using Nagios to detect rogue DHCP servers?

[Lars Stavholm]

Hari Sekhon wrote:
> err, that is not at all nagios or automatic or anything.
> 
> I am not personally going to __manually__ check for rogue dhcp servers, 
> don't have the time for that.
> 
> I check my dhcp servers anyway, if I get an extra offer, an alarm is raised.
> 
> This is automatic, has no extra overhead as I check my dhcp servers 
> anyway as part of my monitoring.
> 
> I have never seen a dhcpoffer being missed, but at the very least I run 
> the check every 3 minutes so you're not going to get away with it here 
> for more than that.
> 
> 
> I think the wrapper to check_dhcp is quick and effective with no overhead.

What wrapper would that be, If one might ask?
/Lars

> The best solution would be to extend the check_dhcp plugin, get into the 
> C and add the functionality.
> Maybe if it's not done in the future I will come back and do it.
> 
> Until then, the wrapper does exactly what I need.
> 
> -h
> 
> Hari Sekhon
> 
> 
> 
> Brian A. Seklecki wrote:
>>> What about writing a custom plugin that uses this GPL prog to return the
>>> warning/critical/ok/pending values?
>> That sounds very reasonable; there's always the possibility that you 
>> won't see, within your run time threshold, offers from a rouge server 
>> due to race conditions or other crud (slow networks, etc.).
>>
>> Of course, then you have a lot of proactive bogus DHCP Client activity 
>> coming from your Nagios system.
>>
>> The best solution of course, but not always the most feasible, is a 
>> SPAN port in your core:
>>
>> Simply:
>>
>> $ sudo tcpdump -n -e -vvv 'src port bootps && !ether src 
>> 0:50:da:28:37:62'
>>
>> Replace the MAC with your know DHCP server.  Matches are rouge.  If 
>> you see them, get out the jumper cables.
>>
>> ~BAS
>>
>>
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null