Hello there,
I'm not sure if this has been asked before but, I'm trying to set up a parent-child configuration for different subnets on our network. Each subnet contains various hosts that are behind a firewall, where obviously, the firewalls are set up as the parents. However, I'm not sure if my config is correct. We're using Check_MK and here is an example of my config
parents = [
( "chicago_mpls", [ "chicago-net" ], ALL_HOSTS ),
( "485lex_mpls", [ "485lex-net" ], ALL_HOSTS ),
( "811dc_mpls", [ "chicago-net" ], ALL_HOSTS ),
( "811dc_mpls", [ "485lex-net" ], ALL_HOSTS ),
( "ciscoasa5550", [ "dc-net" ], ALL_HOSTS ),
( "fw-131-pub", [ "tor-net" ], ALL_HOSTS ),
( "toronto-pix_nyc", [ "tor-net" ], ALL_HOSTS ),
]
And various hosts have tags to associate them with the proper parent device. As you can see, hosts with the "tor-net" tag have two parents, as they are behind two firewalls. Also, the "811dc_mpls" device is the parent for two sets of hosts, namely, ones in the "chicago-net" and "485lex-net."
This morning one of the devices, fw-131-pub, went down, but we still got alerts for the hosts behind that device. The hosts sent us alerts with a DOWN status, instead of an unreachable status. My question is, I thought that setting up a parent child scheme in Nagios would allow you to control when you would get notifications from certain devices. Is my set up incorrect?
Please advise. Also, thank you in advance.
Parent Child Configuration for Different Networks
Re: Parent Child Configuration for Different Networks
Nagios assumes a host with parents can be reached if at least one of the parents is still up. In this case when fw-131-pub goes down, the tor-net group still has toronto-pix_nyc as a parent so it should still show up. However, it is showing down which is a bit confusing. Are you sure these are meant to have two parents, and not a parent + grandparent structure? Typically it goes something like "Router -> Firewall -> hosts" or "Firewall -> Router -> hosts" but it looks like you have "Router <-> Firewall" with hosts as children.
I haven't worked with check_mk too much so I could be reading this wrong.
I haven't worked with check_mk too much so I could be reading this wrong.
Former Nagios employee
Re: Parent Child Configuration for Different Networks
Maybe you are correct about the grandparent-parent config. I'll try that set up to see if that resolves our issue. Thanks for the quick response.
Re: Parent Child Configuration for Different Networks
You're welcome. I'll leave this thread open for a bit in case you have questions.
Former Nagios employee
Re: Parent Child Configuration for Different Networks
So I've updated my config to this, which looks more accurate based on how our network topology is set up:
parents = [
( "ciscoasa5550", [ "toronto-pix_nyc", "811dc_mpls" ] ),
( "chicago_mpls", [ "chicago-net" ], ALL_HOSTS ),
( "485lex_mpls", [ "485lex-net" ], ALL_HOSTS ),
( "811dc_mpls", [ "chicago_mpls" ] ),
( "811dc_mpls", [ "485lex_mpls" ] ),
( "ciscoasa5550", [ "dc-net" ], ALL_HOSTS ),
( "fw-131-pub", [ "tor-net" ], ALL_HOSTS ),
( "toronto-pix_nyc", [ "fw-131-pub" ] ),
]
The Nagios server is actually behind the ciscoasa5550 firewall, which means that device should be another parent to the other devices. I'll see if this resolves our problem.
parents = [
( "ciscoasa5550", [ "toronto-pix_nyc", "811dc_mpls" ] ),
( "chicago_mpls", [ "chicago-net" ], ALL_HOSTS ),
( "485lex_mpls", [ "485lex-net" ], ALL_HOSTS ),
( "811dc_mpls", [ "chicago_mpls" ] ),
( "811dc_mpls", [ "485lex_mpls" ] ),
( "ciscoasa5550", [ "dc-net" ], ALL_HOSTS ),
( "fw-131-pub", [ "tor-net" ], ALL_HOSTS ),
( "toronto-pix_nyc", [ "fw-131-pub" ] ),
]
The Nagios server is actually behind the ciscoasa5550 firewall, which means that device should be another parent to the other devices. I'll see if this resolves our problem.