Nagios SNMP Monitoring of Linux Hosts on AlienVault USM/OSSIM

0
2344

In this guide, we are going to learn how to configure Nagios SNMP monitoring of Linux hosts. We will be using AlienVault USM/OSSIM as our Nagios server. Just like we have stated in our previous articles, AlienVault uses Nagios by default for monitoring hosts. In order to monitor hosts, you can use the agent-based or agentless method.

Agent-based method involves installation of Nagios plugins and NRPE agents on the remote host while the agentless method involves the use of protocol such as SNMP to poll remote system metrics. This guide describes how to install and configure Nagios SNMP monitoring for polling Linux system metrics such as;

  • Disk usage
  • Memory usage
  • Number of running processes
  • Uptime
  • Number of logged in users
  • Open ports (Services)

You might want to check our previous article on configuring Nagios availability monitoring on AlienVault USM/OSSIM.

Prerequisites

Before you can proceed, ensure that you have installed and configure SNMP on the remote devices to be monitored. See our previous article on how to install and configure SNMP on Ubuntu 18.04/CentOS 7. See our guide on how to Install and Configure SNMP on Ubuntu 18.04 and CentOS 7.

Add hosts to monitor to AlienVault server. Check our previous article on how to Import assets to AlienVault USM/OSSIM using a CSV file.

Enable Nagios Availability Monitoring

Create an asset group to put together hosts that share a common functionality, for example Linux Servers. After that, enable availability monitoring for the group.

Enabling availability monitoring will help automate the creation of Nagios hosts and hostgroup definition configuration files. All you  need to do is to set the command and service definition for your asset group.

Configure Nagios SNMP Monitoring of Linux Hosts

Login to the AlienVault USM/OSSIM backend and navigate to Nagios configuration directory, cd /etc/nagios3/conf.d/. Under this directory there is a directory called ossim-configs which contains the hosts and hostgroups definition configuration files that are auto created when you enable availability monitoring for hostgroup from AlienVault Web UI.

ls /etc/nagios3/conf.d/ossim-configs/ 
host-services  hostgroup-services  hostgroups  hosts

If you can check, the hosts directory will contain the host definition configurations while hostgroups directory contain the hostgroup definition configuration file.

ls /etc/nagios3/conf.d/ossim-configs/hosts
192.168.43.154.cfg  192.168.43.23.cfg
less /etc/nagios3/conf.d/ossim-configs/hostgroups/Linux\ Servers.cfg
define hostgroup{
        hostgroup_name Linux Servers
        alias Linux Servers
        members ubuntu,centos7
        }

Configure Nagios SNMP Monitoring Commands

By default, AlienVault ships with Nagios SNMP monitoring plugins called check_snmp. The plugins are located under /usr/lib/nagios/plugins/.

ls /usr/lib/nagios/plugins/ | grep snmp
check_snmp

Before you can proceed, ensure that you have the SNMP authentication details. For SNMP v2c, ensure you have created the community and for SNMP v3 ensure that you have the username and the authentication password.

Also ensure that you have the Object Identifiers (OIDs) for whatever service you want to monitor. You can find the common OIDs on OID Repository page.

In this guide, we are going to use the default Nagios SNMP monitoring plugin, check_snmp, to monitor uptime, running processes, CPU load average and logged in users while for monitoring disk and physical memory usage, we are going to use this beautiful check_snmp_disk perl script that somebody else has made an effort to create. Therefore download the check_snmp_disk perl script and place it under the default Nagios plugins directory on AlienVault USM, /usr/lib/nagios/plugins/.

Obtain the community from the hosts and verify from the AlienVault or Nagios server that the host services can be queried before you can proceed to define your commands and services.

Check for Uptime

/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C [email protected] -o .1.3.6.1.2.1.1.3.0
SNMP OK - Timeticks: (4240427) 11:46:44.27 |

Running processes

/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C [email protected] -o .1.3.6.1.2.1.25.1.6.0 -w 300 -c 400
SNMP OK - 117 | iso.3.6.1.2.1.25.1.6.0=117

Load Average

/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C [email protected] -o .1.3.6.1.4.1.2021.10.1.3.1 -w 2.0 -c 5.0
SNMP OK - 0 | iso.3.6.1.4.1.2021.10.1.3.1=0

Logged In Users

/usr/lib/nagios/plugins/check_snmp -H 192.168.43.154 -C [email protected] -o .1.3.6.1.2.1.25.1.5.0 -w 5 -c 10        
SNMP OK - 2 | iso.3.6.1.2.1.25.1.5.0=2

Disk Usage

/usr/lib/nagios/plugins/check_snmp_disk -H 192.168.43.23 -s [email protected] -d / -w 80% -c 90%
SNMP OK - / at 16% with 6,788 of 8,178 MB free

RAM Usage

/usr/lib/nagios/plugins/check_snmp_disk -H 192.168.43.23 -s [email protected] -d 1 -w 80% -c 90%
SNMP OK - Physical memory at 61% with 188 of 487 MB free

Beautiful. Everything seems to be working well. Proceed to create command and service definitions for your host servers.

If you are using SNMP version 3, you would run the check_snmp command with the syntax;

/usr/lib/nagios/plugins/check_snmp -H HOSTADDRESS -P 3 -L authPriv -U [username] -a [MD5|SHA] [-A authpass] -x [AES|DES] [-X privpass] -o [OID]

For example, to check system Uptime with SNMP version 3;

/usr/lib/nagios/plugins/check_snmp -H 192.168.43.188 -P 3 -L authPriv -U snmpreadonly -a SHA -A PassWORD123  -x AES -X pAssWORD321 -o .1.3.6.1.2.1.1.3.0
SNMP OK - Timeticks: (685) 0:00:06.85 |

You can learn how to configure SNMP v2c and 3 on Debian 9 by following the links below;

Navigate to Nagios hostsgroup-services directory, /etc/nagios3/conf.d/ossim-configs/hostgroup-services/.

cd /etc/nagios3/conf.d/ossim-configs/hostgroup-services

Create hostgroup services definition configuration file. Under this file, we will define the commands that will be used to monitor various system metrics such as system uptime, running processes, logged in users, resource consumption; disk and physical memory.

vim linux-services.cfg
# Command Definition. This polling uses an SNMP v2 Community.
# check_snmp command definition
define command{
        command_name	check_snmp
        command_line	/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$  -C [email protected] -o $ARG1$ $ARG2$
}
# check_snmp_disk command definition
#Disk and Memory Usage
define command{
        command_name    check_snmp_disk
        command_line    /usr/lib/nagios/plugins/check_snmp_disk -H $HOSTADDRESS$ -s [email protected] $ARG1$ $ARG2$ $ARG3$
}
# Check CPU Load for the past 1 minute
define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     CPU Load Average
        check_command           check_snmp!.1.3.6.1.4.1.2021.10.1.3.1!-w 2.0 -c 5.0
}
define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     Running Processes
        check_command          check_snmp!.1.3.6.1.2.1.25.1.6.0!-w 300 -c 400
}

define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     Logged in Users
        check_command           check_snmp!.1.3.6.1.2.1.25.1.5.0!-w 5 -c 10
}
define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     Uptime
        check_command          check_snmp!.1.3.6.1.2.1.1.3.0
}
# Check / Disk and Memory Usage
define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     / Disk Usage
        check_command           check_snmp_disk!-d /!-w 80% -c 90%
}
define service {
        use                     generic-service
        hostgroup_name          Linux Servers
        service_description     RAM Usage
        check_command           check_snmp_disk!-d 1!-w 80% -c 90%
}

Save the configurtion file and run the command below check if there are any syntactical errors.

nagios3 -v /etc/nagios3/nagios.cfg
...

Total Warnings: 0
Total Errors:   0

Things look okay - No serious problems were detected during the pre-flight check

If there are no errors, restart nagios.

/etc/init.d/nagios3 restart

Login to AlienVault USM Web UI and verify that you services are now being monitored.

nagios snmp monitoring of linux hosts on AlienVaultnagios snmp monitoring Ubuntu 18.04nagios snmp monitoring CentOS 7

Well, that is all it takes to set up Nagios SNMP monitoring of Linux hosts using AlienVault USM as Nagios Server. You can also check our previous article on how to configure Nagios availability monitoring on AlienVault USM/OSSIM using Nagios and NRPE plugins.