Justin Cook

CSOL-570-01-SP20
Assignment 2 – Trade Study of Network Visualization Tools
Step 1
Criteria Weight
The tool must be able to monitor 25
different network services, and
network status.
The tool must be able to monitor 25
statistics on certain hosts on the
network. These statistics should
include hardware performance
metrics, network adapter
performance, disk usage, uptime, etc.
The tool must be able to send emails in 20
real-time to alert administrators on the
current network status, or the
possibility of an attack.
The tool must be able to graphically 20
show statistics and trends, (charts,
figures).
The tool must allow for the 10
customization of certain thresholds
and alerts.
Total 100

Step 2
The above table lists out the set of criteria which will be used to evaluate two different
network visualization tools. These network visualization tools are Nagios Core and Zabbix,
which both provide similar services to monitoring a network and hosts on that network.
Although not mentioned in the criteria, the network visualization tool had to be a free open-
source program. Two other tools that were close to being chosen were Ganglia and Munin,
which also monitor the network and its hosts. In order to choose the best tool to test in a
virtualized lab environment, Nagios Core and Zabbix will be thoroughly evaluated and must
match each section of the criteria.
 Nagios Core is a free open-source application that can run on many distributions of the
Linux operating system. Nagios Core can monitor different network services and devices to
show the state of the network. Switches and routers can be monitored in detail to show packet
loss, round trip average times, and bandwidth/traffic rates. Additionally, Nagios Core can
monitor network hosts and their resources. For example, Nagios Core can monitor services
running on a specific host such as SSH and HTTP, which would be important if there is a web
server on the network. If the network or host services are down, Nagios Core can send email
notifications to administrators in real-time. Alerts can also be configured to react to certain
metrics passing a pre-defined threshold. For example, if the round-trip time between the
Nagios host and a monitored node surpasses 200ms, (the threshold set for round trip time),
then Nagios will send an email alert to administrators. Nagios Core allows thresholds to be set
that defines the status of ok, warning, or error. Nagios Core can show trends and reports for a
specific network host or all hosts on the network. These reports provide data insights and show
the overall status of the network and its hosts over time. Nagios Core satisfies every
requirement in the criteria. Additionally, the installation and configuration process look very
straightforward and there are lots of online resources for administrators to use as a reference.

Zabbix can monitor different network services and the overall state of the network. Like
Nagios Core, Zabbix can scan the network and create visualization maps that show the hosts on
the network. Zabbix uses different methods to monitor detailed host statistics such as CPU
load, logged on users, I/O statistics, and even memory usage statistics. Zabbix is also able to
send email alerts to administrators in real-time from a host or service going down. Zabbix can
produce graphical reports and graphs to represent network/host data as well. Zabbix and
Nagios Core both produce graphs and allow for customizable reports to show trends. Zabbix
allows administrators to customize alerts and thresholds to tailor the software to their specific
environment. Zabbix also satisfies every requirement in the criteria.

Since both software solutions satisfy the criteria set, each feature of Nagios Core and
Zabbix will be compared to choose the better software. T

Step 3
 After comparing both Nagios Core and Zabbix, the decision was made to move forward
with the evaluation of Nagios Core. Although both solutions were very similar, the enhanced
features of Nagios Core and the superior graphing options were the deciding factors.

Step 4

Now that Nagios Core was selected as the Network Visualization tool of choice, the next
step is to configure a host in my virtual environment to serve as a Nagios host and monitor the
other virtual machines in the same LAN. I decided to spin up a new virtual machine to evaluate
and test Nagios Core, just to keep everything isolated from the rest of my environment. The
hardware requirements to run Nagios Core are very minimal, (1GB memory, 1GHz processor),
so I created a new VM running CentOS 8 using the Virtual Box hypervisor.

Once CentOS 8 was installed, I connected the VM to the same NAT network as the other
VMs, with an IP address of 192.168.15.7 and verified connectivity between all 4 virtual
machines. I referenced instructions online to install Nagios Core on CentOS 8. Below are the
steps I used to install Nagios Core.

1. Install the dependencies needed for Nagios Core

yum install -y gcc glibc glibc-common perl httpd php wget gd gd-devel
2. Start the webserver service (HTTPD) and enable that service to automatically start at
boot. Verified that Apache is running by navigating to http://localhost
systemctl start httpd
 systemctl enable httpd

3. The next step is to download the Nagios Core source package, untar the contents and
configure/build the source package
wget -O nagioscore.tar.gz
https://github.com/NagiosEnterprises/nagioscore/archive/nagios-4.4.3.tar.gz
tar xzf nagioscore.tar.gz
cd nagioscore-nagios-4.4.3/
./configure
make all
4. Next, the Nagios user and group need to be created and the Apache user needs to be a
part of the Nagios group.
make install-group-users
usermod -a -G nagios apache
5. Now the binary files and HTML files need to be installed with the following commands.
make install
make install-daemoninit
6. The following commands are used to configure the external command file, a sample
config file, and the Apache-Nagios configuration file
make install-commandmode
make install-config
make install-webconf
7. This step creates a nagiosadmin account to serve as the administrator account for
Nagios Core
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
8. Next, I had to install the dependent packages to run the Nagios plugins.

yum install -y gcc glibc glibc-common make gettext automake autoconf wget openssl-
devel net-snmp net-snmp-utils

9. Once the dependencies were installed using the yum package manager, I downloaded
and extracted the latest version of the Nagios Plugins.
wget --no-check-certificate -O nagios-plugins.tar.gz https://github.com/nagios-
plugins/nagios-plugins/archive/release-2.2.1.tar.gz
tar zxf nagios-plugins.tar.gz
10. Next, I compiled and built, and installed the Nagios plugins
cd nagios-plugins.tar.gz
./tools/setup
./configure
make
make install
11. Now I restarted the apache and Nagios services
systemctl restart httpd.service
systemctl start nagios.service
 12. Now Nagios is running on http://CentOS-Mon/nagios and I am promted to login with the
nagiosadmin account created in step 7

Step 5

Now that Nagios Core is up and running, a few edits can be made to the configuration file which
is stored here: /usr/local/nagios/etc/objects/localhost.cfg
To add a new host to monitor, simply edit the localhost.cfg file and define a new host as shown
below:

After updating the localhost.cfg file, the Nagios service must be restarted for changes to be
reflected in the web interface.

The screenshot above shows the new CentOS-VM host being shown as up, and Nagios is
regularly checking to see if the host is up by testing pings. The ping statistics are shown under
status information, (RTA time, Packet Loss statistics, etc).

Hosts can be placed into objects called Hostgroups, which can make tasks easier for
administrators because certain checks and settings can be applied to a single hostgroup.
Now there is a predefined service running called check_ssh which was originally configured to
monitor the single localhost. I updated that line by applying the service to a hostgroup. This
makes it much quicker to add new hosts since you would just define the host and add it to an
applicable host group, which is already configured to have many checks applied to it.

Now I can see that the check_ssh service is being applied to the entire host_group
I applied several different checks to check for services and additional host-specific information
such as current users logged on, disk space in the root partition, swap usage, and total running
processes. The HTTP service is giving a warning on the CentOS-VM

The warning being shown led me to investigate the CentOS-VM machine, and it turns out that
the HTTPD service was not running:
After restarting the service, the warning message eventually went away:
The commands can be tailored to customize the thresholds to different values. The below
example shows where the threshold is defined.

In order to enable email alerts, the /usr/local/nagios/etc/objects/contacts.cfg file needs to be

updated to send mail to a predefined contact.

The ability to send mail relies on the existence of a mail server somewhere on the network. Getting this
setup to send mail is outside the scope of this assignment, but this is how you would specify who
receives the email alerts.
One of the services is to check the current load on a server. For the server CentOS-VM, I was able to see
log data about the load on the machine. The below screenshot shows that the load average is 0.12
which falls into the OK threshold level.

Nagios Core also provides a network map which shows the hosts on the network with color to
depict their current states:
Nagios Core was configured before I was able to capture enough data to run more detailed
reports. But you are able to run reports custom to a specific host or service, with a
customizable time period option for up to the last month. Below is a screenshot of the total
load of the CentOS-VM for the current day.