Nagios StartUp Guide

Nagios
StartUpGuide
Nagiosistheindustrystandardformonitoringnetworkinfrastructure.TheNagiosStart
UpGuideprovidesthefoundationforinstallationandinitialconfigurationofNagios.In
addition,instructiononthethemonitoringofLinuxandWindowsmachinesisprovided.
CopyrightandTrademarkInformation
NagiosisaregisteredtrademarkofNagiosEnterprises.LinuxisaregisteredtrademarkofLinusTorvalds.Ubuntu
registeredtrademarkswithCanonical.WindowsisaregisteredtrademarkofMicrosoftInc.Allotherbrandnames
andtrademarksarepropertiesoftheirrespectiveowners.
Theinformationcontainedinthismanualrepresentsourbesteffortsataccuracy,butwedonotassumeliabilityor
responsibilityforanyerrorsthatmayappearinthismanual.
DateofManualVersion:February2,2011
Table of Contents
Introduction................................................................................................................................................1
NagiosMonitoringSolutions............................................................................................................1
CriticalDecisions............................................................................................................................1
NagiosTerminology...................................................................................................................................9
ServiceandHostCheckOptions....................................................................................................13
BasicNagiosConfiguration.....................................................................................................................15
InstallingFromSource....................................................................................................................15
InitialSetUp...................................................................................................................................17
NagiosCheckTriangle....................................................................................................................19
AdministrationTasks................................................................................................................................23
Authentication.................................................................................................................................23
ScheduledDowntime.....................................................................................................................27
HostGroups....................................................................................................................................30
ServiceGroups...............................................................................................................................33
MonitoringPublicPorts...........................................................................................................................35
check_ping......................................................................................................................................36
check_tcp........................................................................................................................................36
check_http.......................................................................................................................................37
MonitorLinuxwithNRPE.......................................................................................................................41
SetUptheHosttobeMonitoredwithNRPE.................................................................................41
SetUptheNagiosServer................................................................................................................45
MonitoringWindowswithNSClient++...................................................................................................49
InstallationofNSClient++..............................................................................................................49
NSClient++andNRPE...................................................................................................................51
InternalNSClient++Functions......................................................................................................53
NSClient++andcheck_nt...............................................................................................................55
NSCLient++Password..................................................................................................................60
Introduction1
Introduction
Nagiosisbothapowerfulandflexibletoolformonitoringdevicesandapplicationsonthosedevices.Thepowerof
Nagiosisintheabilitytomonitormanydifferentnetworkdevicesatonetimeusingvariousmethodstomonitorthose
devices.TheflexibilityofNagiosprovidesanadministratorthetoolstomonitorjustaboutanythingthatisconnected
toanetwork.Inaddition,Nagiosallowstheadministratortomonitorboththeinternalsandtheapplicationprocesses
onthosedevices.Monitoringwouldnotbecompletewithoutmultiplemethodsforcontactingadministratorswhich
Nagiosalsoprovides.
Nagios Monitoring Solutions

NagiosCoreisthefoundationalapplicationthatprovidesthemonitoringandalertingoptionsthatNagiosisknown
for.NagiosCorecontainsthearchitecturethatenablesflexibilityinmonitoringandinextendingthecapabilitiesof
Nagioswithotherapplications.TheflexibilityofNagiosCoreallowsyoutouseittoperformandschedulechecks,
performeventhandlingandalertadministratorsasneeded.TheNagioswebinterfacewhichusesCGIbydefaultcan
bemodifiedtouseaMySQLdatabaseasthebackend.Thefrontendcanbemodifiedwithcustomoptionstoprovide
thelookandfeelthatanorganizationneeds.NagisoCorebydesignfeaturesandsupportsmanydifferentaddonsthat
canbeusedwithit.NagiosCoreisanOpenSourceSoftwarelicensedundertheGNUGPLV2.
NagiosXItakestheNagiosCoreandbuildsuponittocreateanenterpriseclassmonitoringandalertingsolutionthat
iseasiertosetupandconfigure.NagiosXIthrougheasytousenetworkwizardsprovidesinfrastructuremonitoringof
allofanorganizationscriticalhardware,applications,networkdevicesandnetworkmetrics.Thedashboardfeature
allowsyoutoviewtheentireinfrastructurevisuallyasyoumonitoralloftheseservicesanddevices.Youalsohave
thealertingoptionswhichcommunicatetoadministratorswhenservicesandhostshaveproblems.Thetrendingand
hardwarecapacitylimitshelpyoucreateproactivedecisionsaboutthenetworkanddevicesonthenetwork.The
graphicalinterfaceiseasytocustomizetofittheorganizationneedsandbymonitoringthegraphswillhelpyou
predictnetwork,hardwareandapplicationproblems.
ThemajordifferencesbetweenthesemonitoringsolutionsisthatNagiosCoreisanOpenSourceSoftwarethatcanbe
configuredmanuallytoperformthefunctionsofNagiosXIbutitmustbeconfiguredfromthecommandlineand
doesnotprovidetheeasytouseGUIwithwizardsthatareavailableinXI.Ifyouarelookingforaneasytouseand
setupinterfaceNagiosXImaybethesolutionyouarelookingfor.AllNagiossolutionsarebuiltontopoftheNagios
Core.
Critical Decisions
These5elementsrepresentturningpointsinhowyouimplementNagios.Eachturningpointrepresentsadecision
thathasimplicationsinhowNagiosisused.Thinkaboutthesedecisionscarefullyasmakingchangesisalwaysmore
difficultthanstartingintherightdirectionthefirsttime.
1.CompileNagiosvs.InstallfromRepository
ThedecisionofhowyouinstallNagiosisanimportantone.Oneofthemajordecisionsyouneedtomakewith
Nagiosisthemethodofinstall;compilefromsource,installfromanRPMrepositoryorinstallfromaDEBrepository.
Onceyoumakeachoiceyouwillneedtostickwithit.Thereasonforthisisthateachinstallationmethodcreates
differentpathstotheconfigurationfilesandtothebinaries.Forexample:
CopyrightbyNagiosEnterprises,LLC
Cannotbereproducedwithoutwrittenpermission.P.O.Box8154,SaintPaul,MN55108
Introduction2
NAGIOS
Compile
CentOS
Debian/Ubuntu
ProgramLocation
ConfigurationFile
/usr/local/nagios/bin/nagios
/usr/local/nagios/etc/nagios.cfg
/usr/bin/nagios
/etc/nagios/nagios.cfg
/usr/bin/nagios3
/etc/nagios3/nagios.cfg
Plugins
/usr/local/nagios/libexec
/usr/lib/nagios/plugins
/usr/lib/nagios/plugins
FromthisbriefexampleyoucanseethelocationiscompletelydifferentforeachoptionandinthecaseofUbuntuthe
binaryisnameddifferently.ThismeansthatanyadditionalprogramsthatyouimplementwithNagioswillhaveto
coincidewiththeselocationsortheadministratorwillneedtoediteachlinethatindicatesapathinanyadditional
configurationfiles...notnice.
IntheendthedecisioninhowtoinstallNagiosreallyisrelatedtosimplicityofyourinstallandwhatyouwantto
monitor.Foraverysimplesetupitwillworkfine,butifyouwanttogetseriousaboutwhatNagiosanddo,compile.
InordertoprovideinstructionsthatworkacrossmultipleLinuxdistributions,theNagiosStartUpGuide
providesdocumentationforcompilingNagiosandNagiosplugins.
2.MonitorPublicInformationvs.InternalInformation
Publicportsareportsthatareaccessibletoanyone,likeportsforawebserver(80),FTPserver(21)ormailserver
(25).Publicportscanbemonitoredalsobemonitoredbyanyone!Whenaserviceisstartedonaserverthatisa
publicservice,everyonehasaccesstothepublicportunlessfirewallrulespreventit.
Theimplicationstomonitoringpublicportsarethattheyareeasytomonitorbutmaynotprovideallofthedetailthat
isdesired.Theotherimplicationisthattherearenofirewallissuestomonitoringpublicports.TheNagiosserver
firewalliscompletelyblockedtoincomingtrafficunlessitisrelatedtoaconnectionestablishedbytheNagiosserver.
ThismeansyouhavegreatersecurityforaNagiosserverthatisaccessiblefromtheInternet.Italsomeanstheclient
beingmonitoredismoresecureasspecialaccessfortheNagiosserverdoesnothavetobeadded.Insummary,
monitoringpublicportsoffergreatersecuritybutlessinformation.
Incontrast,monitoringinternalaspectsofamachinerequiresanagenttobeinstalledontheclient.Theonlywayto
Introduction3
monitorinternalaspectsofamachineistoinstallanagent,meaningapieceofsoftwarethatfunctionsasadaemon
allowingconnectionsfromtheNagiosserversothatinternalpluginsorscriptsmaybeexecutedandthatinformation
recordedandprovidedtotheNagiosserveronconnection.Hereareseveralagentsthatcanbeused:
SSHthedaemonallowsconnectionsfromtheNagiosserverandreturnsinformationgeneratedbypluginsorscripts
NSCLient++thisagentisinstalledonaWindowsserverorworkstationsothatcommandsexecutedontheWindows
machinecangeneratedinformationandreturnthatinformationtotheNagiosserverwhentheNagiosserverconnects
totheWindowsmachine
NRPE(NagiosRemotePluginExecutor)theNRPEagentisinstalledontheremotemachinetoallowNagiosto
connectandobtaininformationgeneratedbypluginsthathaveexecutedinternallyorscriptsthathaveexecuted
SNMP(SimpleNetworkManagementProtocol)WhenSNMPisusedtomonitorremoteserversanagentmustbe
installedinorderforinformationprovidedinternallycanbecollectedbytheNagiosserver.Note,thisisnotthecase
whenSNMPgeneratestrapsandsendstheinformationtoanothermachine.
check_mkThecheck_mkagentmustbeaddedtotheWindowsorLinuxboxinorderforcheck_mktocollectthe
informationandprovideittotheNagiosserver.
Eachoftheseagentsoperateonseparateportsandwhichmeansthefirewallonthemachinetobemonitoredmustbe
alteredtoallowNagiostoconnectandretrieveinformation.
Insummary,monitoringinternalaspectsofamachineprovidesgreaterinformationbutrequiresanagenttobe
installedaswellassecuritytobealteredtoallowtheNagiosservertoconnect.
Introduction4
3.Activevs.PassiveChecks
Thereareseveralaspectstoconsiderwhendecidingonusingactiveorpassivechecks.Note,youcanusebothifyou
choose.ActivechecksareinitiatedbytheNagiosserver.TheNagiosserverdeterminesthetimeandthefrequencyfor
thechecks.Activechecksthatuseonlypublicportsrequirenomodification.However,wheninternalaspectsare
monitoredtheserverthatismonitoredmustnotonlyhaveanagentinstalledtoinitiateanyinternalpluginsorscripts
onthemachinebutthefirewallwillneedtobemodifiedtoallowNagiostoconnectontheagentports.
Passivechecksrequirethattheservertobemonitorednotonlyinitiatesthescripttocheckinternalaspectsbutalso
initiatetheconnectiontotheNagiosserver.Thisisthetypeofconnectionyouwouldwanttouseifasecurityevent
occurredontheserverthatismonitored.Anysecurityeventswouldrequireimmediatenotificationtominimizethe
impact.
Introduction5
4.NagiosAccessiblefromInternetvs.Not
ManyadministratorsdonotuseafirewallontheNagiosserverasitisonaninternalnetwork,orVPN,soitisnot
considerednecessary.Inreality,NagiosshouldalwayshaveafirewallinordertoprotectitasacompromisedNagios
serverhasgraveimplicationsforanetworkthatitismonitoring.
IfaNagiosserverisaccessiblefromtheInternetsecurityshouldbecarefullyconsidered.Severalaspectsof
securitymustbeimplemented:
*limitedaccesstothewebinterface
*limitedaccesstoSSHoranyothermethodsofconnectingtotheserver
*SSLforpasswordauthentication
*ModSecuritytoprotectauthentication,SQLinjectionandlimitaccess
5.NagiosCorevs.XI
NagiosCoreistheOpenSourceversionofNagioswhichcanbefreelydownloadedandimplementedinanywaythe
administratorseesfit.TheNagiosCoreisextremelyflexibleandprovidesyouaccesstocreate,configureand
implementatwill.
Introduction6
OneofthebiggestadvantagesofNagiosCoreisthatbythetimeyougetpluginsworking,yesthatdoessound
ominous,youareabletotroubleshootwhenproblemsoccur.Thisadvantagecannotbeoverstatedasbecominga
Nagiosmechanicisanextremelyvaluableassettoanyorganization.NagiosCoreallowstheadministratoralmost
unlimitedabilitiesincreatingandmonitoringdevicesandservicesonthosedevices.Coreprovidesthestructureto
implementalloftheaspectsofXIbuttodoitinawaythatfitstheorganization.
ThegreatestdisadvantageofNagiosCoreisdevelopingthenecessaryskillstomonitorthedevicesandtheaspectsof
thosedevicesthatarenecessary.Ittakesagreatdealoftimeandmeticulousimplementationofscriptsandpluginsto
arriveattheworkingNagiosmonitoringsystemthatmanyorganizationsneed.Thisiscompoundedbythefactthat
mostorganizationsdonothaveanyideaofhowcomplexsomeimplementationscanbeforNagiosandtheir
expectationsforstaffareoftennotrealistic.
TheXIinterfaceisthecommercialversionthatprovideswizardsforsettingupthepluginsmakingitmucheasierto
setupquicklyandalsoimplementchecksthatyoumaynottotallyunderstandhowtheywork.
ThegreatestadvantageofXIisthatitgetsanorganizationupandrunningquickly.Thewizardsworkverywelland
provideintuitivesupportinimplementingNRPE,SNMP,NSCLient++,etc.However,thisisnotanautomaticsetup
assomebasicinformationandunderstandingarerequired.
TherearethreedisadvantagestoXI.First,ofcourse,itisacommercialversionthatmustbepurchased.Thedemo
doesallowtheusefor7devices,however.Thesecondmoreimportantdisadvantageisthatifyoursetupbreaksor
thereisanerror,itmustbecorrected.Thatcreatesapainfulsituationinthattheorganizationmusteitherpurchase
supportorwaituntiltheadministratorcanfigureitout.Thethirddisadvantageisthattheinterfaceisstructuredina
certainwaythatmaynotbewhatanorganizationneeds.NagiosCoreallowsyoutoimplementadesignthatworksin
aspecialwayneededbyanorganization.
Introduction7
Insummary,ifanorganizationisshortontimeandhastheresources,XIisagreatchoice.Ontheotherhand,ifan
organizationhasthetimeandtherightpeopletheresultscanbemoreproductiveandprobablysavemoneyinthelong
run.
Conclusion:
Turningpointsdeterminemanysignificantdecisions.Givecarefulthoughttohowtheseturningpointsareselected
andconsiderthelongtermbecauseitiseasiertoimplementaninstallationbyplanningahead
Introduction8
NagiosTerminology9
Nagios Terminology
plugins
Nagiosusesplugins,orcompiledexecutablesthatcanusedtocheckservicesandhostsonyournetwork.Pluginscan
bedevelopedusingPerl,shellscripts,etc.PluginsprovidecommunicationbetweentheNagiosdaemonandthehosts
andserviceoptionsyouwanttocheck.Therearemanydifferentpluginsavailable.Eachpluginmustbeconfigured
specificallyforthehostandserviceyouchoosetoevaluate.Pluginsdonotcomeinthenagiospackagebutare
providedinaseparatepackagecallednagiosplugins.Youcandownloadfromtheselocations.
NagiosPlugins
OfficialNagiosPlugins
NagiosPluginDownloads
NagiosExchange
http://nagiosplugins.org/
http://www.nagios.org/download/
http://exchange.nagios.org/
Currentlythepluginsprovidedinthenagiospluginspackageprovidesabout70plugins.Thiscertainlyprovidesyou
withadequatepluginstogetstarted.
Ifyouneedtofindoutmoreinformationaboutaspecificpluginyoucanusethiscommand:
./check_pinghelp
check_pingv1.4.15(nagiosplugins1.4.15)
Copyright(c)1999EthanGalstad<nagios@nagios.org>
Copyright(c)20002007NagiosPluginDevelopmentTeam
<nagiosplugdevel@lists.sourceforge.net>
Usepingtocheckconnectionstatisticsforaremotehost.
Usage:
check_pingH<host_address>w<wrta>,<wpl>%c<crta>,<cpl>%
[ppackets][ttimeout][4|6]
Options:
h,help
Printdetailedhelpscreen
V,version
Printversioninformation
4,useipv4
UseIPv4connection
6,useipv6
UseIPv6connection
H,hostname=HOST
hosttoping
w,warning=THRESHOLD
warningthresholdpair
c,critical=THRESHOLD
criticalthresholdpair
p,packets=INTEGER
numberofICMPECHOpacketstosend(Default:5)
L,link
showHTMLinthepluginoutput(obsoletedbyurlize)
NagiosTerminology10
t,timeout=INTEGER
Secondsbeforeconnectiontimesout(default:10)
host
Ahostisaserver,switch,router,printeroranyothernetworkdevicethatyouwanttomonitor.NagiosrequiresanIP
AddressforthehostoraFQDN(FullyQualifiedDomainName)todeterminetheexactlocationofthedevice.Each
hostmustalsohaveauniquenamethatwilltiethehostnamereferencetotheIPAddressofFQDN.Thehost
informationisrequiredfortheservicedefinition.
service
ServicesrefertochecksthatoccuronadevicewhichmaymonitorinternalaspectsofthedevicelikeCPUusageor
memoryandalsorefertochecksonapplicationswhichexistonthedevicesuchasMySQLorPostfix.
contact
ContactsaretheindividualadministratorsthatarenotifiedbyNagiosbecauseofahostorserviceproblemusingthe
contactgroup.Thecontactinformationprovidesawaytocommunicatetotheadministrator.Contactsisalsoawayto
managewhichadministratorscanseehostsandservicesonthewebinterfaceastheymustbelistedascontactsin
ordertoviewspecificinformationondevices.
contactgroup
Thesegroupsaretheconnectionbetweendetectedproblemsandcommunicationswithindividualsinthegroup.
Reachability
Nagioshastheabilitytodetermineifahostisinadownstateorifitisinanunreachablestate.Thepractical
implicationsofbothofthesestatesisthesame,stuffdoesnotwork.However,thetroubleshootingaspectisquite
different.Ifahostisdown,thenofcoursetheadministratorneedstoinvestigatethehostspecifically.However,ifa
networkdeviceisdownorsoheavilyloadeditrestrictscommunicationthenthenetworkadministratorneedstofocus
onthenetworkdevicesandrelatedissues.Soreachabilityisconcernedwiththeoverallnetworkhealthandhowit
impactsyourmonitoredhosts.
Nagiosisabletodiscernthenetworkstructureandhowitaltersthesedownstatesandunreachablestatesby
understandingthepathfordatapacketsonthenetwork.Inotherwords,Nagiosneedstoknowhow
equipmentisconnectedbecausethatwillhelpdeterminethesituation.Thisisdonebymakingareferencetothe
parent/childrelationshipsofconnectednetworkdevices.
NagiosneedstobeabletostarttracingthepathofthedatapacketfromtheNagiosserver(hostname)tothenext
deviceandthenextdevice.Sothefirststepinsettingthisupiscreatinganentryfor
Nagiosinthehosts.cfgfile.
definehost{
host_name
}
nagios
OfcourseyouwanttoprovidethehostnameofyourNagiosserverwhichyoucandeterminewiththecommand:
hostname
ThenextstepinconfigurationistolookattheIPAddressandhostnameofthenextnetworkdevice.IfNagiosis
NagiosTerminology11
connectedtoaswitchthenthatshouldbealsoconfiguredwithahostdefinition.Thedifferenceisthatyouwanttotell
Nagiosthattheparentofthatswitchdeviceisthehostnamenagios.
definehost{
host_name
parents
}
ciscoswitch
nagios
YoucanonlyadddevicesthathavetheabilitytobeassignedanIPAddressand/orahostname.
ThekeyinthedesignisrecognizingthenetworkconfigurationandtellingNagioswhichistheparent,ornetwork
device,directlyabovethehostyouareworkingwith.Onceyourdatapackethitsyourexternalinterfaceonyourrouter
youcannotspecifyroutersontheInternetasthepathwillvarydependinguponbestroute.Soifyouweretracingthe
datapacketpathfromNagiostoaremotedeviceyouwouldneedtoindicatetheIPAddressoftheexternalrouter
connectingthedevicetotheInternet.
VolatileService
Avolatileserviceisaservicethatwillautomaticallyreturnitselftoan"OK"statuswhenitischecked.Oritisa
servicethatneedstobecheckedbyanadministratoroneachoccurrence,likeasecurityevent.
flapping
AflappingstateiswhenaserviceorhostchangesfromanOKstatetoCRITICALstaterapidly.Thesechanging
stateswillsendmultitudesofnotificationstoadministratorswhichcanbenonproductive.Whenflappingisdetected
Nagioswillrecognizethechangingstatesandmoveintoastateofflappingwhichprovidesadditionaloptionsforan
administratorwhichcouldallowunwantednotifications.
InordertodetectthisflappingstateNagiossavesinmemory21checksforeachhostandservice.Nagiosreviewsthe
last20changestodetermineifthehostorserviceischangingstatesbasedonapercentage.Inthisreviewofstatesthe
morerecentchecksareprovidedagreaterweightthantheolderchecksasthisisprobablymoreimportanttoan
administrator.Nagiosalsoprovidestwothresholdsfora
serviceandahostsothatanadministratorcansetan
upperandlowerthresholdwhichmeansthatwhenthe
serviceorhostgoesabovetheupperthresholdNagios
recognizesthisasstateflappingwhichmeans
notificationswillbestopped,anentryinthelogis
createdandacommentisplacedinthewebinterfacesoit
canbereviewedbyadministrators.Oncethepercentage
goesbelowthelowerlimitthecommentisremovedand
theserviceisreturnedtoanormalstatewithnotifications
enabled.Thisprocesstakesaperiodoftimeoroccur.
Hereisanexampleofaservicethatisflapping.Ifyou
lookcloselyyoucanseethepercentageofstatechange.
Notificationsforthisservicearebeingsuppressed
becauseitwasdetectedashavingbeenflappingbetween
differentstates(24.4%change>=20.0%threshold).
Whentheservicestatestabilizesandtheflappingstops,
NagiosTerminology12
notificationswillbereenabled.
Tomakechangestothesettingsforflapdetection,firstaccessthenagios.cfgfilewhichprovidesglobalsettings.The
firstsettingthatcanbealteredisthatanadministratorcanturnflappingoffbychangingthevalueto0.The
thresholdsmaybemodifiedtomeetspecificrequirementsfortheorganization.Rememberthesethresholdsare
percentagessothelowendis5%,oronestatechangeandtheupperendis20%whichequalsfivestatechanges.
enable_flap_detection=1
low_service_flap_threshold=5.0
high_service_flap_threshold=20.0
low_host_flap_threshold=5.0
high_host_flap_threshold=20.0
Specificchangescouldbemadewiththespecificserviceaswell.Theflap_detection_enabledmustbeincludedto
allowtheoverrideoftheglobalsettings.Thetwothresholdsthenmaybemodifiedtomeettheneedsoftheservice.
defineservice{
usegenericservice
host_namecentos
service_descriptionSMTP
check_commandcheck_smtp
flap_detection_enabled1
low_flap_threshold10.0
high_flap_threshold30.0
}
Thereisanotheroptionthatisavailablewithflapping.Thisoptionallowsanadministratortocontrolwhichstates
indicatedflapping.Thestatesavailableareo(OK),w(WARNING),c(CRITICAL)andu(UNKNOWN).Statesthat
arenotlistedarenottakenintoaccounttodetermineflapping.
flap_detection_options
o,w,c,u
NagiosTerminology13
AsyoucanseeinthisillustrationyoucanalsoDisableflapdetectionforthishostundertheHostCommands.
Thisprovidestheoptiontojustperformthetaskasithappens.Hereistheverificationbeforeyoucommitthechange.
Service and Host Check Options

PublicServiceChecks
ThereareanumberofprotocolsthatexistwhichallowtheNagiosservertotestthemexternally.Forexamplethe
commonport80isavailabletobecheckonanywebserver.
FTP
SSH
port21
port22
NagiosTerminology14
WEB
SMTP
SecureWeb
port80
port25
port443
ThesepublicservicesallowNagiostonotonlychecktoseeiftheportisopenbuttoverifythecorrectapplicationis
runningonthespecificport.Thiscanbedonebecauseeachofthesepublicservicesrunspecificprotocolswhich
providetheinformationneededtomonitorthemcorrectlyandtodifferentiatethemfromotherservicesonthesame
port.
ChecksUsingSSH
NagioscanconnecttoaclientserverusingSSHandthenexecutealocalplugintocheckinternalfunctionsofthe
serverlikeCPUload,memory,processes,etc.TheadvantageofusingSSHisthatchecksaresecureintheconnection
andthetransferofinformation.ThedisadvantageforSSHchecksarethattheytakemoreresourcesthanothercheck
types.
NagiosRemotePluginExecutor
NRPE,NagiosRemotePluginExecutor,executespluginsinternallyontheclientandthenreturnsthatinformationto
theNagiosserver.TheNagiosserverconnectsonport5666inordertoexecutetheinternalcheck.NRPEisprotected
bythexinetddaemonontheclientsothatanadministratorcanrestricttheconnectionstotheNRPEplugins.
MonitoringwithSNMP
SNMP,SimpleNetworkManagementProtocol,isusedextensivelyinnetworkdevices,serverhardwareandsoftware.
SNMPisabletomonitorjustaboutanythingthatconnectstoanetwork,thatistheadvantage.Thedisadvantageis
thatitisnoteasytoworkwith.ThecomplexityofSNMPismadeevenworsebythefactthatvendorswrite
proprietorytoolstomonitorSNMPthatarenoteasilyaccessedusingNagios.SNMPcanbemonitoreddirectlyusing
NagiospluginsorthedeviceitselfcanmonitorySNMPandsendinformationtoSNMPtrapswhichcanbelocatedon
theNagiosserver.ThedifficultiesarefurtheraggrevatedwhenusingtrapsastheSNMPtrapinformationmustbe
translatedintodatathatNagioscanunderstand.
NagiosServiceCheckAcceptor
NSCA,NagiosServiceCheckAcceptor,employsadaemonontheNagiosserverwhichwaitsforinformation
generatedbypassivecheckswhichexecuteindependentlyontheclientbeingmonitoredbyNagios.Theadvantageof
NCSAisthatservicesaremonitoredlocallyindependentoftheNagiosserverandthensenttotheNagiosserverso
thisisagoodoptionwhenafirewallbetweentheNagiosserverandtheclientpreventothertypesofcommunication.
Thedisadvantageisthatpassivechecksusepluginsbutoftenrequirescriptstoexecuteontheclient.
CommunicationcanbeencryptedbetweentheclientandtheNagiosserverandapasswordwillberequiredto
completecommunication.
AnotheruseforNSCAisdistributedmonitoring.Distributedmonitoringallowsawidegeographicalbaseofnetwork
devicestobemonitoredbymultipleNagiosserverswhichuseNSCAtosendservicechecksandhostcheckstoa
centralNagiosserver.
BasicNagiosConfiguration15
Basic Nagios Configuration

ThemanualprovidesstepbystepinstructionsforsettingupaCentOS/RHELbasedserver.Notethatthefile
locationsandthenamesoffilesmaybedifferentdependinguponhowyouinstallNagios.Thismanualisbasedon
compilingNagiosonaCentOSserver.
Installing From Source

Installationfromsourceisaprocesswherethesourcecodethatwasdevelopedbytheprogrammerisconvertedintoa
binaryformatthattheservercanrun.CompilingNagiosisnotasdifficultasitmaysound.Itmayrequireafew
extrastepsinsettingupNagiosbutthereareseveraladvantagesoverusingaRPMrepositoryoraDEBrepository.
ThebiggestadvantageofinstallingfromsourceisthattheinstallationprocesscanberepeatedonalmostanyLinux
distribution.ThisaspectisevenmoreimportantwhenyouconsiderthatwhetheryouinstallfromaRPMrepository
(CentOS)orfromaDEBrepository(Ubuntu)thefilenamesandlocationsforfilesaredifferentineachcase.The
implicationsfordocumentationarethatyoumusttranslateanydocumentationtotheinstallationmethodthatwas
chosen.
Anothersignificantadvantageofcompilingfromsourceisthatyouhavemoreoptionssotheconfigurationmaybe
alteredtomeetspecificrequirements.Ofcourse,anychangestothedefaultsmeanthatthedocumentationsandother
dependenciesmustbeevaluatedperthechangesfromthedefault.
TheinstallationofNagiosmustbeperformedasroot.Inorderforallofthefollowingcommandstoworkbecomeroot
withthecompleterootenvironment.
su
rootpassword
Installfromsourcebyfirstmovingintothedirectorythatyouwanttomaketheinstallationfrom.Thisshouldbea
directorythatyoucancleanupwhenyouhavecompiledNagios.Thesourcesfilesfromthisdirectorycanberemoved
oncetheinstallationiscomplete.Forthisreasonmanyuserscreatedownloaddirectories,usethe/optdirectoryor
the/tmpdirectory.Inthisexamplethe/usr/local/srcdirectoryisused.
cd/usr/local/src
Thesourcecodethatisdownloadedisintheformofatarballandcompressedsoitisintheformofatar.gzfile.The
wgetcommandisusedtopullthesourcecodedownfromthewebsite.
wgethttp://sourceforge.net/projects/nagios/files/nagios3.x/nagios
3.2.3/nagios3.2.3.tar.gz/download
wget
http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagiosplugins
1.4.15.tar.gz/download
Prerequisitestocompile.
WhenyoucompilesoftwareitwillrequireacompilerlikeGCC.Inordertocompileanapplicationitrequiresthe
sourcecode.Thissourcecodeiswhattheprogrammerhasdevelopedinaneditor.Thecompilertakesthesource
codeandconvertsitintobinarycodethattheservercanuse.Ortoputitanotherway,thesourcecodeistakenand
builtintoobjectcodewhichcanthenbeexecutedfromthecomputerhardware.Itistypicalthatthesourcecodewill
havedependenciesaswell.Dependenciesareapplicationsthatarerequiredtobeinstalledbeforethesourcecodewill
workproperly.Severalofthefilesinstalledwithyuminthisexamplearedependenciesthatmustbeavailable.Note
thatdependingontheLinuxdistributionthesedependencyapplicationsmaybecalledbydifferentnames.
yuminstallyhttpdphpgccglibcglibccommongdgddevel
Addtherequiredusersandgroups.
useraddnagios
groupaddnagcmd
usermodaGnagcmdnagios
Thetarballsarecompressedsoinordertocompilethesemustbeexpandedintothedirectoriesthatcontainthesource
code.
tarzxvfnagios3.2.3.tar.gz
tarzxvfnagiosplugins1.4.15.tar.gz
MoveintothedirectorycreatedwhentheNagiossourcewasuncompressedandruntheconfigurescriptusingthe
groupthatwascreatedearlier.
cdnagios3.2.3
./configurewithcommandgroup=nagcmd
ThemakecommandwillcompiletheNagiossourcecode.
makeall
Nowmakewillinstallthebinaries,theinitscript,theconfigfiles,setthepermissionsontheexternalcommand
directoryandverifythewebconfigurationfilesareinstalled.Thesemicolonsallowyoutorunallthecommands
fromoneline.
makeinstall;makeinstallinit;makeinstallconfig;makeinstall
commandmode;makeinstallwebconf
Editthecontacts.cfgandandaddtheemailfortheprimarynagiosadministrator,
nagiosadmin.
vi/usr/local/nagios/etc/objects/contacts.cfg
Createapasswordforthenagiosadminwhichwillbeneededinordertologinto
thewebinterface.
htpasswdc/usr/local/nagios/etc/htpasswd.usersnagiosadmin
NagiosPlugins
MoveintothedirectorycreatedwhentheNagiospluginssourcewasuncompressedandruntheconfigurescriptusing
thegroupthatwascreatedearlier.Note:Ifyouwanttousecheck_snmpbesuretoinstallnetsnmpbeforeyou
compiletheplugins.
Eithercompilenetsnmp(seetheSNMPchapter)orinstallitwithyum.
yuminstallynetsnmp
cd/usr/local/src
cdnagiosplugins1.4.15
./configurewithnagiosuser=nagioswithnagiosgroup=nagios
Nowmakewillinstallthebinaries.
make
makeinstall
Initial Set Up
Thefirststepistoaddacontactemailforthenagiosadmin.Theusernagiosadminbydefaultistheonlyuserableto
accessthewholewebinterface.Thiscanbechangedbutthedefaultuserisnagiosadmin.
ChangetheContactInformation
Edit/usr/local/nagios/etc/objects/contacts.cfg(RPMrepository
/etc/nagios/objects/contacts.cfg).
Placeyouremailintheemaillocation.
definecontact{
contact_namenagiosadmin;Shortnameofuser
usegenericcontact;Inheritdefaultvalues
aliasNagiosAdmin;Fullnameofuser
emailyour_email;<<*****CHANGETHISTOYOUREMAIL
}
Pre-Flight Check
Thepreflightcheckprovidesawaytoverifyalloftheconfigurationfileswhichexistinthe
/usr/local/nagios/etc/objectsdirectory.Thiscommandreadsandverifiestheinitialsetup.
nagiosv/usr/local/nagios/etc/nagios.cfg
Nagios3.0.6
Copyright(c)19992008EthanGalstad(http://www.nagios.org)
LastModified:12012008
License:GPL
Readingconfigurationdata...
Runningpreflightcheckonconfigurationdata...
Checkingservices...
Checked8services.
Checkinghosts...
Checked1hosts.
Checkinghostgroups...
Checked1hostgroups.
Checkingservicegroups...
Checked0servicegroups.
Checkingcontacts...
Checked1contacts.
Checkingcontactgroups...
Checked1contactgroups.
Checkingserviceescalations...
Checked0serviceescalations.
Checkingservicedependencies...
Checked0servicedependencies.
Checkinghostescalations...
Checked0hostescalations.
Checkinghostdependencies...
Checked0hostdependencies.
Checkingcommands...
Checked24commands.
Checkingtimeperiods...
Checked5timeperiods.
Checkingforcircularpathsbetweenhosts...
Checkingforcircularhostandservicedependencies...
Checkingglobaleventhandlers...
Checkingobsessivecompulsiveprocessorcommands...
Checkingmiscsettings...
TotalWarnings:0
TotalErrors:0
ThingslookokayNoseriousproblemsweredetectedduringthepreflightcheck
Bydefaultitshouldrunandyoushouldbeabletologintothewebinterfaceafteryoucreatethenagiosadminuser.
htpasswdc/usr/local/nagios/etc/htpasswd.usersnagiosadmin
Newpassword:
Retypenewpassword:
Addingpasswordforusernagiosadmin
Nowlogintothewebinterfacewithhttp://ip_address/nagios
EliminatinganHTTPError
WhenyousetuptheNagiosserverandeitherreviewyourlogfilesin/var/log/nagios/nagios.logorreviewtheweb
interfaceyoumayinitiallyseeanerrorrelatedtothewebserver.Theerrorisrelatedtothefactthatyoudonothavea
anindex.htmlfilethatexists.Note:Ifyoudonotseetheerroritisbecauseyouhavethenecessaryfilessoyou
canskipthisstep.Hereiswhatitwilllooklikeinthelog.
WARNING:HTTP/1.1403Forbidden5240bytesin0.001secondresponsetime
Sep2610:00:18nagiosnagios:SERVICEALERT:localhost;HTTP;WARNING;HARD;4;HTTP
Hereiswhatitwilllooklikeinthewebinterface.
Youcaneasilyeliminatetheerrorbycreatinganindex.htmlfile.CreateasimpleHTML.
vi/var/www/html/index.html
<HTML>
<BODY>
NagiosServer
</BODY>
</HTML>
chmod755/var/www/html/index.html
chownapache:apache/var/www/html/index.html
Nagios Check Triangle

OneofthemajorconceptsofcreatingchecksistorememberthatallpluginswithNagioswillrequirethreeelements
tobeconfigured.Theremustbeahostdefinition,aservicedefinitionandacommanddefinition.Thinkofitasa
triangleeachtimeyouwanttouseaplugin.
Thesethreedefinitionsarealllocatedinthreeseparatefiles,hosts.cfg,services.cfgandcommands.cfg.Youmayneed
tocreatehosts.cfgandservices.cfgastheyarenotcreatedbydefault.Thesefilesmustbelocatedin:
/usr/local/nagios/etc/objects
HostDefintion
NagiosneedstoknowanIPAddressofthehostyouwanttocheck.Thisisconfiguredinthehosts.cfgfile.The
hosts.cfgfiledoesnotexistinitiallysoyouwillneedtocreateit.Inthisexamplethehost_nameiswin2008anditis
tiedtotheaddress192.168.3.114.ThisistheinformationNagiosmusthavetoknowwheretopointarequestand
howtorecordinformationforaspecifichost.
Createthefile,hosts.cfg,in/usr/local/nagios/etc/objects
definehost{
usewindowsserver
host_namewin2008
aliasWindowsServer
address192.168.3.114
}
ServiceDefinition
Thesecondpartofthetriangleistheservicedefinition.Nagiosneedstoknowwhatserviceyouwanttocheck,sothat
serviceorpluginmustbedefined.Inthisexamplethehostwin2008,whichNagiosknowsnowistiedtotheIP
Address192.168.3.114,isbeingcheckedwiththepingplugin.Soyoucanseethehost_namedetermineswhichhost
thepluginactsuponandthentheservice_descriptionisreallythetextthatshowsupinthewebinterface.The
check_command,definestheparametersoftheplugin.Hereyoucanseethatcheck_pingisthepluginanditis
followedbytwodifferentsectionsofoptionsdividedby!.Thefirstsection,60.0,5%,providesawarninglevelif
packetsaretakelongerthan60millisecondsorifthereisgreaterthana5%lossofpacketswhenthepingcommandis
performed.ThesecondsectionisthecriticallevelwhereaCRITICALstatewillbecreatedifpacketstakelonger
than100millisecondsorifthereismorethan10%packetloss.
Createthefile,services.cfg,inthe/usr/local/nagios/etc/objectsdirectory.
defineservice{
usegenericservice
host_namewin2008
service_descriptionPing
check_commandcheck_ping!60.0,5%!100.0,10%
}
CommandDefinition
Thecommanddefinitionsarelocatedinthecommands.cfgfilewhichiscreatedbydefaultintheobjectsdirectory.
Manycommandsarealreadydefinedsoyoudonothavetodoanything.Thecheck_pingcommandisoneexample
thathasbeendefined.Thecommand_name,check_ping,iswhatispartoftheservicedefinition.The
command_linespecificallydefineswherethepluginislocatedwiththe$USER1$macro.Thisisequaltosayingthat
theplugincheck_pingislocatedin/usr/local/nagios/libexec(ifyoucompiled).Theother4optionsincludethehost,
usingthe$HOSTADDRESS$macro,awarninglevel(w)usingthe$ARG1$macro,thecriticallevel(c)usingthe
$ARG2$macroandthenumberofpingstousebydefault(p5).
Editthisfile,/usr/local/nagios/etc/objects/commands.cfgasitwillbecreatedbydefault.
#'check_ping'commanddefinition
definecommand{
command_namecheck_ping
command_line$USER1$/check_pingH$HOSTADDRESS$w$ARG1$c$ARG2$p5
}
IneachoftheelementsoftheNagiostriangleyoucanseetheimportanceofthetermdefinitionaseachelement
mustbeclearlydefinedandeachelementisdependentupontheotherdefinitions.
Important:
Youwillhavecreatedtwoconfigurationfileswhichdidnotexistpreviously.Youmustcreateapathtothosefilesin
themainnagiosconfigurationfilefoundat:
cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
cfg_file=/usr/local/nagios/etc/objects/services.cfg
Youwillseeotherpathshavebeenalsocreated.Anytimeyoucreateanewconfigurationfilethisshouldbeentered
inthenagios.cfgfile.
Runthepreflightchecktoverifyalloftheconfigurationfileswhichexistinthe/usr/local/nagios/etc/objects
directory.Thiscommandreadsandverifiestheinitialsetup.
nagiosv/usr/local/nagios/etc/nagios.cfg
ImportantPathstoNotewhenyoucompileNagiosonaCentOSserver.
NAGIOS
Program Location
Configuration File
Plugins
Compile
/usr/local/nagios/bin/nagios
NRPE
Program Location
Configuration File
Compile
/usr/local/nagios/bin/nrpe
/usr/local/nagios/etc/nrpe.cfg
NSCA
Program Location
Configuration File
compile
/usr/local/nagios/bin/nsca
/usr/local/nagios/etc/nsca.cfg
WEB
Web Pages
cgi Configuration
Compile
/usr/local/nagios/share
/usr/local/nagios/etc/cgi.cfg
Web Server
Program Location
Web Server Configuration
Nagios Web Config
CentOS
/usr/sbin/httpd
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/nagios.cfg
cgi Files
htpasswd Database
Compile
/usr/local/nagios/etc
AdministrationTasks23
Administration Tasks
Authentication
Authenticationistheprocessthatallowsuserstoaccessthewebinterface.Authenticationiscontrolledbytheuseofa
databaseusingthehtpasswdcommand.Thedatabase,calledhtpasswd.users,islocatedinthe/usr/local/nagios/etc
directory.Thenameandlocationofthedatabaseisdeterminedbytheconfigurationoptionsfoundin
/etc/httpd/conf.d/nagios.conf.Inthisexample,fromaCentOSinstall,youcanseethatseveraldirectoriesrequire
authenticationfromthisdatabase.
ScriptAlias/nagios/cgibin"/usr/local/nagios/sbin"
<Directory"/usr/local/nagios/sbin">
#SSLRequireSSL
OptionsExecCGI
AllowOverrideNone
Orderallow,deny
Allowfromall
#Orderdeny,allow
#Denyfromall
#Allowfrom127.0.0.1
AuthName"NagiosAccess"
AuthTypeBasic
AuthUserFile/usr/local/nagios/etc/htpasswd.users
Requirevaliduser
</Directory>
Alias/nagios"/usr/local/nagios/share"
<Directory"/usr/local/nagios/share">
#SSLRequireSSL
OptionsNone
AllowOverrideNone
Orderallow,deny
Allowfromall
#Orderdeny,allow
#Denyfromall
#Allowfrom127.0.0.1
AuthName"NagiosAccess"
AuthTypeBasic
AuthUserFile/usr/local/nagios/etc/htpasswd.users
Requirevaliduser
</Directory>
Accessismaintainedthroughthedatabasebutthepermissionsauserhasoncetheyauthenticatearedeterminedby
contacts,contactgroupsandcgipermissionsdeterminedfromthecgi.cfgfile.Animportantpointtorememberwhen
settinguppermissionsisthatthecontactisonlyabletoseethehostorservicethattheyareresponsiblefor.Makesure
contactnamesmatchtheusercreatedforaccesstothewebinterface.
Thesesettingsrepresentthedefaultsettingsinthe/usr/local/nagios/etc/cgi.cfgfileforpermissionstotheweb
interface.Theusernagiosadministhedefaultnagiosuserwithaccessandunlimitedpermissionstotheweb
interface.Thedefaultsdemonstratewhyitissoimportanttocorrectlysetupthenagiosadminuseraspartofthe
initialconfiguration.
use_authentication=1
use_ssl_authentication=0
#default_user_name=guest
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
#authorized_for_read_only=user1,user2
Scenario:TurnOffAllAuthentication
Turningoffallauthenticationisnotrecommendedunderanycircumstances.Itisonlydemonstratedhereinorderto
aidintheunderstandingofhowNagiosauthenticationworks.Thesechangesallowanyonetomakechangestothe
Nagiosinterface,hostsandservices.
SecurityTip
Warning,thisisaserioussecurityissueandshouldnotbeimplemented.
Therearetwostepsrequiredtoturnoffallsecurity.Editthecgi.cfgfilelocatedin/usr/local/nagios/etcandchangethe
use_authenticationtoa0.
use_authentication=0
Thesecondsteprequiredistoaccessthe/etc/httpd/conf.d/nagios.conffileandcommentoutthelinesthatrequire
authenticationfortheNagiosdirectories.
ScriptAlias/nagios/cgibin"/usr/local/nagios/sbin"
<Directory"/usr/local/nagios/sbin">
#SSLRequireSSL
OptionsExecCGI
AllowOverrideNone
Orderallow,deny
Allowfromall
#Orderdeny,allow
#Denyfromall
#Allowfrom127.0.0.1
#AuthName"NagiosAccess"
#AuthTypeBasic
#AuthUserFile/usr/local/nagios/etc/htpasswd.users
#Requirevaliduser
</Directory>
Alias/nagios"/usr/local/nagios/share"
<Directory"/usr/local/nagios/share">
#SSLRequireSSL
OptionsNone
AllowOverrideNone
Orderallow,deny
Allowfromall
#Orderdeny,allow
#Denyfromall
#Allowfrom127.0.0.1
#AuthName"NagiosAccess"
#AuthTypeBasic
#AuthUserFile/usr/local/nagios/etc/htpasswd.users
#Requirevaliduser
</Directory>
RestartNagiosandthewebserver.
Scenario:CreateaViewOnlyAccount
Thisscenariowillcreateauserthatcanviewallhostsandservicesbutnotbeallowedtomakeanychangestothose
hostsorservices.Thisistypicallythesettingsyoumaychooseformanagementtoreviewthestatusofhostsand
services.
Createtheuserinthehtpasswd.usersdatabase.
htpasswdhtpasswd.usersmanagement
Newpassword:
Retypenewpassword:
Makemodificationstothe/usr/local/nagios/etc/cgi.cfgfilebyaddingtheuserseparatedbyacomma,withoutspaces.
Theuserhasglobalaccess,whichmeanstheyarenotrequiredtobelistedascontactsforhostsandservices.Theuser
isalsoaddedtothereadonlylist.
authorized_for_all_services=nagiosadmin,management
authorized_for_all_hosts=nagiosadmin,management
authorized_for_read_only=management
Scenario:CreateSystemAdministratorwithNoContactInformation
Inthisscenariothesettingswillallowausertohavefullaccesstoallsettingsonallhostsandservicesjustlikethe
nagiosadminuser.However,thisuserisnotassociatedwithanycontactinformationsowillnotbenotifiedatany
time.Thisaccountisstrictlyadministrationonly.
htpasswdhtpasswd.usersjohn
Newpassword:
Retypenewpassword:
Editthecgi.cfgfileandaddjohntoeachofthelistsindicatedbelow.
authorized_for_system_information=nagiosadmin,john
authorized_for_configuration_information=nagiosadm,john
authorized_for_system_commands=nagiosadmin,john
authorized_for_all_services=nagiosadmin,john
authorized_for_all_hosts=nagiosadmin,john
authorized_for_all_service_commands=nagiosadmin,john
authorized_for_all_host_commands=nagiosadmin,john
Scenario:CreateanAdministratorwithLimitedAccess
Thisuserwillonlybeallowedtoaccessthehostsandservicesthattheyareassociatedwithviacontactinformation.
Thismaybethetypeofsettingsusedwhenanorganizationhasdividedresponsibilitiesforrouters,Windowsservers
andLinuxserversforexample.
htpasswdhtpasswd.userssue
Newpassword:
Retypenewpassword:
Createanewcontactentryincontacts.cfgandspecifythecontact_name,aliasandemailcontactinformationforthe
user.
definecontact{
contact_namesue
usegenericcontact
aliasRouterAdmin
emailsue@example.com
}
Addtheusertoagrouporcreateanewgroupinthecontacts.cfgfile.Thisexampleshowsauseraddedtoanew
contactgroupcalledrouteradmins.Bycreatinganewgroupitenablesanadministratortoassignthatgrouptoa
seriesofdevices,likerouters.
definecontactgroup{
contactgroup_namerouteradmins
aliasRouterAdministrators
memberssue
}
Atthispointyouwillneedtoeditthehostsandservicesandaddthecontact_groupsrouteradminswhichwill
overridethedefaultsettingsinthetemplate.Thiswillenableonlythoseusersinthiscontactgroupaccesstothese
hostsandservicesunlesstheyhaveglobalaccessfromthecgi.cfgfile.
definehost{
usegenericswitch
host_namecisco
aliasciscorouter
address192.168.5.220
contact_groupsrouteradmins
}
defineservice{
usegenericservice
host_namecisco
service_descriptionPING
normal_check_interval5
retry_check_interval1
contact_groupsrouteradmins
}
Scheduled Downtime
IfyouaregoingtoworkonaserverordeviceandneedtoscheduledowntimesoNagiosdoesnotnotifyadministrators
thatcanbeperformedatthewebinterface.Whenyouselectthehostorservicethatwillbedownyouhaveanoption
toscheduledowntime.WhendowntimeisscheduledNagioswillplaceacommentinthewebinterfaceinorderto
communicatethefacttoalladministratorswhoaccessthewebinterface.
Therearetwotypesofdowntime.Fixeddowntimeallowsforandexactstartandendtimewhenthehostorservice
willbeunavailable.Flexibledowntimeallowsforastarttimebutanopenendedstartuptimeastheexacttimecannot
bedeterminedbasedonthenatureofthesituation.
Triggereddowntimeiswhenthedowntimeofaparentwilltriggerdowntimeforallofit'schildren.Inotherwords,
thedowntimeforaswitch,willimpactallofthedevicesconnectedtoit.
SchedulingDowntimeforaHost
Inordertoscheduledowntimeforahost,selecthostdetailsfromthewebinterface.Ontherighthandsideyouwill
noticetheyellowclockspermitschedulingforhostorservices.Selectthehostoption.
Onceyouhaveselectedthehost,CommandOptionsappearsandprovidesaplacetoexplainwhythedowntimeto
otheradministratorsinthecommentarea,whichisagoodideainmostsituations.IfyouselectaFixedtimeyou
willenterthestartandendofthedowntime.Ifthismachinethatprovidednetworkconnectionwithotherdevicesyou
maywanttonotifydownstreamdeviceswithatriggeredbyoptionthatiscreatedbythisdevicegoingdown.Oryou
maychoosetodonothing.
OntheNagiosinterfaceontheleftmenu,ifyouselectDowntimeyouwillseealistofallscheduleddowntimesfor
hostsandservices.Rememberitmaytakeafewminutestoallowthedevicestoshowup.
Hereishowthehostlookswithdowntime(thisistheexfoliationfrontend),notetheyellowclockwhichisan
indicatorofscheduleddowntime.
Ifyouselecttheclockyouwillseethedetailsonthehostlistitasbeinginascheduleddowntime.
AtthispointitwillbelistedintheDowntimemenu.Noteyoucancancelbydeletingthedowntime.
NotificationsandDowntime
Notificationsfordowntimeshouldstopinthedowntimeperiod.Ifthenotificationsdonotstopverifythatyoudonot
havethedoptionsetforyourcontacts.Thedoptionwillsendnotificationsondowntime.
Host Groups
Oftenyouwillwanttocreateagroupofdevicesthathavesimilarmonitoringneeds.Thehostgroupallowsyoutothen
createservicechecksthatmonitorallofthedevicesinthehostgroup.Specificallywhatthismeansisthatthe
servicesdefinedforthegroupwillbeavailableforallhostsinthegroupwithoutmakingindividualconfigurations.
Nagioswillalsolistthehoststogetherinthewebinterfaceiftheyareinthesamehostgroup.
DefineEachHost
Inordertosetupahostgroup,eachservermustbedefinedasahost.Inthisexample,3Ubuntuserversaredefined.
definehost{
uselinuxserver
host_nameub
aliasUbuntuServer
address192.168.5.180
}
definehost{
uselinuxserver
host_nameub1
aliasUbuntuServer
address192.168.5.181
}
definehost{
uselinuxserver
host_nameub3
aliasUbuntuServer
address192.168.5.183
}
DefineHostGroups
Createhostgroups.cfgintheobjectsdirectoryandcreateanentryinnagios.cfgtothelocationofhostgroups.cfg.
cfg_file=/usr/local/nagios/etc/objects/hostgroup.cfg
Definethehostgroup,inthisexamplethehostgroupubuntu_serversisdefinedwiththethreemembersthatwere
definedinhosts.cfgfile.
definehostgroup{
hostgroup_nameubuntu_servers
aliasUbuntuServers
membersub,ub1,ub3
}
DefineServicesfortheGroup
Theadvantageofthehostgroupisthatyoucancreateoneservicedefinitionandaddthattothewholegroupof
servers.Thisisexactlythesameasaregularservicedefinitionexceptyouusehostgroup_nameinsteadofhost.
defineservice{
usegenericservice
}
defineservice{
usegenericservice
service_descriptionSSHServer
check_commandcheck_tcp!22
}
defineservice{
usegenericservice
service_descriptionWebServer
}
NowifyougotothewebinterfaceandselectHostgroupsyouwillhaveagroupofserversthatareallrelatedwith
thesameservicechecks.
Ifyouwanttoaddindividualservicechecksforoneoftheserversinthehostgroupthatwouldbedoneasaregular
servicedefinitionusingthehost.
Service Groups
Nagioscombinesdevicesthatarecheckingthesameservicesintogroupinordertomakethesetupfasterandmore
efficient.Thisallowsanadministratortogroupmachinesbasedonservices.Eachoftheseservicesmustbe
configuredasservicechecksforeachhost.Oncethatiscompletetheservicesmaybegroupedinthe
servicegroups.cfg.Theothermajoradvantageisthattheadministratormaymanageallthoseintheservicegroupwith
servicegroupcommandsinthewebinterface.
Youwillneedtocreateafilecalledservicegroups.cfgandputanentryinnagios.cfgtoindicatewhereitis.Notethe
entriesareinpairs(firsthost,thenservice)host,service,host2,service2.
defineservicegroup{
servicegroup_nameweb
aliasWebServers
membersub,HTTP,ub1,HTTP,ub3,HTTP
}
Defineeachhostwithanormalservicecheck.
defineservice{
usegenericservice
host_nameub
service_descriptionHTTP
check_commandcheck_http
}
defineservice{
usegenericservice
host_nameub1
}
defineservice{
usegenericservice
host_nameub3
}
ThisnowallowstheadministratortogrouptheseservicesandviewthemasagroupwhenServiceGroupsisselected
inthewebinterface.
MonitoringPublicPorts35
Monitoring Public Ports

Eachofthepluginsthatmonitorsaspecificservice.
EachpluginwillevaluatethesituationandreturnastatusvaluetoNagios.TherearefourstatusvaluesthatNagios
interprets.
0
1
2
3
OK
WARNING
CRITICAL
UNKNOWN
thestatsisasexpected
awarninglimithasbeenreached
acriticallimithasbeenreached
thestatusisunknown,misconfiguration
InorderforNagiostoprovidethesefourlevelsofstatussettings,warningandcriticallimitsmustbeestablished.An
importantaspectofsettingtheselimitsisthateachnetworkwillhavedifferentequipmentandvaryingneedssothese
settingsshouldreflecttheindividualnetwork.Anothersetting
TypicalOptions
h,
help
Printdetailedhelpscreen
V,
version
Printversioninformation
H
hostname=ADDRESS Hostname,IPAddress,orunixsocket(mustbeanabsolutepath)
w
warning=DOUBLE Responsetimetoresultinwarningstatus(seconds)
c
critical=DOUBLE
Responsetimetoresultincriticalstatus(seconds)
t
timeout=INTEGER Secondsbeforeconnectiontimesout(default:10)
v
verbose
Showdetailsforcommandlinedebugging(Nagiosmaytruncateoutput)
4
useipv4
UseIPv4connection
6
useipv6UseIpv6connection
check_tcp,check_udp
p
port=INTEGER
Portnumber(default:none)
E
escape
Canuse\n,\r,\tor\insendorquitstring.Mustcomebeforesend
orquitoptionDefault:nothingaddedtosend,\r\naddedtoendofquit
s
send=STRING
Stringtosendtotheserver
e
expect=STRING
Stringtoexpectinserverresponse(mayberepeated)
A
all
Allexpectstringsneedtooccurinserverresponse.Defaultisany
q
quit=STRING
Stringtosendservertoinitiateacleancloseoftheconnection
r
refuse=ok|warn|crit
AcceptTCPrefusalswithstatesok,warn,crit(default:crit)
M
mismatch=ok|warn|crit
Acceptexpectedstringmismatcheswithstatesok,warn,crit(default:warn)
j
jail
HideoutputfromTCPsocket
m
maxbytes=INTEGER
Closeconnectiononcemorethanthisnumberofbytesarereceived
d
delay=INTEGER
Secondstowaitbetweensendingstringandpollingforresponse
D
certificate=INTEGER
Minimumnumberofdaysacertificatehastobevalid.
S
ssl
UseSSLfortheconnection.
check_ping
Pingisastandardmethodofcheckingtoseeifanetworkdeviceisup.
UniqOptions
p
packets=INTEGER
numberofICMPECHOpacketstosend(Default:5)
Hereisaservicedefinitionwithawarninglevelof60millisecondsor5%packetlossandacriticallevelof100
millisecondsor10%loss.Thisdemonstratesthatthesettingsneedtobespecifictothedeviceorthenetworkas
networksvary.Thedefaultis5packetsintheping.
defineservice{
usegenericservice
host_namecentos
}
Thecommanddefinitioncanincludethesettingsforwarningandcriticallevelifyouwanttomakethemstandardfor
allusesofpingonanetwork.
definecommand{
command_namecheckhostalive
command_line$USER1$/check_pingH$HOSTADDRESS$w3000.0,80%c
5000.0,100%p5
}
check_tcp
Thispluginwillprovidetheflexibilityyouneedifyouneedtomonitoraportjusttoverifythattheportisavailable.
Hereisanexampleofportmapservicechecks.
defineservice{
usegenericservice
host_namecentos
service_descriptionPortmap
}
definecommand{
command_namecheck_tcp
command_line$USER1$/check_tcpH$HOSTADDRESS$p$ARG1$$ARG2$
}
Notethatacommonproblemwithcheck_tcpisthatoftenthepisaddedtotheservicedefinition.Thiswillcreate
theerrorPortmustbeapositiveintegerifthecommanddefinitionalreadyhasthep.
Ifyouhaveanyproblemsrunthecommandfromthecommandlinetoexperiment.
./check_tcpH192.168.5.1p111
TCPOK0.000secondresponsetimeonport111|
time=0.000386s;;;0.000000;10.000000
check_http
Acommonpublicportthatoftenischeckisport80,http.Thereareasignificantnumberofoptionswiththisplugin
togetoutofitasmuchaspossible.
I
IPaddress=ADDRESS
IPaddressorname(usenumericaddressifpossibletobypassDNS
lookup).
p
port=INTEGER
Portnumber(default:80)
S
ssl
ConnectviaSSL.Portdefaultsto443
sni
EnableSSL/TLShostnameextensionsupport(SNI)
C
certificate=INTEGER
Minimumnumberofdaysacertificatehastobevalid.Portdefaultsto443
e,expect=STRING
Commadelimitedlistofstrings,atleastoneofthemisexpectedin
thefirst(status)lineoftheserverresponse(default:HTTP/1.)Ifspecifiedskipsallotherstatuslinelogic(ex:3xx,
4xx,5xxprocessing)
s
string=STRING
Stringtoexpectinthecontent
u
url=PATH
URLtoGETorPOST(default:/)
P
post=STRING
URLencodedhttpPOSTdata
j
method=STRING
(HEAD,OPTIONS,TRACE,PUT,DELETE)SetHTTPmethod.
N
nobody
Don'twaitfordocumentbody:stopreadingafterheaders.
M
maxage=SECONDS
WarnifdocumentismorethanSECONDSold.thenumbercanalsobeof
theform"10m"forminutes,"10h"forhours,or"10d"fordays.
T
contenttype=STRING
specifyContentTypeheadermediatypewhenPOSTing
l
linespan
Allowregextospannewlines(mustprecederorR)
r
regex,ereg=STRING
SearchpageforregexSTRING
R
eregi=STRING
SearchpageforcaseinsensitiveregexSTRING
invertregex
ReturnCRITICALiffound,OKifnot
a
authorization=AUTH_PAIR Username:passwordonsiteswithbasicauthentication
b
proxyauthorization=AUTH_PAIRUsername:passwordonproxyserverswithbasicauthentication
A
useragent=STRING
Stringtobesentinhttpheaderas"UserAgent"
k
header=STRING
Anyothertagstobesentinhttpheader.Usemultipletimesforadditional
headers
L
link
WrapoutputinHTMLlink(obsoletedbyurlize)
f
onredirect=<ok|warning|critical|follow|sticky|stickyport>
m,pagesize=INTEGER<:INTEGER> Minimumpagesizerequired(bytes):Maximumpagesizerequired(bytes)
Thisisthestandardwaytousethecheck_http.Itcheckstoverifycommunicationisavailableonport80ofaweb
server.Thisisinfact,abettercheckontheserverthanthecheck_pingwhichcanonlydetermineiftheserverisup.
Thissimplecheckprovidessomepeaceofmindandaplacetostart.
defineservice{
usegenericservice
host_namecentos
}
ThesetwochecksarerelatedtotheSSLoptionswiththewebserver.Notethatthecheckschangetoport443ifyou
usethessloption,theyaretestingtoseeifthewebservercanservesecurepagesandifthewebservercertificateis
validforthenext21days.Thefirstcheckwilltestforaresponsewithinalimitedtimeframe,5secondsforawarning
ormorethan10secondsforacriticalstate.
defineservice{
usegenericservice
host_namecentos
service_descriptionSecureHTTP
check_commandcheck_http!w5c10ssl
}
Thischeckisfocusedonthecertificate.Inthisexample,ifthecertificateisgoodformorethan21daysanOKis
returned.Awarningstateistriggeredifthecertificatehaslessthan21daysbeforeitexpires.Acriticalstateis
triggeredwhenthecertificatehasexpired.
defineservice{
usegenericservice
host_namecentos
service_descriptionCertificate
check_commandcheck_http!C21
}
BothoftheservicechecksabovewillreturnthefollowingoutputintheNagioswebinterface.
OKCertificatewillexpireon05/25/201223:59.
Thisusageofcheck_httpallowsyoutochecktoseeifadirectoryrequiringauthorizationwithusernameandpassword
isworkingcorrectly.Notethatthecheck_httphasbeenredefinedtocheck_http_authsothatadditionalargumentscan
beused.TheservicedefinitionincludestheIPAddressoftheserver,thedirectorythatrequiresauthentication(
u/sales)andtheusernameandpasswordrequiredtoaccessthedirectory.Eachisseparatedbya!.Notethe
commanddefinitionincluded.
defineservice{
usegenericservice
host_namecentos
service_descriptionSalesAuthorization
check_commandcheck_http_auth!192.168.5.1u/sales!tom!
user_password
}
definecommand{
command_namecheck_http_auth
command_line$USER1$/check_httpH$ARG1$a$ARG2$:$ARG3$
}
Iftheuserloginisnotcorrectwarningwillbeissuedwiththe401AuthorizationRequired.Thisenablesyouto
verifypasswordchangesandintegrity.However,leavingaplaintextpasswordintheNagiosconfigfilesisnotthe
bestidea.
MonitorLinuxwithNRPE41
Monitor Linux with NRPE

TheNagiosRemotePluginExecutororNRPEallowsyoutoexecuteprogramsformonitoringpurposesontheremote
server.OneadvantageofNRPEisthatitdoesnotrequirealogintoperformthetestsontheremoteserver.
NRPEallowsyoutomonitorinternalaspectsofaLinuxserverfromtheNagiosserver.Whenyoumonitorpublic
portslikeHTTPyoucandetermineifthewebserverisrunningbyusingtheseservicechecks,butyouarenotableto
monitorotheraspectsoftheserverwhichyoumayneedinformationon,whichiswhyyouwillwanttouseNRPE.
Set Up the Host to be Monitored with NRPE

ThefirstthingtodowiththehosttobemonitoredbyNagiosistoinstalltherequiredapplications.
NRPEFromSource
Theseinstructionspertaintotheinstallationofthedaemonandthepluginswhicharebothrequiredfortheclienttobe
monitored.ThisisdifferentthansettinguptheNagiosserver.
cd/usr/local/src
wgethttp://sourceforge.net/projects/nagios/files/nrpe2.x/nrpe2.12/nrpe
2.12.tar.gz/download
tarzxvfnrpe2.12.tar.gz
cdnrpe2.12
Youwillneedtoinstallsupportforssl,xinetdandcompilingtools.
yuminstallymod_sslopenssldevelxinetdgccmake
./configurewithssl=/usr/bin/opensslwithssllib=/usr/lib
***Configurationsummaryfornrpe2.1203102008***:
GeneralOptions:
NRPEport:5666
NRPEuser:nagios
NRPEgroup:nagios
Nagiosuser:nagios
Nagiosgroup:nagios
make
makeinstall
makeinstallplugin
makeinstalldaemon
makeinstalldaemonconfig
makeinstallxinetd
InstalltheDaemonxinetd
ThexinetdsuperdaemonhasreplacedinetdonmostLinuxdistributionstoday.xinetdhasbecomemorepopular
becauseofsecurityrestrictionsthatcanbeplacedonthosewhoaccessthedaemonsmanagedbyxinetd.xinetdalso
providesbetterprotectionfromdenialofserviceattacks,betterlogmanagement,andmoreflexibility.Bothinetdand
xinetdonlyworkwithdaemonsthatprovideconnectionsoveranetwork.
HowtoProtecttheNRPEDaemon
Serverdaemonsmustbeprotectedtobeeffective.Thereisnoperfectorcompleteoption,buttherearedefiniteways
tominimizetherisk.
LimitConnectionstoDaemons
Connectionstodaemonscanbelimitedbyusingseveralpowerfultools.Iptablesfirewallisprobablythemost
flexibleandpowerfultoolthananadministratorhasaccessto.However,itisatthesametimethemost
complex.Tcp_wrappersisatoolthatiseasytouseandworkswithmostdaemonstolimitaccesstodaemons
tospecificsubnetsorIPAddresses.
2. LimittheNumberofConnections
Yournetworkandhardwarecanonlyhandlealimitednumberofconnectionssafely.Whenconnectionspush
yourresourcestothelimityouwilloftenseevulnerabilitiesappearthatwouldnotnormallyexist.When
resourcesbegintofailsomeoptionsandsecurityprogramscannotfunctiontotheirfullextent.
1.
Youwillneedtoinstallxinetdandmakesureyouhaveafilein/etc/xinetd.dcallednrpeontheclientanditlookslike
this:
#default:off
#description:NRPE(NagiosRemotePluginExecutor)
servicenrpe
{
flags=REUSE
type=UNLISTED
port=5666
socket_type=stream
wait=no
user=nagios
group=nagios
server=/usr/sbin/nrpe
server_args=c/usr/local/nagios/etc/nrpe.cfginetd
log_on_failure+=USERID
disable=no
only_from=127.0.0.1192.168.5.50
}
Thesearethetwomostimportantlines.Bydefaultalldaemonsmonitoredbyxinetdaredisabledsothedefaultline
saysdisable=yes.Theonly_fromlineallowsyoutodeterminewhichmachinescanmonitorthisserverusing
NRPE,thisiswhereyouwillentertheIPAddressfortheNagiosserveraswellasthelocalhost.
disable=no
only_from=127.0.0.1192.168.5.50
Edit/etc/servicesandaddthisline:
nrpe5666/tcp#NagiosRemoteMonitoring
Restartxinetdandviewthelogat/var/log/daemon.log
servicexinetdrestart
tail/var/log/daemon.log
Lookforerrorstocorrect.
Editthe/usr/local/nagios/etc/nrpe.cfg.
Changeyourallowed_hostsaddresstoreflectthenagiosmonitoringserver.Youshouldalsoallowthelocalhostso
thatyoucandotestingifnecessary.
allowed_hosts=127.0.0.1192.168.5.180
Thebasicpluginsthatarerunningforyouinitiallyaretheselistedbelow.
command[check_users]=/usr/local/nagios/libexec/check_usersw5c10
command[check_load]=/usr/local/nagios/libexec/check_loadw15,10,5c30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_diskw20c10p/dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procsw5c10sZ
command[check_total_procs]=/usr/local/nagios/libexec/check_procsw150c200
Changeownershiponthe/usr/local/nagios/etc/nrpe.cfg
chownnagios/usr/local/nagios/etc/nrpe.cfg*
Firewall
YouwillneedtoverifythatthefirewallwillallowyourNagiosservertoaccesstheLinuxserveryouaretestingon
port5666.
IftheLinuxservertobemonitoredisCentOSitprobablyhasthelokkitinterfacetomanagethefirewall.Atthe
commandlinetype:
lokkit
ThefirewallinterfacewillopensoyoucanmanagetheportsthatareopenontheLinuxmachine.Usethetabtogoto
theCustomizeoption.
Theportsyouwanttoenterthatarenotinthedefaultoptionscanbeaddedbyusingtheportnumberfollowedbya
colonandwhetheritistcporudp.Inthisexample5666:tcphasbeenaddedtoenabletheNagiosserveraccessonthis
port.
Saveyourchanges.
tcp_wrappers
Nowsetupyourtcp_wrappers.
Editthe/etc/hosts.allowfilefirstandmakesurethatyoumaintainyourSSHconnectiontomanagetheserverandthen
addalineforNRPEforyourNagiosservertohaveaccess.
#hosts.allowThisfiledescribesthenamesofthehostswhichare
#allowedtousethelocalINETservices,asdecided
#bythe'/usr/sbin/tcpd'server.
#
SSHD:192.168.5.51
NRPE:192.168.5.51
Nowedit/etc/hosts.deny.UsetheonelinetodenyALLhostsandALLservices.Thiswillthenonlyallowwhatis
in/etc/hosts.allow.
#Theportmaplineisredundant,butitislefttoremindyouthat
#thenewsecureportmapuseshosts.denyandhosts.allow.Inparticular
#youshouldknowthatNFSusesportmap!
ALL:ALL
Thiscompletesthebasicconfigurationofthehostthatyouwillmonitor.
Set Up the Nagios Server

OneyouhavetheremotehostsetupyouwillneedtosetuptheNagiosmonitoringserver.Firstinstallthenrpeplugin.
NRPEFromSource
Theseinstructionspertaintotheinstallationofthepluginonlywhichisdifferentthatfortheclienttobemonitored.
NRPEpluginsonlyneedtobeinstalledontheNagiosserver.
cd/usr/local/src
cdnrpe2.12
GeneralOptions:
NRPEport:5666
NRPEuser:nagios
NRPEgroup:nagios
Nagiosuser:nagios
Nagiosgroup:nagios
make
makeinstall
makeinstallplugin
DoaManualCheckoftheRemoteHost
Inordertoverifythattheremotehostisfunctioningcorrectlydoamanualcheck.Remembertoallowport5666/tcp
ontheremotehost.UsethefullpathtocheckiftheNagiosservercancontacttheremotehost.
/usr/local/nagios/libexec/./check_nrpeH192.168.5.49ccheck_users
USERSOK2userscurrentlyloggedin|users=2;5;10;0
Ifyouseeoutputthatissimilaritisfunctioningcorrectly.
CreatetheHostFiles
InordertomonitorremoteLinuxboxesyouwillneedtosetupyourtemplatecalledlinuxboxoruseatemplatethat
isalreadyavailable.Thenyouwillneedtocreateahostentryforeachremoteboxyouwillmonitor.
definehost{
namelinuxbox
usegenerichost
check_period24x7
check_interval5
retry_interval1
max_check_attempts10
check_commandcheckhostalive
notification_period24x7
notification_interval30
contact_groupsadmins
register0
}
definehost{
uselinuxbox
host_namedg
aliasBase
address192.168.5.178
}
ConfigureServices
Eachserviceyouwanttomonitorontheremotehostmustbeenteredindividually.Hereisanexampleofmonitoring
CPUloadonthehostdg.Note:Theservice_descriptionshouldbeenteredcarefullyasyoumaydecidetouse
otheraddonsforNagiosthatarecasesensitivetothenamesoftheservices.Thecheck_nrpecommandisusedto
accesstheremoteserverandthenexecutetheNagiospluginthatisontheremoteserverandretrievetheinformation.
defineservice{
usegenericservice
host_namedg
service_descriptionCPULoad
check_commandcheck_nrpe!check_load
}
Oncethisiscompleteyoumustrestartyournagiosserverwith:
servicenagiosrestart
Ifyougeterrorscorrectthem.
NowyoucancheckyourconnectionbyrunningthefollowingcommandandusingtheIPAddressoftheremotebox
youwanttomonitor.YoushouldgetthereturnNRPEandversionnumberifallisworking.
/usr/local/nagios/libexec/./check_nrpeH192.168.5.178
NRPEv2.12
IfyougetthisreturnthenyouhavecommunicationbetweentheNagiosmonitoringserverandtheremotehost.
CreatetheNRPECommandDefinitions
BeforeyoucanexecutecommandsforNRPEontheNagiosserveryouwillneedtoeditthecommands.cfganddefine
thecommandsforNRPE.Herearetwoexamplesthatyoucanuse.
#NRPECommands
definecommand{
command_namecheck_nrpe
command_line$USER1$/check_nrpeH$HOSTADDRESS$c$ARG1$
}
definecommand{
command_namecheck_nrpe2
command_line$USER1$/check_nrpeH$HOSTADDRESS$c$ARG1$a$ARG2$
}
ConfiguretheChecks
OntheNagiosserveryoucanmonitorallofthedefaultsbyplacingtheinformationinyourservicesfile.
defineservice{
usegenericservice
host_nameclass
check_commandcheck_nrpe!check_load
}
defineservice{
usegenericservice
host_nameclass
service_descriptionUserLoad
check_commandcheck_nrpe!check_users
}
defineservice{
usegenericservice
host_nameclass
service_descriptionCheckhda1
check_commandcheck_nrpe!check_hda1
}
defineservice{
usegenericservice
host_nameclass
service_descriptionCheckZombies
check_commandcheck_nrpe!check_zombie_procs
}
defineservice{
usegenericservice
host_nameclass
service_descriptionCheckProcesses
check_commandcheck_nrpe!check_total_procs
}
OnceyouhaveaddedthesetoyourserverrestartNagiosandyoushouldseethattheyareworking.
MonitoringWindowswithNSClient++49
Monitoring Windows with NSClient++

TheWindowsclientNSClient++canbeusedtobothmonitoraWindowsmachinewithNSClient++usingthe
check_ntcommandorusingNRPE.BecausetheconfigurationforbothaspectsinvolvestheNSClient++theyare
viewedtogether.ThefirststepinsettingupNRPEforWindowsistodownloadaclientfortheWindowsmachine.
DownloadtheNSCLient++fromhttp://sourceforge.net/projects/nscplus
Thiswillprovidea.zipfilewhichyoucanunzipanditwillprovidetheNSClient++Win32x.x.xfolder.
Installation of NSClient++
LoginastheAdministratortotheserver.
CreateadirectoryundertheC:\driveanddownloadNSClient++intothatdrive.Unzipthefileandenterthedirectory
thatwascreated.
Onceyouinstallyouwillhavetomakeanoteofthelocationoftheinstalldirectorypath.
Hereisthecontentsofthedirectory.
OntheWindowsmachineplacethepathforthe.exefileintheruncommandandinstalltheprogram.
C:\NSClient++Win320.3.8\NSClient++.exe/install
Youwillseeasecuritywarningbutcontinuetheinstall.
Nowstarttheprogram,noteyourpathmaybedifferent.
C:\NSClient++Win320.3.8\NSClient++.exe/start
Inordertostoptheprogramusethiscommand.
C:\NSClient++Win320.3.8\NSClient++.exe/stop
Youcantestwith:
C:\NSClient++Win320.3.8\NSClient++.exe/test
Ifyoumakeanychangestotheconfiguration,stoptheserviceandrestartit.
EdittheNSC.inifilethatisintheNSClientdirectory.Notethatthefileisdividedbykeywordsplacedinbrackets.
Firstgotothe[modules]sectionandeditthechecksthatyouwanttouse.Uncommentthelinesthatyouseebelow.
TheFileLogger.dllwilllogtheactivitiesoftheNSClient++.CheckDisk.dllwillcheckforfilesizeandharddiskuse.
TheCheckSystem.dllwillcheckformemory,uptime,servicestatsandprocesses.Youwillalsoneedtouncomment
theNSClientListener.dllandtheNRPEListener.dllinordertocommunicatewithNagios.
InordertousesomeoftheoptionsavailablewithNSClient++youneedtoallowtoadditionalfeatures.Thereare
charactersthatneedtobeusedwithcommands|`&<>'\[]{}thatyouwillwantallow,nasty_meta_chars.The
allow_argumentswillallowNRPEparameterstobepassedalong.Nowtheresomesecurityissueswithenabling
thisoptionsoyouneedtoconsiderthatfactor.
Gototheglobalsection,[Settings],andbesuretolimittheaccesstotheWindowsserverthatyouaregoingto
monitor.UndertheAllowedHostssectionenterthelocalhostandanyotherconnectionsthatyouwanttoenable.
Theseaddresseswillbeseparatedbyacomma.
allowed_hosts=127.0.0.1/32,192.168.5.50
IntheWindowsfirewallopentwoports,5666forNRPEand12489forNSClient++.BothareTCPports.Youcansee
intheexamplehowitshouldlookwhenyoureviewthefirewall.
LimitaccesstotheseportstotheNagiosserveronly.
NSClient++ and NRPE

TheNSC.inifilecontainsseveralsettingsforusingNRPE.LookfortwosectionsthatrelatetoNRPEandthe
modulessection.
[modules]
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NRPEListener.dll
CheckEventLog.dll
[NRPE]
allow_arguments=1
allow_nasty_meta_chars=1
allowed_hosts=127.0.0.1/32,192.168.5.50
Port=5666
Thisofcourseassumesyouwillopenport5666ontheWindowsmachine.Ifyou
can,limittheaccesstothisportonlytotheNagiosserverforsecurity.Ifyou
seethisoutputinyourwebinterfacemakesurethatport5666isopenandthat
youhavestartedtheclient.
FileLogger.dll
FileLoggerprovidesaninternallogofNSClient++butdoesnotactuallyprovide
anychecks.
CheckSystem.dll
ThisdllallowsforchecksoftheCPU,memory,uptime,services,andprocess
states.
CheckDisk.dll
CheckDiskallowschecksforfilesize,andharddriveusage.
NRPEListener.dll
TheNRPEListeneristhekeytoprovidingfunctionalitytoNRPE.
SysTray.ddl
TheSysTrayinstallsanicontouseforaccesstoNSClient++.Youwillneedto
installNSClientfirstwith:
nsclient++/install
Thenyouwillneedtorunthiscommand:
nsclient++nobootSysTrayinstall
Finally,opentheservicesmanagerandedittheNSClientppservicetoallowitto
interactwiththedesktop.
Note:TheSysTrayfeatureonlyworkswithXPandoldermachines!
CheckEventLog.dll
TheNRPEHandlersrepresenttheactualcommandsthatwillbeused.
[NRPEClientHandlers]
command[check_users]=/usr/local/nagios/libexec/check_usersw5c10
check_disk1=/usr/local/nagios/libexec/check_diskw5c10
check_disk_c=injectCheckFileSizeShowAllMaxWarn=1024MMaxCrit=4096M
OnceyouhavetheremotehostsetupyouwillneedtosetuptheNagiosmonitoringserver.Firstinstallthenrpe
plugin.
NRPEFromSourceonNagiosServer
Theseinstructionspertaintotheinstallationofthepluginonlywhichisdifferentthatfortheclienttobemonitored.
NRPEpluginsonlyneedtobeinstalledontheNagiosserver.
cd/usr/local/src
cdnrpe2.12
GeneralOptions:
NRPEport:5666
NRPEuser:nagios
NRPEgroup:nagios
Nagiosuser:nagios
Nagiosgroup:nagios
make
makeinstall
makeinstallplugin
Onceitisupanrunningcheckyourconnection.
/usr/local/nagios/libexec/./check_nrpeH192.168.5.14
I(0.3.5.120080924)seemtobedoingfine...
Ifyouseeerrorsyouwillneedtocorrectthem,usethelogforlocatingtheerrors.
Internal NSClient ++ Functions

ThereareanumberofinternalfunctionsthatcanbecalledwiththeinjectcommandandNRPEandareusually
combinedwithcheck_nt.Thecheck_ntpluginmakesiteasytousethesefunctions.However,ifyouwanttofinetune
theoptionsthatareavailableyoumaywanttouseNRPEandtheinjectcommand.Followingisalistofmoduleswith
theirfunctions.
CheckDisk
CheckFileSize,CheckDriveSize
CheckSystem
CheckCPU,CheckUpTime,ChekServiceState,CheckProcState,
CheckMem,CheckCounter
CheckeventLog
CheckEventLog
CheckHelpers
CheckAlwaysOk,CheckAlwaysCRITICAL,CheckAlways,WARNING,
CheckMultiple
Youcanusealiaseswithexternalcommandstodochecks.Theadvantageofsettingupthealiasesisnotsomuchthe
aliasbyitselfbutitwillallowyoutousetheCheckMultiplefunctionifyouwantto.Checktoseeifyoucangetitto
workfromthecommandlineontheNagiosserverfirst.Ifthatworksyoucanproceed.
./check_nrpeH192.168.5.14cCheckCPUawarn=80crit=90time=20m
time=10stime=4
OKCPULoadok.|'20m'=0%;80;90;'10s'=0%;80;90;'4'=0%;80;90;
YouwillneedtodefineServicechecksonNagiosserverasusual.NoteNRPEisusedtomaketheconnectionand
thenrunthealiasthatyouwillsetup.
defineservice{
use
host_name
service_description
check_command
}
defineservice{
use
host_name
service_description
check_command
}
defineservice{
use
host_name
service_description
check_command
}
genericservice
winserver
CPULoad
check_nrpe!alias_cpu
genericservice
winserver
CheckServices
check_nrpe!alias_service
genericservice
winserver
FreeSpace
check_nrpe!alias_disk
OncetheWindowsserveryouwillneedtoedittheExternalAliassectionandcreateoruncommentthealiasesthat
aretherewiththelevels.
[ExternalAlias]
alias_cpu=checkCPUwarn=80crit=90time=5mtime=1mtime=30s
alias_disk=CheckDriveSizeMinWarn=10%MinCrit=5%CheckAllFilterType=FIXED
alias_service=checkServiceStateCheckAll
YoualsoneedtoverifythatthemodulessectionhastheuncommentedCheckExternalScripts.dllasyousee
belowsocheckscanbemade.
[modules]
CheckExternalScripts.dll
RestartyourNSCLient++ontheWindowsserverandnagiosontheNagiosserver.
Ifyouwantedtoperformmultiplechecksatonetime,thussavingnetworkandserverresources,youcouldusethe
CheckMultiplefunction.TheCheckMultiplefunctionwillbecomeanaliasforanynumberofcommandsthatyou
willwanttorun.Theformatshouldbelikethis:
alias=alias_namecommand=command=command=
RemovethealiasesthatyoumayhavehadpreviouslyandplacethemallontheCheckMultiplealias.
[ExternalAlias]
alias_multiple=CheckMultiplecommand=checkCPUwarn=80crit=90time=5mtime=1m
time=30scommand=CheckDriveSizeMinWarn=10%MinCrit=5%CheckAllFilterType=FIXED
command=checkServiceStateCheckAll
YouwillneedtosetupaserviceontheNagiosservertoreflectyoursettingsinthensc.inionthewindowsserver.
defineservice{
usegenericservice
host_namewinserver
service_descriptionMultiple
check_commandcheck_nrpe!alias_multiple
}
HereyoucanseethesecondlinedowntheMultiplecheckisrunning.Itchecksthenumberofchecksyouhave
enteredandthenthebadnewsrisestothetop.Inotherwordsasyoucanseeanyissueswithonecheckcantrigger
theCRITICALstate.IfyoulookcloselythetextspecificallysaystheotherchecksareOK.
NSClient++ and check_nt

Thecheck_ntpluginisastandardpluginthatisavailableandreadytogo.ItcanbeextendedwithThekeytogetting
thistoworkistouncommentNSClientListener.dllandtoopentheport12489/TCP.
[modules]
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
CheckEventLog.dll
[NSClient]
allowed_hosts=192.168.4.3
SecurityTip
Usetheallowed_hostsoptiontoprotectyourWindowsserversoonlytheNagiosservercanaccessthis
daemon.
IfallowedhostsisusedinthissectionitwilltakeprecedenceovertheSettingswherethereisalsoanoptiontoenter
allowed_hosts.
check_netplugin
Thecheck_ntpluginisthestandardpluginthatisusedwithNSClient++andisapluginincludedinthenagiosplugins
install.
H
hostaddress
commandthatisexecuted
port,thisportisoftenchangedto12489
winteger
warninginteger
cinteger
criticalinteger
useaparameter
option,thedSHOWFAILoptionshowsonlychecksthatfail,thedSHOWALLwillshowall
passwordsenttoWindowsserver
timeout,defaultis10seconds
Thereareanumberofeasytouseservicedefinitions.Herearesomebasiconestogetstarted.Eachoftheseservices
usingcheck_ntshowthatthecheck_ntpluginisseparatedfromtheservicewith!.Thisisalsoseeninthedefault
check_netcommandsdefinitionincommands.cfg.Noteinthisexampletheportisdeterminedwithp12489.
#'check_nt'commanddefinition
definecommand{
command_namecheck_nt
command_line$USER1$/check_ntH$HOSTADDRESS$p12489v$ARG1$$ARG2$
}
Thefirstchecktotry,whichisactuallytheeasiesttogetstartedisthethetestfortheclientversion.Trythisonefirst
andonceitisrunningthenyouwillknowthatcommunicationisworkingcorrectly.
defineservice{
usegenericservice
host_namewinserver
service_descriptionNSClient++Version
check_commandcheck_nt!CLIENTVERSION
}
MonitortheuptimeoftheWindowsserverwithUPTIME.
defineservice{
usegenericservice
host_namewinserver
service_descriptionUptime
check_commandcheck_nt!UPTIME
}
CreateaserviceformonitoringCPUload.Whenyoudefinethisservicethelisaparameterthathasthreesettings.
Thefirstsetting5istheaverageloadover5minutes.Ofcourse,youcanadjustthatforyourneeds.Thesecondand
thirdsettingsarethewarninglevel80%loadandthecriticallevel90%load.Again,thesemustbeaveragesoverthe
timeperiodof5minutes.
defineservice{
usegenericservice
host_namewinserver
check_commandcheck_nt!CPULOAD!l5,80,90
}
Youcanmodifythischecksothatyoucanevaluateaveragesonvarioustimeintervals.Thesetimeintervalswillneed
tobeaddedinthreeentries.Intheexamplebelowyoucansee5,80,90and15,75,87.Thefirstentryareaverages
for5minutesandthesecondentryistheaveragesfro15minutes.Youcanalsoseetheaveragesarelowerinthe
secondentry.ThisistypicallyhowyouwouldwanttoevaluateCPULoadasspikesoverashortperiodoftimearenot
aconcernbuthighaveragesoveralongerperiodarecertainlyproblematic.
defineservice{
usegenericservice
host_namewinserver
service_descriptionCPU2Load
check_commandcheck_nt!CPULOAD!l5,80,90,15,75,87
}
Thischeckistoevaluatememoryuseontheserverwithawarningwhenitreaches80%andacriticallevelat90%.
defineservice{
usegenericservice
host_namewinserver
service_descriptionMemoryUsage
check_commandcheck_nt!MEMUSE!w80c90
}
TheC:/driveistypicallytheinstallationdriveforaWindowsmachine.Ofcoursethiswillbeonedriveorpartition
thatyouwillwanttomonitor.Theexampleshownexthastheparameter(l)forfirstthedrivecandthenthe
warninglevelw80andthecriticallevelc90.Adjusttheparameterstoyourneeds.
defineservice{
usegenericservice
host_namewinserver
service_descriptionC:\DriveSpace
check_commandcheck_nt!USEDDISKSPACE!lcw80c90
}
Ifyouwantedtomonitoranotherpartition,inthisexampledrivee,thenjustsubstitutethedriveletteryouwantto
monitor.
defineservice{
usegenericservice
host_namewinserver
service_descriptionE:\DriveSpace
check_commandcheck_nt!USEDDISKSPACE!lew80c90
}
Youcanusecheck_nttomonitoranyserviceontheWindowsmachine.Therearetwooptionsyoucanuseto
specificallymonitoraservice.ThedprovidestheoptiontoeitheruseSHOWFAILoptionshowsonlychecksthat
failortheSHOWALLthatwillshowallservices.Nowifyouareonlymonitoringoneservicewiththecheckyou
willwanttouseSHOWALL.Ifyouweretryingtomonitorallserviceswithonecheckthenyouwouldprobably
wantSHOWFAIL.
defineservice{
usegenericservice
host_namewinserver
service_descriptionW3SVC
check_commandcheck_nt!SERVICESTATE!dSHOWALLlW3SVC
}
Hereisanexampleofmonitoringexplore.exe,vmplayer.exeandnotepad.exe.Simplybychangingtheexeonthe
parameteryoucanchoosespecificapplications.
defineservice{
usegenericservice
host_namewinserver
service_descriptionExplorer
check_commandcheck_nt!PROCSTATE!dSHOWALLlExplorer.exe
}
defineservice{
usegenericservice
host_namewinserver
service_descriptionVMware
check_commandcheck_nt!PROCSTATE!dSHOWALLlvmplayer.exe
}
defineservice{
usegenericservice
host_namewinserver
service_descriptionNotepad
check_commandcheck_nt!PROCSTATE!dSHOWALLlnotepad.exe
}
Youalsohavetheoptiontoincludeallofthemissioncriticalapplicationsin
onecheck.Hereyouwanttomakesuretolisteachapplicationseparatedbya
commandasyoucansee.IfyouusetheoptionSHOWALLitwilllistboththose
thatarerunningaswellasthosethatarenot.Thebadnewsrisestothetopso
ifoneisnotrunningthecheckwillbeinthecriticalstate.Ifyoujustwant
toknowwhichonesarenotrunningthenuseSHOWFAIL.
defineservice{
usegenericservice
host_namewin2008,exchange
service_descriptionApplications
check_commandcheck_nt!PROCSTATE!dSHOWALLl
explorer.exe,notepad.exe,nsclient++.exe,vmwareplayer.exe
}
HereyoucanseethattheCriticalstateislistedbecauseonlyoneapplicationoutofthelistisnotrunning.Badnews
risesuptothetop.
event_logMonitoring
TheeventlogonaWindowsservercanbeacriticalaspectoflocatinginformationontheserver.Hereisanexample
oftheservicecheckusingNRPEandthealias_event_log.
defineservice{
usegenericservice
host_namewin2008
service_descriptionNRPEEventLogNew
check_commandcheck_nrpe!alias_event_log
}
Notethatifoneelementhasaproblemitwillcreateacriticalstateasyouseehere.
HereistheactualoutputthatyoucanfindinthelogsoftheNagiosserver.
Nov409:13:43nag2nagios:SERVICENOTIFICATION:nagiosadmin;win2008;NRPEEvent
LogNew;CRITICAL;notifyservicebyemail;warning:COM+:(2),error:WinMgmt:
(1),error:WinMgmt:(1),warning:storflt:TheVirtualStorageFilterDriveris
disabledthroughtheregistry.Itisinactiveforalldiskdrives.(2),warning:
W32Time:NtpClientwasunabletosetamanualpeertouseasatimesourcebecause
ofDNSresolutionerrorontime.windows.com,0x9.NtpClientwilltryagainin15
minutesanddoublethereattemptintervalthereafter.Theerrorwas:Nosuchhost
isknown.(0x80072AF9)(11),warning:PlugPlayManager:Theservice
ShellHWDetectionmaynothaveunregisteredfordeviceeventnotificationsbefore
itwasstopped.(1),warning:USER32:TheprocessC:\Windows\system32\winlogon.exe
(winexamplecom)hasinitiatedtherestartofcomputerWINH366O37KOW0onbehalfof
userNTAUTHORITY\SYSTEMforthe...
NSCLient++ Password
ThepasswordfeatureallowsyoutocreateapasswordthatwillbeusedbyNagiostologintotheWindowsserver.
Thispasswordhasseveraloptions.Firstyoucanenterthepasswordinplaintextinthensc.iniandinthecommand
definitionforcheck_ntasyouseebelow.
[Settings]
password=your_password
Whenyouusethepasswordoptioninnsc.ini,youwillneedtomodifythecheck_ntcommandsothepasswordcanbe
transferred.Editthecommands.cfg
command_line check_ntH$HOSTADDRESS$p12489syour_passwordv$ARG1$
$ARG2$
Theuseoftheobfuscated_passwordoptionseemstobebroken.Inordertocreatethepasswordgotothecommand
lineontheWindowsmachineandexecutethiscommand:
NSClient++/encrypt
Youwillbeaskedtoenteryoupasswordanditwillobfuscatenotencryptthepassword.Theshorterthewordthe
shorterthepasswordthatiscreated.Thismethodisbothunreliableandundocumented.Youarebetteroffusingplain
textthanthismethodasatleastyouknowwhatisgoingon.

Nagios StartUp Guide

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Nagios StartUp Guide

Transféré par

Droits d'auteur :

Formats disponibles

Nagios

Nagios Monitoring Solutions

Service and Host Check Options

Basic Nagios Configuration

Installing From Source

Nagios Check Triangle

Web Server Configuration

Nagios Web Config

Monitoring Public Ports

Monitor Linux with NRPE

Set Up the Host to be Monitored with NRPE

Set Up the Nagios Server

Monitoring Windows with NSClient++

NSClient++ and NRPE

Internal NSClient ++ Functions

NSClient++ and check_nt

Vous aimerez peut-être aussi