check_snmp_synology - False Positives

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

Pm'd you the link to the output files
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: check_snmp_synology - False Positives

Post by cdienger »

File received but I missed the part where it was filtered on destination port 161. The problem with this is that it will only capture one side of the traffic - we only see the requests going out from the Nagios machine but no responses from the synology server this way.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

How do I correct this?
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

This synology box hates me:


Event Start Time Event End Time Event Duration Event/State Type Event/State Information
01-02-2019 00:00:00 01-02-2019 08:32:47 0d 8h 32m 47s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 08:32:47 01-02-2019 09:17:48 0d 0h 45m 1s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 09:17:48 01-02-2019 16:43:24 0d 7h 25m 36s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-02-2019 16:43:24 01-03-2019 00:00:00 0d 7h 16m 36s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-03-2019 00:00:00 01-03-2019 04:33:48 0d 4h 33m 48s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-03-2019 04:33:48 01-03-2019 05:24:12 0d 0h 50m 24s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-03-2019 05:24:12 01-04-2019 00:00:00 0d 18h 35m 48s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 00:00:00 01-04-2019 00:58:22 0d 0h 58m 22s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 00:58:22 01-04-2019 04:39:12 0d 3h 40m 50s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 04:39:12 01-04-2019 05:29:35 0d 0h 50m 23s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-04-2019 05:29:35 01-04-2019 08:25:31 0d 2h 55m 56s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-04-2019 08:25:31 01-05-2019 00:00:00 0d 15h 34m 29s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-05-2019 00:00:00 01-05-2019 04:37:35 0d 4h 37m 35s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-05-2019 04:37:35 01-05-2019 05:17:58 0d 0h 40m 23s SERVICE CRITICAL (HARD) (Service check timed out after 180.05 seconds)
01-05-2019 05:17:58 01-06-2019 00:00:00 0d 18h 42m 2s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-06-2019 00:00:00 01-07-2019 00:00:00 1d 0h 0m 0s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 00:00:00 01-07-2019 04:20:58 0d 4h 20m 58s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 04:20:58 01-07-2019 05:02:31 0d 0h 41m 33s SERVICE CRITICAL (HARD) (Service check timed out after 180.02 seconds)
01-07-2019 05:02:31 01-07-2019 05:23:25 0d 0h 20m 54s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 05:23:25 01-07-2019 08:37:53 0d 3h 14m 28s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 08:37:53 01-07-2019 09:13:09 0d 0h 35m 16s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 09:13:09 01-07-2019 09:31:25 0d 0h 18m 16s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 09:31:25 01-07-2019 09:39:24 0d 0h 7m 59s SERVICE DOWNTIME START Start of scheduled downtime
01-07-2019 09:39:24 01-07-2019 10:22:54 0d 0h 43m 30s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 10:22:54 01-07-2019 11:27:53 0d 1h 4m 59s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 11:27:53 01-07-2019 11:31:18 0d 0h 3m 25s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 11:31:18 01-07-2019 12:30:31 0d 0h 59m 13s SERVICE DOWNTIME END End of scheduled downtime
01-07-2019 12:30:31 01-07-2019 12:52:27 0d 0h 21m 56s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-07-2019 12:52:27 01-07-2019 13:37:50 0d 0h 45m 23s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 13:37:50 01-07-2019 14:00:28 0d 0h 22m 38s SERVICE OK (HARD) Synology model: "RS2414rp+"
01-07-2019 14:00:28 01-07-2019 14:40:50 0d 0h 40m 22s SERVICE CRITICAL (HARD) (Service check timed out after 180.01 seconds)
01-07-2019 14:40:50 01-07-2019 14:59:02 0d 0h 18m 12s+ SERVICE OK (HARD) Synology model: "RS2414rp+"
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: check_snmp_synology - False Positives

Post by cdienger »

Remove the references to filter just on the destination ip and port. Try:

nohup tcpdump -Z root -s 0 -i any "host IPHEREOBV and port 161" -C 10 -W 5 -w output.pcap &

Note that this will still only capture port 161 traffic to the IPHEREOBV machine, but will capture both sides of the communication.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

Just submitted the request, I will PM you the logs again. I am going to do some reading on wireshark, thank you for your help guy.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: check_snmp_synology - False Positives

Post by cdienger »

Sounds good :)
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

Sent
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: check_snmp_synology - False Positives

Post by cdienger »

It looks like the plugin is pretty chatty and requests a ton of data when it runs which is likely leading to the timeouts. Looking at the reviews for this plugin on the exchange shows other users are running into similar problems with it. Excluding some of the requests would likely make it work better and it looks like one user may have done this:
Nice plugin
byfledorze, June 6, 2018
I added more generic options -r and -e to include/exclude elements, in replacement of -i option that allows to ignore DSM updates only. Tell me if you want the code.
The part of the code that appears to do the requests start on 208:

Code: Select all

 RAIDName=$(echo "$syno" | grep $OID_RAIDName | cut -d "=" -f2)
    RAIDStatus=$(echo "$syno" | grep $OID_RAIDStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    systemStatus=$(echo "$syno" | grep $OID_systemStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    temperature=$(echo "$syno" | grep $OID_temperature | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    powerStatus=$(echo "$syno" | grep $OID_powerStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    systemFanStatus=$(echo "$syno" | grep $OID_systemFanStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
    CPUFanStatus=$(echo "$syno" | grep $OID_CPUFanStatus | cut -d "=" -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
Commenting out any lines requesting unnecessary data may help here.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
chris1337c
Posts: 75
Joined: Wed Dec 26, 2018 2:31 pm

Re: check_snmp_synology - False Positives

Post by chris1337c »

I have disabled more than half of the plugin, we are going to try and go a different route to monitoring this device. Thank you for all of your help.
Locked