Skip to content

Working with the Filter Node Metrics in Nagios

Verify that Nagios is successfully monitoring the status of the previously created service:

  1. Log in to the Nagios web interface.

  2. Go to the services page by clicking on the “Services” link.

  3. Make sure that the wallarm_nginx_abnormal service is displayed and has the “OK” status:

    Service status

    Forcing service check

    If the service does not have the “OK” status, you can force a check of the service to confirm its status.

    To do this, click on the service name in the “Service” column, and then run the check by selecting “Reschedule the next check of this service” in the “Service Commands” list and entering the necessary parameters.

  4. View detailed information about the service by clicking on the link with its name in the “Status” column:

    Detailed information about service

    Make sure that the metric value displayed in Nagios (the “Performance Data” row) matches the wallarm-status output on the filter node:

    1. Execute the curl http://127.0.0.8/wallarm-status command if the default configuration of the statistics service is in use.
    2. Otherwise, see the /etc/nginx/conf.d/wallarm-status.conf configuration file (/etc/nginx/wallarm-status.conf for all-in-one installer) to construct the correct command similar to the one above.
    {"requests":0,"attacks":0,"blocked":0,"abnormal":0,"tnt_errors":0,"api_errors":0,"requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,"custom_ruleset_id":4,"proton_instances": { "total":2,"success":2,"fallback":0,"failed":0 },"stalled_workers_count":0,"stalled_workers":[] }
    
  5. Perform a test attack on an application protected by the filter node. To do this, you can send a malicious request to the application either with the curl utility or a browser.

    Example

    curl -I http://node.example.local/etc/passwd
    
  6. Ensure that the “Performance Data” value in Nagios has increased and matches the value displayed by wallarm-status on the filter node:

    {"requests":64,"attacks":16,"blocked":0,"abnormal":64,"tnt_errors":0,"api_errors":0,"requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,"custom_ruleset_id":4,"proton_instances": { "total":2,"success":2,"fallback":0,"failed":0 },"stalled_workers_count":0,"stalled_workers":[] }
    

    Updated Performance Data value

Now the values of the curl_json-wallarm_nginx/gauge-abnormal metric of the filter node are displayed in the service state information in Nagios.

Nagios data visualization

By default, Nagios Core only supports tracking service status (OK, WARNING, CRITICAL). To store and visualize metric values contained in “Performance Data,” you can use third-party utilities, for example, PNP4Nagios.