1. Intro to Network Monitoring Using Nagios Network Analyzer and NSTI Spenser Reinhardt sreinhardt@nagios.com

2. 2 General Overview SNMP Basics Nagios SNMP Trap Interface (NSTI) Nagios Network Analyzer (NNA) Integration 3. 3 What Is SNMP? Simple Network Management Protocol SNMP is a application layer protocol for management and information gathering from network based devices. It works by querying an agent for a specific address(oid) that contains information specific to that device. In some cases modification of device settings and configuration is possible via SNMP. 4. 4 Basic Terminology Manager Generally the device requesting or setting data on a SNMP Agent. Can also receive traps. Agent Local or remote client that receives and processes requests, and potentially generates traps to be sent to a manager. Versions SNMPv1 Base standard for snmp SNMPv2c BulkGetRequest, performance, and security improvements. SNMPv3 Cryptographic, Authentication and Integrity 5. 5 MIBs and OIDs, Oh my! Management Information Base (MIB) MIBs define what information is potentially available on a particular device. They also define the structure of addressing and data within the SNMP subsystem. Object Identifier (OID) OIDs are variables referenced by name or numeric address. They determine a specific aspect of the MIB to capture or modify information on the SNMP subsystem 6. 6 Polling, Traps Vs Gets GetRequest: Manager to agent, request for data at a specified OID. Response: Returns the data requested as an acknowledgment to a GetRequest Trap: An asynchronous notification from agent to manager, generated by the agent upon system events. 7. 7 Firewall Restrictions GetRequest Manager to Agent: Random src to 161 UDP v1 & v2c Manager to Agent: Random src to 10161 UDP v3 Response Agent to Manager: Random src to Port from GetRequest UDP Traps Agent to Manager: Random src to 162 UDP v1 & v2c Agent to Manager: Random src to 1062 UDP v3 8. 8 Services Agents *nix snmpd Windows SNMP Service Managers Net-SNMP MRTG Traps snmptt snmptrapd 9. 9 Configuration and Logging SNMPd Config - /etc/snmp/snmpd.conf Logging - /var/log/messages SNMPtt Config - /etc/snmp/snmptt.conf Config - /etc/snmp/snmptt.ini Logging - /var/log/snmptt/ SNMPtrapd Config - /etc/snmp/snmptrapd.conf Logging - /var/log/snmptt/ 10. 10 One More Important Location /usr/share/snmp/mibs Mibs are stored here Nagios, snmp and many other applications read from here Uploaded via nagiosxi web ui here Used for Gets and Traps Should be owned by root.nagios 11. 11 This matters to me why? Basis for agentless remote monitoring on many devices. Often faster than wmi and agent based installs. Little to no delay when devices send traps until notification. Many Nagios plugins built around snmp. 12. 12 Nagios SNMP Trap Interface (NSTI) 13. 13 NSTI - Overview Created by Nick Scott And a lot of pushing by me! (Thanks Nick) Works with snmptt and snmptrapd to collect traps, and store them via mysql Provides a visual interface for viewing large amounts of traps Very light-weight and easy on resources 14. 14 Important Files Logging /var/log/httpd/error_log /var/log/mysqld.log Snmptt logs Configuration /usr/local/{nagiosti,nsti} Depends on the version in use 15. 15 Potential Woes SNMPTT not logging Permissions on /var/spool/snmptt/ Settings in /etc/snmp/snmptt.ini Mysql Issues /usr/local/nsti/etc/nsti.cfg /etc/snmp/snmptt.in Traps no longer sending to XI also Settings in /etc/snmp/snmptrapd.conf 16. 16 So What Can I Actually Use This For? Correlating issues only available via traps Feeding traps to XI or core, and maintaining past events Windows event log monitoring via traps Network device status changes 17. 17 Collecting Windows Logins 18. 18 Windows Service Restarts 19. 19 Nagios Network Analyzer 20. 20 NNA - Overview Network flow collector Correlation of network traffic Statistical network information Advanced querying and reporting Compressed rrds and low cpu usage 21. 21 Important Locations and Files /usr/local/nagiosna/ Main configs, binaries, and storage of rrds Nfcap Daemon to collect flows Needs to be started before sources can work 22. 22 Demo! http://nagiosna.demos.nagios.com/nagiosna/index.php 23. 23 Questions? Thank you!