False service status warning in Nagios XI

[lndifferent]

After configuring NNA and Nagios XI integration, I constantly see false bytes/flows/pockets warnings in Nagios XI coming from Analyzer. Everything seems to be fine in the Network Analyzer console but XI shows three warnings for each service; bytes,flows, and pockets. The error I see in XI for each service is:
(No output on stdout) stderr: File "/usr/local/nagios/libexec/check_nna.py", line 146

I am doing 60 days Amalyzer trial version.

[swolf]

Hi @lndifferent,

Please go to Home > Details > Service Status, and click on the name of one of these services so that you can see the full output. Please copy and paste that output into this forum thread or into a private message.

Then, click the "Configure" (cog icon) tab > Re-configure this service > Monitoring, and copy the input box labelled "Monitor the service with this command: (Advanced users only)". Paste this into the reply or private message as well.

If you send a private message, make sure to leave a reply here so that we get notified to leave you another response.

[lndifferent]

Service status output:
(No output on stdout) stderr: File "/usr/local/nagios/libexec/check_nna.py", line 146
response = urllib2.urlopen(url, context=context)
^
IndentationError: unexpected indent

Reconfigure service output:
check_xi_nna!df0b9861f9c5517d6081f2d77735733b6e133a99!-G 2 -m bytes -w 36145143100 -c 42169333616

[lmiltchev]

Have you tried to modify the check_nna.py plugin in any way?

Please, post the check_nna.py file on the forum (you could use FileZilla or a similar program to take it from the server).

Note: You may need to rename it with the "*.txt" extension, prior to uploading it on the forum. Thank you!

[lndifferent]

I have not modified any files.

#!/usr/bin/env python
"""
Nagios Network Analyzer Plugin

Check Network Analyzer sources, views, and sourcegroups for abnormal behavior.

"""
import sys
import optparse
try:
import json
except:
import simplejson as json
import urllib
import urllib2
import tempfile
import time
import os
import ssl


# Display a list of options to be sent to the plugin
def parse_args():
parser = optparse.OptionParser()

# Add the basic options (hostname and api key)
parser.add_option( "-H","--hostname",
help="The Nagios Network Analyzer server's hostname to be connected to." )
parser.add_option( "-K","--key",
help="An API key to use for authentication on the connecting Nagios Network Analyzer server.")

# Add options for type of action to check on
parser.add_option( "-m","--metric",
help="The type of action to check: 'bytes', 'flows', 'packets', and 'behavior' (Abnormal behavior works on sources only).")

# Add option for source, sourcegroup, or source & view (name or not... depending on if it's a int)
parser.add_option( "-S","--source",
help="The source to run the check on. Use SID or Source Name. (Must use only one: source or sourcegroup)")
parser.add_option( "-G","--sourcegroup",
help="The sourcegroup to run the check on. Use GID or Sourcegroup Name. (Must use only one: source or sourcegroup)")

parser.add_option( "-v","--view",
help="Add a view to a source run. Use VID or View Name. (Must be used with a source only)")

# Warning and Critical options
parser.add_option( "-w","--warning",
default=None,
type="int",
help="Warning value to be passed for the check.")
parser.add_option( "-c","--critical",
default=None,
type="int",
help="Critical value to be passed for the check.")

# Additional options that need to be added just in case
parser.add_option( "--verbose",
action="store_true",
default=False,
help="Set true for verbose error output.")
parser.add_option( "--noperfdata",
action="store_true",
default=False,
help="Set true for perfdata in the output.")
parser.add_option( "--secure",
action="store_true",
default=False,
help="Use secure coonnection (HTTPS) instead of HTTP.")
parser.add_option( "--ignorecert",
action="store_true",
default=False,
help="Do not verify the remote server's SSL certificate.")
parser.add_option( "--exists",
action="store_true",
default=None,
help="Check to make sure the source, view, or sourcegroup actually exists.")

options, args = parser.parse_args()

# Verify hostname and api key exists before running
if not options.hostname:
parser.error("Hostname is required for use. Use --help for more info.")
if not options.key:
parser.error("You must use an API key. Use --help for more info.")

# Verify that we are running properly for abnormal behavior (only on a source)
if options.metric == "behavior":
if not options.source:
parser.error("You must only use the Abnormal Behavior check on sources. Use --help for more info.")

# Verify that we are using a view ONLY on a source
if options.view:
if not options.source:
parser.error("You must use a view only if you have a source selected. Use --help for more info.")

# Verify that there is a warning and critical threshhold
if options.metric != "behavior":
if not options.warning and not options.critical and not options.exists:
parser.error("You must set warning and critical values. Use --help for more info.")

# Verify that only a Source or Sourcegroup is set
if options.source and options.sourcegroup:
parser.error("You must use only a Source or Sourcegroup. Use --help for more info.")

# Verify that the user set a metic type
if not options.metric and not options.exists:
parser.error("You must set a metric to use. Use --help for more info.")

return options


# Main function that generates and sends requests to the NNA server
def main(options):
url_tmpl = '%s://%s/nagiosna/index.php/api/%s?%%s'

# Check if secure request
sec_request = 'http'
if options.secure:
sec_request = 'https'

# Check for the sid, vid, or gid
if options.source:
id_type = 'sid'
id_val = options.source
text_type = 'source'
elif options.sourcegroup:
id_type = 'gid'
id_val = options.sourcegroup
text_type = 'group'

# If it is just checking if something exists lets start here
if options.exists:
action = text_type + "s/read"
q = "q[" + id_type + "]"

# Check if object type with id exists
host = url_tmpl % (sec_request, options.hostname, action)
gets = {'token' : options.key,
q : id_val }
gets = dict((k,v) for k,v in gets.iteritems() if v is not None)
query = urllib.urlencode(gets)
url = host % query

# Send request to URL created
if options.ignorecert:
context = ssl._create_unverified_context()
response = urllib2.urlopen(url, context=context)
else:
response = urllib2.urlopen(url)

data = json.load(response)

if not data:
print "DOWN - The " + text_type + " you are trying to use doesn't exist"
sys.exit(2)

print "UP - " + text_type + " exists"
sys.exit(0)

# Do a abnormal behavior check instead of a standard check
if options.metric == 'behavior':
action = "graphs/failures"

# Check for abnormal behavior
host = url_tmpl % (sec_request, options.hostname, action)
gets = {'token' : options.key,
'sid' : options.source,
'begindate' : "-10 minutes",
'enddate' : "-1 second"}
gets = dict((k,v) for k,v in gets.iteritems() if v is not None)
query = urllib.urlencode(gets)
url = host % query

# Send request to URL created
data = get_url_json(url)
if data['data'][0]:
time.sleep(3) # Sleep three seconds and try again (failures may return 0 while calculating)
data = get_url_json(url)

# Display error instead of actual data
if 'error' in data:
print 'CRITICAL - ' + data['error']
sys.exit(2)

# If there is abnormal behavior, send CRITICAL otherwise OK
if data['data'][0]:
print 'CRITICAL - Abnormal behavior detected'
sys.exit(2)
else:
print 'OK - No abnormal behavior detected'
sys.exit(0)

else:
action = "graphs/execute"

# Get metric based on what we sent for -m
if options.metric == 'bytes':
get_type = 'q[Bytes]'
elif options.metric == 'flows':
get_type = 'q[Flows]'
elif options.metric == 'packets':
get_type = 'q[Packets]'

# Generate URL and add in variables
host = url_tmpl % (sec_request, options.hostname, action)
gets = {'token' : options.key,
get_type : options.metric,
id_type : id_val,
'begindate' : "-10 minutes",
'enddate' : "-1 second"}

# Add a view to the source if we are using a view
if options.view and options.source:
gets['vid'] = options.view

gets = dict((k,v) for k,v in gets.iteritems() if v is not None)
query = urllib.urlencode(gets)
url = host % query

# Send request to URL created
data = get_url_json(url)
if data[0]['total'] == 0:
time.sleep(3) # Sleep three seconds and try again (graph data may return 0 while calculating)
data = get_url_json(url)

# Check for an error returning
if 'error' in data:
print 'CRITICAL - ' + data['error']
sys.exit(2)

data = data[0]['total']

# Check total with what we have defined for warning and critical
check_warning_critical(data, options.metric, options.warning, options.critical, options.noperfdata)

sys.exit(0)

# Function for grabbing the request
def get_url_json(url):
if options.ignorecert:
context = ssl._create_unverified_context()
response = urllib2.urlopen(url, context=context)
else:
response = urllib2.urlopen(url)

data = json.load(response)
return data

# Function to check warning and critical versus the value returned
def check_warning_critical(value, value_type, warning, critical, noperfdata):
if value >= critical:
print 'CRITICAL - ' + str(value) + ' ' + value_type + ' sent/recieved' + add_perfdata(value, value_type, noperfdata)
sys.exit(2)
elif value >= warning:
print 'WARNING - ' + str(value) + ' ' + value_type + ' sent/recieved' + add_perfdata(value, value_type, noperfdata)
sys.exit(1)
elif value <= warning:
print 'OK - ' + str(value) + ' ' + value_type + ' sent/recieved' + add_perfdata(value, value_type, noperfdata)
sys.exit(0)
else:
print 'UNKNOWN - Could not read warning/critical threshholds.'
sys.exit(3)


# Function to add perfdata to an output
def add_perfdata(value, value_type, noperfdata):
if noperfdata:
return ''
else:
return '|' + value_type + '=' + str(value)

# Main part of the plugin that runs everything
if __name__ == "__main__":
options = parse_args()

try:
main(options)
except Exception, e:
if options.verbose:
print "And error was encountered:"
print e
sys.exit(3)
else:
try:
main(options, False)
except Exception, e:
print 'UNKNOWN - Error occurred while running the plugin.'
sys.exit(3)

[lmiltchev]

Hmm, this file differs from the "default" check_nna.py file. Try the following:

1. Make a backup of your "original" plugin:

Code: Select all

cd /usr/local/nagios/libexec
mv check_nna.py check_nna.py.original

2. Download the plugin below:

check_nna.zip

unzip it, and place the check_nna.py file in the /usr/local/nagios/libexec directory.

3. Set permissions:

Code: Select all

chown apache.nagios /usr/local/nagios/libexec/check_nna.py
chmod 775 /usr/local/nagios/libexec/check_nna.py

Try your check again.

Did this help?

[lndifferent]

It worked for bytes and flows but not for packets. The error says: check_nna.py: error: You must set warning and critical values. Use --help for more info. Suggested values for warning and critical are zero in Xi wizard for NNA. The NNA server also does not record any pockets so it passes zeros to the XI server. Any ideas why NNA cannot see pockets from sources?

[lmiltchev]

The warning and critical levels are created, depending on the values that you currently have...

Default values are created by the following:
Warning Threshold: 20% above max value,
Critical Threshold: 40% above max value

Here's a screenshot of Step 2 of the wizard:

example01.PNG

What is the amount of packets that you see on Step 2 page, when you run the wizard?

[lndifferent]

They are zeros. As I said, even on the NNA server when I click on pockets to show pockets on the bandwidth graph, the graph shows nothing.

[lmiltchev]

In your first post, you said:

After configuring NNA and Nagios XI integration, I constantly see false bytes/flows/pockets warnings in Nagios XI coming from Analyzer. Everything seems to be fine in the Network Analyzer console but XI shows three warnings for each service; bytes,flows, and pockets. The error I see in XI for each service is:
(No output on stdout) stderr: File "/usr/local/nagios/libexec/check_nna.py", line 146

and now, you are saying:

As I said, even on the NNA server when I click on pockets to show pockets on the bandwidth graph, the graph shows nothing.

Can you show us a screenshot of your graph in NNA? What kind of device is sending the netflow data to NNA?