Difference between revisions of "Nagios"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(arping)
(arping permissions)
Line 309: Line 309:
 
*http://blog.gnucom.cc/2009/configuring-nagios-to-run-privileged-or-root-commands-with-nrpe/
 
*http://blog.gnucom.cc/2009/configuring-nagios-to-run-privileged-or-root-commands-with-nrpe/
 
*Create a sudo command dir
 
*Create a sudo command dir
 +
nano /etc/sudoers
 +
add
 +
nagios  ALL=(ALL) NOPASSWD: /bla/sudo_commanddir/
 
*Nagios will be able to run those files as sudo
 
*Nagios will be able to run those files as sudo
 
*Read Only FS for that dir?
 
*Read Only FS for that dir?

Revision as of 12:15, 29 January 2014

Overview

Debian

aptitude install nagios3 nagios-plugins nagios-nrpe-plugin nagios3-doc

you could also install

nagios-plugins-openstack nagios-snmp-plugins

you could also install

nagios-plugins-contrib

from

deb http://YOURMIRROR.debian.org/debian-backports squeeze-backports main

Set domain if you have one (else leave default) and set login user and password (it should prompt your for both)

At the time I had to apply the fix that is here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626462

Notes

General Ping Monitoring

You put a host config file in the host config directory and restart nagios. It will then pull the new host in.

/etc/nagios3/conf.d

Contains templates that you can pull into your host config files.

/etc/nagios3/conf.d

is also where you put your host config files.

  • Example
define host{
        use                     generic-host            ; Name of host template to use
        host_name               HOSTNAME
        alias                   HOSTNAME
        address                 192.168.52.20
        }

Save that in

/etc/nagios3/conf.d

and

/etc/init.d/nagios3 restart

you should see it pop in


I make my own dir:

/etc/nagios3/hosts.d

and then add

cfg_dir=/etc/nagios3/hosts.d

to nagios.cfg

Windows Internal (Private Data) Monitoring

  • configure nagios
nano /etc/nagios3/conf.d/winserver_nagios.cfg

put

# Windows host definition template - This is NOT a real host, just a template!

define host{
        name                    windows-server  ; The name of this host template
        use                     generic-host    ; Inherit default values from the generic-host template
        check_period            24x7            ; By default, Windows servers are monitored round the clock
        check_interval          5               ; Actively check the server every 5 minutes
        retry_interval          1               ; Schedule host check retries at 1 minute intervals
        max_check_attempts      10              ; Check each server 10 times (max)
        check_command           check-host-alive        ; Default command to check if servers are "alive"
        notification_period     24x7            ; Send notification out at any time - day or night
        notification_interval   30              ; Resend notifications every 30 minutes
        notification_options    d,r             ; Only send notifications for specific host states
        contact_groups          admins          ; Notifications get sent to the admins by default
        hostgroups              windows-servers ; Host groups that Windows servers should be a member of
        register                0               ; DONT REGISTER THIS - ITS JUST A TEMPLATE
        }

I pulled the above from /usr/share/doc/nagios3-common/examples/template-object/templates.cfg.gz

  • save
  • restart nagios

Installing via MSI

  1. Complete
  2. Install sample config
  3. Check all users
  4. Add allowed host
  5. check everything except what you are not using
  6. change service to allow desktop interaction

Installing the Windows Agent Manually

  1. Download the latest stable version of the NSClient++ addon from http://sourceforge.net/projects/nscplus
  2. Unzip the NSClient++ files into a new C:\NSClient++ directory
  3. Open a command prompt and change to the C:\NSClient++ directory
  4. Register the NSClient++ system service with the following command:
nscp.exe service --install
  1. Open the services manager and make sure the NSClientpp service is allowed to interact with the desktop (see the 'Log On' tab of the services manager). If it isn't already allowed to interact with the desktop, check the box to allow it to.
  2. create a nsclient.ini file
  3. start service/reboot/run command to start

MORE TO UNDERSTAND

Installs 3 services?:

  • nsclient server (check_nt)
  • enable nrpe server (check_nrpe)
  • enable nsca client (do not enable unless you use NSCA
  • enable wmi checks

Windows Password Fix on Server

The guys who make the package in the debian readme file state that they make definitions flexible so that if the devs decide to change a port then the rule will update where if you define the port in the check_nt statement then it will not. This is why the debian check_nt is different then some others.

It is best to use the user vars in the resource.cfg file for your password instead of setting them in the cfg files that are accessible by cgi.

so

nano resource.cfg

change one of the user vars to your pass and then edit

nano /etc/nagios-plugins/config/nt.cfg

with

 define command{
        command_name    check_nt
        command_line    $USER1$/check_nt -H $HOSTADDRESS$ -s $USER9$ -v $ARG1$
        }

where $USER9$ is your var that contains the password.


notes


below is old

If you specified a password in the NSClient++ configuration file on the Windows machine, you'll need to modify the check_nt command definition to include the password. Open the commands.cfg file for editing.

vi /usr/local/nagios/etc/objects/commands.cfg

but in debian it is:

nano /etc/nagios-plugins/config/nt.cfg

Change the definition of the check_nt command to include the "-s <PASSWORD>" argument (where PASSWORD is the password you specified on the Windows machine) like this:

define command{
	command_name	check_nt
	command_line	$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s PASSWORD -v $ARG1$
	}

Instead I changed my windows definitions to use check_nscp instead of check_nt and modified that definition to include the password

define command {
        command_name    check_nscp
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p 12489 -v '$ARG1$'
}

Save the file.

nagios config files

It seems like the nagios syntax has changed a few times and alot of what you find as examples is broken. Host config files use to carry check_nt script switches. Now they want you to write the cfg files with now switches and just !bang the options in with the switches in the service def file.

Here is a nt check disk before and after:

  • Before
define command {
        command_name    check_nscp
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p 12489 -v '$ARG1$'
}

You would then send something like;

check_command		check_nscp!USEDDISKSPACE!-l c -w 80 -c 90
  • After
define command {
        command_name    check_nt_disk
        command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -s $USER4$ -p '$ARG1$' -v 'USEDDISKSPACE' -l '$ARG2$' -w '$ARG3$' -c '$ARG4$'
}

Now you send to the check_nt_disk

check_command           check_nt_disk!12489!c!80!90



Notes

debian external command fix/setup

easy right? nope

nano nagios.cfg

change

check_external_commands=0

to

check_external_commands=1

Then

/etc/init.d/nagios3 stop
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
/etc/init.d/nagios3 start

arping

  • In debian are going to need to build the Net::apring cpan perl module (http://search.cpan.org/~radek/Net-Arping/Arping.pm).
  • In debian you have to use this (http://www.debian-administration.org/articles/78) guide instead of the cpan builder. I read somewhere that using cpan can mess things up.
  • I just would like to state that CPAN and dh-make-perl are fucking useless. Debian has wasted so much of my time by now. I hate the fucking attitude and purposful shitty documentation with crap examples that assume that you will spend the next 4 hours reading man pages that are incomplete too.
  • A few quick examples of a command is alot better then 1000 useless words.
  • Cpans documentation sucks. I could just build Net::arping through cpan or dh-make-perl but I fucking cant. I cannot because I get a old version that has not worked in years. YEARS. They keep that one in the database instead of http://search.cpan.org/~radek/Net-Arping/Arping.pm . How do you have cpan pull the new one? Who fucking knows. I tried downloading the tar.gz and was having problems with that too. dh-make-perl is not flexable at all and will give you a few errors that do not even fucking make sense.

I guess everyone should read how to officialy build debian packages with the right lower case letters and upstream source TO INSTALL SOME FUCKING PERL CODE ON MY OWN FUCKING SYSTEM. This web page: http://www.debian-administration.org/articles/78 - Basically fucking useless.


debuild -us -uc -b

This is what I did and it is probly overkill because I had to try so many things to get this to work:

aptitude install libnet1-dev libpcap-dev

Would not you think that dh-make-perl would have dh-make as a requirement? Fucking nope.

aptitude install debuild dh-make-perl dh-make
aptitude install libnet-arp-perl
apt-file update
mkdir temp
cd temp
wget http://search.cpan.org/CPAN/authors/id/R/RA/RADEK/Net-Arping-0.03.tar.gz
mv Net-Arping-0.03.tar.gz libnet-arping-perl_0.03.orig.tar
tar zxvf libnet-arping-perl_0.03.orig.tar
cd Net-Arping-0.03/
dh-make-perl

You will get errors here but without diving into the source of the script...wtf do they mean. Still keep going

debuild -us -uc -b

I also in the many things I tried:

  • configured cpan
cpan
o conf init

and just for the fuck of it (prolly not)

install Bundle::CPAN

Do not forget to:

dpkg --install libnet-arping-perl_0.03-1_amd64.deb
cat arping.cfg
# 'check-host-alive-arping' command definition
define command{
        command_name    check-host-alive-arping
        command_line    /usr/lib/nagios/plugins/check_arp_ping.pl -I eth0 -H '$HOSTADDRESS$'
        }
cat generic-host-arping.cfg 

# Generic host definition template - This is NOT a real host, just a template!

define host{
        name                            generic-host-arping    ; The name of this host template
        notifications_enabled           1       ; Host notifications are enabled
        event_handler_enabled           1       ; Host event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        failure_prediction_enabled      1       ; Failure prediction is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    1       ; Retain non-status information across program restarts
		check_command                   check-host-alive-arping
		max_check_attempts              10
		notification_interval           0
		notification_period             24x7
		notification_options            d,u,r
		contact_groups                  admins
        register                        0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
        }

You also need to add the nagios user to netdev group for this to work.

  • Here is a modded generic-host def:
# Generic host definition template - This is NOT a real host, just a template!

define host{
        name                            generic-host-arping    ; The name of this host template
        notifications_enabled           1       ; Host notifications are enabled
        event_handler_enabled           1       ; Host event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        failure_prediction_enabled      1       ; Failure prediction is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    1       ; Retain non-status information across program restarts
		check_command                   check-host-alive-arping
		max_check_attempts              10
		notification_interval           0
		notification_period             24x7
		notification_options            d,u,r
		contact_groups                  admins
        register                        0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
        }

arping permissions

Had to run command as sudo in the end

nano /etc/sudoers

add

nagios  ALL=(ALL) NOPASSWD: /bla/sudo_commanddir/
  • Nagios will be able to run those files as sudo
  • Read Only FS for that dir?

mib handling

  • Still Debian
  • You need to add non-free to your sources.list
  • I first added my vendor mib but I do not think it matters to:
/usr/share/mibs/netsnmp
  • It needed additional supporting mibs so:
aptitude install snmp-mibs-downloader
  • I ran this to check for needed mibs
download-mibs
  • Grabbed the name of the mib out of the mib file
snmpwalk -c Read-Access -v 1 -m WIPIPE-MIB 10.100.10.4
./check_snmp 10.100.10.4 -C Read-Access -m WIPIPE-MIB -o ipRouteDest.1 -P 1 --verbose
  • Start making commands!

Define Check Interval

normal_check_interval 1

Service def, etc

Enable Debug

Take out the guesswork. This will allow you to see the commands executed when you are building commands and more.

nagios.cfg
debug_level=0
tail/cat/less debug_file=/var/log/nagios3/nagios.debug
  • run a command as nagios user:

sudo -u nagios command

Notes