Nagios also offers plugins that monitor different network services. These include commands for checking FTP, DHCP protocol, and WWW servers. It is also possible for Nagios to monitor itself.
Nagios allows you to verify whether an FTP server is listening for connections using the check_ftp command. This plugin is identical to check_tcp, with the difference that the port is optional, and by default a valid FTP welcome message is expected:
check_ftp -H host -p port [-w <warning time>] [-c <critical time>]
[-s <send string>] [-e <expect string>]
[-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>]
[-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]]
[-S <use SSL>] [-E]
The port argument can be omitted and defaults to 21, or 990 for SSL-based connections. A sample command definition for checking FTP accepting connections is as follows:
define command
{
command_name check_ftp
command_line $USER1$/check_ftp -H $HOSTADDRESS$
}
Using the -s and -e flags, it is also possible to verify if a specified username and password is allowed to log in:
define command
{
command_name check_ftplogin
command_line $USER1$/check_ftp -H $HOSTADDRESS$ -E -s
"USER $ARG1
PASS $ARG2$
" -d 5 -e "230"
}
This example is quite similar to POP3 authentication as the commands are the same. The only difference is that the requested response is 230 as this is a code for a successful response to the PASS command.
If your network has a server or a router that provides the users with IP addresses via DHCP, it would be wise to make sure that this server is also working correctly. Nagios offers a plugin that attempts to request an IP address via a DHCP protocol, which can be used for this purpose. The syntax is a bit different from other plugins:
check_dhcp [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]
[-i interface] [-m mac]
This command accepts the options described in the following table:
|
Option |
Description |
|---|---|
|
|
The IP of the server that needs to reply with an IP (option might be repeated) |
|
|
Indicates that at least one DHCP server needs to offer the specified IP address |
|
|
The MAC address that should be used in the DHCP request |
|
|
The name of the interface that is to be used for checking (for example |
|
|
Unicast, for testing a DHCP relay request; requires |
Options for DHCP checking are very powerful—they can be used to check if any server is responding to the DHCP requests, for example:
define command
{
command_name check_dhcp
command_line $USER1$/check_dhcp
}
This plugin can also be used to verify if specific servers work, if a specified MAC address will receive an IP address, if a specific IP address is returned, or a combination of these check, as shown below:
define command
{
command_name check_dhcp_mac
command_line $USER1$/check_dhcp -s
$HOSTADDRESS$ -m $ARG1$ -r $ARG2$
}
This check will ensure that a specific machine provides a specific IP for requesting a specific MAC address. This allows checks to be created for specific DHCP rules, which is crucial in the case of networks that need to provide specific devices with IP addresses, which other services depend upon.
It is also worth noting that such tests are safe from a network's perspective as the IP received from the server is not acknowledged by the Nagios plugin. Therefore, a check for a specific MAC address can be done even if a network card with the same address is currently connected. DHCP works over broadcast IP requests; therefore, it is not recommended that you set up testing this service often as it might cause excessive traffic for larger networks.
It is possible for Nagios to monitor whether or not it is running on the local machine. This works by checking the Nagios log file for recent entries, as well as reading the output from the ps system command to ensure that the Nagios daemon is currently running. This plugin is mainly used in combination with NRPE or SSH, which are described in more detail in Chapter 10, Monitoring Remote Hosts. However, it can also be deployed to check the same Nagios that is scheduling the command—mainly to make sure that the log files contain recent entries. The syntax and options are as follows:
check_nagios -F <status log file> -t <timeout_seconds> -e <expire_minutes> -C <process_string>
|
Option |
Description |
|
|
IP of the server that needs to reply with an IP (option might be repeated) |
|
|
The number of minutes after which the log file is assumed to be stale |
|
|
Command or partial command to search for in the process list |
All the preceding arguments listed are required. The check for the --expires option is done by comparing the date and time of the latest entry in the log with the current date and time. The log file is usually called nagios.log and is stored in the directory that was passed in the --localstatedir option during Nagios compilation. For an installation performed according to the steps given in Chapter 2, Installing Nagios 4, the path will be /var/nagios/nagios.log. The Nagios process for such a setup would be /opt/nagios/bin/nagios. An example definition of a command receiving all of the information as arguments is as follows:
define command
{
command_name check_nagios
command_line $USER1$/check_nagios -F $ARG1$ -C
$ARG2$ -e $ARG3$
}
The first argument is the path to the log file, the second is the path to the Nagios daemon binary, and the last one is the maximum acceptable number of minutes since the last log was updated.
Making sure that websites are up and running 24/7 is vital to many large companies. Verifying that the returned pages contain correct data may be even more important for companies conducting e-commerce. Nagios offers plugins to verify that a web server works. It can also make sure that your SSL certificate is still valid and can also verify the contents of specific pages to check that they contain specific text. This command accepts various parameters, as follows:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
[-J <client certificate file>] [-K <private key>]
[-w <warn time>] [-c <critical time>] [-t <timeout>]
[-L] [-E] [-a auth] [-b proxy_auth]
[-f <ok|warning|critcal|follow|sticky|stickyport>]
[-e <expect>] [-d string] [-s string] [-l]
[-r <regex> | -R <case-insensitive regex>]
[-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6]
[-N] [-M <age>] [-A string] [-k string] [-S <version>]
[--sni] [-C <warn_age>[,<crit_age>]]
[-T <content-type>] [-j method]
The following table lists the options that either differ from their usual behavior or are not common in other commands:
|
Option |
Description |
|
|
The hostname that should be used for the |
|
|
The IP address to connect to; if not specified, |
|
|
The URL to GET or POST (defaults to /) |
|
|
The HTTP method to use, such as GET, HEAD, POST, PUT, and DELETE |
|
|
Post the encoded http via POST; content is specified as argument |
|
|
Do not wait for the document, only parse the http headers |
|
|
Warn if the document is older than the number of seconds provided; this parameter can also be specified as (for example) "15 m" for minutes, "8 h" for hours, or "7 d" for days |
|
|
Specify the http |
|
|
The text to expect in the first line of the http response; If specified, the plugin will not handle status code logic (i.e. won't warn about 404) |
|
|
Search for the specified text in result html |
|
|
Search for a specified regular expression in html (case sensitive) |
|
|
Search for a specified regular expression in html (case insensitive) |
|
|
Allow the regular expression to span across new lines |
|
|
return a state of CRITICAL if the text is found, and OK if it is not found |
|
|
Authorize on the page using the basic authentication type; must be passed in the form of |
|
|
Authorize for the proxy server; must be passed in the form of |
|
|
Pass the specified value as the |
|
|
Add other parameters to be sent in the http header (might be repeated) |
|
|
How to handle redirects; can be one of ok, warning, critical, or follow |
|
|
The minimum and maximum html page sizes in bytes, as |
|
|
Specifies how long the certificate has to be valid in days; should be in the form of |
|
|
Server Name Indication; enables SSL/TLS hostname extension support; this allows verifying SSL-enabled websites with multiple sites on a single IP address |
For example, to verify if a main page has at least the specified number of bytes and is returned promptly, the following check can be done:
define command
{
command_name check_http_basic
command_line $USER1$/check_http -H $HOSTADDRESS$ -f
follow -m $ARG1$:1000000 -w $ARG2$ -c $ARG3$
}
More complex tests of the WWW infrastructure should be carried out frequently. For example, to verify if an SSL-enabled page works correctly and quickly, a more complex test might be required. The following command will verify the SSL certificate and the page size and will look for a specific string in the page body:
define command
{
command_name check_https
command_line $USER1$/check_http -H $HOSTADDRESS$ -S
-C 14 -u $ARG1$ -f follow -m $ARG1$:$ARG2$ -R $ARG3$
}
Checking web pages at a higher level is described in more detail in Chapter 13, Programming Nagios, and uses plugins custom-written for this purpose.