Page 5 of 6

Re: check_snmp_synology - False Positives

PostPosted: Fri Jan 04, 2019 10:55 am
by chris1337c
Pm'd you the link to the output files

Re: check_snmp_synology - False Positives

PostPosted: Fri Jan 04, 2019 11:27 am
by cdienger
File received but I missed the part where it was filtered on destination port 161. The problem with this is that it will only capture one side of the traffic - we only see the requests going out from the Nagios machine but no responses from the synology server this way.

Re: check_snmp_synology - False Positives

PostPosted: Mon Jan 07, 2019 10:27 am
by chris1337c
How do I correct this?

Re: check_snmp_synology - False Positives

PostPosted: Mon Jan 07, 2019 3:59 pm
by chris1337c
This synology box hates me:


Event Start Time Event End Time Event Duration Event/State Type Event/State Information
01-02-2019 00:00:00 01-02-2019 08:32:47 0d 8h 32m 47s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 08:32:47 01-02-2019 09:17:48 0d 0h 45m 1s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 09:17:48 01-02-2019 16:43:24 0d 7h 25m 36s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 16:43:24 01-03-2019 00:00:00 0d 7h 16m 36s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-03-2019 00:00:00 01-03-2019 04:33:48 0d 4h 33m 48s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-03-2019 04:33:48 01-03-2019 05:24:12 0d 0h 50m 24s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-03-2019 05:24:12 01-04-2019 00:00:00 0d 18h 35m 48s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 00:00:00 01-04-2019 00:58:22 0d 0h 58m 22s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 00:58:22 01-04-2019 04:39:12 0d 3h 40m 50s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 04:39:12 01-04-2019 05:29:35 0d 0h 50m 23s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-04-2019 05:29:35 01-04-2019 08:25:31 0d 2h 55m 56s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 08:25:31 01-05-2019 00:00:00 0d 15h 34m 29s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-05-2019 00:00:00 01-05-2019 04:37:35 0d 4h 37m 35s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-05-2019 04:37:35 01-05-2019 05:17:58 0d 0h 40m 23s SERVICE CRITICAL (HARD) (Service check timed out after 180.05 seconds)
01-05-2019 05:17:58 01-06-2019 00:00:00 0d 18h 42m 2s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-06-2019 00:00:00 01-07-2019 00:00:00 1d 0h 0m 0s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 00:00:00 01-07-2019 04:20:58 0d 4h 20m 58s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 04:20:58 01-07-2019 05:02:31 0d 0h 41m 33s SERVICE CRITICAL (HARD) (Service check timed out after 180.02 seconds)
01-07-2019 05:02:31 01-07-2019 05:23:25 0d 0h 20m 54s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 05:23:25 01-07-2019 08:37:53 0d 3h 14m 28s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 08:37:53 01-07-2019 09:13:09 0d 0h 35m 16s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 09:13:09 01-07-2019 09:31:25 0d 0h 18m 16s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 09:31:25 01-07-2019 09:39:24 0d 0h 7m 59s SERVICE DOWNTIME START Start of scheduled downtime
01-07-2019 09:39:24 01-07-2019 10:22:54 0d 0h 43m 30s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 10:22:54 01-07-2019 11:27:53 0d 1h 4m 59s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 11:27:53 01-07-2019 11:31:18 0d 0h 3m 25s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 11:31:18 01-07-2019 12:30:31 0d 0h 59m 13s SERVICE DOWNTIME END End of scheduled downtime
01-07-2019 12:30:31 01-07-2019 12:52:27 0d 0h 21m 56s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-07-2019 12:52:27 01-07-2019 13:37:50 0d 0h 45m 23s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 13:37:50 01-07-2019 14:00:28 0d 0h 22m 38s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 14:00:28 01-07-2019 14:40:50 0d 0h 40m 22s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-07-2019 14:40:50 01-07-2019 14:59:02 0d 0h 18m 12s+ SERVICE OK (HARD) Synology model: "RS2414rp+"

Re: check_snmp_synology - False Positives

PostPosted: Tue Jan 08, 2019 10:39 am
by cdienger
Remove the references to filter just on the destination ip and port. Try:

nohup tcpdump -Z root -s 0 -i any "host IPHEREOBV and port 161" -C 10 -W 5 -w output.pcap &

Note that this will still only capture port 161 traffic to the IPHEREOBV machine, but will capture both sides of the communication.

Re: check_snmp_synology - False Positives

PostPosted: Tue Jan 08, 2019 12:52 pm
by chris1337c
Just submitted the request, I will PM you the logs again. I am going to do some reading on wireshark, thank you for your help guy.

Re: check_snmp_synology - False Positives

PostPosted: Tue Jan 08, 2019 5:31 pm
by cdienger
Sounds good :)

Re: check_snmp_synology - False Positives

PostPosted: Mon Jan 14, 2019 4:00 pm
by chris1337c
Sent

Re: check_snmp_synology - False Positives

PostPosted: Tue Jan 15, 2019 2:12 pm
by cdienger
It looks like the plugin is pretty chatty and requests a ton of data when it runs which is likely leading to the timeouts. Looking at the reviews for this plugin on the exchange shows other users are running into similar problems with it. Excluding some of the requests would likely make it work better and it looks like one user may have done this:

Nice plugin
byfledorze, June 6, 2018
I added more generic options -r and -e to include/exclude elements, in replacement of -i option that allows to ignore DSM updates only. Tell me if you want the code.


The part of the code that appears to do the requests start on 208:

Code: Select all
RAIDName=$(echo "$syno" | grep $OID_RAIDName | cut -d "=" -f2)
    RAIDStatus=$(echo "$syno" | grep $OID_RAIDStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    systemStatus=$(echo "$syno" | grep $OID_systemStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    temperature=$(echo "$syno" | grep $OID_temperature | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    powerStatus=$(echo "$syno" | grep $OID_powerStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    systemFanStatus=$(echo "$syno" | grep $OID_systemFanStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    CPUFanStatus=$(echo "$syno" | grep $OID_CPUFanStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')


Commenting out any lines requesting unnecessary data may help here.

Re: check_snmp_synology - False Positives

PostPosted: Mon Jan 21, 2019 11:24 am
by chris1337c
I have disabled more than half of the plugin, we are going to try and go a different route to monitoring this device. Thank you for all of your help.