We have a NAGIOS server on-site here. That is almost all we know about it! The only other thing we know about it is that every hour it sends three emails to the I.T. Department saying there's a problem with one of our switches.
I'm after a couple of basics like; How do I find it? What is it I'm looking for? The emails come from 'firstname.lastname@example.org' and we have a server in AD called 'orwellserver' so is that it? It's not ping-able, VNC-able, telnet-able or http-able so how do you use it?
I've found loads of stuff around the 'net about NAGIOS, but they all assume you actually know physically where it is, which is of course fair enough!
Any help would be very much appreciated!
The not pingable part is a little worrying (unless there's a firewall configured on it), check the mail headers to be sure you have the correct IP (that you're pinging orwellserver and getting).
I would not expect VNC or Telnet to work but would expect SSH on port 22 at the very least. (You can try and telnet to it on port 22 and see if you get an answer but you'll need an ssh client such as putty to talk to it properly).
You physically don't know where this server is?
Just because the emails are coming from email@example.com it does not mean the server is called orwellserver.localdomain
Look in your switches snmp config. Are there any IP addresses specified as trap destinations you don't recognise? Allowed hosts for snmp query?
Fire up Wireshark and look for an IP that periodically (every ten minutes or so) makes snmp queries to different devices. It should stand out. From that you can get mac address and then can query the mac table on each switch until you find the port it's attached to.
kmount - I'll give that a go.
plexer - Correct! It's called "taking over from someone who left unexpectedly who had taken over from someone who is now dead".
somabc - I know, but I was hoping it was more than a coincedence.
pete - I'll give that a go too!
Thank you to all of you for your time and suggestions :)
Nagios uses it's own mailer service so check the header info from your alert emails for the sending IP address. This should tell you what the IP of the nagios machine is - a starting point. you can then try ping, tracert , arp etc to glean more info