A new check?


#1

I would like a check that goes through a given subnet and looks for new IP’s every so many minutes. Would I write this as a check on the nagios server machine or could I make it as a check on the network as a whole(and can this be done)?

What I eventually want to do is discover new machines plugged into the network and automatically write them into a cfg file that gives them a position on the statusmap, a ping service check and adds them to a group that I have made (create the following entries for the ip: host, hostgroup, service::Ping, hostextinfo and maybe a service that automatically returns critical so they show up in host problems and I have to further configure them). Can I do this and if I did would others like to use it (and even better yet, has it already been written)?


#2

you could possibly use something like nmap and parse the output with a perl script. (sorry i don’t know how to do this… no good in perl :smiley: )

You would then need to add some lines to your hosts and services cfg (or an extra cfg file…) and restart nagios.

I’m not sure what you want to use this for… if it’s servers added to a network it could be useful… if it’s notebooks or something like that you would need to remove them when they doisconnect but you can’t know if it’0s a serrver problem or a physical disconnection from the network…

Luca


#3

The servers are all in a different subnet than the workstations (192.168.21.x vs. 192.168.22.:evil: so by just going on one subnet I could get every server added. I do want to add the workstations too, because there are services on them that people could start up that I don’t want them to be able to. So when a workstation gets added I want to monitor it for things as well (like HTTP, FTP, bittorrent…). Sometimes we are building things in the workstation enviroment and then we move them over to the server enviroment because it is easier to do all the configuration at a desk. So we need to have things like HTTP allowed within the subnet, but we don’t want every machine to start their own webserver.

As for writing this, should I make it a check on my local machine or somewhere else (It doesn’t really make sense to run what I think of as a network wide check against just one machine)? Can I create checks that run against a subnet? Could I create a logical “host” that stands for the subnet itself?


#4

wouldn’t it be better to assign IPs and let the firewall do it’s job (with permissions for some IPs)?

As for the “how to” part i really don’t know :slight_smile:

Luca


#5

The firewall is doing its job; a server started by someone on their own workstation cannot be reached from an external address. That doesn’t mean someone cannot start one internal to the network. This is a development enviroment and some people need to fire up their own servers for various reasons. I would like to set nagios up to monitor these as soon as they are found.

Basics of this network (only at the site that I am located at though, there are other sites in the company)
Workstations —>main router
Servers --------->main router
dmz ------------->firewall
main router ---->firewall
firewall --------->T1, internet

Workstations, Servers, and the dmz are all on different subnets.

Company rules:
Developers can operate test enviroments within the workstation subnet
Workstations may be turned on and off as needed (whenever)
Servers can only be turned off when scheduled in advance.
Services cannot be taken out of the server enviroment, only put into the enviroment.
If a Server needs to be replaced, a new server is to be put in before the old one gets taken out.
Same rules go for the dmz as the server enviroment.


#6

I suppose parsing the nmap output to generate a new cfg file is the easiest solution… let’s see if somebody else has some ideas :slight_smile:

Ciao, Luca


#7

If developers can run httpd and workstations can’t, then setup those workstations so that they can’t install any applications. Problem solved.

To perform what you want, Nagios would be starting and stopping every 10 minutes, as people power off/on there workstations (if you are using dhcp).

Really, though, think about it. You want Nagios to search a subnet for new ip’s, add them to it’s config files, restart nagios and report what? Report that there is httpd running on a workstation? If that is the case, simply make it impossible for them to do so.

Now, if you are triing to get nagios to configure itself, by searching for all the servers/workstations, I suppose that is a noble effort. But I fail to see how this is productive. Wouldn’t it be a good idea to find out how your network is setup and what port’s on a switch your server’s are plugged into? Then configure nagios to monitor the ports and also monitor the servers. I assume that these servers are for production, so they should always be powered on, always be online.

I kinda get what you are attempting, but it seems kinda like wishful thinking.


#8

I have begun writing this (and it currently works great for what I need it to do)

It can be found at:
nagiosexchange.org/Networkin … nagext_pi1[p_view]=275

Right now it just adds the configs and doesn’t restart nagios (I figured that was the job of the administrator, not some program). Read the link for more information.


#9

It appears you plugin doesn’t work. I’ve tried it and others have reported the same problem.
meulie.net/e107_plugjes/foru … c.php?6499