What’s in your subnet?

In my /24 development lab subnet we’re constantly bringing up new vms and decommisioning old ones. And sometimes I forget to update nagios with the new hosts to monitor. Here’s how I remind myself to keep the nagios host list in sync with reality:

define command {
	command_name    check_subnet_nagios_diff
	command_line    /usr/bin/curl -s -H "$(cat <my_basic_auth_header_content_from_file>)" "http://localhost/nagios/cgi-bin/objectjson.cgi?query=hostlist&details=true" | /usr/bin/jq -r '.data.hostlist | keys[] as $k | (.[$k] | .address)' | /bin/grep '<my ip range pattern>' | /usr/bin/sort -V > /tmp/check_subnet_nagios_diff_1 && /usr/bin/nmap -n -sn <my ip CIDR range> -oG - | /usr/bin/awk '/Up$/{print $2}' | /usr/bin/sort -V > /tmp/check_subnet_nagios_diff_2 && /usr/bin/test `/usr/bin/diff -u /tmp/check_subnet_nagios_diff_1 /tmp/check_subnet_nagios_diff_2 | /usr/bin/awk '{if(NR>2)print}' | /usr/bin/tee /dev/stderr | /usr/bin/wc -l` -eq 0 && echo "OK"
}

It’s a long command, and won’t win any awards for readability, but essentially we’re querying Nagios for a complete list of hosts that we currently monitor, then we’re running an nmap scan of the subnet, and then we’re diffing the result. If there’s a difference between the two, alert!

Note

In the above snipet, you’d of course need to provide your own file containing your nagios user basic auth header, the ip range to limit the diff to, and your subnet’s range in CIDR notitation.

When sorting a list of IP addresses, use the -V option.

Here’s a great resource on learning more about the Nagios API.