Hosts that report down but aren't

Carroll, Jim P [Contractor] jcarro10 at sprintspectrum.com
Mon Nov 11 18:29:46 CET 2002


Okay, I can see some benefit to "check to see if the socket exists" vs.
"check to see if the ssh protocol is fully functional".  And I suppose it's
an improvement on just using check_tcp.

I went through similar ponderings when I was trying to think of an NRPE
service that I wanted to define a dependency on (ie, I don't want to get
alerted that n NRPE services are down, just tell me that NRPE is down,
thankyouverymuch).  I did ponder just doing a check_tcp on port 5666, but
ultimately decided that something which verifies that NRPE is functional
would be beneficial.  If even the basic check fails (times out), then I'll
be alerted.  *shrug*

Very interesting approach, nonetheless.

jc

> -----Original Message-----
> From: Rico Gloeckner [mailto:rico at noris.net]
> Sent: Monday, November 11, 2002 2:38 AM
> To: Carroll, Jim P [Contractor]
> Cc: 'Rico Gloeckner'; 'listuser at neo.pittstate.edu';
> nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Hosts that report down but aren't
> 
> 
> On Fri, Nov 08, 2002 at 11:09:55AM -0600, Carroll, Jim P 
> [Contractor] wrote:
> > I guess this would depend on how strict the firewall is.  
> If you take the
> > case where everything's been turned off, but SSH and HTTP have been
> > explicitly permitted (the "that which is not expressly permitted is
> > prohibited" school of thought), then you'll have to work 
> with what you're
> > given.  Which brings us full circle back to SSH.  ;)
> 
> Use the check_raw Plugin, let it act like nmap in -sS mode does (thus
> requiring the plugin to be suid root):
> 
>  - NagiosHost sends Syn Packet to Box, Port 22
>  - NagiosHost either receives Syn,ACK or RST (port open/closed)
>  - check_Raw knows the Host is up and sends a RST in the former case.
>  - or; Plugin timeouts, the Host is assumed to be down.
> 
> This can be done with any non-filtered TCP port, but requires you to
> know a TCP Port, which is not filtered for a long Time, so you can
> actually rely on it.
> 
> 
> 	-rg
> 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf




More information about the Users mailing list