Page 1 of 1
rogue dhcp server detection
Posted: Fri Oct 10, 2014 5:21 am
by horizn
Hi,
I am looking for rogue dhcp server detection plugin, but I would like to detect only really rogue server not every dhpc servers. so plugin should has a white list or something.
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 8:08 am
by horizn
ok I've found this:
http://louismeunier.com/wp/?p=41
and it is working for me, but could someone please help me with configuration of Nagios for this?
I am trying to add to commands.cfg:
Code: Select all
define command {
command_name check_dhcp
command_line $USER1$/usr/lib/nagios/plugins/check_rogue_dhcp
}
or
Code: Select all
define command {
command_name check_dhcp
command_line perl '/usr/lib/nagios/plugins/check_rogue_dhcp'
}
but there is an error:
Code: Select all
Error: Could not add object property in file 'commands.cfg' on line 486.
Error processing object config files!
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 8:47 am
by horizn
OK, I've added this to Nagios successfully, but I can't see it on the list of monitored servers and services.
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 12:21 pm
by tmcdonald
You will need to create a service that uses that command, like so:
Code: Select all
define service {
use generic-service
host_name somehost
service_description Rogue DHCP Detection
check_command check_dhcp
}
making sure to assign it to a host that makes sense in your environment. Also, check_dhcp should be an existing command already, so you might want to change the command name to check_rogue_dhcp/
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 5:02 pm
by horizn
what should be placed instead of somehost? I define somehost in hosts.cfg I have to put an IP address. Which IP?
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 5:05 pm
by tmcdonald
I'm not familiar with how the script works, but it seems like it is scanning the network so you might be able to put it on any host.
Re: rogue dhcp server detection
Posted: Fri Oct 10, 2014 5:13 pm
by Box293
horizn wrote:what should be placed instead of somehost? I define somehost in hosts.cfg I have to put an IP address. Which IP?
Nagios services are associated with a host, it's how Nagios groups service together. If you're unsure use localhost and this service will belong to the Nagios server.