Network Monitoring and Management - Open Source Tools - An Overview - Web Wizard Design - Presentation created using Slidy (W3C)

Network Monitoring and Network Management

Open Source Tools - An Overview

Net-SNMP, Cacti, Nagios, SNMPTT, and Puppet

CHUUG - March 27, 2007

Max Schubert (a.k.a. perldork)

Two Types of Information We Care About

Two Ways We Monitor Devices

SNMP - Simple Network Management Protocol

SNMP GET and Polling

SNMP Traps and Fault Management

SNMP - Versions and Security Considerations - v1 and v2c

A community string is a plain text password. Only use v1 and v2c with trusted users in trusted security zones.

SNMP - Versions and Security Considerations - v3

SNMP - Security - Summary


Net-SNMP is an Open Source SNMP agent and suite of SNMP tools. It is flexible, powerful, and available for Unix, Linux, and Windows. The Windows port offers fewer features than the *nix versions do at this time.

Advantages Disadvantages

SNMPTT - SNMP Trap Translator

SNMPTT is a perl-based Net-SNMP trap translator and filtering framework. It ingests traps processed by snmptrapd (part of the Net-SNMP framework) and does the following:

Cacti - Open Source "Trend Anything" Tool



Cacti is an open-source trending tool. It uses a round-robin database utility and library called RRDTool ( to store data efficiently.

Cacti can be used to trend anything you can get data from with a script. It also offers a wide array of plugins that extend it's functionality to a much broader scope than just trending.

Cacti - Built-in Functionality - Trending


Cacti - Trending - Daily

Cacti - Trending - Preview Mode

Cacti - Trending - Tree Mode

Cacti - Ingesting data into Cacti

Cacti - Ingesting data into Cacti - Data Input Screen

Cacti friendly output

bash$ perl /var/www/html/cacti/scripts/snmpg power-supply-failure
value:power-supply-failure count:18

Cacti - Making graphs

Cacti - Plugins and Addons

Cacti plugins and add-ons extend the functionality of Cacti in a variety of different ways, extending it in some cases to be much more than just a trending tool.

Primary plugin repository is

Cacti - Plugins - MAC Track

Easily track and search MAC address to IP address mappings on switches in an organization.

Cacti - Plugins - THold

Cacti displays and emails alerts based on high / low threshold breaches for any element you trend on with Cacti.

Cacti - Plugins - THold - Sample Email

Load average over threshold

Cacti - Plugins - Network Weathermap

Display bandwidth utilization between network devices on your networks in an easy-to-read graphical format.

Cacti - Plugins - Manage

Basic TCP service monitoring. Pretty GUI interface, you can group hosts into logic groups, associate custom icons with devices. Useful if you do not want to install a separate fault management tool.


Network and System Fault Management

Nagios - Overview

Nagios is a very flexible, extensible fault manager. It allows administrators to easily create a visual map of their network and check the status of any device or service that can be reached / checked with a script.

Nagios - Network visualization

Nagios allows administrators to create a living map of their networks. Device icons change colors on the map as device statuses change.

Nagios - Configuration Overview

define host{
    use                     generic-host  ; Name of host template to use
    check_command           check-host-alive
    max_check_attempts      10
    notification_interval   120
    notification_period     24x7
    notification_options    d,r
    contact_groups  webeagle

define hostextinfo{
    notes           Web Wizard Design - web host
    icon_image      cp/ensim.jpg
    icon_image_alt  Web Wizard Design - web host
    statusmap_image cp/ensim.jpg

Nagios - Checks Overview

Example of communicating exit status

my $vers = ($header =~ m#(\d+\.\d+\.\d+)#)[0];

if ($status == 401 && $vers) {
    print "cPanel OK: cPanel version $vers\n";
    exit $ERRORS{'OK'};

if ($status != 401 && $vers) {
   print "WARN: cPanel version $vers: returned HTTP status $status, not 401\n";
   exit $ERRORS{'WARNING'};

if ($status == 401 && $vers eq '') {
   print "ERROR: GUI not available (expected content not found)\n";
   exit $ERRORS{'CRITICAL'};

Nagios - Checks Overview - Status Detail Screen

Nagios - Reports

Nagios offers a useful handful of built-in reports, including

Nagios - Reports - Availability

Nagios - Reports - Trends

Nagios - Addons

A wide variety of add-ons are available for Nagios. They extend Nagios in many interesting and useful ways. Many are available for download on the Nagios Exchange site.

Nagios - Addons - Nagvis

Nagios visualization framework. NagVis can read data directly from the Nagios CGIs or it can read from database tables created with NDO (Nagios Data Out), a database backend plugin for Nagios that makes use of the Nagios event broker framework.

Nagios - Addons - NagioSQL

NagioSQL is a web-based, graphical configuration front-end for Nagios. Configuration data is written to a MySQL database and then written out to Nagios configuration files. Stable program, last release was in 2005.

Nagios Addons - NagTrap

NagTrap displays data captured in a MySQL database, data is inserted into the database by SNMPTT ( Includes a script that can send traps to Nagios as passive checks.


Puppet is a configuration management, system administration automation, and system integrity tool. It runs on a wide variety of Unix and Unix-like operating systems. Puppet uses a very flexible and powerful configuration language that allows an administrator to describe managed system configurations in a very readable, easy to understand format.

Puppet - Framework Overview

Puppet - Portable

Runs on many flavors of Unix and Unix-like operating systems

No port to Windows yet (hoping this will happen soon)

Puppet - Configuration Management

For all the items listed here, can also watch to make sure items do not exist.

Puppet - Example configuration snippets - Exec With Notify

Rebuild /etc/aliases when it changes

class mail_files {

  file {

        source => "puppet://$fileserver/all/etc/mail/aliases",
        ensure => file, owner => root, group => bin,
        checksum => md5, mode => 644;

        target => "./mail/aliases", ensure => link;

  # Rebuild the database, but only when the file changes
  exec { 
        subscribe => file["/etc/mail/aliases"],
        refreshonly => true;


Puppet - Example configuration snippets - Tidy Task

Remove Tomcat log files that are older than 60 days

class tomcat5 {

    tidy {
            age => '61d',
            recurse => true,
            path => '/usr/local/tomcat5/logs',
            type => ctime;


Puppet - Example configuration snippets - Custom Task With Exec

Remove any build tar.gz files that are older than 3 days, run when /usr/local/myapp changes

file {
      checksum => md5,
      ensure => directory,
      mode => 755,
      owner => root,
      group => root

exec {
  "ruby -e 'Dir::glob(%q{/usr/local/myapp/*.tgz}) { |f| File::unlink(f) if File::
ctime(f).to_i < (Time::now() - (60*60*24*3)).to_i'":
  path => '/usr/local/bin:/usr/bin:/bin',
  subscribe => file['/usr/local/myapp'],
  refreshonly => true

Puppet - Sample initial setup workflow

Puppet - Missing / incomplete features

Open Source Fault Management / Trending Alternatives Worth Investigating

The number of open source projects focused on network fault management and trending is growing very rapidly. The programs I gave an overview of here are just a small sampling of the programs available. Here are a few others you might want to check out.

Worthwhile Commercial Solutions


Feel free to email any questions / corrections you might have that come up after this presentation to

This presentation is available online at

Thank You!

Drool cloths available to those of you who fell asleep during the time I was talking.