using check_udp
Giles Coochey
giles at coochey.net
Wed Feb 9 13:52:48 CET 2011
On 09/02/2011 13:23, Julian_Grunnell at tdwh.co.uk wrote:
>
> Hi - has anyone successfully got check_udp working? I'm trying to use
> check_UDP (nagios-plugins 1.4.5) 1.80 but it keeps asking for a
> send/expect string and I've no idea what this is meant to be?
>
> The target server is running syslog and the check so far has just been
> failing with this:
>
> /opt/tools/libexec/check_udp -H 192.168.75.131 -p 514
> With UDP checks, a send/expect string must be specified.
>
>
> So I guess my question is simply what should the following be set to:
>
> --send=STRING
> --expect=STRING
>
>
Hi,
UDP is a connectionless protocol, because of this you can't just check
to see whether the port is open like you can with TCP (which has a port
open handshake --> SYN <-- SYN/ACK etc...)
I'm guessing that the --send string is what you will send to the UDP
port in question and the --expect string is what you will expect back.
After a quick review of UDP/514 (syslog) and RFC3164, it appears to me
that you cannot check this port using that particular check, because the
syslog port will not report back to the sender in anyway (at least from
what I can see).
Therefore, I would recommend that you try a packet capture to verify
this is the case and research another method of monitoring syslog, it
could be a passive check to see how old the latest logs in your syslog
are with a use of MARK entries in the syslog to ensure it's refreshed
from time to time.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles at coochey.net
Skype: gilescoochey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5137 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.monitoring-lists.org/archive/users/attachments/20110209/3d044f58/attachment.bin>
-------------- next part --------------
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list