Archive for the 'Tech Tips' Category

Enabling SNMP on Cisco Router – Cisco Devices

SNMP – Enabling SNMP on Cisco Router

—-

We’ve had a lot of questions on the process for configuring SNMP on Cisco devices, mainly routers and switches, in this article we will give you the steps on how to configure SNMP on Cisco routers (and Catalyst switches).

Note: We’ve tested these commands in our lab but if you have any additional questions on what may be required for your environment, please reach out to your network administrator and/or Cisco to verify that they will work with your specific devices.

1. SSH or Telnet into your router/switch:

* We recommend enabling SSH and disabling telnet wherever possible because telnet will send all the information you enter (including usernames and passwords) as plaintext across your network because it is a insecure protocol.

If you’re connecting from Linux
——————————-
ssh user@X.X.X.X

OR

telnet X.X.X.X

If you’re connecting from Windows
———————————
You can connect with Putty or another SSH/Telnet client. Just type in the router/switch IP address and select the SSH or Telnet protocol when connecting.

2. Enter enable mode:
enable

3. Enter into configuration mode:
configure terminal

4. Setup a read-only SNMP community on the device so that you can monitor it with Nagios:
snmp-server community YOURCOMMUNITY ro

* We recommend that you come up with a complex SNMP community string (capitals, lowercase, alpha-numeric characters) but don’t use any special characters because not all software will work with them in it.

5. Exit configuration mode and save the changes you’ve made:
exit
write memory

Here are the configuration commands (simplified):

MYROUTER>enable
Password:
MYROUTER#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MYROUTER(config)#snmp-server community YOURCOMMUNITY ro
MYROUTER(config)#exit
*Mar  1 00:14:40.987: %SYS-5-CONFIG_I: Configured from console by console
MYROUTER#write memory
Building configuration…
[OK]
MYROUTER#exit

Configuring SNMP Traps

———-

SNMP traps are a great way of getting alerted from a device in near real-time. When you setup SNMP traps on your compatible device and it detects an error (or another piece of information you’ve set as a trap), the device will send a trap immediately through SNMP to your Nagios server so that you can act on it according to your Nagios configurations.

Here is the process for settings up SNMP traps on your Cisco devices:

1. SSH or telnet into your router/switch.
ssh user@X.X.X.X

* We recommend enabling SSH and disabling telnet wherever possible because telnet will send all the information you enter (including usernames and passwords) as plaintext across your network.

OR

telnet X.X.X.X

2. Enter enable mode:
enable

3. Enter into configuration mode:
configure terminal

4. Setup your Nagios server as the trap target:
snmp-server host NAGIOSIPADDRESS version 2c YOURCOMMUNITY

5. Setting up the type of SNMP traps that you want to send:
You can enable all SNMP traps with this command:

snmp-server enable traps

or you can enable individual traps with the command template:

snmp-server enable traps [notification-type [notification-options]]

As an example, to setup SNMP traps for OSPF errors you would run this command:

snmp-server enable traps ospf errors

6. Exit configuration mode and save the changes you’ve made:
exit
write memory

Here are the configuration commands (simplified):

MYROUTER>enable
Password:
MYROUTER#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MYROUTER(config)#snmp-server host IPADDRESS version 2c YOURCOMMUNITY
MYROUTER(config)#snmp-server enable traps
MYROUTER(config)#exit
*Mar  1 00:14:40.987: %SYS-5-CONFIG_I: Configured from console by console
MYROUTER#write memory
Building configuration…
[OK]
MYROUTER#exit

You can read more about setting up SNMP traps with Nagios XI here.

https://assets.nagios.com/downloads/nagiosxi/docs/Integrating_SNMP_Traps_With_Nagios_XI.pdf

Using the New SLA Report within Nagios XI 2014

New to Nagios XI 2014, is the ability to generate reports based on service level agreement (SLA) statistics. In addition to the already included Availability Report, the SLA Report gives you the ability to prove, via already monitored hosts and services within your Nagios system, that you are meeting or exceeding those pesky up-time agreements.

Options for SLA Reporting in Nagios 2014

As per traditional Nagios XI reporting capabilities, there are a wide variety of included time periods that will fit most use cases, as well as the ability to generate reports based on custom time periods. Reports can also be filtered by Host, Hostgroup, and Servicegroup for maximum flexibility when only specific hosts and services need to have reports generated. The final important aspect when generating a report is the modifiable SLA Target value. This allows you up to 5 points of precision when generating reports and can fully calculate the five 9s(99.999%) used in so many cases.

Continue reading ‘Using the New SLA Report within Nagios XI 2014’

Deploying Nagios XI Monitoring Software on Linode

We often use Linode for various items at Nagios, and while bringing up a server the other day, I decided to make a Linode StackScripts that will allow users to easily setup a Nagios XI server on Linode that can be used for any of the following, 60 day free trial, testing or production.

While I was testing the script functionality, I also made a quick video documenting the setup process.

Securing Nagios XI Web Front-End with Mod_Security

Today we’re going to walk-through installing a web application firewall for Nagios XI. While not mandatory, this is an important task for anyone with a Nagios XI interface that is accessible through the internet. We do our best to create a secure application and make every effort to protect the data accessible via our software. However, mistakes are made and zero-day exploits do happen, as such, implementing additional measures such as mod_security is a great way to add additional difficulty for any potential attackers.

Mod_Security, is an Apache module that enables a host based web application firewall(waf) before any web traffic actually touches the applications served by Apache. This allows attacks such as sql injection(sqli), cross-site scripting(xss), cross-site request forgery(csrf), and many others to be detected and stopped before they have a chance to effect the web application and back-end databases. In the case of Nagios XI we are most worried about things like sqli, xss, command injection, remote and local file inclusion, and path traversal, as these have the most potential to take or modify vital data or gain access to the server. Mod_Security comes with list of predefined set of rules, that companies like Trustwave and groups like OWASP, regularly submit to and maintain. The module and rules definitions are entirely open source, although there are paid variations of the rules as well.

Setting up Mod_Security to protect your Nagios XI interface is pretty straightforward. The general idea is to install yum provided packages, disable some rules that cause issues with Nagios functionality, and restart Apache. Shall we begin?

1) Install Mod_Security packages.

yum install mod_security_crs-extras mod_security mod_security_crs

2) Download the base exclusion configuration for Apache, and move to the correct location.

cd /tmp

wget http://assets.nagios.com/downloads/nagiosxi/misc/mod_security_excluded_rules.conf

cp /tmp/mod_security_excluded_rules.conf /etc/httpd/conf.d/

3) Restart Apache and verify Nagios is working properly.

service httpd restart

Browse to your Nagios XI server and verify login and that everything looks normal.

Further documentation and troubleshooting can be found at: Integrating Mod_Security with Nagios XI