Monitor Network Switch and Ports Using Nagios


1. Enable switch.cfg in nagios.cfg

Uncomment the switch.cfg line in /usr/local/nagios/etc/nagios.cfg as shown below.

cfg_file=/usr/local/nagios/etc/objects/switch.cfg

2. Add new hostgroup for switches in switch.cfg

Add the following switches hostgroup to the /usr/local/nagios/etc/objects/switch.cfg file.

define hostgroup
{
hostgroup_name  switches
alias           Network Switches
}

3. Add a new host for the switch to be monitered

In this example, I’ve defined a host to monitor the core switch in the /usr/local/nagios/etc/objects/switch.cfg file. Change the address directive to your switch ip-address accordingly.

define host
{
use             generic-switch
host_name       core-switch
alias           Cisco Core Switch
address         192.168.1.50
hostgroups      switches
}

4. Add common services for all switches

Displaying the uptime of the switch and verifying whether switch is alive are common services for all switches. So, define these services under the switches hostgroup_name as shown below.

# Service definition to ping the switch using check_ping

define service
{
use                     generic-service
hostgroup_name          switches
service_description     PING
check_command           check_ping!200.0,20%!600.0,60%
normal_check_interval   5
retry_check_interval    1
}

# Service definition to monitor switch uptime using check_snmp

define service
{
use                     generic-service
hostgroup_name          switches
service_description     Uptime
check_command           check_snmp!-C public -o sysUpTime.0
}

5. Add service to monitor port bandwidth usage

check_local_mrtgtraf uses the Multil Router Traffic Grapher – MRTG. So, you need to install MRTG for this to work properly. The *.log file mentioned below should point to the MRTG log file on your system.

define service
{
use        generic-service
host_name core-switch
service_description Port 1 Bandwidth Usage
check_command check_local_mrtgtraf!/var/lib/mrtg/192.168.1.11_1.log!AVG!1000000,2000000!5000000,5000000!10
}

6. Add service to monitor an active switch port

Use check_snmp to monitor the specific port as shown below. The following two services monitors port#1 and port#5. To add additional ports, change the value ifOperStatus.n accordingly. i.e n defines the port#.

# Monitor status of port number 1 on the Cisco core switch

define service
{
use                  generic-service
host_name            core-switch
service_description  Port 1 Link Status
check_command        check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
}

# Monitor status of port number 5 on the Cisco core switch

define service
{
use                  generic-service
host_name            core-switch
service_description  Port 5 Link Status
check_command       check_snmp!-C public -o ifOperStatus.5 -r 1 -m RFC1213-MIB
}


7. Add services to monitor multiple switch ports together

Sometimes you may need to monitor the status of multiple ports combined together. i.e Nagios should send you an alert, even if one of the port is down. In this case, define the following service to monitor multiple ports.

# Monitor ports 1 - 6 on the Cisco core switch.

define service
{
use                   generic-service
host_name             core-switch
service_description   Ports 1-6 Link Status
check_command         check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB, -o ifOperStatus.2 -r 1 -m RFC1213-MIB, -o ifOperStatus.3 -r 1 -m RFC1213-MIB, -o ifOperStatus.4 -r 1 -m RFC1213-MIB, -o ifOperStatus.5 -r 1 -m RFC1213-MIB, -o ifOperStatus.6 -r 1 -m RFC1213-MIB
}


8. Validate configuration and restart nagios

Verify the nagios configuration to make sure there are no warnings and errors.

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Total Warnings: 0
Total Errors:   0
Things look okay - No serious problems were detected during the pre-flight check

Restart the nagios server to start monitoring the VPN device.

# /etc/rc.d/init.d/nagios stop

Stopping nagios: .done.

# /etc/rc.d/init.d/nagios start

Starting nagios: done.

Check: http://Your-server-ip/nagios or http://localhost/nagios in browsers

Network Related Commands

# dhclient eth0   
active interface 'eth0' in dhcp mode

# ethtool eth0   
show network statistics of eth0

# host www.example.com   
lookup hostname to resolve name to ip address and viceversa

# hostname   
show hostname of system

# ifconfig eth0   
show configuration of an ethernet network card

# ifconfig eth0 192.168.1.1 netmask 255.255.255.0   
configure IP Address

# ifconfig eth0 promisc   
configure 'eth0' in promiscuous mode to gather packets (sniffing)

# ifdown eth0   
disable an interface 'eth0'

# ifup eth0   
activate an interface 'eth0'

# ip link show   
show link status of all network interfaces

# iwconfig eth1   
show wireless networks

# iwlist scan   
wifi scanning to display the wireless connections available

# mii-tool eth0   
show link status of 'eth0'

# netstat -tup   
show all active network connections and their PID

# netstat -tupl   
show all network services listening on the system and their PID

# netstat -rn   
show routing table alike "route -n"

# nslookup www.example.com   
lookup hostname to resolve name to ip address and viceversa

# route -n   
show routing table

# route add -net 0/0 gw IP_Gateway   
configure default gateway

# route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1   
configure static route to reach network '192.168.0.0/16'

# route del 0/0 gw IP_gateway   
remove static route

# echo "1" > /proc/sys/net/ipv4/ip_forward   
activate ip routing

# tcpdump tcp port 80   
show all HTTP traffic

# whois www.example.com   
lookup on Whois database

User and Group Related Commands

# chage -E 2005-12-31 user1   
set deadline for user password

# groupadd [group-name]   
create a new group

# groupdel [group-name]   
delete a group

# groupmod -n moon sun   
rename a group from moon to sun

# grpck   
check correct syntax and file format of '/etc/group' and groups existence

# newgrp - [group-name]   
log into a new group to change default group of newly created files

# passwd   
change password

# passwd user1   
change a user password (only by root)

# pwck   
check correct syntax and file format of '/etc/passwd' and users existence

# useradd -c "User Linux" -g admin -d /home/user1 -s /bin/bash user1   
create a new user "user1" belongs "admin" group

# useradd user1   
create a new user

# userdel -r user1   
delete a user ( '-r' eliminates home directory)

# usermod -c "User FTP" -g system -d /ftp/user1 -s /bin/nologin user1   
change user attributes

ls commands

See list SCSI devices (or hosts) and their attributes under Linux operating systems
# lsscsi -g

Use this command to list block devices
# lsblk

To see file system type
# lsblk -f

To output info about permissions
# lsblk -m

Use this command to see Linux distribution-specific information, enter
# lsb_release
# lsb_release -a

Use this command to see USB buses in the Linux based system and the devices connected to them
# lsusb

lscpu command shows information about CPU architecture information like number of CPUs, threads, cores
# lscpu

lspci command shows information about PCI buses in the system and devices connected
# lspci

lspci command can be used to find out if a given PCI hardware
# lspci | grep VT6120

lshw command finds detailed information about the hardware configuration
# lshw / lshw-gtk

Use ls command to list directory contents
# ls
# ls -l ## long format
# ls -F ## appends a character revealing the nature of a file
# ls -a ## Show all files including hidden files
# ls -R ## recursively lists subdirectories
# ls -d ## Get info about a symbolic link or directory
# ls -t ## Sort the list of files by modification time
# ls -h ## Show sizes in human readable format
# ls -B ## In directories, ignore files that end with ‘~’ (backup files)
# ls -Z ## Display the SELinux security context
# ls --group-directories-first -l ## Show directories first (group directories). Useful on server.
# ls --color ##  Colorize the # ls output
# ls --hide='*.txt' -l ## Hide or  ignore files whose names ends with .txt

Use this command list open files, network ports, active process

#lsof | less
List all open file

#lsof -u vivek -i
See all files  opened by user "vivek"

#lsof -i 4 -a -p 7007
List all open IPv4 network files in use by the process whose PID is 7007

#lsof -i TCP80
Find process running on tcp port 80

#lsof -i 6
List only open IPv6 network files

#lsof -i 4
List only open IPv4 network files

#lsof -i TCP1-1024
List process open in port range 1 to 1024

#lsof -i @server.host.example1200-1205
List all files using any protocol on ports 1200 to 1205 of host server.host.example, use            

#lsof /dev/sr0
List all open files on device /dev/sr0

#lsof /dev/dvd
Find out why my DVD drive does not eject?

#lsof -i -u^root
See all files open by all users except root

#lsof /etc/foobar
Find out who's looking at the /etc/foobar file?

Use lsattr to lists the file attributes on a second extended file system
# lsattr /etc/passwd

Use lshal command to display items in the HAL (Hardware Abstraction Layer)
# lshal | less

Use this command to show the content of given initramfs images
# lsinitramfs /boot/initrd.img

Use this command to list all device driver loaded currently in the Linux Kernel
# lsmod

See information about the PCMCIA sockets and devices
# lspcmcia

Use this command to to lists all locks associated with the local files of the system
# lslk

Use this command to display the number of messages in a mailbox
# lsmbox

Text Manipulating Commands in Linux

# cat example.txt | awk 'NR%2==1'
remove all even lines from example.txt

# echo a b c | awk '{print $1}'
view the first column of a line

# echo a b c | awk '{print $1,$3}'
view the first and third column of a line

# cat -n file1
number row of a file

# comm -1 file1 file2
compare contents of two files by deleting only unique lines from 'file1'

# comm -2 file1 file2
compare contents of two files by deleting only unique lines from 'file2'

# comm -3 file1 file2
compare contents of two files by deleting only the lines that appear on both files

# diff file1 file2
find differences between two files

# grep Aug /var/log/messages
look up words "Aug" on file '/var/log/messages'

# grep ^Aug /var/log/messages
look up words that begin with "Aug" on file '/var/log/messages'

# grep [0-9] /var/log/messages
select from file '/var/log/messages' all lines that contain numbers

# grep Aug -R /var/log/*
search string "Aug" at directory '/var/log' and below

# paste file1 file2
merging contents of two files for columns

# paste -d '+' file1 file2
merging contents of two files for columns with '+' delimiter on the center

# sdiff file1 file2
find differences between two files and merge interactively alike "diff"

# sed 's/string1/string2/g' example.txt
replace "string1" with "string2" in example.txt

# sed '/^$/d' example.txt
remove all blank lines from example.txt

# sed '/ *#/d; /^$/d' example.txt
remove comments and blank lines from example.txt

# sed -e '1d' exampe.txt
eliminates the first line from file example.txt

# sed -n '/string1/p'
view only lines that contain the word "string1"

# sed -e 's/ *$//' example.txt
remove empty characters at the end of each row

# sed -e 's/string1//g' example.txt
remove only the word "string1" from text and leave intact all

# sed -n '1,5p' example.txt
print from 1th to 5th row of example.txt

# sed -n '5p;5q' example.txt
print row number 5 of example.txt

# sed -e 's/00*/0/g' example.txt
replace more zeros with a single zero

# sort file1 file2
sort contents of two files

# sort file1 file2 | uniq
sort contents of two files omitting lines repeated

# sort file1 file2 | uniq -u
sort contents of two files by viewing only unique line

# sort file1 file2 | uniq -d
sort contents of two files by viewing only duplicate line

# echo 'word' | tr '[:lower:]' '[:upper:]'
convert from lower case in upper case

Install proftd in linux

1. Download proftpd rpm package, download it from http://rpm.pbone.net

# wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/x86_64/RPMS/proftpd-1.3.1-3.el5.kb.x86_64.rpm

2. Install rpm package

# rpm -i proftpd-1.3.1-3.el5.kb.x86_64.rpm

3. Use ftpasswd to create user and group for ftp login. Complete manual click here.

Add users

# mkdir /etc/proftpd
# ftpasswd –passwd –file=/etc/proftpd/passwd –name=bob –uid=1001 –home=/home/bob –shell=/bin/false

Add group

# ftpasswd –group –file=/etc/proftpd/group –name=group-name –gid=group-id –member=user-member1 –member=user-member2 … –member=user-memberN

4. Edit /etc/proftpd.conf file

AuthUserFile /etc/proftpd/passwd
AuthGroupFile /etc/proftpd/group

#Disable PAM authentification
#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c

AuthPAM off

5. Restart proftpd service and put proftpd service in startup list.

# /etc/init.d/proftpd start
# chkconfig proftpd on

Mount Linux partition in Windows

Ext2Fsd free software to mount linux partition into my Windows system. It’s so easy to install and use. Just install it and with their friendly navigation we can mount it painlessly.

Package Auto Update Notifications

Install apticron

Type the following command at a shell prompt:

# apt-get update
# apt-get install apticron

Configure apticron to send email notifications

The default coniguration file is located at /etc/apticron/apticron.conf. Open file using text editor:

# vi /etc/apticron/apticron.conf

You need to set email address to email the notification as follows:

EMAIL="your_email@domain.com"

================================================================

sample configuration file

# apticron.conf
#
# set EMAIL to a list of addresses which will be notified of impending updates
#

EMAIL="admin@myhost.com"

#
# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges
# with the --profile option. You should add a corresponding profile to
# /etc/apt/listchanges.conf
#
# LISTCHANGES_PROFILE="apticron"

#
# Set SYSTEM if you would like apticron to use something other than the output
# of "hostname -f" for the system name in the mails it generates
#
# SYSTEM="foobar.example.com"

#
# Set IPADDRESSNUM if you would like to configure the maximal number of IP
# addresses apticron displays. The default is to display 1 address of each
# family type (inet, inet6), if available.
#
# IPADDRESSNUM="1"

#
# Set IPADDRESSES to a whitespace seperated list of reachable addresses for
# this system. By default, apticron will try to work these out using the
# "ip" command
#
# IPADDRESSES="192.10.2.1 2001:db8:1:2:3::1"

Save and close the file. /etc/cron.daily/apticron is the cron script for executing apticron daily and it will send you notfication when updates available.


SSH Manipulations

SSH Banner Message

Login as root and edit ssh config file

# vi /etc/ssh/sshd_config

Find this variable in the config file

# Banner /some/locations/file

Uncomment it and save the file

Restart openssh server

# /etc/init.d/ssh restart

SSH Timeout

echo “TMOUT=300 >> /etc/bashrc

echo “readonly TMOUT” >> /etc/bashrc

echo “export TMOUT” >> /etc/bashrc

Extract a single file from single tar ball

Extracting Specific Files

Extract a file called etc/default/sysstat from config.tar.gz tarball

#tar -ztvf config.tar.gz
#tar -zxvf config.tar.gz etc/default/sysstat
#tar -xvf {tarball.tar} {path/to/file}

This is also valid

#tar --extract --file={tarball.tar} {file}

Extract a directory called css from cbz.tar
##tar --extract --file=cbz.tar css

Wildcard based extracting

You can also extract those files that match a specific globbing pattern (wildcards). For example, to extract from cbz.tar all files that begin with pic, no matter their directory prefix, you could type:

#tar -xf cbz.tar --wildcards --no-anchored 'pic*'

To extract all php files, enter

#tar -xf cbz.tar --wildcards --no-anchored '*.php'

Where,

-x: instructs tar to extract files.
-f: specifies filename / tarball name.
-v: Verbose (show progress while extracting files).
-j : filter archive through bzip2, use to decompress .bz2 files.
-z: filter archive through gzip, use to decompress .gz files.
–wildcards: instructs tar to treat command line arguments as globbing patterns.
–no-anchored: informs it that the patterns apply to member names after any / delimiter.


Tar listing

Tar command provides the option to list files inside compressed tar ball. However mtools includes command called lz which gunzips and shows a listing of a gzip’d tar’d archive without extracting files.

For example, display listing of file called backup.tar.gz type command:

#lz backup.tar.gz

As you see lz provides a listing of a gzip’d tar’d archive, that is a tar archive compressed with the gzip command. It is not strictly necessary on Debian GNU/Linux (or other Linux/BSD/Solaris oses), because the GNU tar(1) program provides the same capability with the command:

#tar -tzf backup.tar.gz