Creating a basic monitoring server for network devices

I’ve recently been working more and more with network device management. So, to help with up-time monitoring, interface statistics, bandwidth utilization, and alerting, I’ve been building up a server with some great Open Source tools. My clients love it because it costs virtually nothing to run these machines, and it helps keep the network running smoothly when we know what is going on within the network.

One thing I haven’t been able to do yet is SYSLOG monitoring with the ability to generate email alerts off of specific SYSLOG messages. That’s in the work, and I’ll be adding that information into this blog as soon as I get it up and running properly.

I am using Debian 7.6 for this Operating System. Mainly because it’s very stable, very small, and doesn’t update as frequently (making it easier to manage). You can follow a basic install of this OS from here: Debian Minimal Install. That will get you up and running and we’ll take it from there.

Okay, now that you have an OS running, go ahead and open up a command prompt and log in as your user account or “root”. Go ahead an then “sudo su”.

Now we will update apt:

apt-get update

 

From here, let’s get LAMP installed and running so our web services will run properly.

apt-get install apache2
apt-get install mysql-server
apt-get install php5 php-pear php5-mysql

 

Now that we have that all setup, lets secure MySQL a bit:

mysql_secure_installation

 

When you run through this, make sure to answer these questions:

root@testmonitor:/root# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

 
 

Let’s test the server and make sure it’s working properly. Using nano, edit the file “info.php” in the “www” directory:

nano /var/www/info.php

 

Add in the following lines:

<?php
phpinfo();
?>

 

Now, open a web browser and type in the server’s IP address and the info page:

http://192.168.0.101/info.php

 

 

Now let’s get Cacti installed.

apt-get install cacti cacti-spine

Make sure to let the installer know that you’re using Apache2 as your HTTP server.

Also, you’ll need to let the installer “Configure database for cacti with dbconfig-common”. Say yes!

After you apt is done installing your software, you’ll have to finish the install from a web browser.

http://192.168.0.101/cacti/install/

 

After answering a couple very easy questions, you’ll be finished and presented with a login screen.

The default credentials for cacti are “admin:admin”

From there you can log in and start populating your server with all the devices that you want to monitor. It’s that easy.

 

 

 

 

Now, let’s get Nagios installed. Again, it’s really easy. I just install everything nagios (don’t forget the asterisk after nagios):

apt-get install nagios*

This is what it will look like:

root@debiantest:/root# apt-get install nagios*
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Note, selecting 'nagios-nrpe-plugin' for regex 'nagios*'
Note, selecting 'nagios-nrpe-doc' for regex 'nagios*'
Note, selecting 'nagios-plugins-basic' for regex 'nagios*'
Note, selecting 'check-mk-config-nagios3' for regex 'nagios*'
Note, selecting 'nagios2' for regex 'nagios*'
Note, selecting 'nagios3' for regex 'nagios*'
Note, selecting 'nagios-snmp-plugins' for regex 'nagios*'
Note, selecting 'uwsgi-plugin-nagios' for regex 'nagios*'
Note, selecting 'ndoutils-nagios3-mysql' for regex 'nagios*'
Note, selecting 'nagios-plugins' for regex 'nagios*'
Note, selecting 'gosa-plugin-nagios-schema' for regex 'nagios*'
Note, selecting 'nagios-nrpe-server' for regex 'nagios*'
Note, selecting 'nagios-plugin-check-multi' for regex 'nagios*'
Note, selecting 'nagios-plugins-openstack' for regex 'nagios*'
Note, selecting 'libnagios-plugin-perl' for regex 'nagios*'
Note, selecting 'nagios-images' for regex 'nagios*'
Note, selecting 'pnp4nagios-bin' for regex 'nagios*'
Note, selecting 'nagios3-core' for regex 'nagios*'
Note, selecting 'libnagios-object-perl' for regex 'nagios*'
Note, selecting 'nagios-plugins-common' for regex 'nagios*'
Note, selecting 'nagiosgrapher' for regex 'nagios*'
Note, selecting 'nagios' for regex 'nagios*'
Note, selecting 'nagios3-dbg' for regex 'nagios*'
Note, selecting 'nagios3-cgi' for regex 'nagios*'
Note, selecting 'nagios3-common' for regex 'nagios*'
Note, selecting 'nagios3-doc' for regex 'nagios*'
Note, selecting 'pnp4nagios' for regex 'nagios*'
Note, selecting 'pnp4nagios-web' for regex 'nagios*'
Note, selecting 'ndoutils-nagios2-mysql' for regex 'nagios*'
Note, selecting 'nagios-plugins-contrib' for regex 'nagios*'
Note, selecting 'ndoutils-nagios3' for regex 'nagios*'
Note, selecting 'nagios-plugins-standard' for regex 'nagios*'
Note, selecting 'gosa-plugin-nagios' for regex 'nagios*'
The following extra packages will be installed:
  autopoint dbus fonts-droid fonts-liberation fping freeipmi-common freeipmi-tools gettext ghostscript git git-man gosa gsfonts imagemagick-common libavahi-client3 libavahi-common-data libavahi-common3 libc-client2007e
  libcalendar-simple-perl libclass-accessor-perl libclass-load-perl libclass-singleton-perl libconfig-tiny-perl libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libcurl3 libcurl3-gnutls libdata-optlist-perl libdate-manip-perl
  libdatetime-locale-perl libdatetime-perl libdatetime-timezone-perl libdbus-1-3 libdigest-hmac-perl libdigest-md4-perl libencode-locale-perl liberror-perl libfile-listing-perl libfont-afm-perl libfpdf-tpl-php libfpdi-php
  libfreeipmi12 libgd-gd2-perl libgd2-xpm libgettextpo0 libgomp1 libgs9 libgs9-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl
  libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libijs-0.35 libio-pty-perl libio-socket-ip-perl libio-socket-ssl-perl libipc-run-perl libipmiconsole2 libipmidetect0 libjansson4 libjasper1 libjbig0 libjbig2dec0
  libjpeg8 libjs-jquery-ui libkohana2-php liblcms2-2 liblist-moreutils-perl liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwp-useragent-determined-perl libmagickcore5 libmagickwand5 libmail-imapclient-perl
  libmailtools-perl libmath-calc-units-perl libmath-round-perl libmcrypt4 libmemcached10 libmodule-implementation-perl libmodule-runtime-perl libnet-dns-perl libnet-http-perl libnet-ip-perl libnet-libidn-perl libnet-smtp-tls-perl
  libnet-snmp-perl libnet-ssleay-perl libodbc1 libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpaper-utils libpaper1 libparams-classify-perl libparams-util-perl libparams-validate-perl
  libparse-recdescent-perl libpgm-5.1-0 libpq5 libradiusclient-ng2 libreadonly-perl libreadonly-xs-perl librecode0 librrds-perl librtmp0 libruby1.9.1 libslp1 libsm6 libsocket-perl libssh2-1 libsub-install-perl libsub-name-perl
  libsystemd-login0 libtalloc2 libtdb1 libtiff4 libtimedate-perl libtry-tiny-perl libunistring0 liburi-perl libwbclient0 libwww-perl libwww-robotrules-perl libxpm4 libxt6 libyaml-0-2 libyaml-syck-perl libzmq1 mlock ndoutils-common
  perlmagick php-fpdf php5-curl php5-gd php5-imagick php5-imap php5-ldap php5-mcrypt php5-recode poppler-data python-httplib2 python-keystoneclient python-pkg-resources python-prettytable qstat rsync ruby ruby1.9.1 samba-common
  samba-common-bin slapd smarty3 smbclient ttf-liberation uwsgi-core x11-common
Suggested packages:
  dbus-x11 freeipmi-ipmidetect freeipmi-bmc-watchdog gettext-doc ghostscript-cups ghostscript-x hpijs git-daemon-run git-daemon-sysvinit git-doc git-el git-arch git-cvs git-svn git-email git-gui gitk gitweb gosa-si-server
  cyrus21-imapd postfix-ldap gosa-schema php5-suhosin php-apc uw-mailutils cups-common libgd-tools libdata-dump-perl libjasper-runtime libjs-jquery-ui-docs libkohana2-modules-php liblcms2-utils libcrypt-ssleay-perl
  libmagickcore5-extra libauthen-sasl-perl libmcrypt-dev mcrypt libio-socket-inet6-perl libcrypt-des-perl libmyodbc odbc-postgresql tdsodbc unixodbc-bin libscalar-number-perl slpd openslp-doc libauthen-ntlm-perl backuppc perl-doc
  cciss-vol-status expect ndoutils-doc imagemagick-doc ttf2pt1 rrdcached libgearman-client-perl libcrypt-rijndael-perl poppler-utils fonts-japanese-mincho fonts-ipafont-mincho fonts-japanese-gothic fonts-ipafont-gothic
  fonts-arphic-ukai fonts-arphic-uming fonts-unfonts-core python-distribute python-distribute-doc ri ruby-dev ruby1.9.1-examples ri1.9.1 graphviz ruby1.9.1-dev ruby-switch ldap-utils cifs-utils nginx-full cherokee libapache2-mod-uwsgi
  libapache2-mod-ruwsgi uwsgi-plugins-all uwsgi-extra
The following NEW packages will be installed:
  autopoint check-mk-config-nagios3 dbus fonts-droid fonts-liberation fping freeipmi-common freeipmi-tools gettext ghostscript git git-man gosa gosa-plugin-nagios gosa-plugin-nagios-schema gsfonts imagemagick-common libavahi-client3
  libavahi-common-data libavahi-common3 libc-client2007e libcalendar-simple-perl libclass-accessor-perl libclass-load-perl libclass-singleton-perl libconfig-tiny-perl libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libcurl3
  libcurl3-gnutls libdata-optlist-perl libdate-manip-perl libdatetime-locale-perl libdatetime-perl libdatetime-timezone-perl libdbus-1-3 libdigest-hmac-perl libdigest-md4-perl libencode-locale-perl liberror-perl libfile-listing-perl
  libfont-afm-perl libfpdf-tpl-php libfpdi-php libfreeipmi12 libgd-gd2-perl libgd2-xpm libgettextpo0 libgomp1 libgs9 libgs9-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
  libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libijs-0.35 libio-pty-perl libio-socket-ip-perl libio-socket-ssl-perl libipc-run-perl libipmiconsole2 libipmidetect0
  libjansson4 libjasper1 libjbig0 libjbig2dec0 libjpeg8 libjs-jquery-ui libkohana2-php liblcms2-2 liblist-moreutils-perl liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwp-useragent-determined-perl
  libmagickcore5 libmagickwand5 libmail-imapclient-perl libmailtools-perl libmath-calc-units-perl libmath-round-perl libmcrypt4 libmemcached10 libmodule-implementation-perl libmodule-runtime-perl libnagios-object-perl
  libnagios-plugin-perl libnet-dns-perl libnet-http-perl libnet-ip-perl libnet-libidn-perl libnet-smtp-tls-perl libnet-snmp-perl libnet-ssleay-perl libodbc1 libpackage-deprecationmanager-perl libpackage-stash-perl
  libpackage-stash-xs-perl libpaper-utils libpaper1 libparams-classify-perl libparams-util-perl libparams-validate-perl libparse-recdescent-perl libpgm-5.1-0 libpq5 libradiusclient-ng2 libreadonly-perl libreadonly-xs-perl librecode0
  librrds-perl librtmp0 libruby1.9.1 libslp1 libsm6 libsocket-perl libssh2-1 libsub-install-perl libsub-name-perl libsystemd-login0 libtalloc2 libtdb1 libtiff4 libtimedate-perl libtry-tiny-perl libunistring0 liburi-perl libwbclient0
  libwww-perl libwww-robotrules-perl libxpm4 libxt6 libyaml-0-2 libyaml-syck-perl libzmq1 mlock nagios-images nagios-nrpe-plugin nagios-nrpe-server nagios-plugin-check-multi nagios-plugins nagios-plugins-basic nagios-plugins-common
  nagios-plugins-contrib nagios-plugins-openstack nagios-plugins-standard nagios-snmp-plugins nagios3 nagios3-cgi nagios3-common nagios3-core nagios3-dbg nagios3-doc nagiosgrapher ndoutils-common ndoutils-nagios3-mysql perlmagick
  php-fpdf php5-curl php5-gd php5-imagick php5-imap php5-ldap php5-mcrypt php5-recode pnp4nagios pnp4nagios-bin pnp4nagios-web poppler-data python-httplib2 python-keystoneclient python-pkg-resources python-prettytable qstat rsync ruby
  ruby1.9.1 samba-common samba-common-bin slapd smarty3 smbclient ttf-liberation uwsgi-core uwsgi-plugin-nagios x11-common
0 upgraded, 196 newly installed, 0 to remove and 0 not upgraded.
Need to get 81.9 MB of archives.
After this operation, 272 MB of additional disk space will be used.
Do you want to continue [Y/n]?

 

 

Now to test, just login at http://your-server-ip/nagios3/

You’ll have to look up tutorials on configuring Nagios and Cacti. Of the two, Cacti is much easier because it’s all web based. But Nagios isn’t too difficult once you get used to playing around with config files.

One last thing I did was setup a landing page to point at the services. To do that just edit the index.php file in your www folder like this:

root@testdebian:/etc/nagios3/conf.d/hosts# cat /var/www/index.html
<html><body><h1>TEST Monitoring Server</h1>
<p>This is the landing page for the TEST Monitoring server.</p>
<p>&nbsp;</p>
<p>Please use the following links to access services:</p>
<p><a href="/nagios3"> 1. Nagios</a></p>
<p><a href="/cacti"> 2. Cacti</a></p>
</body></html>
root@testdebian:/etc/nagios3/conf.d/hosts#

Now you can browse to the IP address and get a easy to use page that will forward you to which ever service you want!

Let me know if you have any questions!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Open Source can save you millions: Part 1, the intro…

After dealing with some vendors in the last couple years, I’ve come to realize one major tone keeps rearing it’s ugly head: Vendor sales people will tell you anything to get you to buy their product or service, regardless as to whether or not their product/service is the best solution at the best price out there.

Now, wait just a minute. I’m not going to demonize salesmen or be some hippie tree hugger and say, “don’t buy commercial products, man!”. Some companies and products are pretty damn good. Some are definitely not. Some are ridiculously expensive; some are not. But How do you know which ones to actually spend money on, or not to spend money on, if your company, or personal outlook on life, is telling you to just listen to a vendor and buy his products? When was the last time you went to your grey beards and asked them if they have a solution to your problem?

Well, I’m not a grey beard, but I am a big proponent of the “DIY” projects. I try to do things around my house all the time, and that includes my home network. I also carry that philosophy into work.

This is a multi-part blog that is going to attempt to outline why I’d rather spend $100,000/yr on a Salary for a good worker than to spend that same amount on some appliance to install in the Data Center. Here we’ll be talking about replacing products from companies like CA, Centrify and others with some already built-in modules in your Linux/Unix environments that many people don’t even know they have. We’ll talk about that topic in the next blog though, because I really want to focus on the fact that good Security and IT products can be difficult to come by. And sometimes you have a solution to your problem inside your organization already, but don’t know it yet. Don’t automatically think that if there is a problem, your solution is to buy another product or service from your vendor supply chain. Stop throwing money at the solution hoping it will work out!

Here’s what I started with. There is a large need to get all of our Linux/Unix environment to authenticate to Active Directory (AD). Just like the VAST majority of companies out there, we are largely a Microsoft shop. News Flash: Almost everyone is. And that’s because AD is the best at what it does; no one comes close. Same for Microsoft Exchange; I beg you to tell me who makes a product that comes anywhere close to what Exchange does. Regardless, we need to auth to AD from Linux/Unix, and the costs surrounding 3rd party vendors is ridiculous. Now I know people need to make money, but over $100 grand every couple years for software and support is insane to do such a simple task as this. I talked to a co-worker and he led me down the path of, “Why pay to do it when you can do it for, well, basically free?”

Free is a relative term, right? I mean, “there is no such thing as a free lunch.” So you’re paying my salary, and the salary of a Linux/Unix admin, and whoever else, but weren’t you already paying those salaries? And How much does it cost your company to have a (most likely well paid) Linux/Unix admin sitting around all day doing account provisioning, password resets and setting up users to have the specific access they need? Shouldn’t your account provisioning team be doing that? The costs of that are pretty high. According to a Gartner study it could cost up to $600,000/yr just sitting there resetting passwords on 300 Linux/Unix systems. Now, that number is pretty high. They are basing that on $17/password reset X 300 servers X 30 accounts per server which is $153,000/yr times 4 times a year = $612 grand.

Whether or not you’re doing that many password resets is irrelevant, and lets say a password reset costs $10 in time, and lets say you’re resetting 50 passwords a week. You’re still spending over $25,000/year on performing password resets! And that doesn’t even account for user account management, managing the rest of your server fleet, managing all the “passwd” and “shadow” files on those servers, etc… So in reality, are you going to spend $125 grand on a solution to save $25 grand? I don’t think so. But How about spending $0 to save $25 grand? 🙂

So, at the end of the day, all I’m trying to convey here is that you need to rely on your employees. If you give them the tools to succeed, you allow them the latitude to innovate  and you treat your business like a small business, I promise you that you’ll get cost savings and better service.

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)