ICA50411 - Diploma of Information Technology Networking Task – System and Network Monitoring with Nagios ICA11 R2 IT Training Package 28. System and Network Monitoring with Nagios Nagios is the industry standard in IT infrastructure monitoring Achieve instant awareness of IT infrastructure problems, so downtime doesn't adversely affect your business. Nagios offers complete monitoring and alerting for servers, switches, applications, and services. With Nagios you can: Monitor your entire IT infrastructure Spot problems before they occur Know immediately when problems arise Share availability data with stakeholders Detect security breaches Plan and budget for IT upgrades Reduce downtime and business losses Nagios is Open Source Software licensed under the GNU GPL V2. Monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH) Monitoring of host resources (processor load, disk usage, system logs) on a majority of network operating systems, including Microsoft Windows with the NSClient++ plugin or Check_MK. Monitoring of anything else like probes (temperature, alarms...) which have the ability to send collected data via a network to specifically written plugins Monitoring via remotely-run scripts via Nagios Remote Plugin Executor Remote monitoring supported through SSH or SSL encrypted tunnels. Simple plugin design that allows users to easily develop their own service checks depending on needs, by using the tools of choice (shell scripts, C++, Perl, Ruby, Python, PHP, C#, etc.) Plugins available for graphing of data (Nagiosgraph, PNP4Nagios, Splunk for Nagios, and others available) Parallelized service checks available Ability to define network host hierarchy using "parent" hosts, allowing detection of and distinction between hosts that are down and those that are unreachable Contact notifications when service or host problems occur and get resolved (via e-mail, pager, SMS, or any user-defined method through plugin system) Ability to define event handlers to be run during service or host events for proactive problem resolution Automatic log file rotation Support for implementing redundant monitoring hosts Optional web-interface for viewing current network status, notifications, problem history, log files, etc. Data storage is done in text files rather than database 28.1. Install Nagios System Your task is to Install the Nagios system and use it to monitor your infrastructure in a range of scenarios. There are a number of parts to this task each building in complexity upon the previous. Complete the following tasks: M Schmalfuss, IT – Hobart, Version 1.4 – 28/07/2013 1 ICA50411 - Diploma of Information Technology Networking Task – System and Network Monitoring with Nagios ICA11 R2 IT Training Package 28.1.1. Task – Install Nagios Monitoring System 1. 2. 3. Install Operating System Configure network and localhost Configure Administrator services for system a. user accounts b. sudoers c. ssh d. webmin e. firewall 4. Install Nagios prerequisites a. Apache b. MySQL c. PHP d. relevant plug-ins and connectors e. Check documentation for others 5. Test web server 6. Install Nagios 7. Test Installation 8. Install nconf (a Nagios frontend) 9. Modify nagios for nconf 10. Test configurations 11. Network monitor Map 12. Update journal and documentation for assessment 28.2. Host and Services Monitoring Once the Nagios system is up and running you will now add hosts which are to be monitored and reported by the system. Given that each LAN consists of: Windows Server Linux Server Enterprise Switch Enterprise Router Wireless Access Point Printer Web Server Mail Server Firewall Gateway Device M Schmalfuss, IT – Hobart, Version 1.4 – 28/07/2013 2 ICA50411 - Diploma of Information Technology Networking Task – System and Network Monitoring with Nagios ICA11 R2 IT Training Package Follow through the documentation to achieve the following tasks 28.2.1. Task – Nagios monitoring for Hosts and Services 1. 2. 3. 4. 5. 6. 7. Add Hosts for monitoring Add Services for monitoring Attach services for hosts Add network components Document configurations Update journal and documentation for assessment Submit evidence document to the Learning Management System 28.3. Network Monitoring Once the hosts are added to the system and monitoring is occurring you will want to analyse the logs and reports and have Nagios raise alarms when certain events occur. Monitor Protection The LAN and security framework should include: Nessus - Vunerablilty Assessment Nagios - Host and Service Monitoring, Logging and Alarms IDS IPS Snort - Intrusion Detection, Logging, Capture and Alarms Honey Pot - To capture interesting traffic Monitors may be installed with special ethernet tapping cabling to conceal presence. Each Student has a Virtual Environment incorporating Enterprise Network components as listed. Nagios may be used as a Distributed Collector for a Central Monitor. So a large amount of host and services data may be gathered and monitored. Alerts and Alarms Set up a proper DNS infrastructure. DNS will enable all hosts to be referred to by name and domain. Email services set up so that Alerts may be able to be automatically generated and distributed. M Schmalfuss, IT – Hobart, Version 1.4 – 28/07/2013 3 ICA50411 - Diploma of Information Technology Networking Task – System and Network Monitoring with Nagios ICA11 R2 IT Training Package 28.3.1. Task – Network Monitoring and Alarms 1. 2. 3. 4. 5. 6. 7. View and record many reports for hosts from various platforms such as: a. Windows Server b. Linux Server c. Appliance type server d. LAN Switch e. Router f. Wireless Access Point g. Printer Create and alarm for some certain events such as: a. Failed Logon b. Service going down c. Network connection going down d. Web service page failure e. Excessive icmp traffic f. Port scanning traffic Create varied event scenarios which will trigger and alarm Test monitoring and alarm Document configurations Update journal and documentation for assessment Submit evidence document to the Learning Management System M Schmalfuss, IT – Hobart, Version 1.4 – 28/07/2013 4