Solved

How to Monitor Cyberoam and Fortigate firewall through Nagios?

Posted on 2010-11-27
11
5,645 Views
Last Modified: 2012-05-10
I have setup Nagios 3 on Centos and added all my Windows and Linux server for monitoring.

Now i need to know how do i monitor My Firewall and Switches via Nagios?
0
Comment
Question by:aloknet21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34222031
you can create hosts just like you did for your servers using the firewall IP address as the ip to monitor. For the switches i would configure the switch to have an ip address as well so you can keep track of that.

If you really want to get complex, you can do snmp service monitoring for your switches and firewall so that you can get info like interface bandwidth in addtion to check_host_alive.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34222494
sangamc is correct. You simply define the router/firewall/switch as another Host. The main difference is that all you're doing is PINGing the host, rather that connecting to NRPE or testing for services (although you could, in some cases, check a router/firewall/switch to see that the web interface, SSH interface and/or the telnet interface respond).

If you have an understanding of your network environment, then you can construct dependency trees, and also parent/child relationships, that relate the routers/switches/firewalls to each other and to your servers. So if a router (or the link to it) between your Nagios host and a server (or group of servers) goes down, you get one page (for the router) rather than a page for the router and all the servers (because Nagios will understand that if it can't reach the router, then it doesn't know the state of the servers).

It's difficult to be generic -  a lot of the decisions on how you engineer your Nagios config are really highly dependent on your environment.
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34222780
Thanks for your suggestion. I really want to get complex to monitor switches and Firewall for Bandwidth monitoring.

Please suggest me the steps in details for snmp with Nagios.

your help is highly appreciated!
0
More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.

 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34223535
first thing i did was setup a pulblic snmp community on all my firewalls. Then in nagios for the firewall host, i added the following snmp services to monitor it. I listed the files containing the relevant sections.

*** commands.cfg

# 'check_snmp' command definition
define command{
        command_name    check_snmp
        command_line    $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o $ARG2$
        }


*** services.cfg

define service{
      use                             generic-service,srv-pnp        
      host_name                       mtTrace
      service_description             Bandwidth
      is_volatile                     0
       check_period                    24x7
       max_check_attempts              4
       normal_check_interval           5
       retry_check_interval            1
       contact_groups                  Networking
       notification_options                 n
       notification_interval           0
       notification_period             24x7
       check_command                       check_snmp!netscreen!ifInOctets.3,ifOutOctets.3
      }

from the commands.cfg

-H is the hostnames
-C is the snmp community string. my string is netscreen
-o is the snmp oids to give me incoming and outgoing bandwidth. This is sometimes different depending on the firewall you are using. You will need to check your equipment docs to find it (or google.)

This is the resultant graph i get in nagios using the pnp4nagios graph plugins






 image.png
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34224031
I have followed to create SNMP community on my fortigate firewall as per below link.

will work on Nagios and let you know if any issue i will face.

http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate%20SNMP%20Graphs%20with%20Cacti.pdf&documentID=13833
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34227964
I have created SNMP community now.

added  these line in command.cfg

# 'check_snmp' command definition
define command{
        command_name    check_snmp
        command_line    $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o $ARG2$
        }

Now created a New template named Firewall.cfg and added these line

define service{
      use                             generic-service,srv-pnp        
      host_name                       mtTrace
      service_description             Bandwidth
      is_volatile                     0
       check_period                    24x7
       max_check_attempts              4
       normal_check_interval           5
       retry_check_interval            1
       contact_groups                  Networking
       notification_options                 n
       notification_interval           0
       notification_period             24x7
       check_command                       check_snmp!netscreen!ifInOctets.3,ifOutOctets.3
      }


activated this template in nagios.cfg file but not able to restart nagios service then.

please suggest am i doing any wrong steps?

0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34228065
you used my config word for word? if so thats where the problem is, you need to change the host_name and check_snmp command so that it takes the correct values for your firewall. ifInOctets.3 and ifOutOctets.3 is from my firewall as well. you need to find the correct values for your fortigate
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34228089
please see attached screen shot of my steps:


untitled.JPG
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34228097
0
 
LVL 1

Author Comment

by:aloknet21
ID: 34228106
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 34229921
first thing id do is instead of defining cfg files individually, i would use the following cfg_dir so that you dont have to modify nagios.cfg everytime you add a new device to monitor, just put the cfg in the hosts dir and restart nagios. i leave the 'objects dir' for nagios only global configs show below.

# You can specify individual object config files as shown below:
cfg_file=/usr/local/nagios/etc/objects/commands.cfg
cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
cfg_file=/usr/local/nagios/etc/objects/templates.cfg

# Cfg directory for all monitored hosts
cfg_dir=/usr/local/nagios/etc/hosts


use    generic-service,srv,pnp:
if you dont have pnp4nagios configured, you cant use the srv,pnp template.

check_snmp!Noida!ifInOctets ..... ifInOctets.3 and ifOutOctets.3 are snmp oids from netscreen firewalls port ethernet3, you need to find the correct oid for the fortinet firewall they are probably different. you can go to /usr/local/nagios/libexec and manually run the check snmp command

./check_snmp -H <ip address> -C Noida -o <snmp oids for fortinet firewall>
0

Featured Post

Is Your Team Achieving Their Full Potential?

74% of employees feel they are not achieving their full potential. With Linux Academy, not only will you strengthen your team's core competencies but also their knowledge of of the newest IT topics.

With new material every week, we'll make sure that you stay ahead of the game.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question