Hosts that report down but aren't
Carroll, Jim P [Contractor]
jcarro10 at sprintspectrum.com
Mon Nov 11 18:29:46 CET 2002
Okay, I can see some benefit to "check to see if the socket exists" vs.
"check to see if the ssh protocol is fully functional". And I suppose it's
an improvement on just using check_tcp.
I went through similar ponderings when I was trying to think of an NRPE
service that I wanted to define a dependency on (ie, I don't want to get
alerted that n NRPE services are down, just tell me that NRPE is down,
thankyouverymuch). I did ponder just doing a check_tcp on port 5666, but
ultimately decided that something which verifies that NRPE is functional
would be beneficial. If even the basic check fails (times out), then I'll
be alerted. *shrug*
Very interesting approach, nonetheless.
jc
> -----Original Message-----
> From: Rico Gloeckner [mailto:rico at noris.net]
> Sent: Monday, November 11, 2002 2:38 AM
> To: Carroll, Jim P [Contractor]
> Cc: 'Rico Gloeckner'; 'listuser at neo.pittstate.edu';
> nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Hosts that report down but aren't
>
>
> On Fri, Nov 08, 2002 at 11:09:55AM -0600, Carroll, Jim P
> [Contractor] wrote:
> > I guess this would depend on how strict the firewall is.
> If you take the
> > case where everything's been turned off, but SSH and HTTP have been
> > explicitly permitted (the "that which is not expressly permitted is
> > prohibited" school of thought), then you'll have to work
> with what you're
> > given. Which brings us full circle back to SSH. ;)
>
> Use the check_raw Plugin, let it act like nmap in -sS mode does (thus
> requiring the plugin to be suid root):
>
> - NagiosHost sends Syn Packet to Box, Port 22
> - NagiosHost either receives Syn,ACK or RST (port open/closed)
> - check_Raw knows the Host is up and sends a RST in the former case.
> - or; Plugin timeouts, the Host is assumed to be down.
>
> This can be done with any non-filtered TCP port, but requires you to
> know a TCP Port, which is not filtered for a long Time, so you can
> actually rely on it.
>
>
> -rg
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
More information about the Users
mailing list