Page 1 of 1
Firewall enabled unable to monitor db log file
Posted: Fri Jul 29, 2016 7:26 am
by Naveed
I have been monitoring all my db log files from my sql server, all monitoring services are fine.
But I have checked as I turn on firewall, my os and all db metrics monitoring is fine but db log files monitoring went into critical state.
My command is as following.
check_xi_mssql_database!-U 'abc' -P '123' -T 'CE_OnlineDB' -p 1433 --logfileusage --warning 0:70 --critical 0:80!!!!!!!
It throws a message, service check timeout after 60 seconds. I turned off firewall and all services are back to Ok state.
One important thing which I want to share, I have telnet my host on 1433 port, access is there in both cases when firewall enabled and disabled.
kindly suggest.
Re: Firewall enabled unable to monitor db log file
Posted: Fri Jul 29, 2016 12:01 pm
by rkennedy
Does your firewall allow traffic both ways, or perhaps are you only allowing inbound traffic? This would mean that telnet will still work, but any data coming back would be blocked. It sounds like a firewall issue though, regardless.
When the firewall is off, what is the output of nmap mssqlserverip -p 1433? (replace mssqlserverip accordingly) Now, when the firewall is on, please run the same command once again and post the output for us to review.
Re: Firewall enabled unable to monitor db log file
Posted: Mon Aug 15, 2016 9:11 am
by Naveed
Firewall disabled:
C:\Users\AxsysadminUAT>nmap 1.2.3.4 -p 1433
Starting Nmap 7.12 (
https://nmap.org ) at 2016-08-15 07:01 Pacific Daylight Time
Nmap scan report for 1.2.3.4
Host is up (0.00088s latency).
PORT STATE SERVICE
1433/tcp open ms-sql-s
Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds
Firewall enabled
C:\Users\AxsysadminUAT>nmap 1.2.3.4 -p 1433
Starting Nmap 7.12 (
https://nmap.org ) at 2016-08-15 07:01 Pacific Daylight Ti
e
Nmap scan report for 1.2.3.4
Host is up (0.00088s latency).
PORT STATE SERVICE
1433/tcp open ms-sql-s
Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds
Re: Firewall enabled unable to monitor db log file
Posted: Mon Aug 15, 2016 2:07 pm
by rkennedy
rkennedy wrote:Does your firewall allow traffic both ways, or perhaps are you only allowing inbound traffic? This would mean that telnet will still work, but any data coming back would be blocked. It sounds like a firewall issue though, regardless.
The nmap will show the result for traffic destined TO the machine as being OK, but my question is if the data is being REJECTED TO the XI server on the way back. The fact that it works when the firewall is enabled, but not disabled confirms this. You might need to add a wildcard allow for your XI server to the MSSQL machine.
Re: Firewall enabled unable to monitor db log file
Posted: Tue Aug 16, 2016 3:47 am
by Naveed
Could not get that point.
Can you please further elaborate it.
Thank you!
Re: Firewall enabled unable to monitor db log file
Posted: Tue Aug 16, 2016 11:14 am
by rkennedy
You are blocking traffic TO the Nagios server when your firewall is on.
Re: Firewall enabled unable to monitor db log file
Posted: Tue Aug 16, 2016 11:35 am
by Naveed
Sir! I need solution!
Can you suggest any other way to fix this issue.
Thank you
Re: Firewall enabled unable to monitor db log file
Posted: Tue Aug 16, 2016 12:29 pm
by rkennedy
You need to allow traffic TO your Nagios server FROM your MSSQL machine.