Detritus

Archive for the ‘Networking’ Category

Ok, so DHCP is a great tool. it can also cause havok on your network when it shows up unintentionally. Since network access control isn’t always an option for some of us we will have to find ways to detect an additional dhcp server.

Nagios’ default check_dhcp service check only makes sure that dhcp is available, but it does have a nice feature that provides verbose output. We can easily leverage that feature with our own code to detect the presence of a rogue server.

#!/usr/bin/perl
use POSIX;
use lib "/usr/lib/nagios/plugins";
use utils qw(%ERRORS);
use Switch;
my $responses;
my @check_dhcp = qx{/usr/lib/nagios/plugins/check_dhcp -v};
foreach $value (@check_dhcp) {
if ($value =~ /DHCPOFFER from IP address/i){
        $value =~ m/(\d+\.\d+\.\d+\.\d+)/i;
        switch ($1) {

                case "10.1.1.20"{ $responses = $responses +1; }
                case "10.1.1.30"{ $responses = $responses +1; }
                else { print "SERVICE STATUS:CRITICAL: DHCP service running on $1";
                       exit $ERRORS{'CRITICAL'} }
        }
}
}
print "SERVICE STATUS:OK: $responses Expected Responses to DHCP Broadcast";
exit $ERRORS{'OK'};

Thats it. When check_dhcp runs with the verbose flag (-v) it provides us with all the responses to the dhcp broadcast. We run this output through a regex to get the lines pertaining to the servers that offered leases and then run those through a switch to compare to known dhcp servers.

The only caveat I have found with this setup is that the check command in commands.cfg wasn’t happy until it read:

command_line perl  '/usr/lib/nagios/plugins/check_rogue_dhcp'

So, now we will know about an errant dhcp server before we see users dropping off the network like flies.

About two years ago i needed to get Nagios started on a decent sized network. The proposition of having to configure a few hundred switches for monitoring manually wasn’t very appealing. That’s a lot of configuration files to create.

I decided that a perl script would be the best option to get me going. I would feed the script a list of IP addresses and it would puke out a configuration file for each switch.

Here is a watered down version of the script:

#!/usr/bin/perl

$hostgroup = "Distribution";

sub makefile{
	local($record) = @_;
	chomp($record);
$switchdef = <<END;
# Define the switch that we'll be monitoring
define host{
	use             generic-switch;
	host_name       $record;
	alias           $record;;
	address         $record;;
	hostgroups      $hostgroup;
	}
# Create a service to PING to switch
define service{
	use                     generic-service ;
	host_name               $ip;
	service_description     PING;
	check_command           check_ping!200.0,20%!600.0,60%;
	normal_check_interval   2;
	retry_check_interval    1;
	}
END
$filename = $record.".cfg";
open (FILE2, ">$filename");
	print FILE2 $switchdef;
close FILE2;
}
open (FILE, "switches.txt");
   while ($record = ) {
   makefile($record);
  }
   close(FILE);

In a matter of 15 minutes I had our entire network being monitored minimally. I could see if something went down or if latency was beyond thresholds. This probably isn’t the easiest way to do things, but it got the job done and rather than relying on end users to be our network monitor help desk staff can let the end user know that we are aware of the issue and engineers have been dispatched.

Download this code: bulkconfig.pl