Open NAC Core Monitoring

We defined and strongly recommend to have in place monitoring process for every Role (Sensor, Core, Analytics) in any productive environment.

We classify and define different monitoring methods:

  • System resources where is monitored hardware performance and its status.
  • External Network services availability where those are checked from outside.
  • Processes that can be externally monitored that are up and running along with its related events.
  • Health-Check openNAC Core has a internat checks to make sure services are up and running as expected.

In order to understand better how to monitor openNAC Core we recommend to review openNAC Core Architecture section

  • System resources:

    • CPU use
    • Memory use
    • Network use
    • Disk performace and use

  • External Network Services: Check service availability:

    • DNS server (port TCP/53 and UDP/53), if this service is enabled.
    • DHCP server (port UDP/67), if this service is enabled.
    • DHCP-HELPER-READER service (port UDP/67), if this service is enabled.
    • Radius server (port UDP/1812 and UDP/1813)
      • It would be very interesting use a radius connection check with a valid user and credentials.
    • MySQL server (port TCP/3306)
      • iptables firewall would have to be modified to enable access from monitor server to this service.
    • Queues server (port TCP/4730)
      • iptables firewall would have to be modified to enable access from monitor server to this service.
    • HTTP/HTTPS server (port TCP/80 and TCP/443): A part from check the HTTP/HTTPS service, an status page is defined as http://openNACServer/status, where the output would be a JSON like:

Note

{“db”:1,”queue”:{“pending_jobs”:0,”running_jobs”:0,”available_workers”:5}} db field has to be “1”, and @queue@ depending on your queues configuration and usage.

  • Processes and Events to be monitored.

    • httpd
    • krb5kdc
    • Radiusd
    • Opennac
    • Mysqld
    • Radius log evets monitoring:
      • Auth fails more than 100 per minute
      • Errors regarding duplicated request not bigger that 50 per minutes.

  • Health-Check

Different modules are being checked by openNAC Core instances out of the Box, componets such as:

Please Go to to /usr/share/opennac/checkHealth/healthcheck.ini

  • Administration Portal
  • Radius
  • LDAP
  • LDAP Attempts
  • DHCP Server
  • DNS
  • Queues
  • Log Collector
  • BackEnd componets
  • BBDD
  • CollectD
  • NTLM Authentications.
../../../_images/onmonitoring.PNG