131
CHAPTER 6
Network Monitoring
Knowing When It Goes Wrong
Without Watching It
A
s an administrator, it is your responsibility to know when things are about to go
wrong. You can, of course, go sit by your server all day and figure out if everything is going
all right, but you probably have better things to do. Nagios offers services to monitor the
network for you. In this chapter you’ll learn how to install and use Nagios.
Starting with Nagios
Nagios is a network- wide monitoring tool. In this chapter you’ll learn how to set it up
on your servers. Once it is set up, you can watch the status of servers in your network via
a web browser. Don’t want to watch a web browser all time? That’s fine, because you can
configure Nagios to send relevant security alerts to some specified users on the network if
something goes wrong. Nagios allows you to monitor local server events, such as running
out of disk space, as network events.
Before you install Nagios, make sure that you have a web server configured (you can
read more about configuring Apache Web Server in Chapter 11 of my book Beginning
Ubuntu Server Administration, from Apress) and running. Nagios uses a web interface to
show its information, so you can’t do without that. Once you have confirmed it is up and
running, install the
j]ceko
packages:
]lp)capejop]hhj]ceko.j]ceko)lhqcejoj]ceko)ei]cao
This command installs about 40 MB of data on your server. Once that is done, you
have to complete the installation by setting up authentication. Nagios uses the file
CHAPTER 6
N
NETWORK MONITORING
132

+ap_+j]ceko.+dpl]oos`*qoano
, but this file is not created automatically. The following
command creates it for you, puts a user with the name
j]ceko]`iej
in it, and prompts for
a password:
dpl]oos`)_+ap_+j]ceko.+dpl]oos`*qoanoj]ceko]`iej
There are two configuration files related to user authentication. First,
+ap_+
j]ceko.+]l]_da.*_kjb
contains all settings that allow Nagios to communicate with
Apache. Listing 6-1 shows its contents.
Listing 6-1. /etc/nagios2/apache2.conf Sets Up Communication Between Nagios and Apache
nkkp<iah6+ap_+j]ceko._]p]l]_da.*_kjb
O_nelp=he]o+_ce)^ej+j]ceko.+qon+he^+_ce)^ej+j]ceko.
O_nelp=he]o+j]ceko.+_ce)^ej+qon+he^+_ce)^ej+j]ceko.
=he]o+j]ceko.+opuhaodaapo+ap_+j]ceko.+opuhaodaapo
=he]o+j]ceko.+qon+od]na+j]ceko.+dp`k_o
8@ena_pknuI]p_d$+qon+od]na+j]ceko.+dp`k_ox+qon+he^+_ce)^ej+j]ceko.%:
KlpekjoBkhhksOuiHejgo
@ena_pknuEj`atej`at*dpih
=hhksKranne`a=qpd?kjbec
Kn`an=hhks(@aju
=hhksBnki=hh
=qpdJ]iaJ]ceko=__aoo
=qpdPula>]oe_
=qpdQoanBeha+ap_+j]ceko.+dpl]oos`*qoano
namqenar]he`)qoan
8+@ena_pknuI]p_d:
As you can see, the

]l]_da.*_kjb
file contains the authentication settings and some
basic paths that Nagios has to use. The other relevant configuration file is
+ap_+j]ceko.+
_ce*_bc
, which contains the name of the admin user that is used for different purposes, as
well as other settings that are related to the CGI scripts that Nagios uses. The interesting
part of this script is that you can change admin names in it. By default,
j]ceko]`iej
is the
only user who has administrative permissions to perform different tasks. If, for instance,
you want to use another user account for hosts and services- related commands, change it
in the
_ce*_bc
file. Listing 6-2 shows its contents.
CHAPTER 6
N
NETWORK MONITORING
133
N
Note
For better readability, I have removed all comment lines. Consult the configuration file on disk to
see the comment lines as well.
Listing 6-2. cgi.cfg Contains the Authorizations of the admin User
j]ceko[_da_g[_kii]j`9+qon+he^+j]ceko+lhqcejo+_da_g[j]cekoX
+r]n+_]_da+j]ceko.+op]pqo*`]p1#+qon+o^ej+j]ceko.#
qoa[]qpdajpe_]pekj9-
]qpdkneva`[bkn[ouopai[ejbkni]pekj9j]ceko]`iej
]qpdkneva`[bkn[_kjbecqn]pekj[ejbkni]pekj9j]ceko]`iej
]qpdkneva`[bkn[ouopai[_kii]j`o9j]ceko]`iej

]qpdkneva`[bkn[]hh[oanre_ao9j]ceko]`iej
]qpdkneva`[bkn[]hh[dkopo9j]ceko]`iej
]qpdkneva`[bkn[]hh[oanre_a[_kii]j`o9j]ceko]`iej
]qpdkneva`[bkn[]hh[dkop[_kii]j`o9j]ceko]`iej
`ab]qhp[op]pqoi]l[h]ukqp91
`ab]qhp[op]pqosnh[h]ukqp90
lejc[oujp]t9+^ej+lejc)j)Q)_1 DKOP=@@NAOO
nabnaod[n]pa95,
At this point, you have a very basic Nagios server up and running. Before you start
to configure it, you need to find out if it works properly. From a workstation, start your
browser and connect to the following URL:
dppl6++ukqn[j]ceko[oanran+j]ceko.
This should give you a login prompt at which you can enter the name and password
of the admin user you have just created. After entering these, you should see the Nagios
web interface, as shown in Figure 6-1. Don’t bother clicking around in it, because you
haven’t set up anything yet. Therefore, you won’t see much for the moment. Read the fol-
lowing sections to find out how to configure Nagios.
CHAPTER 6
N
NETWORK MONITORING
134
Figure 6-1. After installing Nagios, connect to it to see if it works.
N
Note
The Nagios web interface gives access to some documentation that is installed on your server as
well. You can use this documentation, but be aware that the paths on Ubuntu Server are different from the
pathnames referred to in the documentation.
CHAPTER 6
N
NETWORK MONITORING

135
Configuring Nagios
Nagios uses lots of configuration files. The most difficult part of managing Nagios is to
find the right configuration file for a specific purpose. To make it even more difficult,
Nagios distinguishes between core configuration files and plug- in configuration files,
add- on files that can be used as an extension to the default functionality of Nagios.
Location of the Configuration Files
When you first start working with Nagios, it looks like configuration files are located just
about everywhere! To help you pinpoint the locations of these files, the following list
identifies the most common directories in which Nagios stores information:
s
+ap_+j]ceko.
: This is the master configuration directory. It contains the most
important configuration files, among which you will find the
j]ceko*_bc
config-
uration file.
s
+qon+he^+j]ceko+lhqcejo
: As mentioned, Nagios works with plug- ins. Every plug- in
allows you to monitor an additional service. For example, Nagios by itself doesn’t
know how to monitor Oracle. If, however, the Oracle plug- in has been installed in
this directory (which is the case after a default installation), the plug- in can man-
age Oracle.
s
+ap_+j]ceko.+_kjb*`
: This directory contains some of the most important Nag-
ios configuration files. If the file you are looking for is not in here, also check
+ap_+j]ceko)lhqcejo+_kjb
ig.

s
+ap_+j]ceko)lhqcejo+_kjbec
: This directory contains the configuration files for the
plug- ins that are installed on your server.
s
+r]n+he^+j]ceko.
: Nagios writes its output to this directory. When Nagios has been
up and running for some time, you’ll find
*kqp
files in this directory. These files
contain the information that is used by the Nagios web interface.
s
+r]n+hkc+j]ceko.
: This is the directory where Nagios writes its log files. Use it if
anything goes wrong with your Nagios environment.
Before diving deep into the different configuration files, you should also be aware
of the
+ap_+j]ceko.+_kii]j`o*_bc
file. To do its work, Nagios uses its own command set.
The
_kii]j`o*_bc
file defines the most important commands. Listing 6-3 gives a partial
example.
CHAPTER 6
N
NETWORK MONITORING
136
Listing 6-3. /etc/nagios2/commands.cfg Defines the Most Common Nagios Commands
nkkp<iah6+ap_+j]ceko._]p_kii]j`o*_bc
#lnk_aoo)dkop)lanb`]p]#_kii]j``abejepekj

`abeja_kii]j`w
_kii]j`[j]ialnk_aoo)dkop)lanb`]p]
_kii]j`[heja+qon+^ej+lnejpb!^ H=OPDKOP?DA?G Xp DKOPJ=IA
±
Xp DKOPOP=PA Xp
DKOP=PPAILP Xp DKOPOP=PAPULA Xp
±
DKOPATA?QPEKJPEIA Xp DKOPKQPLQP Xp DKOPLANB@=P= Xj::
±
+r]n+he^+j]ceko.+dkop)lanb`]p]*kqp
y
#lnk_aoo)oanre_a)lanb`]p]#_kii]j``abejepekj
`abeja_kii]j`w
_kii]j`[j]ialnk_aoo)oanre_a)lanb`]p]
_kii]j`[heja+qon+^ej+lnejpb!^ H=OPOANRE?A?DA?G Xp DKOPJ=IA
±
Xp OANRE?A@AO? Xp
OANRE?AOP=PA Xp OANRE?A=PPAILP Xp
±
OANRE?AOP=PAPULA Xp OANRE?AATA?QPEKJPEIA Xp OANRE?AH=PAJ?U
±
Xp OANRE?AKQPLQP Xp OANRE?ALANB@=P= Xj::+r]n+he^+j]ceko.+oanre_a)lanb`]p]*kqp
y
Nagios commands are well structured. If you feel you are missing any functionality in
the default Nagios command set, you can create your own Nagios commands as well. The
_kii]j`o*_bc
file contains some hints on how to do that.
The Master Configuration File: nagios.cfg
The master configuration file that Nagios uses is
+ap_+j]ceko.+j]ceko*_bc

. This file
determines where Nagios should read and write specific information. By using
_bc[beha

statements, it also tells Nagios what additional configuration files to read. For example,
these statements can refer to configuration files for specific modules that you want to
use. By default, all of these configuration files are disabled, which means that Nagios
basically monitors nothing. Of course, it makes sense to enable them, but only after you
have modified the configuration file according to your needs. Listing 6-4 shows the part
of
j]ceko*_bc
that indicates what configuration files to use. Be aware, though, that these
are only example files, and in some cases refer to files that don’t even exist at the location
that is indicated.
CHAPTER 6
N
NETWORK MONITORING
137
Listing 6-4. From nagios.cfg, Additional Configuration Files Are Included
?kii]j``abejepekjo
_bc[beha9+ap_+j]ceko.+_kii]j`o*_bc
Pdaoakpdanat]ilhao]nap]gajbnkiqlopna]i#oo]ilha_kjbecqn]pekj
behao*
Ukq_]jolhepkpdanpulaokbk^fa_p`abejepekjo]_nkoooaran]h
_kjbecbehaoebukqseod$]o`kjadana%(kngaalpdai]hhej]
oejcha_kjbecbeha*
_bc[beha9+ap_+j]ceko.+_kjp]_pcnkqlo*_bc
_bc[beha9+ap_+j]ceko.+_kjp]_po*_bc
_bc[beha9+ap_+j]ceko.+`alaj`aj_eao*_bc
_bc[beha9+ap_+j]ceko.+ao_]h]pekjo*_bc

_bc[beha9+ap_+j]ceko.+dkopcnkqlo*_bc
_bc[beha9+ap_+j]ceko.+dkopo*_bc
_bc[beha9+ap_+j]ceko.+oanre_ao*_bc
_bc[beha9+ap_+j]ceko.+peialanek`o*_bc
Atpaj`a`dkop+oanre_aejbk`abejepekjo]najksopkna`]hkjcsepd
kpdank^fa_p`abejepekjo6
_bc[beha9+ap_+j]ceko.+dkopatpejbk*_bc
_bc[beha9+ap_+j]ceko.+oanre_aatpejbk*_bc
Ukq_]j]hokpahhJ]cekopklnk_aoo]hh_kjbecbehao$sepd]*_bc
atpajoekj%ej]l]npe_qh]n`ena_pknu^uqoejcpda_bc[`en
`ena_pera]oodksj^ahks6
_bc[`en9+ap_+j]ceko.+oanrano
_bc[`en9+ap_+j]ceko.+lnejpano
_bc[`en9+ap_+j]ceko.+osep_dao
_bc[`en9+ap_+j]ceko.+nkqpano
As a Nagios administrator, it is also useful if you know about the other important
lines in the
j]ceko*_bc
file. The following list provides an overview of the most important
definitions it contains:
CHAPTER 6
N
NETWORK MONITORING
138
s
hkc[beha9+r]n+hkc+j]ceko.+j]ceko*hkc
: This parameter tells Nagios where to log its
information.
s
_bc[`en9+ap_+j]ceko.+_kjb*`

: This line tells Nagios to include all configuration files
in the specified directory.
s
_bc[beha9+ap_+j]ceko.+_kii]j`o*_bc
: This line tells Nagios to load the configura-
tion file
_kii]j`o*_bc
as well. Likewise, other
_bc[beha
lines are used to refer to
additional configuration files that Nagios should include.
s
op]pqo[beha9+r]n+_]_da+j]ceko.+op]pqo*`]p
: This file contains current status infor-
mation about all hosts and services that are monitored. The CGI scripts from the
Nagios web server interpret this file and display its contents in a graphical way.
s
_da_g[atpanj]h[_kii]j`9,
: This default line makes sure that no external commands
can be executed. If you want to manage Nagios using a web server (which should
always be the case), you need to enable this option by giving it the value 1.
s
hkc[nkp]pekj[iapdk`9`
: This line specifies in what way the Nagios log file should be
rotated. By default, this will happen daily. Valid values for this parameter follow:
s
j
: Don’t rotate the log
s
d

: Rotate hourly
s
`
: Rotate daily
s
s
: Rotate weekly
s
i
: Rotate monthly
s
hkc[]n_dera[l]pd9+r]n+hkc+j]ceko.+]n_derao
: If log rotation is enabled, this param-
eter describes where the archive of log files should be written to.
Creating Essential Nagios Configuration Files
Nagios needs some minimal configuration files, and they should reside in one of the
directories defined in the
j]ceko*_bc
file using the
_bc[`en
directive. The default location
to put them would be
+ap_+j]ceko.+_kjb*`
. Make sure that you create at least the follow-
ing configuration files:
s
_kjp]_po*_bc
: This file defines which people should get a message in case of
trouble.
s

_kjp]_pcnkqlo*_bc
: All contacts specified in
_kjp]_po*_bc
should be a member of at
least one contact group. Use this file to define the contact group.
CHAPTER 6
N
NETWORK MONITORING
139
s
pailh]pao*_bc
: This file defines templates that can be used by other configuration
files.
s
dkopo*_bc
: Use this file to define the hosts that Nagios will monitor.
s
dkopcnkqlo*_bc
: In large networks, it is useful to subdivide hosts into host groups,
such as servers, switches, routers, and so on.
s
oanre_ao*_bc
: The file defines specific services that you want to monitor for each
host.
s
peialanek`o*_bc
: This file defines time periods used in all configuration files.
Now it is time to start the real work, which unfortunately involves a lot of typing. In
the rest of this chapter, we will work on a small example network in which four Linux
servers are used. Three of these are on the internal network, and one of them is on the

Internet. Nagios can monitor other operating systems as well, but let’s try to set up
Linux- based host monitoring first. The following servers are monitored:
s
-5.*-24*-*55
: DHCP, NFS, web, Nagios, SSH
s
-5.*-24*-*-,,
: Samba, SSH
s
-5.*-24*-*-,-
: Web, FTP, SSH
s
4,*25*5/*.-2
: Web, SSH
Creating a Contacts File
Start with the creation of the
_kjp]_po*_bc
file. As specified in
+ap_+j]ceko.+j]ceko*_bc
,
this file should reside in
+ap_+j]ceko.
, so make sure to create it there. Listing 6-5 gives an
example of what this file may look like.
Listing 6-5. Example contacts.cfg File
_kjp]_p`abejepekjbknhej`]
`abeja_kjp]_pw
_kjp]_p[j]iahej`]
]he]ohej`]pdkioaj
oanre_a[jkpebe_]pekj[lanek`skngdkqno

dkop[jkpebe_]pekj[lanek`skngdkqno
oanre_a[jkpebe_]pekj[klpekjo_(n
dkop[jkpebe_]pekj[klpekjo`(n
CHAPTER 6
N
NETWORK MONITORING
140
oanre_a[jkpebe_]pekj[_kii]j`ojkpebu)^u)ai]eh
dkop[jkpebe_]pekj[_kii]j`odkop)jkpebu)^u[ai]eh
ai]ehhej`]<hk_]hdkop
y
The interesting part of this configuration file is that there are quite a few
cross- references. That is, the
_kjp]_po*_bc
file depends on what you do in other
configuration files. For instance, the lines
oanre_a[jkpebe_]pekj[lanek`
and
dkop[jkpebe_]pekj[lanek`
are periods that you will define later in the
peialanek`o*_bc
file.
In the example
_kjp]_po*_bc
file in Listing 6-6, you also see that some
oanre_a[jkpebe_]pekj[klpekjo
and
dkop[jkpebe_]pekj[klpekjo
parameters are used.
The following

oanre_a[jkpebe_]pekj[klpekjo
parameters can be used:
s
j
: Do not notify at all
s
s
: Notify on WARNING states
s
q
: Notify on UNKNOWN states
s
_
: Notify on CRITICAL states
s
n
: Notify when the service recovers and returns to OK state
Likewise, the following
dkop[jkpebe_]pekj[klpekjo
parameters can be used:
s
j
: Do not notify at all
s
`
: Notify on DOWN host states
s
q
: Notify if host is unreachable
s

n
: Notify when host recovers
Defining a Contacts Group
After defining the contacts file, you may want to create a contact group as well. This
makes it easier in large implementations to address all contacts at once. Listing 6-6 shows
what a contact group may look like.
CHAPTER 6
N
NETWORK MONITORING
141
Listing 6-6. Example of a Contact Group
@abejepekjkb]j]`iejo_kjp]_pcnkql
`abeja_kjp]_pcnkqlw
_kjp]_pcnkql[j]ia]`iejo
]he]o]`iejeopn]pkno
iai^anonkkp(hej`]
y
Defining Hosts and Host Groups
After defining whom to contact if things go wrong, you have to define hosts and, if so
required, hostnames. The hosts you define will inherit some of their settings from the
host template. On Ubuntu 8.04, you’ll find this template in the file
+ap_+j]ceko.+_kjb*`+
cajane_)dkopo[j]ceko.*_
fg. Normally you don’t need to edit the settings in this file. You
just need to refer to it when defining your hosts. This hosts configuration file may look
similar to the example shown in Listing 6-7.
Listing 6-7. Example hosts.cfg File
`abejepekjkbQ^qjpqOanran
`abejadkopw
dkop[j]iaiah

]he]oQ^qjpqOanran
]``naoo-5.*-24*-*55
qoacajane_)dkop
_da_g[_kii]j`_da_g)dkop)]hera
i]t[_da_g[]ppailpo-,
jkpebe_]pekj[ejpanr]h-.,
jkpebe_]pekj[lanek`.0t3
jkpebe_]pekj[klpekjo`(q(n
y
@abejepekjkbcajane_O]i^]oanran
`abejadkopw
dkop[j]iaouh
]he]oO]i^]Oanran
]``naoo-5.*-24*-*-,,
qoacajane_)dkop