Page 2 of 2
Re: NagiosXI Network Maxed
Posted: Fri Dec 20, 2019 4:54 pm
by scottwilkerson
Ok, so both this command and the tcpdump show no connections at all to 180.188.20.33 from Nagios XI server
Re: NagiosXI Network Maxed
Posted: Fri Dec 20, 2019 5:02 pm
by abishop
pfsense says otherwise. How I got this far ,and confirmed it is, as follows:
Noticed network was slow, rebooted router.
Seemed fine, day later slow again. This time I looked at the firewall logs and LAN/WAN charts to see my internal network outgoing was maxed as well as WAN outgoing maxed. Per the logs, able to see the source as being the XI box host to the 180.188.20.33 address.
We shut down the XI box, and the network goes back to normal.
To eliminate the Hyper-V host, we moved the VM to another host.
Turned XI VM back on, network flooded.
Created a firewall rule within pfsesnse to block the destination from leaving internal.
Called Nagios, and created this forum request.
Re: NagiosXI Network Maxed
Posted: Fri Dec 20, 2019 5:09 pm
by scottwilkerson
How much traffic is pfsense saying is going there?
when you did the tcpdump, did you let it run for 5-10 minutes like our post said?
Re: NagiosXI Network Maxed
Posted: Fri Dec 20, 2019 7:17 pm
by abishop
scottwilkerson wrote:How much traffic is pfsense saying is going there?
when you did the tcpdump, did you let it run for 5-10 minutes like our post said?
Enough traffic that our normal 5-10 meg outbound maxed to 100 meg
Yes I did. I started it, and completed a digital fingerprint for a customer. Which was at least 5 mins.
Re: NagiosXI Network Maxed
Posted: Mon Dec 23, 2019 8:01 am
by scottwilkerson
As we don't have anything builtin that connects to that address you may want to consider deploying a new XI instance and restoring a backup
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Re: NagiosXI Network Maxed
Posted: Mon Dec 23, 2019 11:08 am
by abishop
I have done so, so far we are good. I will give it some time and update this post.
Thank you for your help thus far!!!!
Re: NagiosXI Network Maxed
Posted: Mon Dec 23, 2019 11:09 am
by scottwilkerson
abishop wrote:
I have done so, so far we are good. I will give it some time and update this post.
Thank you for your help thus far!!!!
Sounds good!
Re: NagiosXI Network Maxed
Posted: Mon Dec 23, 2019 5:47 pm
by abishop
All seems to be right in the world. After investigating today, I discovered the IP XI self assigned belonged to our old FTP server. There were still some active NAT rules which could have allowed the outside world in. I'm blaming that as being the root cause.
Thank you very much for your help.
Very Merry Happy Holidays all!
Re: NagiosXI Network Maxed
Posted: Mon Dec 23, 2019 5:55 pm
by scottwilkerson
abishop wrote:All seems to be right in the world. After investigating today, I discovered the IP XI self assigned belonged to our old FTP server. There were still some active NAT rules which could have allowed the outside world in. I'm blaming that as being the root cause.
Thank you very much for your help.
Very Merry Happy Holidays all!
Great! Glad you have it solved!
Locking thread