Page 1 of 2
Initial Setup Issues
Posted: Wed Oct 03, 2018 2:45 pm
by rkane
Having some issues with the initial setup, I've applied the documented steps to a couple of our 3850 switches and created corresponding sources in NagiosNA. For a few days now there's been no data that's come in. Some troubleshooting steps I've taken:
- Verified the configuration steps on two different 3850s
- Added lines for both uplinks (interfaces) to be monitored
- Pinged the NagiosNA box from the switch
- Pinged the switch from the NagiosNA box
Can someone please walk me step by step through getting this up and running? I'm sure I've missed something simple.
Re: Initial Setup Issues
Posted: Wed Oct 03, 2018 3:58 pm
by lmiltchev
You can check a few things to start with:
1. Make sure that don't have any timezone issues, e.g. mismatch between the date/time on your device and your workstation. Run the following commands on the NNA box, and examine the output:
Code: Select all
date
file /etc/localtime
grep "date.timezone" /etc/php.ini
2. Check to see if nfcapd is running for your source:
where you substitute the "xxxx" with the actual port set up on your source
3. Is the port open? Check your firewall rules.
Code: Select all
firewall-cmd --zone=public --list-ports
Re: Initial Setup Issues
Posted: Wed Oct 03, 2018 4:08 pm
by rkane
1. Date looked good, file /etc/localtime returned 'no such file or directory', timezone looked good
2. Not sure what to verify in the output but I can verify that the two I have configured dump more output than one that I do not, attached a sample of the output
3. Ports are open for UDP
lmiltchev wrote:You can check a few things to start with:
1. Make sure that don't have any timezone issues, e.g. mismatch between the date/time on your device and your workstation. Run the following commands on the NNA box, and examine the output:
Code: Select all
date
file /etc/localtime
grep "date.timezone" /etc/php.ini
2. Check to see if nfcapd is running for your source:
where you substitute the "xxxx" with the actual port set up on your source
3. Is the port open? Check your firewall rules.
Code: Select all
firewall-cmd --zone=public --list-ports
Re: Initial Setup Issues
Posted: Wed Oct 03, 2018 4:47 pm
by lmiltchev
1. Date looked good, file /etc/localtime returned 'no such file or directory', timezone looked good
Create a symlink by running something like this:
Code: Select all
ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
where you substitute "Los_Angeles" with the correct timezone (that matches the timezone, defined in the /etc/php.ini file).
Note: You can view the available timezones by listing the directory, for example:
Run the following command on the NNA box, wait until you get some output, then stop the command by hitting "ctrl+c", upload the 9000.cap file, that was created on the forum.
Code: Select all
tcpdump -i any -s 65535 -w 9000.cap port 9000
Also, show us the Cisco configs.
Re: Initial Setup Issues
Posted: Wed Oct 03, 2018 4:53 pm
by rkane
Returns
Any particular commands you'd like me to run on the Cisco box?
I input the commands in this doc
https://assets.nagios.com/downloads/nag ... alyzer.pdf
lmiltchev wrote:
Run the following command on the NNA box, wait until you get some output, then stop the command by hitting "ctrl+c", upload the 9000.cap file, that was created on the forum.
Code: Select all
tcpdump -i any -s 65535 -w 9000.cap port 9000
Also, show us the Cisco configs.
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 8:24 am
by tgriep
The tcpdump command needs to be installed and to do that, run the following as root.
Then run the tcpdump command and upload the 9000.cap file to the post.
What we would need to see from the Cisco device is the configuration so display the configuration and upload it to the ticket.
Thanks
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 9:23 am
by rkane
Appreciate it, the tcpdump had nothing for 15 minutes. 9000.cap attached.
Switch config attached, let me know what else you'd like to see?
tgriep wrote:The tcpdump command needs to be installed and to do that, run the following as root.
Then run the tcpdump command and upload the 9000.cap file to the post.
What we would need to see from the Cisco device is the configuration so display the configuration and upload it to the ticket.
Thanks
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 12:29 pm
by tgriep
Thanks for the files.
The Cisco config looks like it is configured OK but the bad news is that the cap file did not have any entries in it and it seemed to be corrupted.
So, can you run the tcpdump again and let is run for at lease 10 minutes and then upload it again?
And, run these commands as root and post the output.
Thanks
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 3:27 pm
by rkane
Ran the tcpdump for 15min the first time, no data. Running another 15min now. Attachments with the output from both the other commands.
Code: Select all
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel
tgriep wrote:
So, can you run the tcpdump again and let is run for at lease 10 minutes and then upload it again?
And, run these commands as root and post the output.
Thanks
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 4:13 pm
by tgriep
Same problem with the tcpdump command again, it did not capture anything.
So either the Cisco device is not sending data or the file is getting corrupted somehow.
If you want to try again, use this command to capture.
Code: Select all
tcpdump -i any -s 0 -w 9000.cap port 9000
If the capture file is only 24 bytes, don't bother uploading it, it is empty.
Can you go to this folder, and get the last 4 or 5 nfcapd files and upload them here?
Code: Select all
/usr/local/nagiosna/var/uts12a/flows
If the system is capturing data, we can see what it is.