FTP Server

Nagios allows you to verify whether an FTP server is listening for connections by using the check _tcp command. This plugin is identical to check_tcp, with the difference that the port is optional, and by default a valid FTP welcome message is expected.

check_ftp -H host [-p port] [-w <warning time>] [-c <critical time>]
          [-s <send string>] [-e <expect string>] [-q <quit string>] [-A] [-m <maximum bytes>] [-d <delay>] 
          [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] 
          [-D <days to cert expiry>] [-S] [-E]

The port argument can be omitted and defaults to 21, or 990 for SSL based connections. A sample command definition for checking FTP accepting connections is as follows:

  define command
  {
    command_name  check_ftp
    command_line  $USER1$/check_ftp -H $HOSTADDRESS$
  }

By using the -s and -e flags, it is also possible to verify if a specified username and password is allowed to log in:

  define command
  {
    command_name  check_ftplogin
    command_line  $USER1$/check_ftp -H $HOSTADDRESS$ -E
                  -s "USER $ARG1\r\nPASS $ARG2$\r\n" -d 5
                  -e "230"
  }

This example is quite similar to POP3 authentication as the commands are the same. The only difference is that the requested response is 230 as this is a code for a successful response to the PASS command. In order to preview what is sent to and received from the server, the -v option can be used.

DHCP Tests

If your network has a server or a router that provides the users with IP addresses via DHCP, it would be wise to make sure that this server is also working correctly. Nagios offers a plugin that attempts to request an IP address via a DHCP protocol, which can be used for this purpose. The syntax is a bit different from other plugins:

check_dhcp [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]
           [-i interface] [-m mac]

This command accepts the options described in the following table:

Options for DHCP checking are very powerful—they can be used to check if any server is responding to the DHCP requests, for example:

  define command
  {
    command_name  check_dhcp
    command_line  $USER1$/check_dhcp
  }

This plugin can also be used to verify if specific servers work, if a specified MAC address will receive an IP address, if a specific IP address is returned, or a combination of these check, as shown below:

  define command
  {
    command_name  check_dhcp_mac
    command_line  $USER1$/check_dhcp –s $HOSTADDRESS$
                  -m $ARG1$ -r $ARG2$
  }

This check will ensure that a specific machine provides a specific IP for requesting a specific MAC address. This allows checks to be created for specific DHCP rules, which is crucial in the case of networks that need to provide specific devices with IP addresses, which other services depend upon.

It is also worth noting that such tests are safe from a network's perspective as the IP received from the server is not acknowledged by the Nagios plugin. Therefore, a check for a specific MAC address can be done even if a network card with the same address is currently connected. DHCP works over broadcast IP requests and therefore it is not recommended that you set up testing of this service often as it might cause excessive traffic for larger networks.

Verifying the Nagios Daemon

It is possible for Nagios to monitor whether or not it is running on the local machine. This works by checking the Nagios log file for recent entries, as well as reading the output from the ps system command to ensure that the Nagios daemon is currently running. This plugin is mainly used in combination with NRPE or SSH, which are described in more detail in Chapter 8 Monitoring Remote Hosts. However, it can also be deployed to check the same Nagios that is scheduling the command – mainly to make sure that the log files contain recent entries. The syntax and options are as follows:

check_nagios -F <status log file> -e <expire_minutes> -C <process_string>

All of the arguments listed above are required. The check for the --expires option is done by comparing the date and time of the latest entry in the log with the current date and time. The log file is usually called nagios.log and is stored in the directory that was passed in the --localstatedir option during Nagios compilation. For an installation performed according to the steps given in Chapter 2, the path will be /var/nagios/nagios.log. The Nagios process for such a setup would be /opt/nagios/bin/nagios. An example definition of a command receiving all of the information as arguments is as follows:

  define command
  {
    command_name  check_nagios
    command_line  $USER1$/check_nagios –F $ARG1$ -C $ARG2$ -e $ARG3$
  }

The first argument is the path to the log file, the second is the path to the Nagios daemon binary, and the last one is the maximum acceptable number of minutes since the last log updated.

Testing Web Sites

Making sure that the web sites are up and running 24/7 is vital to many large companies. Verifying that the returned pages contain correct data may be even more important for companies conducting e-commerce. Nagios offers plugins to verify that a web server works. It can also make sure that your SSL certificate is still valid, and can also verify the contents of specific pages to check that they contain specific text. This command accepts various parameters, as follows:

check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
           [-w <warning time>] [-c <critical time>] [-t <timeout>]
           [-L] [-a auth] [-f <ok | warn | critcal | follow>]
           [-e <expect>] [-s string] [-l]
           [-r <regex> | -R <regex>] [-P string]
           [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string] [-k string] [-S]
           [-C <age>] [-T <content-type>]

The following table lists the options that differ from their usual behavior, or are not common in other commands:

For example, to verify if a main page has at least the specified number of bytes, and is returned promptly, the following check can be done:

  define command
  {
    command_name  check_http_basic
    command_line  $USER1$/check_http –H $HOSTADDRESS$ -f follow
                  -m $ARG1$:1000000 -w $ARG2$ -c $ARG3$
  }

More complex tests of the WWW infrastructure should be carried out frequently. For example, to verify if an SSL-enabled page works correctly and quickly, a more complex test might be required. The following command will verify the SSL certificate and the page size, and will look for a specific string in the page body.

  define command
  {
    command_name  check_https
    command_line  $USER1$/check_http –H $HOSTADDRESS$ -S –C 14 -u $ARG1$
                  -f follow –m $ARG1$:$ARG2$ -R $ARG3$
  }

Checking web pages at a higher level is described in more detail in Chapter 11, Extending Nagios, and uses plugins custom-written for this purposes.