Monitoring network bandwidth using Nagios

Techies,

I hope you all folks are doing well. While I enjoy my Halloween vacation, I would like to share this post with you that might be of possible interest to you. In this article, we will walk through the procedure of Monitoring network bandwidth using Nagios.

We all know the importance of monitoring Network Bandwidth. Nowadays, many companies use mission critical applications. When it comes in internet world, its rely on Network Infrastructure. As companies infrastructure expands, it is increasingly important we should implement strict monitoring and analysis of network traffic.

Whether it is a small organization or large corporate LAN, the implementation of a system that monitors a network is of utmost importance. Strategically configured network monitoring system plays a vital part of productive operations. In order to be proactive rather than reactive, one should be need monitoring and alerting system on their network. Generally monitoring techniques can be categorized as router based and non router based. In router based, the whole network can be monitored from a managed device for instance, a Router. It has its own built in tool for analyzing the network bandwidth usage. On the other hand, its between two end points in the network. Unlike Router based, Non router based needs additional installation of monitoring tool. There are many tools are available for monitor your entire IT infrastructure. One of the best Open Source version of monitoring software is Nagios. Many consider Nagios as a King of monitoring tool. What makes Nagios unique from others is the vast list of Plugins that can be used for monitoring all types of hardware, services, metrics, and applications. More information can be available on their official website.

Nagios offers different plugins for bandwidth monitoring. One can setup monitoring in different ways. This article is specifically based on the Nagios plugin “check_network_transfer” ( my sincere Thanks to the Developer ) used for network bandwidth monitoring.

Suppose if we want to monitor the network bandwidth of a server and send an alert when it exceeds a threshold value say data transfer rate is over 5Mbps for either Inbound or Outbound traffic, “check_network_transfer” plugin is handy one. Basically Nagios will alert the user when network traffic rate is high.

Since discussing the installation of Nagios and configuring the remote host monitoring is beyond the scope of this article, here we assume that you have setup a Nagios server for monitoring and you want to monitor the network bandwidth for the target machine “Server A” through NRPE daemon.

Like I said earlier, the aim is to monitor the network bandwidth usage of Server A and send an alert when data transfer rate exceeds a threshold value say 5Mbps. When this happens, Nagios will send notification to the Systems Administrator. Admin can take necessary action by analyzing the network activity on the server as part of proactive approach before things get messed up. Otherwise bad things would happen if you just crowbarred the situation in I’m sure.

So what we do is to configure “check_network_transfer” plugin on the target machine Server A. So Nagios server can check the traffic on Server A through NRPE daemon periodically.

For settings this, we can download the “check_network_transfer” plugin via http://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/check_network_transfer/details

Once done, copy the file “check_net_transfer” to location /usr/local/nagios/libexec/ on target machine Server A. Then open NRPE configuration file /usr/local/nagios/etc/nrpe.cfg and append the following line to the existing configuration entries.

command[check_net_transfer]=/usr/local/nagios/libexec/check_net_transfer -i eth0

Where “eth0″ can be replaced with venet0:0 or eth1 etc. Its upto you.

Now take a look at the file “/usr/local/nagios/libexec/check_net_transfer” and there will be two lines as follows

warn= # i.e 20Kbps
crit= # i.e 40KBps

This is where we set the data traffic threshold value. We can set two threshold values. One for warning and other for critical. If we want Nagios to send warning notification when transfer rate is between 5Mbps and 10Mbps and critical alert when transfer rate is above 10Mbps ,we set the warn and crit parameters like as follows.

warn= 5000000 # ie 5Mbps
crit=10000000 # ie 10Mbps

Please note that using this plugin, Nagios will send alert when transfer rate exceeds the threshold value regardless of whether it is Outbound or Inbound traffic.This is all we need to do on the target machine Server A. On Nagios server side, we will define a service for the target machine Server A to monitor the network bandwidth like as follows.

( Again I assume that you have setup basic remote host monitoring and created a configuration file, for example /usr/local/nagios/etc/objects/remotehost.cfg to define the host and service definition for this particular remotehost.

define service {
use local-service host_name Server A
service_description Network IO Alert
check_command check_nrpe!check_net_transfer
}

This will tell Nagios to contact NRPE daemon running on target machine and runs the “check_net_transfer” command to grab information about network bandwidth usage.
Ok You’re done!. Now Nagios will periodically check the network bandwidth rate on your machine’s NIC and will report when there is high data rate as per reference values we had set in the configuration file.

Yep. Its show time. Time has reached to test our network bandwidth alert plugin to see if we are getting the expected results. Here, we will be going to generate some network traffic on our target machine. A Simple way is either copy a big file from the target machine or transfer the file to it via SSH.
Lets create a big file of size 4GB using dd command, so it can be copied to the target machine in order to generate some network traffic.

[root@nagris ~]# dd if=/dev/zero of=/nettraff.dump bs=GB count=4
4+0 records in
4+0 records out
4000000000 bytes (4.0 GB) copied, 143.2713 s, 24.3 MB/s

This will create 4GB size on my work station machine.
Now copy the file “nettraff.dump” to the target machine via scp. When this happens, Nagios will check the data transfer rate on the target machine to see if it has exceeded the threshold values. If it has exceeded, we will be getting the alert like as shown in the below image.

nag-mon1

 As we see, Nagios has just notified a critical alert message during the file transfer. If we closely look at the above image, we see the value DOWN :517409.872Kbps which is 51Mbps. This means network traffic has just exceeded the threshold value 10Mps.

Here DOWN means, its an INBOUND network traffic ( data coming to the target machine ). This can be confirmed by running “jnettop” command when data is transferred to the machine.

nag-mon2

 Again if we look at the above image, we will see RXBPS ( RX – Received bytes per second ) value of 56.6Mbps which is considered as high traffic as per our threshold values.

So basically what happened is that Inbound network traffic on our target machine has just exceeded the limit and Nagios notified us.
Now generate some Outbound traffic on the target machine. Like we did earlier, this time we will copy a big file from this target machine to another machine. When this happens again , Nagios will check the data transfer rate on the target machine to see if it has exceeded the threshold values. If it has exceeded the limit, we will be getting the alert like as shown in the below image.

nag-mon3

As we see, Nagios once again notified us a critical alert message during the file transfer. If we closely look at the above image, we see the value UP:446416.960 Kbps which is 44Mbps. This means network traffic has just exceeded the threshold value 10Mps.
Here UP means, its an OUTBOUND network traffic ( data coming out from the target machine ). This can be confirmed by running “jnettop” command when data is being transferred from the machine.
Now confirm it using “jnettop” command like as we did earlier.

nag-mon4

Take a look at the above image, we will now see TXBPS ( TX – Transferred bytes per second ) value of 46.6Mbps which is considered as high traffic as per our threshold values.

So what happened this time is that Outbound network traffic on our target machine has just exceeded the limit and Nagios notified us. In this way, we can monitor both Inbound and Outbound network traffic on a remote host using this Nagios Plugin.

I found this plugin really a worth to use. If you’re looking for something like as mentioned in this post, go ahead and give a try!

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts