need assistance in getting traffic to my Nagios NA

[455157]

We re-ran this command and it worked, but I still show NO DATA. Any ideas?

Excellent! One step closer

When you say NO DATA, do you mean you don't see any data in Network Analyzer?

[tgriep]

Can you verify that you are listening on port 9911 on the Nagios NA server for the Cisco's IP address?

[frankmerfalen]

Nagios support,

In the nagios network analyzer web interface I do have the listening port set to 9911 and the sender ip address of our cisco router. I tried running telnet from my nagios xi to my nagios na : telnet ipaddress of nagios na 9911 but it failed. question, does nagios na open tcp port 9911 when I set it in the web interface? or do I have to open that port myself?


Thanks,

[scottwilkerson]

It should, can you run

Code: Select all

iptables -L
ps -ef|grep nfcapd|grep 9911

[tgriep]

The NagiosNA should open up the firewall but let's check and see if the port is open.
Run this command and post the results.

Code: Select all

service iptables status

[frankmerfalen]

iptables -L
[root@NAGIOSNA ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:9914
ACCEPT udp -- anywhere anywhere udp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:9912
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@NAGIOSNA ~]# ps -ef|grep nfcapd|grep 9911
nna 4300 1 0 Dec19 ? 00:00:02 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/ASA-3/flows -p 9911 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ASA-3/9911.pid -D -e -w -z
nna 4301 4300 0 Dec19 ? 00:00:02 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/ASA-3/flows -p 9911 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ASA-3/9911.pid -D -e -w -z

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@NAGIOSNA ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
4 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
5 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
6 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
7 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
8 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
9 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill
2 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill
3 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
9 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9914
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9913
18 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9912
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
23 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
24 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
25 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
29 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
6 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
7 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
11 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
12 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
13 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
14 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
15 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
16 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

[frankmerfalen]

nagios support,


It seems it is accepting upd traffic on port 9911. My thoughts is the web interface input does that? I need to get this going since my team is also looking at Solarwinds if I can;t get the network traffic working. please advise.

1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911


THANK YOU!

[frankmerfalen]

From the Nagios XI box I ran telnet (ip address of Nagios NA box) 9911

output is no route to host. Little confusing since service iptables status show output below.

1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911

[frankmerfalen]

One more and I made an incorrect statement. Your question: Can you verify that you are listening on port 9911 on the Nagios NA server for the Cisco's IP address?

Yes in the nagios web interface. The sender ip address is that of our cisco forewall. The listen port is 9911. I added little cmd using netstat. Please see below


[root@NAGIOSNA ~]# netstat -nap | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd

[root@NAGIOSNA ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
0.0.0.0 172.16.32.1 0.0.0.0 UG 0 0 0 eth0
[root@NAGIOSNA ~]#

[scottwilkerson]

From the Nagios XI box I ran telnet (ip address of Nagios NA box) 9911

output is no route to host. Little confusing since service iptables status show output below.

1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911

You wouldn't be able to telnet to the port because it is listening on UDP, however the no route to host indicated that the sending machine cannot even reach the NA machine.

Can you ping it?

Could it be all the MASQUERADEing to and from 192.168.122.0/24 in IPTABLES?