Page 2 of 4
Re: need assistance in getting traffic to my Nagios NA
Posted: Fri Dec 19, 2014 8:08 pm
by 455157
frankmerfalen wrote:We re-ran this command and it worked, but I still show NO DATA. Any ideas?
Excellent! One step closer
When you say NO DATA, do you mean you don't see any data in Network Analyzer?
Re: need assistance in getting traffic to my Nagios NA
Posted: Mon Dec 22, 2014 1:35 pm
by tgriep
Can you verify that you are listening on port 9911 on the Nagios NA server for the Cisco's IP address?
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 12:38 pm
by frankmerfalen
Nagios support,
In the nagios network analyzer web interface I do have the listening port set to 9911 and the sender ip address of our cisco router. I tried running telnet from my nagios xi to my nagios na : telnet ipaddress of nagios na 9911 but it failed. question, does nagios na open tcp port 9911 when I set it in the web interface? or do I have to open that port myself?
Thanks,
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 12:51 pm
by scottwilkerson
It should, can you run
Code: Select all
iptables -L
ps -ef|grep nfcapd|grep 9911
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 12:54 pm
by tgriep
The NagiosNA should open up the firewall but let's check and see if the port is open.
Run this command and post the results.
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 1:01 pm
by frankmerfalen
iptables -L
[root@NAGIOSNA ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:sype-transp ort
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:9914
ACCEPT udp -- anywhere anywhere udp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:9912
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@NAGIOSNA ~]# ps -ef|grep nfcapd|grep 9911
nna 4300 1 0 Dec19 ? 00:00:02 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/ASA-3/flows -p 9911 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ASA-3/9911.pid -D -e -w -z
nna 4301 4300 0 Dec19 ? 00:00:02 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/ASA-3/flows -p 9911 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ASA-3/9911.pid -D -e -w -z
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@NAGIOSNA ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
4 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
5 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
6 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
7 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
8 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
9 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill
2 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill
3 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHE CKSUM fill
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
9 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9914
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9913
18 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9912
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
23 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
24 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
25 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
29 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
6 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
7 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
11 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED, ESTABLISHED
12 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
13 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
14 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
15 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-port-unreachable
16 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic mp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 1:24 pm
by frankmerfalen
nagios support,
It seems it is accepting upd traffic on port 9911. My thoughts is the web interface input does that? I need to get this going since my team is also looking at Solarwinds if I can;t get the network traffic working. please advise.
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
THANK YOU!
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 1:29 pm
by frankmerfalen
From the Nagios XI box I ran telnet (ip address of Nagios NA box) 9911
output is no route to host. Little confusing since service iptables status show output below.
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 1:34 pm
by frankmerfalen
One more and I made an incorrect statement. Your question: Can you verify that you are listening on port 9911 on the Nagios NA server for the Cisco's IP address?
Yes in the nagios web interface. The sender ip address is that of our cisco forewall. The listen port is 9911. I added little cmd using netstat. Please see below
[root@NAGIOSNA ~]# netstat -nap | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd
[root@NAGIOSNA ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
0.0.0.0 172.16.32.1 0.0.0.0 UG 0 0 0 eth0
[root@NAGIOSNA ~]#
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 1:37 pm
by scottwilkerson
frankmerfalen wrote:From the Nagios XI box I ran telnet (ip address of Nagios NA box) 9911
output is no route to host. Little confusing since service iptables status show output below.
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9911
You wouldn't be able to telnet to the port because it is listening on UDP, however the no route to host indicated that the sending machine cannot even reach the NA machine.
Can you ping it?
Could it be all the MASQUERADEing to and from 192.168.122.0/24 in IPTABLES?