Building a Monitoring Infrastructure with Nagios [Paperback]

David Josephsen (Author)

Book Description

ISBN-10: 0132236931 | ISBN-13: 978-0132236935 | Publication Date: March 2, 2007 | Edition: 1

Build real-world, end-to-end network monitoring solutions with Nagios

 

This is the definitive guide to building low-cost, enterprise-strength monitoring infrastructures with Nagios, the world’s leading open source monitoring tool. Network monitoring specialist David Josephsen goes far beyond the basics, demonstrating how to use third-party tools and plug-ins to solve the specific problems in your unique environment. Josephsen introduces Nagios “from the ground up,” showing how to plan for success and leverage today’s most valuable monitoring best practices. Then, using practical examples, real directives, and working code, Josephsen presents detailed monitoring solutions for Windows, Unix, Linux, network equipment, and other platforms and devices. You’ll find thorough discussions of advanced topics, including the use of data visualization to solve complex monitoring problems. This is also the first Nagios book with comprehensive coverage of using Nagios Event Broker to transform and extend Nagios.

• Understand how Nagios works, in depth: the host and service paradigm, plug-ins, scheduling, and notification
• Configure Nagios successfully: config files, templates, timeperiods, contacts, hosts, services, escalations, dependencies, and more
• Streamline deployment with scripting templates, automated discovery, and Nagios GUI tools
• Use plug-ins and tools to systematically monitor the devices and platforms you need to monitor, the way you need to monitor them
• Establish front-ends, visual dashboards, and management interfaces with MRTG and RRDTool
• Build new C-based Nagios Event Broker (NEB) modules, one step at a time
• Contains easy-to-understand code listings in Unix shell, C, and Perl

 

If you’re responsible for systems monitoring infrastructure in any organization, large or small, this book will help you achieve the results you want–right from the start.

 

David Josephsen is Senior Systems Engineer at DBG, Inc., where he maintains a collection of geographically dispersed server farms. He has more than a decade of hands-on experience with Unix systems, routers, firewalls, and load balancers in support of complex, high-volume networks. Josephsen’s certifications include CISSP, CCNA, CCDA, and MCSE. His co-authored work on Bayesian spam filtering earned a Best Paper award at USENIX LISA 2004. He has been published in both ;login and Sysadmin magazines on topics relating to security, systems monitoring, and spam mitigation.

 

Introduction
CHAPTER 1 Best Practices
CHAPTER 2 Theory of Operations
CHAPTER 3 Installing Nagios
CHAPTER 4 Configuring Nagios
CHAPTER 5 Bootstrapping the Configs
CHAPTER 6 Watching
CHAPTER 7 Visualization
CHAPTER 8 Nagios Event Broker Interface
APPENDIX A Configure Options
APPENDIX B nagios.cfg and cgi.cfg
APPENDIX C Command-Line Options
Index

 

Editorial Reviews

About the Author

Dave Josephsen is the senior systems administrator at DBG, where he maintains a geographically dispersed collection of server farms and occasionally puts paper in the printer. Winner of LISA 2004’s Best Paper Award and author of numerous articles, he enjoys writing about technology, but admittedly, has more fun solving interesting problems and getting his hands dirty with routers, firewalls, load balancers, and UNIX systems. His interests are too numerous to list; he is quite uncomfortable writing about himself in the third person, and he’s having so much fun he can’t believe he’s being paid. (But he’d prefer that you not mention that last bit to his boss or publishers.)

Excerpt. © Reprinted by permission. All rights reserved.

Introduction

This is a book about untrustworthy machines. Machines in fact, which are every bit, as untrustworthy as they are critical to our well-being. But then I don't need to bore you with laundry lists of how prevalent computer systems have become, or horror stories about what can happen when they fail. If you picked up this book, then I'm sure you're well aware of the problems; layer upon layer of interdependent libraries hiding bugs in their abstraction, script kiddies, viruses, DDOS attacks, hardware failure, end-user error, back-hoe's, hurricanes, and on and on. It doesn't matter whether the root-cause is malicious, or accidental, your systems will fail, and when they do, only two things will save you from the downtime; redundancy, and monitoring systems.

Do it right the first time

In concept, monitoring systems are simple, an extra system, or collection of systems whose job it is to watch the other systems for problems. For example the monitoring system could periodically connect to a web server, to make sure it responds, and if not, send notifications to the administrators. And while it all sounds quite straightforward, monitoring systems have grown into expensive, complex pieces of software. Many now have agents larger than 500Mb, include proprietary scripting languages, and sport price tags above $60,000.

When implemented correctly, a monitoring system can be your best friend. It can notify admins of glitches before they become crises, help architects tease out patterns corresponding to chronic interoperability issues, and give engineers detailed capacity planning info. A good monitoring system will help the security guys correlate interesting events, show the network operations center personnel where the bandwidth bottlenecks are, and provide management much needed high level visibility into the critical systems they bet their business on. A good monitoring system can help you uphold your service level agreement (SLA), and even take steps to solve problems without waking anyone up at all. Good monitoring systems save money, bring stability to complex environments, and make everyone happy.

When done poorly however, the very same system can wreak havoc. Bad monitoring systems cry wolf at all hours of the night so often that nobody pays attention anymore, they install backdoors into your otherwise secure infrastructure, leech time and resources away from other projects, and congest network links with megabyte upon megabyte of health checks. Bad monitoring systems can really suck.

Unfortunately, getting it right the first time isn't as easy as you might think, and in my experience, a bad monitoring system doesn't usually survive long enough to get fixed. Bad monitoring systems are just too much of a burden on everyone involved, including the systems being monitored. In this context, it's easy to see is why large corporations, and governments employ full-time monitoring specialists, and purchase software with six-figure price tags. They know how important it is to get it right the first time.

Small to medium sized businesses and universities can have environments as complex or even more complex then large companies, but they obviously don't have the luxury of high-priced tools, and specialized expertise. Getting a well-built monitoring infrastructure in these environments, with their geographically dispersed campuses and satellite offices can be a challenge. But having spent the better part of the last 7 years building and maintaining monitoring systems, I'm here to tell you that not only is it possible to get it done right the first time, but you can do it for free, with a bit of elbow grease, some open source tools, and a pinch of imagination.

Why Nagios?

Nagios is in my opinion the best system and network monitoring tool available, open source or otherwise. Its modularity and straightforward approach to monitoring makes it easy to work with and highly scalable. Further, Nagios' open source license makes it freely available and easy to extend to meet your specific needs. Instead of trying to do everything for you, Nagios excels at interoperability with other open source tools, which makes it very flexible. If you're looking for a monolithic piece of software with checkboxes that solve all your problems, this probably isn't the book for you, but before you stop reading, give me another paragraph or two to convince you that the checkboxes aren't really what you're looking for.

The commercial offerings get it wrong mainly because their approach to the problem assumes that everyone wants the same solution. To a certain extent, this is true. Everyone has a large glob of computers and network equipment, and wants to be notified if some subset of it fails. So if you want to sell monitoring software, the obvious way to go about it is to create a piece of software that knows how to monitor every conceivable piece of computer software and networking gear in existence. The more gadgets your system can monitor, the more people you can sell it to. To someone who wants to sell monitoring software, it's easy to believe that monitoring systems are turnkey solutions, and whoever's software can monitor the largest number of gadgets wins.

The commercial packages I've worked with all seem to follow this logic. Not unlike the borg, methodically locating new computer gizmos and adding the requisite monitoring code to their solution, or worse, acquiring other companies who already know how to monitor lots of computer gadgetry, and bolting that companies code on to their own. They quickly become obsessed with features, creating enormous spreadsheets of supported gizmos. Their software engineers exist so that the pre-sales engineers can come to your office and say to your managers through seemingly layers of white gleaming teeth; "Yes our software can monitor that".

The problem is, monitoring systems are not turnkey solutions. They require a large amount of customization before they really start solving problems, and herein lay the difference between people selling monitoring software and those designing and implementing monitoring systems. When you're trying to build a monitoring system, a piece of software that can monitor every gadget in the world by clicking a checkbox is not as useful to you as one that makes it easy to monitor what you need, in exactly the manner that you want. By focusing on what to monitor, the proprietary solutions neglect the 'how', which limits the context in which they may be used.

Take 'ping' for example. Every monitoring system I've ever dealt with uses ICMP Echo requests, otherwise known as 'pings' to check host availability in one way or another. But if you want to control how a proprietary monitoring system uses ping, architectural limitations become quickly apparent. Lets say I want to specify the number of ICMP packets to send or want to be able to send notifications based on the round trip time of the packet in microseconds instead of simple pass/fail. More complex environments may necessitate that I use IPv6 pings, or that I portknock1 before I ping. The problem with the monolithic, feature-full approach is that these changes represent changes to the core application logic, and are therefore non-trivial to implement.

In the commercial monitoring applications I've worked with, if these ping examples could be performed at all they would require re-implementing the ping logic in the monitoring system's proprietary scripting language. In other words, you would have to toss out the built-in ping functionality altogether. Perhaps, being able to control the specifics of ping checks is of questionable value to you, but if you don't really have any control over something as basic as ping, what are the odds, that you'll have finite enough control over the most important checks in your environment? They've made the assumption that they know how you want to ping things, and from then on it was game over; they never thought about it again. And why would they? The ping feature is already in the spreadsheet after all.

When it comes to gizmos, Nagios' focus is on modularity. Single purpose monitoring applets called 'plugins' provide support for specific devices and services. Rather than participating in the feature arms race, hardware support is community driven. As community members have a need to monitor new devices or services, new plugins are written, and usually a good bit more quickly than the commercial apps add the same support. In practice Nagios will always support everything you need it to, and without ever needing to upgrade Nagios itself. Nagios also provides the best of both worlds when it comes to support, with several commercial options, as well as a thriving and helpful community that provides free support through various forums and mailing lists.

Choosing Nagios as your monitoring platform means that your monitoring effort will be limited by your own imagination, technical prowess, and political savvy. Nagios can go anywhere you want it to, and the trip there is usually pretty simple. And while Nagios can do everything the commercial apps can and more, and without the bulky, insecure agent install, it usually doesn't compare favorably to commercial monitoring systems simply because when spreadsheets are parsed, Nagios doesn't have as many checks. In fact if they're counting correctly, Nagios has no checks at all, because technically it doesn't know how to monitor anything; it prefers that you tell it how. 'How' in fact, is exactly the variable that the aforementioned checkbox cannot encompass. Checkboxes cannot ask 'how', and therefore you don't want them.

What's in this book?

While Nagios is the biggest piece of the puzzle, it's only one of the myriad ...

Product Details

• Paperback: 264 pages
• Publisher: Prentice Hall; 1 edition (March 2, 2007)
• Language: English
• ISBN-10: 0132236931
• ISBN-13: 978-0132236935
• Product Dimensions: 9.2 x 6.9 x 0.6 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (13 customer reviews)
• Amazon Best Sellers Rank: #617,474 in Books (See Top 100 in Books)

More About the Author

David Josephsen is the Director of Systems Engineering at DBG, Inc., where he maintains a collection of geographically dispersed server farms. He has more than a decade of hands-on experience with Unix systems, routers, firewalls, and load balancers in support of complex, high-volume networks. He authored the book "Building a Monitoring Infrastructure with Nagios" (Addison Wesely), and currently writes "iVoyer", the systems monitoring column for ;login magazine.

Josephsen's co-authored work on Bayesian spam filtering earned a Best Paper award at USENIX LISA 2004. He has been published in both ;login and Sysadmin magazines on topics relating to security, systems monitoring, and spam mitigation.

His personal website is http://www.skeptech.org

Customer Reviews

Most Helpful Customer Reviews

21 of 21 people found the following review helpful:

5.0 out of 5 stars Far and away the best book on Nagios, May 31, 2007

By 

Phignuton "Technological Mercenary" (IN, USA.) - See all my reviews

This review is from: Building a Monitoring Infrastructure with Nagios (Paperback)

I use Nagios heavily at my company and as a result, I've purchased all of the available texts on the subject. This one is simply the best work on Nagios available right now. It's clear and succinct where even the online docs from the Nagios project can be confusing. It covers things that the No Starch volume barely touches on (WMI Scripting and Nagios) and honestly, the diagrams and code samples are clear and useful in real-world application.

Really, buy this one. If you need another one, I would be surprised.

14 of 14 people found the following review helpful:

5.0 out of 5 stars An excellent work on the overall scope of network monitoring, March 13, 2007

By 

Mark A. Bainter - See all my reviews
(REAL NAME)   

This review is from: Building a Monitoring Infrastructure with Nagios (Paperback)

Nagios already has extensive online documentation and one of the best and most active communities, so why do you need this book? You need it because it is most assuredly not an attempt to simply rehash existing documentation.

This book does a great job of addressing the challenges involved in deploying Network Monitoring generally, and then providing the reasons why Nagios is the best choice for providing the needed functionality, and how to go about making sure your implementation is a success.

Best of all it is not a dry technical reference tome. Such things have their place, but what seems to be more lacking in a lot of systems administrators is a deeper more cohesive understanding of how it all works together, and why it works that way. This book presents that information in a way that is easy to read. The author's personality quite clearly shines through in most of the book, making it rather easy and even enjoyable reading. Something that sadly is often lacking in many of todays over-edited technical works.

The author punctuates his points where necessary with easily understood examples that drive the point home, and help to communicate the scope of the issue with potential impacts. Most any seasoned Nagios administrator will recognize at least variants on many of the examples he uses as incidents from their own history.

One other point worthy of mentioning is that he is quite clearly not afraid of the manual administration of Nagios. There is a weird trend among some *nix administrators these days that says if you can't click through a few forms and be done then it's too hard. This book not only doesn't shy away from this, it takes the time to explain why this is exactly what we don't want.

If I could recommend improvements for this book, it would be to include a full case study on deploying Nagios in an environment. Mapping the network, examples of the management involvement he describes, the structure and content of the resulting config files and notification schemes, and so on. Perhaps then with a series of changes describing the way Monitoring systems tend to change over time. Responding to needs for an on-call rotation, people whining about the number and types of pages they receive, etc. Perhaps the addition of another network segment or location, or a recurring situation that requires the creation of an event handler to manage. This would round out the end of the book well and help to draw all the presented concepts together for the reader.

Regardless, if you're thinking, are in the middle of, or have already implemented a monitoring system I highly recommend this work. Even seasoned Nagios administrators may benefit from the reading of alternative approaches and more recent features available through Nagios - such as performance metrics and the event broker.

9 of 10 people found the following review helpful:

3.0 out of 5 stars Good for quickstart, March 1, 2008

By 

Jure Kodžoman "Yure" (Ljubljana, Slovenia) - See all my reviews
(REAL NAME)   

This review is from: Building a Monitoring Infrastructure with Nagios (Paperback)

Main benefit of this book is that it will teach you many things in a short time. You might want to purchase it if you want a quick start on Nagios, and don't plan to use Nagios on larger systems. Also, although the author's (brief?) style has some benefits, it also has some drawbacks.

Things like distributed monitoring, fail-over, passive checks,... are barely touched. If you are installing Nagios for the first time, you probably won't miss these subjects elaborated, because you will want to have it running soon as possible. However, I think the Apress book covers these advanced topics much better, and gives a more comprehensive overview of Nagios. The decision is up to you. I preferred the lengthier book with more things explained, although it was a bit harder to read.

One more thing that I disliked was that for Passive checks author references Chapter 2. I couldn't find anything about passive checks there, so I checked the Index. No mention of them there either. I gave this book a relatively bad review due to this kind of unclear issues and for the lack of distributed monitoring and failover coverage, which I think is very important for a monitoring system in a serious installation.

As said, some things are better in this book than in Apress one (like ie. Windows check explanation), but in general, Apress book left a better impression on me.