Zenoss ping issue.

Discussion:

Zenoss ping issue.

cjet

2012-09-12 06:56:29 UTC

cjet [http://community.zenoss.org/people/cjet] created the discussion

"Re: Zenoss ping issue."

To view the discussion, visit: http://community.zenoss.org/message/68531#68531

--------------------------------------------------------------
Hi,

I seem to have this problem with Zenoss Core 4.2. I have several small sites with Checkpoint UTM-1 Edge boxes, which are dropping the ICMP packets down with statement "Payload Null", even though I am monitoring through trusted VPN connection which is bypassing the normal firewall rules.

I am kind of stuck with this problem, and I can not find a way to correct it.
Is there a way to change Zenping ICMP Payload lenght somewhere? Any help would be preciated.
With Zenoss 3.2.1 everything worked like charm, but with new version.......................

I see a lot of events/alerts about 'ip bla-bla-bla down'.
I know that these devices are UP and i can ping them via zencommand
'Command: ping -c2 {device/manageIp}'. I've tried to restart
zenping daemon but it does not help.
What can be the cause of the problem?

I've seen occurrences where firewalls that are capable of deep packet
inspection specifically drop the ICMP echo request packets sent by
zenping because they don't contain the same kind of payloads seen in
ordinary ICMP echo requests sent by the ping command line utilities in
common operating systems.
The best thing to do if you think Zenoss is incorrectly marking
devices as ping down when you know that they are not would be to
capture the packets with tcpdump or wire shark or whatever sniffer
you're accustomed to using. Typically you will see that Zenoss sends
the ICMP echo request, but never gets the ICMP echo reply. Normally
this is due to a firewall trying to be too smart.
_______________________________________________
zenoss-users mailing list
http://lists.zenoss.org/mailman/listinfo/zenoss-users http://lists.zenoss.org/mailman/listinfo/zenoss-users

--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68531#68531]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]

COMPUTER KING

2012-09-25 21:27:14 UTC

Permalink

COMPUTER KING [http://community.zenoss.org/people/c0mputerking] created the discussion

"Re: Zenoss ping issue."

To view the discussion, visit: http://community.zenoss.org/message/68743#68743

--------------------------------------------------------------
I am having problems with systems being incorrectly marked as down too might be ping relatedÂ however i am not getting a reponse to my post here.

http://community.zenoss.org/message/68724#68724 http://community.zenoss.org/message/68724#68724

Seems like kindof a big deal as all my devices are incorrectly marked as down might have to switch back to zabbix more reliable and better help from the community over there? as this is not the only issue i am not receiving help for here at ZenOSW
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68743#68743]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]

cjet

2012-09-26 04:17:13 UTC

Permalink

cjet [http://community.zenoss.org/people/cjet] created the discussion

"Re: Zenoss ping issue."

To view the discussion, visit: http://community.zenoss.org/message/68745#68745

--------------------------------------------------------------
COMPUTER KING, you might want to also check this out?
http://community.zenoss.org/thread/18392 http://community.zenoss.org/thread/18392

4.2 has changed a little bit from previous versions, and now uses nmap to ping devices. If you normally ping devices manually, it uses normal ping (and this works), but in automated monitoring nmap does the pinging (which does not work). There is a problem in icmp payload lenght of the nmap pinging.

I had quite many monitored sites with firewall in between, which blocked icmp null payloads. Modifying that one file mentioned in that other thread, allowed me to put some more payload to these icmp packets, which caused devices come back up again when nmap icmp packets got through.

Does this help you?
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68745#68745]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]