using Nagios to detect rogue DHCP servers?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Tue Jul 10 21:58:43 CEST 2007
> What about writing a custom plugin that uses this GPL prog to return the
> warning/critical/ok/pending values?
That sounds very reasonable; there's always the possibility that you won't
see, within your run time threshold, offers from a rouge server due to
race conditions or other crud (slow networks, etc.).
Of course, then you have a lot of proactive bogus DHCP Client activity
coming from your Nagios system.
The best solution of course, but not always the most feasible, is a SPAN
port in your core:
Simply:
$ sudo tcpdump -n -e -vvv 'src port bootps && !ether src 0:50:da:28:37:62'
Replace the MAC with your know DHCP server. Matches are rouge. If you
see them, get out the jumper cables.
~BAS
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list