Page 3 of 6

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 2:58 pm
by chris1337c
I put the original file back untouched with WinSCP overwriting the file that was there with the same permissions but now it is throwing warnings :(

[12-28-2018 13:22:04] SERVICE NOTIFICATION: ********n;DC_SAN;Global Health Status;ACKNOWLEDGEMENT (WARNING);notify-service-by-email;Synology model: "RS2414rp+";Nagios Admin;Im on it
Service Notification[12-28-2018 13:22:04] SERVICE NOTIFICATION: nagiosadmin;DC_SAN;Global Health Status;ACKNOWLEDGEMENT (WARNING);notify-service-by-email;Synology model: "RS2414rp+";Nagios Admin;Im on it
External Command[12-28-2018 13:22:04] EXTERNAL COMMAND: ACKNOWLEDGE_SVC_PROBLEM;DC_SAN;Global Health Status;2;1;0;Nagios Admin;Im on it
Service Warning[12-28-2018 13:20:51] SERVICE ALERT: DC_SAN;Global Health Status;WARNING;HARD;3;Synology model: "RS2414rp+"
Service Notification[12-28-2018 13:20:51] SERVICE NOTIFICATION: **********;DC_SAN;Global Health Status;WARNING;notify-service-by-email;Synology model: "RS2414rp+"
Service Notification[12-28-2018 13:20:51] SERVICE NOTIFICATION: nagiosadmin;DC_SAN;Global Health Status;WARNING;notify-service-by-email;Synology model: "RS2414rp+"

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 3:01 pm
by cdienger
It's entirely possible - 30 seconds seems like a long time and if that is a normal response time then more load on the system could certainly push the times even higher. We won't be in on Monday(or Tuesday) but we can take a look at the data when we're back in the office. Note the date and time of any timeouts seen in the logs or notifications and PM me the files. If they are too large, please upload to a third party like dropbox and send me the download link.

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 3:07 pm
by chris1337c
Will do, are there any steps I missed when copying the original file back over the modified file in Winscp that would cause Nagios to throw warnings with the only info as:

[12-28-2018 13:20:51] SERVICE ALERT: DC_SAN;Global Health Status;WARNING;HARD;3;Synology model: "RS2414rp+"

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 3:07 pm
by cdienger
The configured check has met the criteria to put it in a WARNING state. Either the problem on the synlogogy device needs to be fixed or, if the WARNING is a false positive, the check's configuration needs to be modified.

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 3:08 pm
by chris1337c
Also, I am not seeing the output.pcap0/1/2/3 being created? Or will that take some time. I executed in root and am looking at it now.

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 3:40 pm
by cdienger
output.pcap0 should be created right away but subsequent files will only be created as needed. Do you see the command running if you run "ps aux | grep tcpdump" ? You can also run the tcpdump with the full path to the output file:

nohup tcpdump -Z root -s 0 -i any port 161 and host a.b.c.d -C 10 -W 5 -w /full/path/to/output/file/output.pcap &

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 4:13 pm
by chris1337c
root 7582 0.0 0.0 112704 976 pts/0 S+ 15:12 0:00 grep --color=au to tcdump


This was the output I got from the first command.

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 4:15 pm
by chris1337c
When running "nohup tcpdump -Z root -s 0 -i any port 161 and host ******.111.1 -C 10 -W 5 -w /full/path/to/output/file/output.pcap &"

The output says ignoring input and appending output to "nohup.out"

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 4:17 pm
by chris1337c
/root/

Still no output.pcap in this location

Re: check_snmp_synology - False Positives

PostPosted: Fri Dec 28, 2018 4:28 pm
by chris1337c
Check out this SS I can't explain better than a picture :)