{"id":1735,"date":"2018-12-15T10:59:45","date_gmt":"2018-12-15T07:59:45","guid":{"rendered":"http:\/\/kifarunix.com\/?p=1735"},"modified":"2024-03-11T21:44:02","modified_gmt":"2024-03-11T18:44:02","slug":"nagios-snmp-monitoring-of-linux-hosts-on-alienvault-usm-ossim","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/nagios-snmp-monitoring-of-linux-hosts-on-alienvault-usm-ossim\/","title":{"rendered":"Nagios SNMP Monitoring of Linux Hosts on AlienVault USM\/OSSIM"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to configure Nagios SNMP monitoring of Linux hosts. We will be using AlienVault USM\/OSSIM as our Nagios server. Just like we have stated in our previous articles, AlienVault uses Nagios by default for monitoring hosts. In order to monitor hosts, you can use the agent-based or agentless method.<\/p>\n\n\n\n<p>Agent-based method involves installation of Nagios plugins and NRPE agents on the remote host while the agentless method involves the use of protocol such as SNMP to poll remote system metrics. This guide describes how to install and configure Nagios SNMP monitoring for polling Linux system metrics such as;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disk usage<\/li>\n\n\n\n<li>Memory usage<\/li>\n\n\n\n<li>Number of running processes<\/li>\n\n\n\n<li>Uptime<\/li>\n\n\n\n<li>Number of logged in users<\/li>\n\n\n\n<li>Open ports (Services)<\/li>\n<\/ul>\n\n\n\n<p>You might want to check our previous article on <a href=\"https:\/\/kifarunix.com\/how-to-configure-availability-monitoring-on-alienvault-usm-ossim\/\" target=\"_blank\" rel=\"noopener\">configuring Nagios availability monitoring on AlienVault USM\/OSSIM<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Monitoring of Linux Hosts with Nagios using SNMP<\/h2>\n\n\n\n<p>Before you can proceed, ensure that you have installed and configure SNMP on the remote devices to be monitored. See our previous article on how to install and configure SNMP on Ubuntu 18.04\/CentOS 7. See our guide on how to <a title=\"Install and Configure SNMP on Ubuntu 18.04 and CentOS 7\" href=\"https:\/\/kifarunix.com\/install-and-configure-snmp-ubuntu-18-04-and-centos-7\/\" rel=\"bookmark\">Install and Configure SNMP on Ubuntu 18.04 and CentOS 7<\/a>.<\/p>\n\n\n\n<p>Add hosts to monitor to AlienVault server. Check our previous article on <a href=\"https:\/\/kifarunix.com\/how-to-add-assets-to-alienvault-ossim-server-for-monitoring\/\" target=\"_blank\" rel=\"noopener\">how to Import assets to AlienVault USM\/OSSIM using a CSV file<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Enable Nagios Availability Monitoring<\/h4>\n\n\n\n<p>Create an asset group to put together hosts that share a common functionality, for example Linux Servers. After that, enable availability monitoring for the group.<\/p>\n\n\n\n<p>Enabling availability monitoring will help automate the creation of Nagios hosts and hostgroup definition configuration files. All you&nbsp; need to do is to set the <strong>command<\/strong> and <strong>service<\/strong> definition for your asset group.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Nagios SNMP Monitoring of Linux Hosts<\/h2>\n\n\n\n<p>Login to the AlienVault USM\/OSSIM backend and navigate to Nagios configuration directory, <code>cd \/etc\/nagios3\/conf.d\/<\/code>. Under this directory there is a directory called <code>ossim-configs<\/code> which contains the hosts and hostgroups definition configuration files that are auto created when you enable availability monitoring for hostgroup from AlienVault Web UI.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/nagios3\/conf.d\/ossim-configs\/ <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>host-services  hostgroup-services  <strong>hostgroups  hosts<\/strong><\/code><\/pre>\n\n\n\n<p>If you can check, the <strong>hosts<\/strong> directory will contain the host definition configurations while <strong>hostgroups<\/strong> directory contain the hostgroup definition configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/nagios3\/conf.d\/ossim-configs\/hosts<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code><strong>192.168.43.154.cfg  192.168.43.23.cfg<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>less \/etc\/nagios3\/conf.d\/ossim-configs\/<strong>hostgroups<\/strong>\/<strong>Linux\\ Servers.cfg\n<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ndefine hostgroup{\n        hostgroup_name Linux Servers\n        alias Linux Servers\n        members <strong>ubuntu,centos7<\/strong>\n        }\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Nagios SNMP Monitoring Commands<\/h2>\n\n\n\n<p>By default, AlienVault ships with Nagios SNMP monitoring plugins called <code>check_snmp<\/code>. The plugins are located under <code>\/usr\/lib\/nagios\/plugins\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls \/usr\/lib\/nagios\/plugins\/ | grep snmp<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>check_snmp<\/code><\/pre>\n\n\n\n<p>Before you can proceed, ensure that you have the SNMP authentication details. For SNMP v2c, ensure you have created the community and for SNMP v3 ensure that you have the username and the authentication password.<\/p>\n\n\n\n<p>Also ensure that you have the <code>Object Identifiers (OIDs)<\/code> for whatever service you want to monitor. You can find the common OIDs on <a href=\"http:\/\/www.oid-info.com\/basic-search.htm\" target=\"_blank\" rel=\"noopener\">OID Repository page<\/a>.<\/p>\n\n\n\n<p>In this guide, we are going to use the default Nagios SNMP monitoring plugin, <code>check_snmp<\/code>, to monitor uptime, running processes, CPU load average and logged in users while for monitoring disk and physical memory usage, we are going to use this beautiful <code>check_snmp_disk<\/code> perl script that somebody else has made an effort to create. Therefore download the <a href=\"https:\/\/drive.google.com\/open?id=1vEhuRiOyNCgbxsNB9zm4LP3SsInybb5L\" target=\"_blank\" rel=\"noopener\">check_snmp_disk<\/a> perl script and place it under the default Nagios plugins directory on AlienVault USM, <code>\/usr\/lib\/nagios\/plugins\/<\/code>.<\/p>\n\n\n\n<p>Obtain the community from the hosts and verify from the AlienVault or Nagios server that the host services can be queried before you can proceed to define your commands and services.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Check for Uptime<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.1.3.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - Timeticks: (4240427) 11:46:44.27 |<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running processes<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.25.1.6.0 -w 300 -c 400<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - 117 | iso.3.6.1.2.1.25.1.6.0=117<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Load Average<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.4.1.2021.10.1.3.1 -w 2.0 -c 5.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - 0 | iso.3.6.1.4.1.2021.10.1.3.1=0<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Logged In Users<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H 192.168.43.154 -C Ex@mPL3 -o .1.3.6.1.2.1.25.1.5.0 -w 5 -c 10<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - 2 | iso.3.6.1.2.1.25.1.5.0=2<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Disk Usage<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp_disk -H 192.168.43.23 -s Ex@mPL3 -d \/ -w 80% -c 90%<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - \/ at 16% with 6,788 of 8,178 MB free<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">RAM Usage<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp_disk -H 192.168.43.23 -s Ex@mPL3 -d 1 -w 80% -c 90%<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - Physical memory at 61% with 188 of 487 MB free<\/code><\/pre>\n\n\n\n<p>Beautiful. Everything seems to be working well. Proceed to create command and service definitions for your host servers.<\/p>\n\n\n\n<p>If you are using SNMP version 3, you would run the check_snmp command with the syntax;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H HOSTADDRESS -P 3 -L authPriv -U <code class=\"filename\">&#91;username]<\/code> -a &#91;MD5|SHA] &#91;-A authpass] -x &#91;AES|DES] &#91;-X privpass] -o &#91;OID]<\/code><\/pre>\n\n\n\n<p>For example, to check system Uptime with SNMP version 3;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/lib\/nagios\/plugins\/check_snmp -H 192.168.43.188 -P 3 -L authPriv -U snmpreadonly -a SHA -A PassWORD123  -x AES -X pAssWORD321 -o .1.3.6.1.2.1.1.3.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SNMP OK - Timeticks: (685) 0:00:06.85 |<\/code><\/pre>\n\n\n\n<p>You can learn how to configure SNMP v2c and 3 on Debian 9 by following the links below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-configure-snmp-version-2c-on-debian-9\/\" target=\"_blank\" rel=\"noopener\">How to Configure SNMP Version 2c on Debian 9<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-configure-snmp-version-3-on-debian-9\/\" target=\"_blank\" rel=\"noopener\">How to Configure SNMP version 3 on Debian 9<\/a><\/p>\n\n\n\n<p>Navigate to Nagios hostsgroup-services directory, <code>\/etc\/nagios3\/conf.d\/ossim-configs\/hostgroup-services\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/nagios3\/conf.d\/ossim-configs\/hostgroup-services<\/code><\/pre>\n\n\n\n<p>Create hostgroup services definition configuration file. Under this file, we will define the commands that will be used to monitor various system metrics such as system uptime, running processes, logged in users, resource consumption; disk and physical memory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim linux-services.cfg<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n# Command Definition. This polling uses an SNMP v2 Community.\n# check_snmp command definition\ndefine command{\n        command_name\tcheck_snmp\n        command_line\t\/usr\/lib\/nagios\/plugins\/check_snmp -H $HOSTADDRESS$  -C Ex@mPL3 -o $ARG1$ $ARG2$\n}\n# check_snmp_disk command definition\n#Disk and Memory Usage\ndefine command{\n        command_name    check_snmp_disk\n        command_line    \/usr\/lib\/nagios\/plugins\/check_snmp_disk -H $HOSTADDRESS$ -s Ex@mPL3 $ARG1$ $ARG2$ $ARG3$\n}\n# Check CPU Load for the past 1 minute\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     CPU Load Average\n        check_command           check_snmp!.1.3.6.1.4.1.2021.10.1.3.1!-w 2.0 -c 5.0\n}\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     Running Processes\n        check_command          check_snmp!.1.3.6.1.2.1.25.1.6.0!-w 300 -c 400\n}\n\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     Logged in Users\n        check_command           check_snmp!.1.3.6.1.2.1.25.1.5.0!-w 5 -c 10\n}\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     Uptime\n        check_command          check_snmp!.1.3.6.1.2.1.1.3.0\n}\n# Check \/ Disk and Memory Usage\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     \/ Disk Usage\n        check_command           check_snmp_disk!-d \/!-w 80% -c 90%\n}\ndefine service {\n        use                     generic-service\n        hostgroup_name          Linux Servers\n        service_description     RAM Usage\n        check_command           check_snmp_disk!-d 1!-w 80% -c 90%\n}\n<\/code><\/pre>\n\n\n\n<p>Save the configurtion file and run the command below check if there are any syntactical errors.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nagios3 -v \/etc\/nagios3\/nagios.cfg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>...\n\n<strong>Total Warnings: 0<\/strong>\n<strong>Total Errors:   0<\/strong>\n\nThings look okay - No serious problems were detected during the pre-flight check<\/code><\/pre>\n\n\n\n<p>If there are no errors, restart nagios.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/etc\/init.d\/nagios3 restart<\/code><\/pre>\n\n\n\n<p>Login to AlienVault USM Web UI and verify that you services are now being monitored.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp-monitoring.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1145\" height=\"520\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp-monitoring.png\" alt=\"nagios snmp monitoring of linux hosts on AlienVault\" class=\"wp-image-1747\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp-monitoring.png 1145w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp-monitoring-768x349.png 768w\" sizes=\"(max-width: 1145px) 100vw, 1145px\" \/><\/figure><\/a><\/div>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp_monitoring.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1148\" height=\"261\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp_monitoring.png\" alt=\"nagios snmp monitoring Ubuntu 18.04\" class=\"wp-image-1746\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp_monitoring.png 1148w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios-snmp_monitoring-768x175.png 768w\" sizes=\"(max-width: 1148px) 100vw, 1148px\" \/><\/figure><\/a><\/div>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios_snmp-monitoring.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1163\" height=\"271\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios_snmp-monitoring.png\" alt=\"nagios snmp monitoring CentOS 7\" class=\"wp-image-1745\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios_snmp-monitoring.png 1163w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/12\/nagios_snmp-monitoring-768x179.png 768w\" sizes=\"(max-width: 1163px) 100vw, 1163px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Well, that is all it takes to set up Nagios SNMP monitoring of Linux hosts using AlienVault USM as Nagios Server. You can also check our previous article on <a href=\"https:\/\/kifarunix.com\/how-to-configure-availability-monitoring-on-alienvault-usm-ossim\/\" target=\"_blank\" rel=\"noopener\">how to configure Nagios availability monitoring on AlienVault USM\/OSSIM<\/a> using Nagios and NRPE plugins.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to configure Nagios SNMP monitoring of Linux hosts. We will be using AlienVault USM\/OSSIM as our<\/p>\n","protected":false},"author":1,"featured_media":13017,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,121,73,347],"tags":[104,5275,75,5276,5274,5277,276],"class_list":["post-1735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-howtos","category-nagios","category-snmp","tag-alienvault","tag-monitor-linux-hosts-using-nagios-and-snmp","tag-nagios","tag-nagios-snmp","tag-nagios-snmp-monitoring-of-linux-hosts","tag-ossim-nagios-snmp","tag-snmp","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1735"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=1735"}],"version-history":[{"count":10,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1735\/revisions"}],"predecessor-version":[{"id":21079,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1735\/revisions\/21079"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/13017"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=1735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=1735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=1735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}