In this guide, we are going to learn how to configure Nagios SNMP monitoring of Linux hosts. We will be using AlienVault USM/OSSIM as our Nagios server. Just like we have stated in our previous articles, AlienVault uses Nagios by default for monitoring hosts. In order to monitor hosts, you can use the agent-based or agentless method.
Agent-based method involves installation of Nagios plugins and NRPE agents on the remote host while the agentless method involves the use of protocol such as SNMP to poll remote system metrics. This guide describes how to install and configure Nagios SNMP monitoring for polling Linux system metrics such as;
- Disk usage
- Memory usage
- Number of running processes
- Uptime
- Number of logged in users
- Open ports (Services)
You might want to check our previous article on configuring Nagios availability monitoring on AlienVault USM/OSSIM.
Monitoring of Linux Hosts with Nagios using SNMP
Before you can proceed, ensure that you have installed and configure SNMP on the remote devices to be monitored. See our previous article on how to install and configure SNMP on Ubuntu 18.04/CentOS 7. See our guide on how to Install and Configure SNMP on Ubuntu 18.04 and CentOS 7.
Add hosts to monitor to AlienVault server. Check our previous article on how to Import assets to AlienVault USM/OSSIM using a CSV file.
Enable Nagios Availability Monitoring
Create an asset group to put together hosts that share a common functionality, for example Linux Servers. After that, enable availability monitoring for the group.
Enabling availability monitoring will help automate the creation of Nagios hosts and hostgroup definition configuration files. All you need to do is to set the command and service definition for your asset group.
Configure Nagios SNMP Monitoring of Linux Hosts
Login to the AlienVault USM/OSSIM backend and navigate to Nagios configuration directory, cd /etc/nagios3/conf.d/. Under this directory there is a directory called ossim-configs which contains the hosts and hostgroups definition configuration files that are auto created when you enable availability monitoring for hostgroup from AlienVault Web UI.
ls /etc/nagios3/conf.d/ossim-configs/ host-services hostgroup-services hostgroups hostsIf you can check, the hosts directory will contain the host definition configurations while hostgroups directory contain the hostgroup definition configuration file.
ls /etc/nagios3/conf.d/ossim-configs/hosts192.168.43.154.cfg 192.168.43.23.cfgless /etc/nagios3/conf.d/ossim-configs/hostgroups/Linux\ Servers.cfg
define hostgroup{
hostgroup_name Linux Servers
alias Linux Servers
members ubuntu,centos7
}
Configure Nagios SNMP Monitoring Commands
By default, AlienVault ships with Nagios SNMP monitoring plugins called check_snmp. The plugins are located under /usr/lib/nagios/plugins/.
ls /usr/lib/nagios/plugins/ | grep snmpcheck_snmpBefore you can proceed, ensure that you have the SNMP authentication details. For SNMP v2c, ensure you have created the community and for SNMP v3 ensure that you have the username and the authentication password.
Also ensure that you have the Object Identifiers (OIDs) for whatever service you want to monitor. You can find the common OIDs on OID Repository page.
In this guide, we are going to use the default Nagios SNMP monitoring plugin, check_snmp, to monitor uptime, running processes, CPU load average and logged in users while for monitoring disk and physical memory usage, we are going to use this beautiful check_snmp_disk perl script that somebody else has made an effort to create. Therefore download the check_snmp_disk perl script and place it under the default Nagios plugins directory on AlienVault USM, /usr/lib/nagios/plugins/.
Obtain the community from the hosts and verify from the AlienVault or Nagios server that the host services can be queried before you can proceed to define your commands and services.
Check for Uptime
/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.1.3.0SNMP OK - Timeticks: (4240427) 11:46:44.27 |Running processes
/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.25.1.6.0 -w 300 -c 400SNMP OK - 117 | iso.3.6.1.2.1.25.1.6.0=117Load Average
/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.4.1.2021.10.1.3.1 -w 2.0 -c 5.0SNMP OK - 0 | iso.3.6.1.4.1.2021.10.1.3.1=0Logged In Users
/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.25.1.5.0 -w 5 -c 10SNMP OK - 2 | iso.3.6.1.2.1.25.1.5.0=2Disk Usage
/usr/lib/nagios/plugins/check_snmp_disk -H 192.168.43.23 -s Ex@mPL3 -d / -w 80% -c 90%SNMP OK - / at 16% with 6,788 of 8,178 MB freeRAM Usage
/usr/lib/nagios/plugins/check_snmp_disk -H 192.168.43.23 -s Ex@mPL3 -d 1 -w 80% -c 90%SNMP OK - Physical memory at 61% with 188 of 487 MB freeBeautiful. Everything seems to be working well. Proceed to create command and service definitions for your host servers.
If you are using SNMP version 3, you would run the check_snmp command with the syntax;
/usr/lib/nagios/plugins/check_snmp -H HOSTADDRESS -P 3 -L authPriv -U [username] -a [MD5|SHA] [-A authpass] -x [AES|DES] [-X privpass] -o [OID]For example, to check system Uptime with SNMP version 3;
/usr/lib/nagios/plugins/check_snmp -H 192.168.43.188 -P 3 -L authPriv -U snmpreadonly -a SHA -A PassWORD123 -x AES -X pAssWORD321 -o .1.3.6.1.2.1.1.3.0SNMP OK - Timeticks: (685) 0:00:06.85 |You can learn how to configure SNMP v2c and 3 on Debian 9 by following the links below;
How to Configure SNMP Version 2c on Debian 9
How to Configure SNMP version 3 on Debian 9
Navigate to Nagios hostsgroup-services directory, /etc/nagios3/conf.d/ossim-configs/hostgroup-services/.
cd /etc/nagios3/conf.d/ossim-configs/hostgroup-servicesCreate hostgroup services definition configuration file. Under this file, we will define the commands that will be used to monitor various system metrics such as system uptime, running processes, logged in users, resource consumption; disk and physical memory.
vim linux-services.cfg
# Command Definition. This polling uses an SNMP v2 Community.
# check_snmp command definition
define command{
command_name check_snmp
command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C Ex@mPL3 -o $ARG1$ $ARG2$
}
# check_snmp_disk command definition
#Disk and Memory Usage
define command{
command_name check_snmp_disk
command_line /usr/lib/nagios/plugins/check_snmp_disk -H $HOSTADDRESS$ -s Ex@mPL3 $ARG1$ $ARG2$ $ARG3$
}
# Check CPU Load for the past 1 minute
define service {
use generic-service
hostgroup_name Linux Servers
service_description CPU Load Average
check_command check_snmp!.1.3.6.1.4.1.2021.10.1.3.1!-w 2.0 -c 5.0
}
define service {
use generic-service
hostgroup_name Linux Servers
service_description Running Processes
check_command check_snmp!.1.3.6.1.2.1.25.1.6.0!-w 300 -c 400
}
define service {
use generic-service
hostgroup_name Linux Servers
service_description Logged in Users
check_command check_snmp!.1.3.6.1.2.1.25.1.5.0!-w 5 -c 10
}
define service {
use generic-service
hostgroup_name Linux Servers
service_description Uptime
check_command check_snmp!.1.3.6.1.2.1.1.3.0
}
# Check / Disk and Memory Usage
define service {
use generic-service
hostgroup_name Linux Servers
service_description / Disk Usage
check_command check_snmp_disk!-d /!-w 80% -c 90%
}
define service {
use generic-service
hostgroup_name Linux Servers
service_description RAM Usage
check_command check_snmp_disk!-d 1!-w 80% -c 90%
}
Save the configurtion file and run the command below check if there are any syntactical errors.
nagios3 -v /etc/nagios3/nagios.cfg...
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight checkIf there are no errors, restart nagios.
/etc/init.d/nagios3 restartLogin to AlienVault USM Web UI and verify that you services are now being monitored.
Well, that is all it takes to set up Nagios SNMP monitoring of Linux hosts using AlienVault USM as Nagios Server. You can also check our previous article on how to configure Nagios availability monitoring on AlienVault USM/OSSIM using Nagios and NRPE plugins.