using Nagios to detect rogue DHCP servers?

Hari Sekhon hpsekhon at googlemail.com
Wed Jul 11 16:54:01 CEST 2007


That's a very good idea, I hadn't thought of using the interface of the 
dhcp server to remove the real offer from the check.

The only downside is that it makes an extra check but this may be in 
fact what you want.

The only limitation of this method is that it won't work if you have 2 
dhcp servers on the network with non-overlapping pools for redundancy.

I use a variable to specify the number of dhcp servers and warn if more 
than that number of offers are received. If the right dhcp server 
doesn't respond then it does critical anyway when using the -s switch so 
there is no opportunity for your dhcp server to fall off and another to 
silently take it's place by maintaining the correct number of offers.

-h

Hari Sekhon



Marc DeTrano wrote:
> The way I have done this is to run NRPE on the machine that should be
> the DHCP server, with this command defined:
>
> command[check_ndhcp]=/usr/lib/nagios/plugins/negate
> /usr/lib/nagios/plugins/check_dhcp -i eth0
>
> Something similar may work for you if your DHCP server is on a Linux
> box.  This just negates the normal check_dhcp command, so that if no
> offer is received (on the interface serving DHCP, it should not be), it
> returns with an OK status.  If it does get an offer, a Critical is
> returned and I know it is time to "seek-and-destroy".
>
> Marc
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
>
>   

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list