2007 May 05 - Sat
Post Processing NMAP2Nagios Output
nmap2nagios is a module available from Nagios ExchangeK
(I seem to recall). From an nmap based network scan, it generates information useful for import into Nagios. I
needed to muck with the output somewhat in order to remove redundant references and other stuff. I'm sure there is a
better way to do this, but this what I ended up with. If nothing else, it was a good introduction to the command
line edit utility 'sed'.
On the network I was processing, device names had 'ilo' in them. I needed to remove them from the listing. I
edited nmap2nagios.pl and did the following:
#!/usr/bin/perl -w
#line 126
my $n = $host_ref->{'host_name'};
print '** name ' . $n;
print ' done' . "\n";
next if ($n =~ /^ilo/);
I took a bunch of stuff out of nmap2nagios.conf.
I created a file called 'scanlo.sed' with the following content to remove references to printer and altiris stuff:
/portid="443/ {s/name="http"/name="https"/}
/portid="280/ {s/name="http"/name="hpweb1"/}
/portid="631/ {s/name="http"/name="hpweb2"/}
/portid="902/ {s/name="ftp"/name="altirisftp1"/}
/portid="912/ {s/name="ftp"/name="altirisftp2"/}
I then ran the following sequence of commands. nmap does the network scan with the given segment.
Some inline editing is performed with sed. nmap2nagios creates another file, which is then copied to
the nagios etc directory.
nmap -A -sV -p1-1024 -O -oA scanlo -v 10.1.1.0/24
sed -f scanlo.sed scanlo.xml > scanlo1.xml
/usr/src/nmap2nagios-0.1.2/nmap2nagios.pl -i -v -r scanlo1.xml -o sh1.cfg
sed 's/^>//' sh1.cfg > sh2.cfg
cp sh2.cfg /usr/local/nagios/etc/
For checking ssh services, the following needs to be inserted into checkcommands.cfg:
# 'check_ssh' command definition
define command{
command_name check_ssh
command_line $USER1$/check_ssh $HOSTADDRESS$
}
[/OpenSource/Debian/Monitoring]
permanent link
|
