
their host.
P a g e | 37
Fig 5.8.3: Nagios Problems page
On Nagios Problems page we can see only the problems of the services showing their corresponding host
names. At the status information column we will find the specific cause of the problem.#
P a g e | 38
6.1 Conclusion: In our project our target was to implement a remote monitoring tool as well as implement the security
and remote configuration. We have done the remote configuration part with SSH connection and did our
monitoring part with Nagios. We have not worked with the security part.
As a learning project we have gathered knowledge how to configure Nagios and make it workable. In
future we will implement Nagios in more wide use.
P a g e | 39
Appendix:
Apendix A: References:
1. https://assets.nagios.com/downloads/nagioscore/docs/nrpe/
2. https://www.youtube.com/playlist?list=PLfDeztAk23HTumNmSpRApUC4Y2IWZga8m
3. http://tecadmin.net/install-nrpe-on-ubuntu/
4. http://www.voip-info.org/wiki/view/Asterisk+monitoring
5. https://www.nagios.org/downloads/nagios-plugins/
6. http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/
7. https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/flapping.html