Network Monitoring On Debian With Nagios

By:

Robema Nainggola

0872268

Fakultas Teknologi Informasi

Jurusan Teknik Informatika

Universitas Kristen Maranatha

Bandung

2011

1.NAGIOS(Nagios Ain't Gonna Insist On Sainthood)

-Instalasi

#apt-get install nagios3

-Masuk ke folder konfigurasi nagios

#cd /etc/nagios3.

- Bikin username dan password untuk akses nagios

#htpasswd -c htpasswd.users nagiosadmin

- restart nagios

#/etc/init.d/nagios3 restart

-Buka browser lalu browse ke http://localhost/nagios

-Masukkan username dan password yang di isi pada saat konfigurasi tadi

-untuk menambahkan atau menghapus service yang akan dipakai

#pico services_nagios2.cfg

-untuk menambahkan atau menghapus list yang akan dimonitor

#pico hostgroups_nagios2.cfg

2.DARKSTAT

Salah satu tools untuk monitoring yang ada di debian adalah darkstat

Fitur2 darkstat

Traffic graphs.

Tracks traffic per host.

Tracks traffic per TCP and UDP port for each host.

Embedded web-server with deflate compression.

Asynchronous reverse DNS resolution using a child process.

Small. Portable. Single-threaded. Efficient.

-Instalasi

#apt-get install darkstat

-edit file konfigurasi

#pico /etc/darkstat/init.cfg

-ganti start_darkstat=no

-menjadi start_darkstat=yes

-restart darkstat

#/etc/init.d/darkstat restart

-untuk memulai ketikkan perintah

# darkstat

-untuk melihat via browser, ketikkan http://domain:666 (port 666 sering dipakai oleh malware,

jadi jika pada computer port ini tidak bisa di akses, anda tinggal mengubahnya ke port 667 dan

rubah juga port pada file konffigurasinya menjadi 667)

DARKSTAT CMD

darkstat [ -i if ] [ -p port ] [ -b ip ] [ -d path ] [ -l ip/mask ] [ -f ip ] [ -v ] [ -n ] [ -h ] [ -V ] [ -P ] [ -e expr ] [ -

--spy if ] [

--detach ]

DESCRIPTION

darkstat is a network traffic analyzer. It's basically a packet sniffer which runs as a background process

on a cable/DSL router sort of machine

and tallies up all sorts of useless but interesting statistics.

All settings are passed on the commandline.

OPTIONS

-i if Listen on the network interface specified by if, rather than the default interface that libpcap returns.

-p port

Serve statistics on the specified port instead of the default 666.

-b ip Bind the web interface to the specified local IP, instead of all interfaces.

-d path

Store database files in path instead of the current working directory.

-l ip/mask

When running a 2.4.x Linux kernel with NAT, packets are mangled before libpcap catches them. To get

proper accounting of transfer statis-

tics, you have to describe your local network address space.

For example, if all the local machines have an IP of 192.168.0.x, your ip/mask should be

192.168.0.0/255.255.255.0.

-f ip Force the local IP to the given value. This is mainly for multihomed servers.

-v Enable verbose mode. You will see lines of text about packets begin processed and some verbose

information about what the DNS and WWW

threads are doing.

-n Turns off DNS resolution. You can turn it back on using the web interface.

-h Displays the help/usage statement.

-V Displays the version information.

-P Prevents darkstat from putting the interface into promiscuous mode. (Default behaviour is to go

promiscuous if possible)

-e expr

Passes the specified packet filter expression to libpcap. Refer to the libpcap and tcpdump

documentation for the syntax.

--spy if

Capture packets on specified interface (hint: the local one) and look for HTTP requests and log them to

darkstat.spylog.YYMMDD

--detach

Detach from the controlling TTY and run in the background like a daemon.

3.MRTG (Multi Router Traffic Grapher)

Instalasi

#apt-get install mrtg

Hasil dari instalasi akan disimpan di dir var/www/mrtg, jika ingin mengesetnya dari konfigurasi

standard, anda bisa menempatkannya di home/www/mrtg

-install snmp

#apt-get install snmp snmpd

-direktori penginstalan akan berada di /etc/snmp

Edit berkas konfigurasi

#pico /etc/snmp/snmpd.conf

Ubah settingan dasar yang tadinya

com2sec paranoid default public

#com2sec readonly default public

#com2sec readwrite default private

#com2sec paranoid default public

com2sec readonly default public

#com2sec readwrite default private

-restart layanan snmpd

#/etc/init.d/snmpd restart

Lakukan perintah #snmpwalk -v1 -c public localhost #cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg.cfg public@127.0.0.1 #indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/index.html -kopi folder untuk work directory dari var/www/mrtg Menjadi Home/www/mrtg Lalu lakukan perintah #mrtg Untuk web based interface anda tinggal mengetikkan http://domain/mrtg

4.MUNIN

-instalasi

#apt-get install munin munin-node

File konfigurasi akan berada di /etc/munin Edit file konfigurasi #pico /etc/munin/munin.conf

-ubah

dbdir /var/lib/munin

htmldir /var/www/munin

logdir /var/log/munin

rundir /var/run/munin

# a simple host tree

[localhost.localdomain]

address 127.0.0.1

use_node_name yes

Menjadi

dbdir /var/lib/munin

htmldir /home/www/munin/www.obe.com

logdir /var/log/munin

rundir /var/run/munin

# a simple host tree

[www.obe.com]

address 127.0.0.1

use_node_name yes

Save lalu selanjutnya membuat direktori munin

#mkdir -p /home/www/munin/www.obe.edu -ganti hak akses #chown munin:munin /home/www/munin/www.apedie.com

-restart munin

/etc/init.d/munin-node restart Pada browser ketikkan http://domain/munin

5.NTOP

Unix (including Linux, *BSD, Solaris, and MacOSX)

Win32 (Win95 and above)

Download ntop for Linux,Unix and Windows

http://www.ntop.org/ntop.html

Integrating ntop with NetFlow

http://www.ntop.org/netflow.html

http://nst.sourceforge.net/nst/docs/user/ch09.html

Integrating ntop with RRD

http://www.ntop.org/RRD/index.html

ntop Documentation

http://www.ntop.org/documentation.html

Install ntop in debian

#apt-get install ntop

During the setup it will ask you to select the interface nTop will listen on (i.e. put in promiscuous mode). Note that it says that you can enter a comma-separated list of interfaces so you could install multiple NICs in a system and monitor multiple LAN segments

on the same system. Accept the ntop user name by hitting Enter. After the program is set up you'll see the message: device eth0 entered promiscuous mode

A few seconds later you'll see the message: device eth0 left promiscuous mode The NIC dropping out of promiscuous mode indicates a problem. Here the "problem" is that we need to set a password for the nTop account we created during the nTop installation (that the daemon uses). To do that, enter the command #ntop -A or # ntop --set-admin-password

The uppercase A switch is for setting the program's Admin password. After entering (and re-entering) a password, reboot the system. Just before the login prompt appears you'll see that the NIC has again gone into promiscuous mode. But now, if you were to wait and watch, it would not drop out of promiscuous mode as it did before. There is no need to log into the system because nTop runs as a daemon. Now that nTop is configured and running, just point a Web browser at port 3000 on the Debian system. For example, if the Debian system's IP address is 10.2.0.20 then you'd type in the following in the address bar of a browser running on a system on the same network: http://10.2.0.20:3000/

If you want to start and stop ntop run the following commands

#/etc/init.d/ntop stop

#/etc/init.d/ntop start

If have any problems you need to check the readme file located at /usr/share/doc/ntop/README.Debian this file details as follows

ntop admin password need to be set: =================================== When ntop is installed at the first time, you MUST set the administration password for ntop (user 'admin'). You do that by running ntop with the option -A (or --set-admin-password) as root.

# ntop --set-admin-password It will prompt you for the password and then exit. Now start the ntop daemon.

# /etc/init.d/ntop start Note that you can not run ntop as a user as it need full access to the devices and only root have such access. After it has got that access it will change user to ntop or whatever you have configured it to. You have to make sure that the user have access files in /var/lib/ntop. This is

normally fixed by the installation script but it may fail. Ntop will be started at every reboot when the admin password has been set. ntop protocol list: =================== If you start ntop in daemon mode with the supplied init script it will automatically use /etc/ntop/protocol.list to choose which TCP Protocols should be monitored. The format of this file is simply: <label>=<protocol list> where label is used to symbolically identify the <protocol list>. The

format of <protocol list> is <protocol>[|<protocol>], where <protocol> is either a valid protocol specified inside the /etc/services file or a numeric port range (e.g. 80, or 6000-6500). Dennis Schoen (Mon Dec 17 14:10:25 CET 2001) log and rotation: ================= Logs are placed in /var/log/ntop/ and will be rotated every week. The log rotation will restart the ntop server which will reset the ntop statistics. If you want to keep the statistics you have to edit or delete the /etc/logrotate.d/ntop file.

6.HTOP

-instalasi

#apt-get install htop

-menjalankan aplikasi

#htop

7.IPTRAF

#apt-get install iptraf

#iptraf