Monitor Host with 1000 Ports ...Ideas?

[mikew]

I am trying to help a company evaluate how to monitor a single host with 1000 TCP port connections. The uniqueness of this situation is how to reduce the load on that host and still get adequate monitoring. Here are several of the apects we have examined:

1. NRPE Indirect Checks
Because of structure NRPE Indirect checks were the first choice. This means that Nagios connects to HostA which connects to HostB and executes the 1000 checks.

2. SNMP with extend Scripts
We looked at this option which made the setup much more complex and had a more complex troubleshooting issue. It probably reduces network bandwidth but really the same checks will be run on the host so not many advantages.

3. NRDS
NRDS has the biggest advantage of reducing the load on Nagios. However, it still does not reduces the host with 1000 tcp port checks.

So, I am looking for ideas as this is kind of a unusual situation....any thought would be helpful at this point.

[BanditBBS]

Mike,

Help me understand better what you are wanting. Are you wanting to check the 1000 TCP connections or are you wanting to run random checks on it but want to make sure and use the lowest cpu utilization method?

[tmcdonald]

Do you *need* 1,000 separate services? Or would a single service work that just reports how many ports are open/closed? Does each port have a unique method of checking or are they all the same? Is this for alerting or just informational?

[mikew]

This is 1000 separate ports on one host that all need to be checked, 1000 separate checks.

Check Specifics:
* 1000 separate checks on one host, all different TCP checks
* 1000 separate checks that need to trigger alerts if they are not up
* bandwidth usage (perf data) not required
* these are spefiic checks that are connects to storage

[sreinhardt]

Honestly an nmap or check_tcp\udp to the host with those services would not be terribly difficult on either the host or nagios system, especially provided you only need to make sure they are open and they get separated out through standard nagios scheduling.

Otherwise my suggestion, write a script that runs on a cron or agent, calls netstat and has a condition for each port(maybe a port:service name:expected connection config to import) as it looks through netstat output, it reports passively back to nagios with each service name, port state, and number of active connections(if you care). This should result in a fairly quick and light script that can be modified to handle any additional ports in the future. Just my take though, someone else could come up with something better!

[mikew]

Thanks, those ideas make sense, especially with the issue of trying to protect resources on the host.

[sreinhardt]

You're welcome! If you do go the script route and can share, I'd love to see what you came up with.