Difference between revisions of "Nagios"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(Take out the guess work)
(Enabe Debug)
Line 250: Line 250:
 
*Here is a modded generic-host def:
 
*Here is a modded generic-host def:
  
=Enabe Debug=
+
=Enable Debug=
 
Take out the guesswork.  This will allow you to see the commands executed when you are building commands and more.
 
Take out the guesswork.  This will allow you to see the commands executed when you are building commands and more.
 
  nagios.cfg
 
  nagios.cfg
Line 258: Line 258:
 
*run a command as nagios user:
 
*run a command as nagios user:
 
sudo -u nagios command
 
sudo -u nagios command
 
  
 
=Notes=
 
=Notes=

Revision as of 11:23, 16 October 2013

Overview

Debian

aptitude install nagios3 nagios-plugins nagios-nrpe-plugin nagios3-doc

you could also install

nagios-plugins-openstack nagios-snmp-plugins

you could also install

nagios-plugins-contrib

from

deb http://YOURMIRROR.debian.org/debian-backports squeeze-backports main

Set domain if you have one (else leave default) and set login user and password (it should prompt your for both)

At the time I had to apply the fix that is here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626462

Notes

General Ping Monitoring

You put a host config file in the host config directory and restart nagios. It will then pull the new host in.

/etc/nagios3/conf.d

Contains templates that you can pull into your host config files.

/etc/nagios3/conf.d

is also where you put your host config files.

  • Example
define host{
        use                     generic-host            ; Name of host template to use
        host_name               HOSTNAME
        alias                   HOSTNAME
        address                 192.168.52.20
        }

Save that in

/etc/nagios3/conf.d

and

/etc/init.d/nagios3 restart

you should see it pop in


I make my own dir:

/etc/nagios3/hosts.d

and then add

cfg_dir=/etc/nagios3/hosts.d

to nagios.cfg

Windows Internal (Private Data) Monitoring

  • configure nagios
nano /etc/nagios3/conf.d/winserver_nagios.cfg

put

# Windows host definition template - This is NOT a real host, just a template!

define host{
        name                    windows-server  ; The name of this host template
        use                     generic-host    ; Inherit default values from the generic-host template
        check_period            24x7            ; By default, Windows servers are monitored round the clock
        check_interval          5               ; Actively check the server every 5 minutes
        retry_interval          1               ; Schedule host check retries at 1 minute intervals
        max_check_attempts      10              ; Check each server 10 times (max)
        check_command           check-host-alive        ; Default command to check if servers are "alive"
        notification_period     24x7            ; Send notification out at any time - day or night
        notification_interval   30              ; Resend notifications every 30 minutes
        notification_options    d,r             ; Only send notifications for specific host states
        contact_groups          admins          ; Notifications get sent to the admins by default
        hostgroups              windows-servers ; Host groups that Windows servers should be a member of
        register                0               ; DONT REGISTER THIS - ITS JUST A TEMPLATE
        }

I pulled the above from /usr/share/doc/nagios3-common/examples/template-object/templates.cfg.gz

  • save
  • restart nagios

Installing via MSI

  1. Complete
  2. Install sample config
  3. Check all users
  4. Add allowed host
  5. check everything except what you are not using
  6. change service to allow desktop interaction

Installing the Windows Agent Manually

  1. Download the latest stable version of the NSClient++ addon from http://sourceforge.net/projects/nscplus
  2. Unzip the NSClient++ files into a new C:\NSClient++ directory
  3. Open a command prompt and change to the C:\NSClient++ directory
  4. Register the NSClient++ system service with the following command:
nscp.exe service --install
  1. Open the services manager and make sure the NSClientpp service is allowed to interact with the desktop (see the 'Log On' tab of the services manager). If it isn't already allowed to interact with the desktop, check the box to allow it to.
  2. create a nsclient.ini file
  3. start service/reboot/run command to start

MORE TO UNDERSTAND

Installs 3 services?:

  • nsclient server (check_nt)
  • enable nrpe server (check_nrpe)
  • enable nsca client (do not enable unless you use NSCA
  • enable wmi checks

Windows Password Fix on Server

The guys who make the package in the debian readme file state that they make definitions flexible so that if the devs decide to change a port then the rule will update where if you define the port in the check_nt statement then it will not. This is why the debian check_nt is different then some others.

It is best to use the user vars in the resource.cfg file for your password instead of setting them in the cfg files that are accessible by cgi.

so

nano resource.cfg

change one of the user vars to your pass and then edit

nano /etc/nagios-plugins/config/nt.cfg

with

 define command{
        command_name    check_nt
        command_line    $USER1$/check_nt -H $HOSTADDRESS$ -s $USER9$ -v $ARG1$
        }

where $USER9$ is your var that contains the password.


notes


below is old

If you specified a password in the NSClient++ configuration file on the Windows machine, you'll need to modify the check_nt command definition to include the password. Open the commands.cfg file for editing.

vi /usr/local/nagios/etc/objects/commands.cfg

but in debian it is:

nano /etc/nagios-plugins/config/nt.cfg

Change the definition of the check_nt command to include the "-s <PASSWORD>" argument (where PASSWORD is the password you specified on the Windows machine) like this:

define command{
	command_name	check_nt
	command_line	$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s PASSWORD -v $ARG1$
	}

Instead I changed my windows definitions to use check_nscp instead of check_nt and modified that definition to include the password

define command {
        command_name    check_nscp
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p 12489 -v '$ARG1$'
}

Save the file.

nagios config files

It seems like the nagios syntax has changed a few times and alot of what you find as examples is broken. Host config files use to carry check_nt script switches. Now they want you to write the cfg files with now switches and just !bang the options in with the switches in the service def file.

Here is a nt check disk before and after:

  • Before
define command {
        command_name    check_nscp
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p 12489 -v '$ARG1$'
}

You would then send something like;

check_command		check_nscp!USEDDISKSPACE!-l c -w 80 -c 90
  • After
define command {
        command_name    check_nt_disk
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p '$ARG1$' -v 'USEDDISKSPACE' -l '$ARG2$' -w '$ARG3$' -c '$ARG4$'
}

Now you send to the check_nt_disk

check_command           check_nt_disk!12489!c!80!90



Notes

debian external command fix/setup

easy right? nope

nano nagios.cfg

change

check_external_commands=0

to

check_external_commands=1

Then

/etc/init.d/nagios3 stop
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
/etc/init.d/nagios3 start

arping

In debian are going to need to build the Net::apring cpan perl module (http://search.cpan.org/~radek/Net-Arping/Arping.pm). In debian you have to use this (http://www.debian-administration.org/articles/78) guide instead of the cpan builder. The cpan builder is dangerous in debian.

aptitude install libnet1-dev libpcap-dev
aptitude install debuild dh-make-perl
#I dont know if you need this:  aptitude install libnet-arp-perl
cat arping.cfg
# 'check-host-alive-arping' command definition
define command{
        command_name    check-host-alive-arping
        command_line    /usr/lib/nagios/plugins/check_arp_ping.pl -I eth0 -H '$HOSTADDRESS$'
        }
cat generic-host-arping.cfg 

# Generic host definition template - This is NOT a real host, just a template!

define host{
        name                            generic-host-arping    ; The name of this host template
        notifications_enabled           1       ; Host notifications are enabled
        event_handler_enabled           1       ; Host event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        failure_prediction_enabled      1       ; Failure prediction is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    1       ; Retain non-status information across program restarts
		check_command                   check-host-alive-arping
		max_check_attempts              10
		notification_interval           0
		notification_period             24x7
		notification_options            d,u,r
		contact_groups                  admins
        register                        0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
        }

You also need to add the nagios user to netdev group for this to work.

  • Here is a modded generic-host def:

Enable Debug

Take out the guesswork. This will allow you to see the commands executed when you are building commands and more.

nagios.cfg
debug_level=0
tail/cat/less debug_file=/var/log/nagios3/nagios.debug
  • run a command as nagios user:

sudo -u nagios command

Notes