Thursday, October 23, 2008

Know your TCP/UDP port processes

Netstat is your friend to know what process are using TCP and UDP ports on your machine.

there are many different switches for this.

e.g

netstat \? >> it will show you all the switches/options that netstat have


NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.



Example

netstat -an ==>shows address and port in numerical form
netstat -ano ==> show all process ID associated with each connection
netstat -rn ==>show routing table
netstat -vb ==>show sequence of connection and listening port of all
executable
Best use of this command is

netstat -tnlp

Thursday, October 16, 2008

Nagios Step by Step

Nagios is a network monitoring application that helps an administrator to detect the faults in network components.

Nagios is a feature rich application and some of them are as below:

1. Monitoring of Network Services (like http, ftp, smtp, dns, ping, etc)
2. Monitoring of Host Resources (like CPU, RAM, HDD, etc.)
3. Monitoring of Environmental Factors
4. Users can design their own service checks
5. Sending e-notifications during faults or outage
6. Log rotation
7. Support for redundant monitoring hosts implementation
8. Access Web Interface


Installation on CentOS5

1. download the nagios by weget command
2.install the rpm by #rpm -ivh
or
yum would be your best friend in RedHat based distributions

login by root user and give the below command and wait for the magic :)

#yum install nagios nagios-plugins nagios-plugins-nrpe nagios-devel

Once done successfully you will find "nagios.conf" file in "conf.d" directory of apache.

create a user for nagios administration, you may not want to root user for administration. say the userName is nagiosadmin

pass the below command at root prompt:


#htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin


Now
Edit the below file:
"/etc/nagios/cgi.cfg" >> you can use vi or emacs or nano editor

make the below changes to this file

use_authentication=1
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin


Now

You may want to take backup of of the "localhost.cfg" in "/etc/nagios" to "localhost.cfg.backupOriginal"

#cd /etc/nagios
#mv localhost.cfg localhost.cfg.backupOriginal


Now

Edit "nagios.cfg" by your choice of editor.

localhost.cfg.org
cfg_file=/etc/nagios/contactgroups.cfg
cfg_file=/etc/nagios/contacts.cfg
cfg_file=/etc/nagios/hostgroups.cfg
cfg_file=/etc/nagios/hosts.cfg
cfg_file=/etc/nagios/services.cfg
cfg_file=/etc/nagios/timeperiods.cfg
check_external_commands=1
command_check_interval=-1

Now
Create the config files as below:

#touch contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg
#chown nagios.nagios contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg


Now, you are free to customize these files as per your business requirement.
say for file:- /etc/nagios/timeperiods.cfg
________________________________________________________________
# '24x7' timeperiod definition
define timeperiod{
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}

# 'workhours' timeperiod definition
define timeperiod{
timeperiod_name workhours
alias "Normal" Working Hours
monday 08:00-17:00
tuesday 08:00-17:00
wednesday 08:00-17:00
thursday 08:00-17:00
friday 08:00-17:00
}

# 'nonworkhours' timeperiod definition
define timeperiod{
timeperiod_name after office hours
alias Non-Work Hours
sunday 00:00-24:00
monday 00:00-09:00,17:00-24:00
tuesday 00:00-09:00,17:00-24:00
wednesday 00:00-09:00,17:00-24:00
thursday 00:00-09:00,17:00-24:00
friday 00:00-09:00,17:00-24:00
saturday 00:00-24:00
}

# 'none' timeperiod definition
define timeperiod{
timeperiod_name none
alias None
}


_________________________________________________________

For File /etc/nagios/contacts.cfg

define contact{
contact_name MonitorAdmin
alias MonitorAdmin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourComanyName.com
}

define contact{
contact_name NK
alias NK
service_notification_period workhours
host_notification_period workhours
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourCompanyName.com
}

__________________________________________________________________________
For File Name : /etc/nagios/contactgroups.cfg

define contactgroup{
contactgroup_name Monitor
alias Monitor
members MonitorAdmin,NK
}
__________________________________________________________________
Now

If you want to configure the hosts and hostgroups (optional) to be monitored in "/etc/nagios/hosts.cgi" and "/etc/nagios/hostgroups.cgi".

File:/etc/nagios/hosts.cfg

# Generic host definitions
define host{
name generic-host ; Generic template name
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}

define host{
name Template1
use generic-host
check_command check-host-alive
max_check_attempts 5
notification_interval 5
notification_period 24x7
notification_options d,u,r
register 0
}

##### Begin Real Hosts #####

define host{
use Template1
host_name mail.yourComanyName.com
alias mail.yourCompanyName.com
address a.b.c.d
contact_groups Monitor
# notification_options d,r #overrides the basic-host option
}


_______________________________________________________________________

Now
File:/etc/nagios/hostgroups.cfg
define hostgroup{
hostgroup_name YourCompanyServers
alias YourCompanyServers
members mail.yourCompanyName.com
}
________________________________________________________________________

Its turn to configure the services now.

Per-defined services are in "/etc/nagios/commands.cfg"
Custom services are in "/etc/nagios/services.cfg"

File:/etc/nagios/services.cfg

define service{
name generic-service ; Generic service name
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
obsess_over_service 1 ; We should obsess over this service
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}

# Generic for all services
define service{
use generic-service
name basic-service
is_volatile 0
check_period 24x7
max_check_attempts 5
normal_check_interval 1
retry_check_interval 3
notification_interval 0
notification_period none
register 0
}

define service{
use basic-service
name ping-service
notification_options n
check_command check_ping!1000.0,20%!2000.0,60%
register 0
}

define service{
use basic-service
name www-service
notification_options n
check_command check_http
register 0
}
define service{
use basic-service
name mail-service
notification_options n
check_command check_smtp
register 0
}


define service{
use ping-service
service_description PING
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}


define service{
use mail-service
service_description MAIL
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}

define service{
use www-service
service_description WWW
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}


___________________________________________________________________________

Now

We have used check_ping, check_http and check_smtp commands to monitor servers under yourComanyServers group.
Groups are helpful if you may want to monitor multiple servers.
In this configuration example, we could have used host_name parameter and there should have been no need to configure hostgroups.

Okie, Now everything is setup and you can make a final testing by using below command to get similar output.

cross your fingers :)

#nagios -v nagios.cfg

Nagios 2.10
Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org)
Last Modified: 10-21-2007
License: GPL

Reading configuration data...

Running pre-flight check on configuration data...


If you see any error check and fix them.....

Now the last step
Run the service

#/etc/init.d/nagios start


Want to see the output in web browser
http://NAGIOS_SERVER_IP/nagios


huh....Enjoy the Flight......


Need more info visit For more information: http://nagios.sourceforge.net/docs/2_0/toc.html