Network Monitoring On Debian With Nagios

By:

Robema Nainggola 0872268 Fakultas Teknologi Informasi Jurusan Teknik Informatika

Universitas Kristen Maranatha Bandung 2011

1.NAGIOS(Nagios Ain't Gonna Insist On Sainthood)

-Instalasi

#apt-get install nagios3 -Masuk ke folder konfigurasi nagios #cd /etc/nagios3. - Bikin username dan password untuk akses nagios #htpasswd -c htpasswd.users nagiosadmin - restart nagios #/etc/init.d/nagios3 restart -Buka browser lalu browse ke http://localhost/nagios -Masukkan username dan password yang di isi pada saat konfigurasi tadi

-untuk menambahkan atau menghapus service yang akan dipakai #pico services_nagios2.cfg -untuk menambahkan atau menghapus list yang akan dimonitor #pico hostgroups_nagios2.cfg

2.DARKSTAT
Salah satu tools untuk monitoring yang ada di debian adalah darkstat Fitur2 darkstat

Traffic graphs. Tracks traffic per host. Tracks traffic per TCP and UDP port for each host. Embedded web-server with deflate compression. Asynchronous reverse DNS resolution using a child process. Small. Portable. Single-threaded. Efficient.
-Instalasi #apt-get install darkstat -edit file konfigurasi #pico /etc/darkstat/init.cfg -ganti start_darkstat=no -menjadi start_darkstat=yes -restart darkstat #/etc/init.d/darkstat restart -untuk memulai ketikkan perintah # darkstat

-untuk melihat via browser, ketikkan http://domain:666 (port 666 sering dipakai oleh malware,

jadi jika pada computer port ini tidak bisa di akses, anda tinggal mengubahnya ke port 667 dan rubah juga port pada file konffigurasinya menjadi 667)

DARKSTAT CMD
darkstat [ -i if ] [ -p port ] [ -b ip ] [ -d path ] [ -l ip/mask ] [ -f ip ] [ -v ] [ -n ] [ -h ] [ -V ] [ -P ] [ -e expr ] [ --spy if ] [ --detach ] DESCRIPTION darkstat is a network traffic analyzer. It's basically a packet sniffer which runs as a background process on a cable/DSL router sort of machine

and tallies up all sorts of useless but interesting statistics. All settings are passed on the commandline. OPTIONS -i if Listen on the network interface specified by if, rather than the default interface that libpcap returns. -p port Serve statistics on the specified port instead of the default 666. -b ip Bind the web interface to the specified local IP, instead of all interfaces. -d path Store database files in path instead of the current working directory. -l ip/mask When running a 2.4.x Linux kernel with NAT, packets are mangled before libpcap catches them. To get proper accounting of transfer statistics, you have to describe your local network address space. For example, if all the local machines have an IP of 192.168.0.x, your ip/mask should be 192.168.0.0/255.255.255.0. -f ip Force the local IP to the given value. This is mainly for multihomed servers. -v Enable verbose mode. You will see lines of text about packets begin processed and some verbose information about what the DNS and WWW threads are doing. -n Turns off DNS resolution. You can turn it back on using the web interface. -h Displays the help/usage statement. -V Displays the version information. -P Prevents darkstat from putting the interface into promiscuous mode. (Default behaviour is to go promiscuous if possible)

-e expr Passes the specified packet filter expression to libpcap. Refer to the libpcap and tcpdump documentation for the syntax. --spy if Capture packets on specified interface (hint: the local one) and look for HTTP requests and log them to darkstat.spylog.YYMMDD --detach Detach from the controlling TTY and run in the background like a daemon.

3.MRTG (Multi Router Traffic Grapher)

Instalasi #apt-get install mrtg Hasil dari instalasi akan disimpan di dir var/www/mrtg, jika ingin mengesetnya dari konfigurasi standard, anda bisa menempatkannya di home/www/mrtg -install snmp #apt-get install snmp snmpd -direktori penginstalan akan berada di /etc/snmp Edit berkas konfigurasi #pico /etc/snmp/snmpd.conf Ubah settingan dasar yang tadinya com2sec paranoid default public #com2sec readonly default public #com2sec readwrite default private

#com2sec paranoid default public

com2sec readonly default public #com2sec readwrite default private -restart layanan snmpd

#/etc/init.d/snmpd restart

Lakukan perintah #snmpwalk -v1 -c public localhost #cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg.cfg public@127.0.0.1 #indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/index.html
-kopi folder untuk work directory dari var/www/mrtg Menjadi Home/www/mrtg Lalu lakukan perintah #mrtg Untuk web based interface anda tinggal mengetikkan http://domain/mrtg

4.MUNIN
-instalasi

#apt-get install munin munin-node

File konfigurasi akan berada di /etc/munin Edit file konfigurasi #pico /etc/munin/munin.conf
-ubah dbdir /var/lib/munin htmldir /var/www/munin logdir /var/log/munin rundir /var/run/munin # a simple host tree [localhost.localdomain] address 127.0.0.1 use_node_name yes Menjadi dbdir /var/lib/munin htmldir /home/www/munin/www.obe.com logdir /var/log/munin rundir /var/run/munin # a simple host tree [www.obe.com] address 127.0.0.1 use_node_name yes

Save lalu selanjutnya membuat direktori munin #mkdir -p /home/www/munin/www.obe.edu -ganti hak akses #chown munin:munin /home/www/munin/www.apedie.com -restart munin /etc/init.d/munin-node restart Pada browser ketikkan http://domain/munin

5.NTOP
Unix (including Linux, *BSD, Solaris, and MacOSX) Win32 (Win95 and above) Download ntop for Linux,Unix and Windows http://www.ntop.org/ntop.html Integrating ntop with NetFlow http://www.ntop.org/netflow.html http://nst.sourceforge.net/nst/docs/user/ch09.html Integrating ntop with RRD http://www.ntop.org/RRD/index.html ntop Documentation http://www.ntop.org/documentation.html Install ntop in debian #apt-get install ntop

During the setup it will ask you to select the interface nTop will listen on (i.e. put in promiscuous mode). Note that it says that you can enter a comma-separated list of interfaces so you could install multiple NICs in a system and monitor multiple LAN segments on the same system. Accept the ntop user name by hitting Enter. After the program is set up you'll see the message: device eth0 entered promiscuous mode A few seconds later you'll see the message: device eth0 left promiscuous mode The NIC dropping out of promiscuous mode indicates a problem. Here the "problem" is that we need to set a password for the nTop account we created during the nTop installation (that the daemon uses). To do that, enter the command #ntop -A or # ntop --set-admin-password The uppercase A switch is for setting the program's Admin password. After entering (and reentering) a password, reboot the system. Just before the login prompt appears you'll see that the NIC has again gone into promiscuous mode. But now, if you were to wait and watch, it would not drop out of promiscuous mode as it did before. There is no need to log into the system because nTop runs as a daemon. Now that nTop is configured and running, just point a Web browser at port 3000 on the Debian system. For example, if the Debian system's IP address is 10.2.0.20 then you'd type in the following in the address bar of a browser running on a system on the same network: http://10.2.0.20:3000/ If you want to start and stop ntop run the following commands #/etc/init.d/ntop stop #/etc/init.d/ntop start If have any problems you need to check the readme file located at /usr/share/doc/ntop/README.Debian this file details as follows ntop admin password need to be set: =================================== When ntop is installed at the first time, you MUST set the administration password for ntop (user 'admin'). You do that by running ntop with the option -A (or --set-admin-password) as root.

# ntop --set-admin-password It will prompt you for the password and then exit. Now start the ntop daemon. # /etc/init.d/ntop start Note that you can not run ntop as a user as it need full access to the devices and only root have such access. After it has got that access it will change user to ntop or whatever you have configured it to. You have to make sure that the user have access files in /var/lib/ntop. This is normally fixed by the installation script but it may fail. Ntop will be started at every reboot when the admin password has been set. ntop protocol list: =================== If you start ntop in daemon mode with the supplied init script it will automatically use /etc/ntop/protocol.list to choose which TCP Protocols should be monitored. The format of this file is simply: <label>=<protocol list> where label is used to symbolically identify the <protocol list>. The format of <protocol list> is <protocol>[|<protocol>], where <protocol> is either a valid protocol specified inside the /etc/services file or a numeric port range (e.g. 80, or 6000-6500). Dennis Schoen (Mon Dec 17 14:10:25 CET 2001) log and rotation: ================= Logs are placed in /var/log/ntop/ and will be rotated every week. The log rotation will restart the ntop server which will reset the ntop statistics. If you want to keep the statistics you have to edit or delete the /etc/logrotate.d/ntop file.

6.HTOP
-instalasi

#apt-get install htop

-menjalankan aplikasi

#htop

7.IPTRAF #apt-get install iptraf #iptraf