Working with the Filter Node Metrics in Nagios¶
Verify that Nagios is successfully monitoring the status of the previously created service:
-
Log in to the Nagios web interface.
-
Go to the services page by clicking on the “Services” link.
-
Make sure that the
wallarm_nginx_abnormal
service is displayed and has the “OK” status:Forcing service check
If the service does not have the “OK” status, you can force a check of the service to confirm its status.
To do this, click on the service name in the “Service” column, and then run the check by selecting “Reschedule the next check of this service” in the “Service Commands” list and entering the necessary parameters.
-
View detailed information about the service by clicking on the link with its name in the “Status” column:
Make sure that the metric value displayed in Nagios (the “Performance Data” row) matches the
wallarm-status
output on the filter node:- Execute the
curl http://127.0.0.8/wallarm-status
command if the default configuration of the statistics service is in use. - Otherwise, see the
/etc/nginx/conf.d/wallarm-status.conf
configuration file (/etc/nginx/wallarm-status.conf
for all-in-one installer) to construct the correct command similar to the one above.
{"requests":0,"attacks":0,"blocked":0,"abnormal":0,"tnt_errors":0,"api_errors":0,"requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,"custom_ruleset_id":4,"proton_instances": { "total":2,"success":2,"fallback":0,"failed":0 },"stalled_workers_count":0,"stalled_workers":[] }
- Execute the
-
Perform a test attack on an application protected by the filter node. To do this, you can send a malicious request to the application either with the curl utility or a browser.
-
Ensure that the “Performance Data” value in Nagios has increased and matches the value displayed by
wallarm-status
on the filter node:{"requests":64,"attacks":16,"blocked":0,"abnormal":64,"tnt_errors":0,"api_errors":0,"requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,"custom_ruleset_id":4,"proton_instances": { "total":2,"success":2,"fallback":0,"failed":0 },"stalled_workers_count":0,"stalled_workers":[] }
Now the values of the curl_json-wallarm_nginx/gauge-abnormal
metric of the filter node are displayed in the service state information in Nagios.
Nagios data visualization
By default, Nagios Core only supports tracking service status (OK
, WARNING
, CRITICAL
). To store and visualize metric values contained in “Performance Data,” you can use third-party utilities, for example, PNP4Nagios.