Nagios is an open source tool for system and network monitoring that allows system administrators to define warning and critical conditions. The status of a system's condition can be monitored from a Web page showing green, yellow or red status messages. Administrators
Nagios provides two types of checks: host checks and service checks. Host checks test that the system is reachable, typically via an ICMP ping. Service checks analyze individual network services, such as SMTP, HTTP or DNS, but also check the state of processes such as available memory, disk space, logging or CPU utilization. Service checks can be quite sophisticated, checking not only that a given port is open, but also testing that a connection returns specific information, such as a response to an SQL query.
From the editors: More on network monitoring
Mike Chapple explains how a detailednetwork
security change-management and remediation process can make audit preparation easier.
In this tip, Khalid Kark explains why developing controls is an important factor in building a risk management framework.
Learn why NetFlow becomes indispensable when combined with security information management systems.
Nagios is highly modular, using plugins to perform service and host checks. Pre-packaged plugins can save administrators a tremendous amount of work. Additional custom plugins can be created with a little scripting know-how, though you can probably find what you need just by searching the vast store of user-created plugins available on the internet at the Nagios Exchange.
Being open source, Nagios is licensed under the terms of the General Public License (GNU). Nagios has been designed to run on Linux, but its browser-based interface allows it to be operationally controlled from any platform. Downloading Nagios nets a TAR file needed for the main monitoring daemon, the CGIs and HTML interface. Installation is moderately difficult, but running Nagios is straightforward. Status messages are color coded and alert information is easy to understand. Configuring files provide templates for the types of checks to perform and how often to check, retry or provide alert notifications, along with which individual groups to notify. State changes can trigger polling interval changes or alerts, and Nagios has enough logic not to slam you with individual warnings once it detects a system wide problem.
My one gripe with using configuration files is that although they are straightforward, many of these scripts can be given graphical front-ends. However, with Nagios' configurability, strong reporting and extensibility; if I were allowed only one open source network monitoring tool, this would be it.
About the author:
Scott Sidel is an ISSO with Lockheed Martin.
This was first published in December 2007