http://acacha.org/mediawiki/index.php/OpenFPnet/Mosaic/Formaci%C3%B3/Execuci%C3%B3/Servidor_de_monitoritzaci%C3%B3._NOC#Nagios
Aquesta wiki forma part dels materials d'un curs | |
|---|---|
| Curs: | SeguretatXarxesInformàtiques, LinuxAdministracioAvancada, DissenyXarxesLinux |
| Fitxers: | EinesMonitoritzacio.pdf (EinesMonitoritzacio.odp) |
| Repositori SVN: | https://[email protected]/svn/iceupc/SeguretatXarxesInformàtiques |
| Usuari: | anonymous |
| Paraula de pas: | sense paraula de pas |
| Autors: | Sergi Tur Badenas |
Nagios és una aplicació de monitorització de recursos. Nagios està incorporat a SkoleLinux.
En les màquines ubuntu en les que he instalat Nagios he utilitzat els repositoris main i apt-get o synaptic per instal·lar els següents paquets:
L'altre opció és compilar el codi font. Esta explicada al manual de nagios o per exemple a aquest HOW-TO en castellà.
Consulteu el quickstart oficial.
Per instal·lar la versió 3 de Nagios (--acacha 07:39, 23 abr 2009 (UTC)) executeu:
$ sudo apt-get install nagios3 S'instal·laran els següents paquets extres: bsd-mailx exim4 exim4-base exim4-config exim4-daemon-light libfreetype6 libgd2-noxpm libjpeg62 libnet-snmp-perl libperl5.10 libpng12-0 libradius1 libsensors3 libsnmp-base libsnmp15 nagios-images nagios-plugins nagios-plugins-basic nagios-plugins-standard nagios3-common nagios3-doc radiusclient1 snmp Paquets suggerits: mail-reader eximon4 exim4-doc-html exim4-doc-info libmail-spf-query-perl swaks libfreetype6-dev libgd-tools libcrypt-des-perl libdigest-hmac-perl libio-socket-inet6-perl lm-sensors nagios2 nagios-text nagios whois nagios-nrpe-plugin Paquets recomanats: mailx S'instal·laran els següents paquets NOUS: bsd-mailx exim4 exim4-base exim4-config exim4-daemon-light libfreetype6 libgd2-noxpm libjpeg62 libnet-snmp-perl libperl5.10 libpng12-0 libradius1 libsensors3 libsnmp-base libsnmp15 nagios-images nagios-plugins nagios-plugins-basic nagios-plugins-standard nagios3 nagios3-common nagios3-doc radiusclient1 snmp 0 actualitzats, 24 nous a instal·lar, 0 a eliminar i 20 no actualitzats. Es necessita obtenir 11,4MB d'arxius. After this operation, 29,7MB of additional disk space will be used. Voleu continuar [S/n]? s
És molt possible que us faci instal·lar un servidor de correu com Postfix. Si us pregunta pel tipus de configuració del servidor de correu, escolliu:
Lloc d'Internet
i quan pregunti pel nom de màquina deixeu el FQDN (nom + domini de la màquina).
Finalment us preguntarà pel password de l'usuari administrador de Nagios (nagiosadmin).
TODO: Captures de pantalla
Ara ja podeu accedir a nagios accedint a la URL:
http://localhost/nagios3
Però us demanara un usuari i paraula de pas. L'heu d'establir amb:
$ sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin
$ sudo apt-get install nagios2
$ sudo apt-get install nagios-text
Escollim la contrasenya. Ara per cal executar:
$ sudo ln -s /etc/nagios/htpasswd.users /etc/nagios2/htpasswd.users
Per evitar l'error Nagios#Internal_Server_Error
Ara ja podem accedir a Nagios, obrint el navegador i anant a la web
http://localhost/nagios2
L'usuari i contrasenya són:
check-host-alive es defineix al fitxer:
$ cat /etc/nagios-plugins/config/ping.cfg ... # 'check-host-alive' command definition define command{ command_name check-host-alive command_line /usr/lib/nagios/plugins/check_ping -H '$HOSTADDRESS$' -w 5000,100% -c 5000,100% -p 1 }
És a dir el criteri per a indicar si una màquina està UP o no és:
On 500m és el temps dels ping i 100% és el nombre de paquets perduts.
THRESHOLD is <rta>,<pl>% where <rta> is the round trip average travel time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the percentage of packet loss to trigger an alarm state.
This plugin uses the ping command to probe the specified host for packet loss (percentage) and round trip average (milliseconds). It can produce HTML output linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in the contrib area of the downloads section at http://www.nagios.org/
Vegeu també check_ping
La configuració del nagios és fa amb els fitxers de la carpeta /etc/nagios.
NOTA: a SkoleLinux els fitxers estan a /etc/nagios/debian-edu
La configuració com marca l'estàndard FHS es fa a la carpeta /etc/nagios3.
$ ls /etc/nagios3 apache2.conf cgi.cfg commands.cfg conf.d htpasswd.users nagios.cfg resource.cfg stylesheets
On:
El fitxer principal de configuració és:
$ cat /etc/nagios3/nagios.cfg | grep -v '^#\|^$\|^;' log_file=/var/log/nagios3/nagios.log cfg_file=/etc/nagios3/commands.cfg cfg_dir=/etc/nagios-plugins/config cfg_dir=/etc/nagios3/conf.d object_cache_file=/var/cache/nagios3/objects.cache precached_object_file=/var/lib/nagios3/objects.precache resource_file=/etc/nagios3/resource.cfg status_file=/var/cache/nagios3/status.dat status_update_interval=10 nagios_user=nagios nagios_group=nagios check_external_commands=0 command_check_interval=-1 command_file=/var/lib/nagios3/rw/nagios.cmd external_command_buffer_slots=4096 lock_file=/var/run/nagios3/nagios3.pid temp_file=/var/cache/nagios3/nagios.tmp temp_path=/tmp event_broker_options=-1 log_rotation_method=d log_archive_path=/var/log/nagios3/archives use_syslog=1 log_notifications=1 log_service_retries=1 log_host_retries=1 log_event_handlers=1 log_initial_states=0 log_external_commands=1 log_passive_checks=1 service_inter_check_delay_method=s max_service_check_spread=30 service_interleave_factor=s host_inter_check_delay_method=s max_host_check_spread=30 max_concurrent_checks=0 check_result_reaper_frequency=10 max_check_result_reaper_time=30 check_result_path=/var/lib/nagios3/spool/checkresults max_check_result_file_age=3600 cached_host_check_horizon=15 cached_service_check_horizon=15 enable_predictive_host_dependency_checks=1 enable_predictive_service_dependency_checks=1 soft_state_dependencies=0 auto_reschedule_checks=0 auto_rescheduling_interval=30 auto_rescheduling_window=180 sleep_time=0.25 service_check_timeout=60 host_check_timeout=30 event_handler_timeout=30 notification_timeout=30 ocsp_timeout=5 perfdata_timeout=5 retain_state_information=1 state_retention_file=/var/lib/nagios3/retention.dat retention_update_interval=60 use_retained_program_state=1 use_retained_scheduling_info=1 retained_host_attribute_mask=0 retained_service_attribute_mask=0 retained_process_host_attribute_mask=0 retained_process_service_attribute_mask=0 retained_contact_host_attribute_mask=0 retained_contact_service_attribute_mask=0 interval_length=60 use_aggressive_host_checking=0 execute_service_checks=1 accept_passive_service_checks=1 execute_host_checks=1 accept_passive_host_checks=1 enable_notifications=1 enable_event_handlers=1 process_performance_data=0 obsess_over_services=0 obsess_over_hosts=0 translate_passive_host_checks=0 passive_host_checks_are_soft=0 check_for_orphaned_services=1 check_for_orphaned_hosts=1 check_service_freshness=1 service_freshness_check_interval=60 check_host_freshness=0 host_freshness_check_interval=60 additional_freshness_latency=15 enable_flap_detection=1 low_service_flap_threshold=5.0 high_service_flap_threshold=20.0 low_host_flap_threshold=5.0 high_host_flap_threshold=20.0 date_format=iso8601 p1_file=/usr/lib/nagios3/p1.pl enable_embedded_perl=1 use_embedded_perl_implicitly=1 illegal_object_name_chars=`~!$%^&*|'"<>?,()= illegal_macro_output_chars=`~$&|'"<> use_regexp_matching=0 use_true_regexp_matching=0 [email protected] [email protected] daemon_dumps_core=0 use_large_installation_tweaks=0 enable_environment_macros=1 debug_level=0 debug_verbosity=1 debug_file=/var/log/nagios3/nagios.debug max_debug_file_size=1000000
La majoria de paràmetres generals no cal modificar-los, les opcions per defecte són correctes. El més important és:
cfg_dir=/etc/nagios3/conf.d
que és la carpeta on es configuren els recursos a monitoritzar.
$ ls /etc/nagios3/conf.d contacts_nagios2.cfg generic-host_nagios2.cfg host-gateway_nagios3.cfg localhost_nagios2.cfg timeperiods_nagios2.cfg extinfo_nagios2.cfg generic-service_nagios2.cfg hostgroups_nagios2.cfg services_nagios2.cfg
Aquí podeu configurar:
$ cd /etc/nagios3/conf.d $ sudo cp localhost_nagios2.cfg cop.cfg
Modifiqueu les línies:
$ sudo joe cop.cfg define host{ use generic-host ; Name of host template to use host_name cop alias cop address 192.168.0.4 }
Comenteu la resta del fitxer. Ara l'afegirem als grups:
Vegem un exemple de com afegir al grup http-servers:
$ sudo joe hostgroups_nagios2.cfg # A list of your web servers define hostgroup { hostgroup_name http-servers alias HTTP servers members localhost,cop }
La resta de grups es procedeix similar. El grup servidros-ubuntu l'hem afegit amb les següents línies:
Acacha Wiki# A list of your Ubuntu GNU/Linux servers
define hostgroup {
hostgroup_name ubuntu-servers
alias Debian GNU/Linux Servers
members localhost,cop
}
Per aplicar els canvis vegeu Nagios#Verificant_la_configuraci.C3.B3._Execuci.C3.B3_de_Nagios.
La configuració com marca l'estàndard FHS es fa a la carpeta /etc/nagios2 o en alguns casos /etc/nagios:
$ ls /etc/nagios apache.conf checkcommands.cfg contacts.cfg escalations.cfg hosts.cfg minimal.cfg nagios.cfg services.cfg timeperiods.cfg cgi.cfg contactgroups.cfg dependencies.cfg hostgroups.cfg htpasswd.users misccommands.cfg resource.cfg stylesheets
En aquest fitxer es poden definir MACROS o variables que es poden utilitzar en els fitxers de configuració de Nagios. És útil per emmagatzemar dades crítiques com usuaris i contrasenyes.
En aquest fitxers es defineixen les màquines que es volen monitoritzar.
Exemples:
# Exemple de host
define host{
use generic-host ; Name of host template to use
host_name NomDeLaMaquina
alias Una descripcio
address 127.2.2.1
check_command check-host-alive
max_check_attempts 20
notification_interval 60
notification_period 24x7
notification_options d,u,r
}
Podem afegir tantes màquines com creiem convenient. Si ens fixem les màquines utilitzen una plantilla o template (intrucció use generic-host). El template es troba a l'inici del fitxer hosts.cfg
define host{
name generic-host ; The name of this host template - referenced in other host
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 0 ; Host event handler is disabled
flap_detection_enabled 0 ; Flap detection is disabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
Nota: perquè el Nagios pugui trobar la màquina (host) que hem definit, haurem d'agregar el valor de "host_name" a l'arxiu /etc/hosts de la màquina
En aquest fitxers es defineixen els grups de màquines.
define hostgroup{
hostgroup_name Servers
alias Linux Servers
contact_groups linux-servers-admins
members NomDeLaMaquina,NomDeLaMaquina2
}
Aquí és poden definir els serveis que volem monitoritzar dels hosts que hem registrat. El mateix fitxer ens ofereix infinitat d'exemples dels serveis que es poden monitoritzar (HTTP, ports TCP-IP, base de dades, recursos d'espai i memòria,etc)
Igual que el que succeïx amb el fitxer hosts.cfg és pot utilitzar un template:
define service{
name generic-service ;The 'name' of this service template, referenced in other
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 0 ; Passive service checks are enabled/disabled
parallelize_check 1 ; Active service checks should be parallelized
; (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 0 ; Service notifications are disabled
event_handler_enabled 0 ; Service event handler is disabled
flap_detection_enabled 0 ; Flap detection is disabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
En aquest fitxer es defineixen les persones i les seves dades de contacte (email, beeper, SMS) encarregades de la monitorització. Aquest contactes són els que, en el cas de que el servei monitoritzat tingui el servei d'alertes instal·lat, rebran les alertes de possibles problemes amb els serveis.
define contact{
contact_name nagios
alias Nagios Admin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email,notify-by-epager
host_notification_commands host-notify-by-email,host-notify-by-epager
email [email protected]
pager [email protected]
}
Anem a veure pas a pas que s'ha de fer per monitoritzar una màquina. La configuració de Nagios es realitza editant fitxers de la carpeta /etc/nagios2/. Normalment només caldrà modificar els fitxers de la carpeta /etc/nagios2/conf.d.
El primer que cal fer és afegir una màquina que vulguem monitoritzar:
$ cd /etc/nagios2/conf.d
I creem un fitxer per a la màquina:
$ cat host-gateway.cfg
# a host definition for the gateway of the default route
define host {
host_name gateway
alias Default Gateway
address 192.168.1.1
use generic-host
}
El més important és:
host_name gateway
Aquest és el nom (descriptiu que escolliu vosaltres) que li poseu a la màquina
alias Default Gateway
Descripció llarga. Text lliure
address 192.168.1.1
El més important. L'adreça IP de la màquina a monitoritzar
use generic-host
Això indica que utilitzem una plantilla per aquest host. La plantilla generic-host la proporciona per defecte Nagios.
NOTA: El fitxer pot tenir el nom que vulgueu, però és interessant seguir un patró com per exemple host-nommaquina.cfg
Un cop teniu la màquina configurada, saleu el fitxer i executeu:
$ sudo /etc/init.d/nagios2 restart
Això us permetrà comprovar si hi ha algun error en la configuració.
Ara cal configurar quins serveis volem monitoritzar en aquesta màquina. Els serveix més comuns són fàcils de configurar per què Nagios ens proporciona una forma fàcil de fer-ho utilitzant grups.
Per exemple, el primer que podem fer és que Nagios controli si la màquina esta encesa mitjançant pings. Per això només cal afegir la nostra màquina al grup de màquines a les que es fa ping.
Els grups estan definits al fitxer:
$ cat hostgroups_nagios2.cfg
# Some generic hostgroup definitions
# A simple wildcard hostgroup
define hostgroup {
hostgroup_name all
alias All Servers
members *
}
# A list of your Debian GNU/Linux servers
define hostgroup {
hostgroup_name debian-servers
alias Debian GNU/Linux Servers
members localhost
}
# A list of your web servers
define hostgroup {
hostgroup_name http-servers
alias HTTP servers
members localhost
}
# A list of your ssh-accessible servers
define hostgroup {
hostgroup_name ssh-servers
alias SSH servers
members localhost
}
# nagios doesn't like monitoring hosts without services, so this is
# a group for devices that have no other "services" monitorable
# (like routers w/out snmp for example)
define hostgroup {
hostgroup_name ping-servers
alias Pingable servers
members gateway
}
Com podeu veure al final hi ha el grup ping-servers. Afegiu la vostra màquina de la següent forma
$ sudo joe hostgroups_nagios2.cfg ...
I modifiqueu:
define hostgroup {
hostgroup_name ping-servers
alias Pingable servers
members gateway,altremaquina1,altremaquina2
}
També podeu fer el mateix amb les màquines que tinguin un servidor web:
# A list of your web servers
define hostgroup {
hostgroup_name http-servers
alias HTTP servers
members localhost,gateway
}
Un cop fetes les modificacions executeu:
$ sudo /etc/init.d/nagios2 restart
Comproveu que no hi ha erros i consulteu la web de Nagios (potser haureu d'esperar uns minuts per tal de que refresqui) per consultar l'estat del servidor.
Al fitxer
$ cat /etc/nagios2/conf.d/contacts_nagios2.cfg
es configuren els contactes de nagios. Hi ha una zona anomenada CONTACTS:
############################################################################### ############################################################################### # # CONTACTS # ############################################################################### ############################################################################### ....
Aquí, després del l'exemple de contacte que hi ha (root) heu d'afegir (podeu copiar de la plantilla de l'usuari root que acabem d'esmentar):
define contact{
contact_name sergi
alias Sergi Tur
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email correu_electrònic
}
Com podeu veure hem afegit un usuari anomenat sergi (nom comple Sergi Tur) que esta disponible per rebre avisos les 24 hores dels set dies de la setmana (24x7) i que rebrà les notificacions per correu electrònic.
El correu no es mostra per evitar SPAM però s'indica a la línia:
email correu_electrònic
Per tal que funcioni cal tenir un servidor de correu electrònic. El més senzill possiblement és postfix i el podeu instal·lar amb:
$ sudo apt-get install postfix
IMPORTANT: Si teniu nagios2 en comptes de nagios3 canvieu les ordres nagios3 per nagios2 i els paths a tots els exemples d'aquest apartat. Per exemple:
$ sudo nagios2 -v /etc/nagios3/nagios.cfg
Nagios té un script que permet verificar si els fitxers de configuració no tenen cap error. Executem:
$ sudo nagios3 -v /etc/nagios3/nagios.cfg
O si el teniu instal·lat des del codi font compilant:
$ sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Si tot esta correctament:
Total Warnings: 0 Total Errors: 0 Things look okay - No serious problems were detected during the pre-flight check
Aleshores podem executar el dimoni de Nagios
$ sudo /etc/init.d/nagios3 restart
$ ps aux | grep nagios PID TTY TIME CMD 29864 ? 00:00:00 nagios2
Ja tenim el nagios executant-se. Ara falta configurar Apache i el CGI de Nagios per poder accedir a la interfície web.
En aquest fitxer es controlen les opcions del cgi Nagios. La configuració per defecte normalment ja funciona.
A Apache hem de configurar l'accés a HTML i l'execució d'Scripts CGI:
CGI:
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin <Directory "/usr/local/nagios/sbin"> AllowOverride AuthConfig Options ExecCGI Order allow,deny Allow from all </Directory>
HTML:
Alias /nagios /usr/local/nagios/share <Directory "/usr/local/nagios/share"> Options None AllowOverride AuthConfig Order allow,deny Allow from all </Directory>
Un cop configurat Apache és necessari recarregar el dimoni:
/etc/init.d/httpd restart
L'accés a la interface web és:
http://ip_de_la_teva_maquina/nagios
Més info sobre la configuració de la interface web : http://nagios.sourceforge.net/docs/2_0/installweb.html
Cal tenir en compte que hi ha dos tipus d'usuaris:
Tant un tipus d'usuari com l'altre han de tenir un usuari creat al fitxer htpasswd.users
| CGI Data | Authenticated Contacts | Authenticated Users |
|---|---|---|
| Host Status Information | Yes | No |
| Host Configuration Information | Yes | No |
| Host History | Yes | No |
| Host Notifications | Yes | No |
| Host Commands | Yes | No |
| Service Status Information | Yes | No |
| Service Configuration Information | Yes | No |
| Service History | Yes | No |
| Service Notifications | Yes | No |
| Service Commands | Yes | No |
| All Configuration | No | No |
| System/Process Information | No | No |
| System/Process Commands | No | No |
Nagios ve configurat per defecte amb un usuari nagiosadmin i un password per defecte. Es pot canviar executant:
$ sudo htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
IMPORTANT: Cal tenir en compte quina versió de nagios utilitzeu. si per exemple és la versió 3 aleshores cal canviar: /etc/nagios3/htpasswd.users
El contingut del fitxer és quelcom similar:
$ cat /etc/nagios3/htpasswd.users nagiosadmin:dQ7rtgiurweIg
Es pot utilitzar httacces d'Apache: http://nagios.sourceforge.net/docs/2_0/cgiauth.html
Nagios ve configurat per defecte amb un sol usuari (nagiosadmin). Es pot afegir un nou usuari amb:
$ sudo htpasswd /etc/nagios3/htpasswd.users nom_usuari_nou
Per exemple:
$ sudo htpasswd /etc/nagios3/htpasswd.users maria
El resultat serà que el fitxer ara contindrà un nou usuari
$ cat /etc/nagios3/htpasswd.users nagiosadmin:dQ7rtgiurweIg maria:4vkYuiYydeD.Q
Cal tenir en compte però que amb això només permetrà entrar a la web però no ho veureu tot (cal indicar que pot fer l'usuari). Primer cal comprovar que la configuració del CGI de Nagios permet autenticació, cal que la variable use_authentication estigui a 1:
$ cat /etc/nagios3/cgi.cfg | grep use_authentication use_authentication=1
Si voleu que l'usuari pugui veure certa informació cal que també sigui un contacte. Per exemple per afegir el contacte maria afegiu:
define contact{
contact_name maria
alias Maria Fernandez Rodriguez
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,r
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
email [email protected]
}
al fitxer de contactes, per exemple el fitxer /etc/nagios3/conf.d/contacts_nagios2.cfg.
Consulteu Nagios#Permisos_per_defecte per veure quins són els permisos per defecte d'un contacte autenticat.
Si voleu permetrà que l'usuari tingui més permisos cal canviar les variables:
authorized_for_system_information authorized_for_system_commands authorized_for_configuration_information authorized_for_all_hosts authorized_for_all_host_commands authorized_for_all_services authorized_for_all_service_commands
Per defecte només pot l'usuari nagiosadmin:
$ cat /etc/nagios3/cgi.cfg | grep authorized authorized_for_system_information=nagiosadmin authorized_for_configuration_information=nagiosadmin authorized_for_system_commands=nagiosadmin authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin ...
Per donar tots els permisos a l'usuari el fitxer hauria de quedar:
$ cat /etc/nagios3/cgi.cfg | grep authorized authorized_for_system_information=nagiosadmin,sergi authorized_for_configuration_information=nagiosadmin,sergi authorized_for_system_commands=nagiosadmin,sergi authorized_for_all_services=nagiosadmin,sergi authorized_for_all_hosts=nagiosadmin,sergi authorized_for_all_service_commands=nagiosadmin,sergi authorized_for_all_host_commands=nagiosadmin,sergi ...
Consulteu també la documentació de Nagios:
# READ-ONLY USERS # A comma-delimited list of usernames that have read-only rights in # the CGIs. This will block any service or host commands normally shown # on the extinfo CGI pages. It will also block comments from being shown # to read-only users. #authorized_for_read_only=user1,user2
A SkoleLinux els fitxers de configuració del nagios estan a un altre carpeta. Per tant:
$ sudo htpasswd -c /etc/nagios/debian-edu/htpasswd.users nagiosadmin
Vegeu la documentació oficial:
http://nagios.sourceforge.net/docs/3_0/plugins.html
Es fa amb l'opció --help, per exemple:
$ /usr/lib/nagios/plugins/check_http --help
La utilitat de les macros és simplificar les configuracions massives de comandes, hosts i serveis. Per exemple, es pot definir una comanda una sola vegada per tal que funcioni correctament per a un número infinit de màquines utilitzant macros.
La macro més important és la host Address Macro ($HOSTADDRESS$). Si definim un host de la següent forma:
define host{
host_name linuxbox
address 192.168.1.2
check_command check_ping
...
}
A la comanda podem utilitzar la macro $HOSTADDRESS$:
define command{
command_name check_ping
command_line /usr/local/nagios/libexec/check_ping -H $HOSTADDRESS$ -w 100.0,90% -c 200.0,60%
}
La comanda que s'executarà serà:
/usr/local/nagios/libexec/check_ping -H 192.168.1.2 -w 100.0,90% -c 200.0,60%
Vegeu la documentació oficial:
http://nagios.sourceforge.net/docs/3_0/macros.html
Es poden passar arguments a les comandes com si fossin funcions. S'utilitzant signes d'exclamació:
define service{
host_name linuxbox
service_description PING
check_command check_ping!200.0,80%!400.0,40%
...
}
A l'exemple anterior cridem la comanda check_ping amb dos opcions:
200.0,80%
i
400.0,40%
Dins la comanda s'utilitza:
:*$ARGn$: número d'arguments passats a la comanda
Un exemple de com es defineix la comanda:
define command{
command_name check_ping
command_line /usr/lib/nagios/plugins/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$
}
El que s'executa es doncs:
/usr/lib/nagios/plugins/check_ping -H 192.168.1.2 -w 200.0,80% -c 400.0,40%
NOTA: Si es necessita passar el caràcter ! com argument, s'ha d'escapar amb backslash (\). Igualment les contrabarres s'han d'escapar amb una contrabarra
TODO
Normally when you use host and service macros in command definitions, they refer to values for the host or service for which the command is being run. For instance, if a host check command is being executed for a host named "linuxbox", all the standard host macros will refer to values for that host ("linuxbox").
If you would like to reference values for another host or service in a command (for which the command is not being run), you can use what are called "on-demand" macros. On-demand macros look like normal macros, except for the fact that they contain an identifier for the host or service from which they should get their value. Here's the basic format for on-demand macros:
$HOSTMACRONAME:host_name$ $SERVICEMACRONAME:host_name:service_description$
Replace HOSTMACRONAME and SERVICEMACRONAME with the name of one of the standard host of service macros found here.
Note that the macro name is separated from the host or service identifier by a colon (:). For on-demand service macros, the service identifier consists of both a host name and a service description - these are separated by a colon (:) as well.
Tip Tip: On-demand service macros can contain an empty host name field. In this case the name of the host associated with the service will automatically be used.
Examples of on-demand host and service macros follow:
$HOSTDOWNTIME:myhost$ <--- On-demand host macro
$SERVICESTATEID:novellserver:DS Database$ <--- On-demand service macro
$SERVICESTATEID::CPU Load$ <--- On-demand service macro with blank host name field
On-demand macros are also available for hostgroup, servicegroup, contact, and contactgroup macros. For example:
$CONTACTEMAIL:john$ <--- On-demand contact macro
$CONTACTGROUPMEMBERS:linux-admins$ <--- On-demand contactgroup macro
$HOSTGROUPALIAS:linux-servers$ <--- On-demand hostgroup macro
$SERVICEGROUPALIAS:DNS-Cluster$ <--- On-demand servicegroup macro
TODO
You can obtain the values of a macro across all contacts, hosts, or services in a specific group by using a special format for your on-demand macro declaration. You do this by referencing a specific host group, service group, or contact group name in an on-demand macro, like so:
$HOSTMACRONAME:hostgroup_name:delimiter$ $SERVICEMACRONAME:servicegroup_name:delimiter$ $CONTACTMACRONAME:contactgroup_name:delimiter$
Replace HOSTMACRONAME, SERVICEMACRONAME, and CONTACTMACRONAME with the name of one of the standard host, service, or contact macros found here. The delimiter you specify is used to separate macro values for each group member.
For example, the following macro will return a comma-separated list of host state ids for hosts that are members of the hg1 hostgroup:
$HOSTSTATEID:hg1:,$
This macro definition will return something that looks like this:
0,2,1,1,0,0,2
Any custom object variables that you define in host, service, or contact definitions are also available as macros. Custom variable macros are named as follows:
$_HOSTvarname$ $_SERVICEvarname$ $_CONTACTvarname$
Take the following host definition with a custom variable called "_MACADDRESS"...
define host{
host_name linuxbox
address 192.168.1.1
_MACADDRESS 00:01:02:03:04:05
...
}
The _MACADDRESS custom variable would be available in a macro called $_HOSTMACADDRESS$. More information on custom object variables and how they can be used in macros can be found here.
Macro Cleansing
Some macros are stripped of potentially dangerous shell metacharacters before being substituted into commands to be executed. Which characters are stripped from the macros depends on the setting of the illegal_macro_output_chars directive. The following macros are stripped of potentially dangerous characters:
$HOSTOUTPUT$ $LONGHOSTOUTPUT$ $HOSTPERFDATA$ $HOSTACKAUTHOR$ $HOSTACKCOMMENT$ $SERVICEOUTPUT$ $LONGSERVICEOUTPUT$ $SERVICEPERFDATA$ $SERVICEACKAUTHOR$ $SERVICEACKCOMMENT$
Additionally, any macros that contain custom variables are stripped for safety and security.
Most macros are made available as environment variables for easy reference by scripts or commands that are executed by Nagios. For purposes of security and sanity, $USERn$ and "on-demand" host and service macros are not made available as environment variables.
Environment variables that contain standard macros are named the same as their corresponding macro names (listed here), with "NAGIOS_" prepended to their names. For example, the $HOSTNAME$ macro would be available as an environment variable named "NAGIOS_HOSTNAME".
La podeu trobar a la documentació oficial:
http://nagios.sourceforge.net/docs/3_0/macrolist.html
El fitxer:
$ cat /etc/nagios3/resource.cfg ########################################################################### # # RESOURCE.CFG - Resource File for Nagios # # You can define $USERx$ macros in this file, which can in turn be used # in command definitions in your host config file(s). $USERx$ macros are # useful for storing sensitive information such as usernames, passwords, # etc. They are also handy for specifying the path to plugins and # event handlers - if you decide to move the plugins or event handlers to # a different directory in the future, you can just update one or two # $USERx$ macros, instead of modifying a lot of command definitions. # # The CGIs will not attempt to read the contents of resource files, so # you can set restrictive permissions (600 or 660) on them. # # Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$) # # Resource files may also be used to store configuration directives for # external data sources like MySQL... # ########################################################################### # Sets $USER1$ to be the path to the plugins $USER1$=/usr/lib/nagios/plugins # Sets $USER2$ to be the path to event handlers #$USER2$=/usr/lib/nagios/plugins/eventhandlers # Store some usernames and passwords (hidden from the CGIs)
Per exemple per indicar la paraula de pas de root
$ cat /etc/nagios3/resource.cfg ... USER1=POSEUAQUIELVOSTREPASSWORD
Vegeu també Nagios#.2Fetc.2Fnagios-plugins.2Fconfig.2Fping.cfg
NOTA: hi ha múltiples comandes plantilla relacionades amb check_http al fitxer: /usr/share/nagios-plugins/templates-basic/http.cfg
S'inclou per defecte a Nagios3. Vegem un exemple d'ús:
$ /usr/lib/nagios/plugins/check_http -H 192.168.50.10 HTTP OK: HTTP/1.1 200 OK - 453 bytes in 0,002 second response time |time=0,001540s;;;0,000000 size=453B;;;0
Vegem altres opcions. Per exemple, comprovar servidors HTTP en ports diferents al port per defecte (per exemple pot ser util per comprovar altres servidor web com Tomcat):
$ /usr/lib/nagios/plugins/check_http -H 192.168.1.50 -p 8080 HTTP OK HTTP/1.1 200 OK - 332 bytes in 0.004 seconds |time=0.004144s;;;0.000000 size=332B;;;0
També permet comprovar URLs específiques:
$ /usr/lib/nagios/plugins/check_http -H acacha.org -u http://acacha.org/mediawiki
Consulteu altres opcions a:
http://linux.101hacks.com/unix/check-http/
I als manuals:
$ /usr/lib/nagios/plugins/check_http
Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
[-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
[-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
[-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
[-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
[-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
[-j method]
$ /usr/lib/nagios/plugins/check_http --help check_http v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999 Ethan Galstad <[email protected]> Copyright (c) 1999-2008 Nagios Plugin Development Team <[email protected]> This plugin tests the HTTP service on the specified host. It can test normal (http) and secure (https) servers, follow redirects, search for strings and regular expressions, check connection times, and report on certificate expiration times.
Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
[-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
[-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
[-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
[-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
[-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
[-j method]
NOTE: One or both of -H and -I must be specified
Options:
-h, --help
Print detailed help screen
-V, --version
Print version information
-H, --hostname=ADDRESS
Host name argument for servers using host headers (virtual host)
Append a port to include it in the header (eg: example.com:5000)
-I, --IP-address=ADDRESS
IP address or name (use numeric address if possible to bypass DNS lookup).
-p, --port=INTEGER
Port number (default: 80)
-4, --use-ipv4
Use IPv4 connection
-6, --use-ipv6
Use IPv6 connection
-S, --ssl
Connect via SSL. Port defaults to 443
--sni
Enable SSL/TLS hostname extension support (SNI)
-C, --certificate=INTEGER
Minimum number of days a certificate has to be valid. Port defaults to 443
(when this option is used the URL is not checked.)
-e, --expect=STRING
Comma-delimited list of strings, at least one of them is expected in
the first (status) line of the server response (default: HTTP/1.)
If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)
-s, --string=STRING
String to expect in the content
-u, --url=PATH
URL to GET or POST (default: /)
-P, --post=STRING
URL encoded http POST data
-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)
Set HTTP method.
-N, --no-body
Don't wait for document body: stop reading after headers.
(Note that this still does an HTTP GET or POST, not a HEAD.)
-M, --max-age=SECONDS
Warn if document is more than SECONDS old. the number can also be of
the form "10m" for min utes, "10h" for hours, or "10d" for days.
-T, --content-type=STRING
specify Content-Type header media type when POSTing
-l, --linespan
Allow regex to span newlines (must precede -r or -R)
-r, --regex, --ereg=STRING
Search page for regex STRING
-R, --eregi=STRING
Search page for case-insensitive regex STRING
--invert-regex
Return CRITICAL if found, OK if not
-a, --authorization=AUTH_PAIR
Username:password on sites with basic authentication
-b, --proxy-authorization=AUTH_PAIR
Username:password on proxy-servers with basic authentication
-A, --useragent=STRING
String to be sent in http header as "User Agent"
-k, --header=STRING
Any other tags to be sent in http header. Use multiple times for additional headers
-L, --link
Wrap output in HTML link (obsoleted by urlize)
-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>
How to handle redirected pages. sticky is like follow but stick to the
specified IP address. stickyport also ensure post stays the same.
-m, --pagesize=INTEGER<:INTEGER>
Minimum page size required (bytes) : Maximum page size required (bytes)
-w, --warning=DOUBLE
Response time to result in warning status (seconds)
-c, --critical=DOUBLE
Response time to result in critical status (seconds)
-t, --timeout=INTEGER
Seconds before connection times out (default: 10)
-v, --verbose
Show details for command-line debugging (Nagios may truncate output)
Notes:
This plugin will attempt to open an HTTP connection with the host.
Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL
other errors return STATE_UNKNOWN. Successful connects, but incorrect reponse
messages from the host result in STATE_WARNING return values. If you are
checking a virtual server that uses 'host headers' you must supply the FQDN
(fully qualified domain name) as the [host_name] argument.
This plugin can also check whether an SSL enabled web server is able to
serve content (optionally within a specified time) or whether the X509
certificate is still valid for the specified number of days.
Examples:
CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com
When the 'www.verisign.com' server returns its content within 5 seconds,
a STATE_OK will be returned. When the server returns its content but exceeds
the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,
a STATE_CRITICAL will be returned.
CHECK CERTIFICATE: check_http -H www.verisign.com -C 14
When the certificate of 'www.verisign.com' is valid for more than 14 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
the certificate is expired.
Send email to [email protected] if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to [email protected]
Recursos
Es pot definir una comanda de la següent manera:
Definim la comanda
#HTTPS
define command{
command_name check_https
command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -S
}
La comanda check_https, ja està definida al fitxer:
$ cat /usr/share/nagios-plugins/templates-basic/http.cfg ... # 'check_https' command definition define command{ command_name check_https command_line /usr/lib/nagios/plugins/check_http --ssl -H '$HOSTADDRESS$' -I '$HOSTADDRESS$' } ...
Definim el servei i l'apliquem al grup https-servers:
# HTTPS
define service {
hostgroup_name https-servers
service_description HTTPS
check_command check_https
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
El grup es defineix de la següent manera:
# A list of your secure web servers
define hostgroup {
hostgroup_name https-servers
alias HTTPS servers
members localhost,www,cop,proxmox01,gosa,localhost
}
S'utilitza check_http amb l'opció -S:
$ /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -S HTTP OK: HTTP/1.1 200 OK - 453 bytes in 0,057 second response time |time=0,056505s;;;0,000000 size=453B;;;0
Un exemple de servidor amb HTTP, però no HTTPS:
$ /usr/lib/nagios/plugins/check_http -H 192.168.50.10 -S S’ha refusat la connexió HTTP CRITICAL - Unable to open TCP socket
Si el port és diferent al port per defecte:
$ check_http -H 192.168.1.50 -S -p 8443 HTTP OK HTTP/1.1 200 OK - 332 bytes in 0.004 seconds |time=0.004144s;;;0.000000 size=332B;;;0
És útil també per comprovar quan expira el certificat SSL:
$ /usr/lib/nagios/plugins/check_http -H 101hacks.com -C 365 WARNING - Certificate expires in 300 day(s) (01/01/2011 10:10).
Les opcions són:
$ /usr/lib/nagios/plugins/check_ssh --help check_ssh v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999 Remi Paulmier <[email protected]> Copyright (c) 2000-2007 Nagios Plugin Development Team <[email protected]> Try to connect to an SSH server at specified server and port Usage: check_ssh [-46] [-t <timeout>] [-r <remote version>] [-p <port>] <host> Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: 22) -4, --use-ipv4 Use IPv4 connection -6, --use-ipv6 Use IPv6 connection -t, --timeout=INTEGER Seconds before connection times out (default: 10) -r, --remote-version=STRING Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1) -v, --verbose Show details for command-line debugging (Nagios may truncate output) Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
Hi ha una serie de comandes/plantilla predefinides al fitxer:
$ cat /usr/share/nagios-plugins/templates-basic/ssh.cfg # 'check_ssh' command definition define command{ command_name check_ssh command_line /usr/lib/nagios/plugins/check_ssh '$HOSTADDRESS$' } # 'check_ssh_port' command definition define command{ command_name check_ssh_port command_line /usr/lib/nagios/plugins/check_ssh -p '$ARG1$' '$HOSTADDRESS$' } #### # use these checks, if you want to test IPv4 connectivity on IPv6 enabled systems #### # 'check_ssh_4' command definition define command{ command_name check_ssh_4 command_line /usr/lib/nagios/plugins/check_ssh -4 '$HOSTADDRESS$' } # 'check_ssh_port_4' command definition define command{ command_name check_ssh_port_4 command_line /usr/lib/nagios/plugins/check_ssh -4 -p '$ARG1$' '$HOSTADDRESS$' }
El plugin es troba a:
/usr/lib/nagios/plugins/check_udp
Un exemple d'ús:
$ /usr/lib/nagios/plugins/check_udp
El manual:
$ /usr/lib/nagios/plugins/check_udp --help check_udp v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999 Ethan Galstad <[email protected]> Copyright (c) 1999-2008 Nagios Plugin Development Team <[email protected]> This plugin tests UDP connections with the specified host (or unix socket). Usage: check_udp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <days to cert expiry>] [-S <use SSL>] [-E] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: none) -4, --use-ipv4 Use IPv4 connection -6, --use-ipv6 Use IPv6 connection -E, --escape Can use \n, \r, \t or \ in send or quit string. Must come before send or quit option Default: nothing added to send, \r\n added to end of quit -s, --send=STRING String to send to the server -e, --expect=STRING String to expect in server response (may be repeated) -A, --all All expect strings need to occur in server response. Default is any -q, --quit=STRING String to send server to initiate a clean close of the connection -r, --refuse=ok|warn|crit Accept TCP refusals with states ok, warn, crit (default: crit) -M, --mismatch=ok|warn|crit Accept expected string mismatches with states ok, warn, crit (default: warn) -j, --jail Hide output from TCP socket -m, --maxbytes=INTEGER Close connection once more than this number of bytes are received -d, --delay=INTEGER Seconds to wait between sending string and polling for response -D, --certificate=INTEGER Minimum number of days a certificate has to be valid. -S, --ssl Use SSL for the connection. -w, --warning=DOUBLE Response time to result in warning status (seconds) -c, --critical=DOUBLE Response time to result in critical status (seconds) -t, --timeout=INTEGER Seconds before connection times out (default: 10) -v, --verbose Show details for command-line debugging (Nagios may truncate output) Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
NOTA: Si només es volen comprovar els ports, es pot utilitzar check_tcp i/o check_udp
Aquest plugin cal executar-lo com a root:
$ sudo /usr/lib/nagios/plugins/check_dhcp 192.168.50.10 CRITICAL: No DHCPOFFERs were received.
Si no s'executa com a root:
Warning: This plugin must be either run as root or setuid root. To run as root, you can use a tool like sudo. To set the setuid permissions, use the command: chmod u+s yourpluginfile Error: Could not bind socket to interface eth0. Check your privileges...
Establiu el bit setuid:
$ sudo chmod u+s /usr/lib/nagios/plugins/check_dhcp
El manual dona les següents opcions:
$ /usr/lib/nagios/plugins/check_dhcp --help check_dhcp v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2001-2004 Ethan Galstad ([email protected]) Copyright (c) 2001-2007 Nagios Plugin Development Team <[email protected]> This plugin tests the availability of DHCP servers on a network. Usage: check_dhcp [-v] [-u] [-s serverip] [-r requestedip] [-t timeout] [-i interface] [-m mac] Options: -h, --help Print detailed help screen -V, --version Print version information -v, --verbose Show details for command-line debugging (Nagios may truncate output) -s, --serverip=IPADDRESS IP address of DHCP server that we must hear from -r, --requestedip=IPADDRESS IP address that should be offered by at least one DHCP server -t, --timeout=INTEGER Seconds to wait for DHCPOFFER before timeout occurs -i, --interface=STRING Interface to to use for listening (i.e. eth0) -m, --mac=STRING MAC address to use in the DHCP request -u, --unicast Unicast testing: mimic a DHCP relay, requires -s Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
Hi ha una sèrie de comandes predefinides al fitxer:
$ cat /usr/share/nagios-plugins/templates-basic/dhcp.cfg # note: these plugins require root privilege. see README.Debian for # more information on how it is recommended that you do this. # 'check_dhcp' command definition define command{ command_name check_dhcp command_line /usr/lib/nagios/plugins/check_dhcp -s '$HOSTADDRESS$' } # 'check_dhcp_interface' command definition define command{ command_name check_dhcp_interface command_line /usr/lib/nagios/plugins/check_dhcp -s '$HOSTADDRESS$' -i '$ARG1$' }
Si us dona el Warning/Error:
Warning: This plugin must be either run as root or setuid root.
El plugin el trobareu a:
/usr/lib/nagios/plugins/check_dns
També hi ha el plugin:
/usr/lib/nagios/plugins/check_dig
el primer utilitzaa l'ordre nslookup i el segon l'ordre dig per tal de comprovar el funcionament dels servidors DNS.
Els manuals:
$ /usr/lib/nagios/plugins/check_dns --help check_dns v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999 Ethan Galstad <[email protected]> Copyright (c) 2000-2008 Nagios Plugin Development Team <[email protected]> This plugin uses the nslookup program to obtain the IP address for the given host/domain query. An optional DNS server to use may be specified. If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used. Usage: check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=HOST The name or address you want to query -s, --server=HOST Optional DNS server you want to use for the lookup -a, --expected-address=IP-ADDRESS|HOST Optional IP-ADDRESS you expect the DNS server to return. HOST must end with a dot (.). This option can be repeated multiple times (Returns OK if any value match). If multiple addresses are returned at once, you have to match the whole string of addresses separated with commas (sorted alphabetically). -A, --expect-authority Optionally expect the DNS server to be authoritative for the lookup -w, --warning=seconds Return warning if elapsed time exceeds value. Default off -c, --critical=seconds Return critical if elapsed time exceeds value. Default off -t, --timeout=INTEGER Seconds before connection times out (default: 10) Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
i:
$ /usr/lib/nagios/plugins/check_dig --help check_dig v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2000 Karl DeBisschop <[email protected] sourceforge.net> Copyright (c) 2002-2008 Nagios Plugin Development Team <[email protected]> This plugin test the DNS service on the specified host using dig Usage: check_dig -l <query_address> [-H <host>] [-p <serve r port>] [-T <query type>] [-w <warning interval>] [-c <cri tical interval>] [-t <timeout>] [-a <expected answer address>] [-v] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: 53) -l, --query_address=STRING Machine name to lookup -T, --record_type=STRING Record type to lookup (default: A) -a, --expected_address=STRING An address expected to be in the answer section. If not set, uses whatever was in -l -A, --dig-arguments=STRING Pass STRING as argument(s) to dig -w, --warning=DOUBLE Response time to result in warning status (seconds) -c, --critical=DOUBLE Response time to result in critical status (seconds) -t, --timeout=INTEGER Seconds before connection times out (default: 10) -v, --verbose Show details for command-line debugging (Nagios may truncate output) Examples: check_dig -H DNSSERVER -l www.example.com -A "+tcp" This will send a tcp query to DNSSERVER for www.example.com Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
La comanda check_dns es troba definida al fitxer:
$ cat /usr/share/nagios-plugins/templates-standard/dns.cfg # 'check_dns' command definition define command{ command_name check_dns command_line /usr/lib/nagios/plugins/check_dns -H www.google.com -s '$HOSTADDRESS$' } # 'check_dig' command definition define command{ command_name check_dig command_line /usr/lib/nagios/plugins/check_dig -H '$HOSTADDRESS$' -l '$ARG1$' }
Amb els plugins bàsics venen les comandes:
/usr/lib/nagios/plugins/check_ntp /usr/lib/nagios/plugins/check_ntp_peer /usr/lib/nagios/plugins/check_ntp_time
La primera està deprecated, no la utilitzeu:
$ /usr/lib/nagios/plugins/check_ntp WARNING: check_ntp is deprecated. Please use check_ntp_peer or check_ntp_time instead. ...
La segona serveix per monitortizar un servidor NTP remot.
La tercera serveix per comparar l'hora local amb l'hora d'un servidor NTP.
Les sinopsis són:
$ /usr/lib/nagios/plugins/check_ntp_time Usage: check_ntp_time -H <host> [-w <warn>] [-c <crit>] [-v verbose]
i
$ /usr/lib/nagios/plugins/check_ntp_peer
Usage:
check_ntp_peer -H <host> [-w <warn>] [-c <crit>] [-W <warn>] [-C <crit>]
[-j <warn>] [-k <crit>] [-v verbose]
I les ajudes:
$ /usr/lib/nagios/plugins/check_ntp_peer --help check_ntp_peer v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2006 Sean Finney Copyright (c) 2006-2008 Nagios Plugin Development Team <[email protected]> This plugin checks the selected ntp server Usage: check_ntp_peer -H <host> [-w <warn>] [-c <crit>] [-W <warn>] [-C <crit>] [-j <warn>] [-k <crit>] [-v verbose] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: 123) -q, --quiet Returns UNKNOWN instead of CRITICAL or WARNING if server isn't synchronized -w, --warning=THRESHOLD Offset to result in warning status (seconds) -c, --critical=THRESHOLD Offset to result in critical status (seconds) -W, --swarn=THRESHOLD Warning threshold for stratum -C, --scrit=THRESHOLD Critical threshold for stratum -j, --jwarn=THRESHOLD Warning threshold for jitter -k, --jcrit=THRESHOLD Critical threshold for jitter -m, --twarn=THRESHOLD Warning threshold for number of usable time sources ("truechimers") -n, --tcrit=THRESHOLD Critical threshold for number of usable time sources ("truechimers") -t, --timeout=INTEGER Seconds before connection times out (default: 10) -v, --verbose Show details for command-line debugging (Nagios may truncate output) This plugin checks an NTP server independent of any commandline programs or external libraries. Notes: Use this plugin to check the health of an NTP server. It supports checking the offset with the sync peer, the jitter and stratum. This plugin will not check the clock offset between the local host and NTP server; please use check_ntp_time for that purpose. See: http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT for THRESHOLD format and examples. Examples: Simple NTP server check: ./check_ntp_peer -H ntpserv -w 0.5 -c 1 Check jitter too, avoiding critical notifications if jitter isn't available (See Notes above for more details on thresholds formats): ./check_ntp_peer -H ntpserv -w 0.5 -c 1 -j -1:100 -k -1:200 Only check the number of usable time sources ("truechimers"): ./check_ntp_peer -H ntpserv -m :5 -n :3 Check only stratum: ./check_ntp_peer -H ntpserv -W 4 -C 6 Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
i
$ /usr/lib/nagios/plugins/check_ntp_time --help check_ntp_time v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2006 Sean Finney Copyright (c) 2006-2008 Nagios Plugin Development Team <[email protected]> This plugin checks the clock offset with the ntp server Usage: check_ntp_time -H <host> [-w <warn>] [-c <crit>] [-v verbose] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: 123) -q, --quiet Returns UNKNOWN instead of CRITICAL if offset cannot be found -w, --warning=THRESHOLD Offset to result in warning status (seconds) -c, --critical=THRESHOLD Offset to result in critical status (seconds) -t, --timeout=INTEGER Seconds before connection times out (default: 10) -v, --verbose Show details for command-line debugging (Nagios may truncate output) This plugin checks the clock offset between the local host and a remote NTP server. It is independent of any commandline programs or external libraries. Notes: If you'd rather want to monitor an NTP server, please use check_ntp_peer. See: http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT for THRESHOLD format and examples. Examples: ./check_ntp_time -H ntpserv -w 0.5 -c 1 Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
Hi ha una sèrie de comandes predefinides al fitxer:
$ cat /usr/share/nagios-plugins/templates-basic/ntp.cfg # 'check_ntp' command definition define command{ command_name check_ntp command_line /usr/lib/nagios/plugins/check_ntp_peer -H '$HOSTADDRESS$' } # 'check_ntp_ntpq' command definition define command{ command_name check_ntp_ntpq command_line /usr/lib/nagios/plugins/check_ntp_peer -H '$HOSTADDRESS$' -j 10 -k 15 } # 'check_time' command definition define command{ command_name check_time command_line /usr/lib/nagios/plugins/check_time -H '$HOSTADDRESS$' }
Hi ha dos plugins:
/usr/lib/nagios/plugins/check_ldap /usr/lib/nagios/plugins/check_ldaps
Serveixen per comprovar respectivament Ldap sense SSL i Ldap amb SSL. Ens centrarem en el cas de Ldap sense SSL.
Un exemple d'ús:
$ /usr/lib/nagios/plugins/check_ldap -H 192.168.50.30 -b "dc=iesmontsia,dc=org" -3
Correspon a comprovar l'accés anònim a un servidor Ldap remot (192.168.50.30) amb la versió 3 de Ldap.
Un exemple d'ús:
La comanda:
define command {
command_name check_anonymous_ldap3
command_line /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3
}
El servei seria:
#LDAP ANONYMOUS BIND
define service {
hostgroup_name ldap-servers
service_description LDAP BIND ANONYMOUS
check_command check_anonymous_ldap3!dc=iesmontsia,dc=org
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
I el host-group:
# Ldap servers
define hostgroup {
hostgroup_name ldap-servers
alias Ldap servers
members localhost,cop,gosa,samba01,proxyguifi,www
}
El manual és el següent:
$ /usr/lib/nagios/plugins/check_ldap --help check_ldap v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999 Didi Rieder ([email protected]) Copyright (c) 2000-2008 Nagios Plugin Development Team <[email protected]> Usage: check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>] [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-2|-3] [-4|-6] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -p, --port=INTEGER Port number (default: 389) -4, --use-ipv4 Use IPv4 connection -6, --use-ipv6 Use IPv6 connection -a [--attr] ldap attribute to search (default: "(objectclass=*)" -b [--base] ldap base (eg. ou=my unit, o=my org, c=at -D [--bind] ldap bind DN (if required) -P [--pass] ldap password (if required) -T [--starttls] use starttls mechanism introduced in protocol version 3 -S [--ssl] use ldaps (ldap v2 ssl method). this also sets the default port to 636 -2 [--ver2] use ldap protocol version 2 -3 [--ver3] use ldap protocol version 3 (default protocol version: 2) -w, --warning=DOUBLE Response time to result in warning status (seconds) -c, --critical=DOUBLE Response time to result in critical status (seconds) -t, --timeout=INTEGER Seconds before connection times out (default: 10) -v, --verbose Show details for command-line debugging (Nagios may truncate output) Notes: If this plugin is called via 'check_ldaps', method 'STARTTLS' will be implied (using default port 389) unless --port=636 is specified. In that case 'SSL on connect' will be used no matter how the plugin was called. This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags to define the behaviour explicitly instead. Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
Hi ha una sèrie de comandes predefinides:
/usr/share/nagios-plugins/templates-standard$ cat ldap.cfg
# 'check_ldap' command definition
define command{
command_name check_ldap
command_line /usr/lib/nagios/plugins/check_ldap -H '$HOSTADDRESS$' -b '$ARG1$'
}
# 'check_ldaps' command definition
define command{
command_name check_ldaps
command_line /usr/lib/nagios/plugins/check_ldaps -H '$HOSTADDRESS$' -b '$ARG1$'
}
####
# use these checks, if you want to test IPv4 connectivity on IPv6 enabled systems
####
# 'check_ldap_4' command definition
define command{
command_name check_ldap_4
command_line /usr/lib/nagios/plugins/check_ldap -H '$HOSTADDRESS$' -b '$ARG1$' -4
}
# 'check_ldaps_4' command definition
define command{
command_name check_ldaps_4
command_line /usr/lib/nagios/plugins/check_ldaps -H '$HOSTADDRESS$' -b '$ARG1$' -4
}
Vegeu Ldap#Monitoritzaci.C3.B3._Nagios
El plugin es troba a:
/usr/lib/nagios/plugins/check_mysql
La comanda a:
$ cat /usr/share/nagios-plugins/templates-standard/mysql.cfg # 'check_mysql' command definition define command{ command_name check_mysql command_line /usr/lib/nagios/plugins/check_mysql -H '$HOSTADDRESS$' } # 'check_mysql_cmdlinecred' command definition define command{ command_name check_mysql_cmdlinecred command_line /usr/lib/nagios/plugins/check_mysql -H '$HOSTADDRESS$' -u '$ARG1$' -p '$ARG2$' } # 'check_mysql_database' command definition define command{ command_name check_mysql_database command_line /usr/lib/nagios/plugins/check_mysql -d '$ARG3$' -H '$HOSTADDRESS$' -u '$ARG1$' -p '$ARG2$' }
Un exemple d'ús:
$ /usr/lib/nagios/plugins/check_mysql Access denied for user 'sergi'@'localhost' (using password: NO)
Com podeu veure calautenticar-se:
$ /usr/lib/nagios/plugins/check_mysql -H localhost -u root -p PARAULADEPAS Uptime: 148224 Threads: 1 Questions: 8384 Slow queries: 0 Opens: 712690 Flush tables: 1 Open tables: 400 Queries per second avg: 0.056
Cal recordar que per defecte MySQL no utilitza TCP/IP i que els servidors no són accesibles en remot, sinó que només es permet l'accés des de localhost ai mab unix socket. Per tant per monitortizar servidor MySQL remots caldrà utilitzar NRPE.
El manual diu:
$ /usr/lib/nagios/plugins/check_mysql --help check_mysql v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 1999-2007 Nagios Plugin Development Team <[email protected]> This program tests connections to a MySQL server Usage: check_mysql [-d database] [-H host] [-P port] [-s socket] [-u user] [-p password] [-S] Options: -h, --help Print detailed help screen -V, --version Print version information -H, --hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -P, --port=INTEGER Port number (default: 3306) -s, --socket=STRING Use the specified socket (has no effect if -H is used) -d, --database=STRING Check database with indicated name -u, --username=STRING Connect using the indicated username -p, --password=STRING Use the indicated password to authenticate the connection ==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!! <== Your clear-text password could be visible as a process table entry -S, --check-slave Check if the slave thread is running properly. -w, --warning Exit with WARNING status if slave server is more than INTEGER seconds behind master -c, --critical Exit with CRITICAL status if slave server is more then INTEGER seconds behind master There are no required arguments. By default, the local database is checked using the default unix socket. You can force TCP on localhost by using an IP address or FQDN ('localhost' will use the socket as well). Notes: You must specify -p with an empty string to force an empty password, overriding any my.cnf settings. Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
El plugin es troba a:
/usr/lib/nagios/plugins/check_snmp
Les comandes estan definides a:
$ cat /usr/share/nagios-plugins/templates-standard/snmp.cfg # 'snmp_load' command definition define command{ command_name snmp_load command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.10.1.5.1,.1.3.6.1.4.1.2021.10.1.5.2,.1.3.6.1.4.1.2021.10.1.5.3 -w :'$ARG2$',:'$ARG3$',:'$ARG4$' -c :'$ARG5$',:'$ARG6$',:'$ARG7$' -l load } # 'snmp_cpustats' command definition define command{ command_name snmp_cpustats command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.11.9.0,.1.3.6.1.4.1.2021.11.10.0,.1.3.6.1.4.1.2021.11.11.0 -l 'CPU usage (user system idle)' -u '%' } # 'snmp_procname' command definition define command{ command_name snmp_procname command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.2.1.5.'$ARG2$' -w '$ARG3$':'$ARG4$' -c '$ARG5$':'$ARG6$' } # 'snmp_disk' command definition define command{ command_name snmp_disk command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.9.1.7.'$ARG2$',.1.3.6.1.4.1.2021.9.1.9.'$ARG2$' -w '$ARG3$':,:'$ARG4$' -c '$ARG5$':,:'$ARG6$' -u 'kB free (','% used)' -l 'disk space' } # 'snmp_mem' command definition define command{ command_name snmp_mem command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.4.6.0,.1.3.6.1.4.1.2021.4.5.0 -w '$ARG2$': -c '$ARG3$': } # 'snmp_swap' command definition define command{ command_name snmp_swap command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.4.4.0,.1.3.6.1.4.1.2021.4.3.0 -w '$ARG2$': -c '$ARG3$': }
# 'snmp_procs' command definition
define command{
command_name snmp_procs
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrSystem.hrSystemProcesses -w :'$ARG2$' -c :'$ARG3$' -l processes
}
# 'snmp_users' command definition
define command{
command_name snmp_users
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrSystem.hrSystemNumUsers -w :'$ARG2$' -c :'$ARG3$' -l users
}
# 'snmp_mem2' command definition
define command{
command_name snmp_mem2
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
# 'snmp_swap2' command definition
define command{
command_name snmp_swap2
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
# 'snmp_mem3' command definition
define command{
command_name snmp_mem3
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
# 'snmp_swap3' command definition
define command{
command_name snmp_swap3
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
# 'snmp_disk2' command definition
define command{
command_name snmp_disk2
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
# 'snmp_tcpopen' command definition
define command{
command_name snmp_tcpopen
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o tcp.tcpCurrEstab.0 -w '$ARG2$' -c '$ARG3$'
}
# 'snmp_tcpstats' command definition
define command{
command_name snmp_tcpstats
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o tcp.tcpActiveOpens.0,tcp.tcpPassiveOpens.0,tcp.tcpInSegs.0,tcp.tcpOutSegs.0,tcp.tcpRetransSegs.0 -l 'TCP stats'
}
# 'check_snmp_bgpstate' command definition
define command{
command_name check_snmp_bgpstate
command_line /usr/lib/nagios/plugins/check_bgpstate '$HOSTADDRESS$' -c '$ARG1$'
}
# 'check_netapp_uptime' command definition
define command{
command_name check_netapp_uptime
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.2.1.1.3.0 --delimiter=')' -l "Uptime is"
}
# 'check_netapp_cpuload' command definition
define command{
command_name check_netapp_cpuload
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.789.1.2.1.3.0 -w 90 -c 95 -u '%' -l "CPU LOAD "
}
# 'check_netapp_numdisks' command definition
define command{
command_name check_netapp_numdisks
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.789.1.6.4.1.0,.1.3.6.1.4.1.789.1.6.4.2.0,.1.3.6.1.4.1.789.1.6.4.8.0,.1.3.6.1.4.1.789.1.6.4.7.0 -u 'Total Disks','Active','Spare','Failed' -l ""
}
# 'check_compaq_thermalCondition' command definition
define command{
command_name check_compaq_thermalCondition
command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.232.6.2.1.0,.1.3.6.1.4.1.232.6.2.2.0,.1.3.6.1.4.1.232.6.2.3.0,.1.3.6.1.4.1.232.6.2.4.0 -u 'ThermalCondition','ThermalTemp','ThermalSystem','ThermalCPUFan' -w 2:2,2:2,2:2,2:2 -c 1:2,1:2,1:2,1:2 -l "Thermal status "
}
Aquest plugin es troba a:
/usr/lib/nagios/plugins/check_apt
Les comandes es troben a:
$ cat /etc/nagios-plugins/config/apt.cfg # 'check_apt' command definition define command{ command_name check_apt command_line /usr/lib/nagios/plugins/check_apt } # 'check_apt_distupgrade' command definition define command{ command_name check_apt_distupgrade command_line /usr/lib/nagios/plugins/check_apt -d }
L'ajuda del plugin és:
$ /usr/lib/nagios/plugins/check_apt --help check_apt v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2006-2008 Nagios Plugin Development Team <[email protected]> This plugin checks for software updates on systems that use package management systems based on the apt-get(8) command found in Debian GNU/Linux Usage: check_apt [[-d|-u|-U]opts] [-n] [-t timeout] Options: -h, --help Print detailed help screen -V, --version Print version information -t, --timeout=INTEGER Seconds before connection times out (default: 10) -U, --upgrade=OPTS [Default] Perform an upgrade. If an optional OPTS argument is provided, apt-get will be run with these command line options instead of the default (-o 'Debug::NoLocking=true' -s -qq). Note that you may be required to have root privileges if you do not use the default options. -d, --dist-upgrade=OPTS Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS can be provided to override the default options. -n, --no-upgrade Do not run the upgrade. Probably not useful (without -u at least). -i, --include=REGEXP Include only packages matching REGEXP. Can be specified multiple times the values will be combined together. Any patches matching this list cause the plugin to return WARNING status. Others will be ignored. Default is to include all packages. -e, --exclude=REGEXP Exclude packages matching REGEXP from the list of packages that would otherwise be included. Can be specified multiple times; the values will be combined together. Default is to exclude no packages. -c, --critical=REGEXP If the full package information of any of the upgradable packages match this REGEXP, the plugin will return CRITICAL status. Can be specified multiple times like above. Default is a regexp matching security upgrades for Debian and Ubuntu: ^[^\(]*\([^ ]* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security) Note that the package must first match the include list before its information is compared against the critical list. The following options require root privileges and should be used with care: -u, --update=OPTS First perform an 'apt-get update'. An optional OPTS parameter overrides the default options. Note: you may also need to adjust the global timeout (with -t) to prevent the plugin from timing out if apt-get upgrade is expected to take longer than the default timeout. Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
El plugin es troba a:
$ /usr/lib/nagios/plugins/check_swap
Un exemple d'ús:
$ /usr/lib/nagios/plugins/check_swap -w 80 -c 50 SWAP OK - 100% free (511 MB out of 511 MB) |swap=511MB;0;0;0;511
No he trobat cap comanda predefinida... Per definir la comanda per a ús local:
define command {
command_name check_swap
command_line /usr/lib/nagios/plugins/check_swap -w 80 -c 50
}
define command {
command_name check_swap_args
command_line /usr/lib/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$
}
Per utilitzar-la:
#SWAP LOCAL
define service {
host_name hostname
service_description SWAP
check_command check_swap!80!50
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
Però el més habitual es utilitzar NRPE:
al client nrpe:
#SWAP
define service {
hostgroup_name nrpe-servers
service_description SWAP
check_command check_nrpe_1arg!check_swap
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
Al server afegir la línia:
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 80 -c 50
Al fitxer:
/etc/nagios/nrpe.cfg
El manual:
$ /usr/lib/nagios/plugins/check_swap --help check_swap v1.4.15 (nagios-plugins 1.4.15) Copyright (c) 2000-2007 Nagios Plugin Development Team <[email protected]> Check swap space on local machine. Usage: check_swap [-av] -w <percent_free>% -c <percent_free>% check_swap [-av] -w <bytes_free> -c <bytes_free> Options: -h, --help Print detailed help screen -V, --version Print version information -w, --warning=INTEGER Exit with WARNING status if less than INTEGER bytes of swap space are free -w, --warning=PERCENT%% Exit with WARNING status if less than PERCENT of swap space is free -c, --critical=INTEGER Exit with CRITICAL status if less than INTEGER bytes of swap space are free -c, --critical=PERCENT%% Exit with CRITCAL status if less than PERCENT of swap space is free -a, --allswaps Conduct comparisons for all swap partitions, one by one -v, --verbose Show details for command-line debugging (Nagios may truncate output) Notes: On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s. Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected]
IMPORTANT: No hi ha un plugin per defecte al Nagios 3 per a Samba
El que es pot fer es comprovar els ports públics utilitzant check_tcp i check_udp
Si que tenim però un script que permet comprovar l'espai lliure en recursos compartits de xarxa Windows:
$ /usr/lib/nagios/plugins/check_disk_smb --help check_disk_smb v1.4.15 (nagios-plugins 1.4.15) The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute copies of the plugins under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Copyright (c) 2000 Michael Anthon/Karl DeBisschop Perl Check SMB Disk plugin for Nagios Usage: check_disk_smb -H <host> -s <share> -u <user> -p <password> -w <warn> -c <crit> [-W <workgroup>] [-P <port>] [-a <IP>] -H, --hostname=HOST NetBIOS name of the server -s, --share=STRING Share name to be tested -W, --workgroup=STRING Workgroup or Domain used (Defaults to "WORKGROUP") -a, --address=IP IP-address of HOST (only necessary if HOST is in another network) -u, --user=STRING Username to log in to server. (Defaults to "guest") -p, --password=STRING Password to log in to server. (Defaults to an empty password) -w, --warning=INTEGER or INTEGER[kMG] Percent of used space at which a warning will be generated (Default: 85%) -c, --critical=INTEGER or INTEGER[kMG] Percent of used space at which a critical will be generated (Defaults: 95%) -P, --port=INTEGER Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default) If thresholds are followed by either a k, M, or G then check to see if that much disk space is available (kilobytes, Megabytes, Gigabytes) Warning percentage should be less than critical Warning (remaining) disk space should be greater than critical. Send email to [email protected] if you have questions regarding use of this software. To submit patches or suggest improvements, send email to [email protected] Please include version information with all correspondence (when possible, use output from the --version option of the plugin itself).
El plugin check_procs el trobareu a:
/usr/lib/nagios/plugins/check_procs
Forma part del paquet nagios-plugins-basic:
$ dpkg -S /usr/lib/nagios/plugins/check_procs nagios-plugins-basic: /usr/lib/nagios/plugins/check_procs
Recursos:
Afegiu la línia:
command[check_dhcpd]=/usr/lib/nagios/plugins/check_procs -c 1:1 -C dhcpd
al fitxer:
/etc/nagios/nrpe.cfg
I podeu monitoritzar remotament DHCP utilitzant el plugin nrpe:
#DHCP
define service {
hostgroup_name dhcp-servers
service_description DHCPD
check_command check_nrpe_1arg!check_dhcpd
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
Es poden trobar altres plugins a:
Nagios Plugins Project: http://nagiosplug.sourceforge.net/ Nagios Downloads Page: http://www.nagios.org/download/ NagiosExchange.org: http://www.nagiosexchange.org/
Per defecte ja es configuren els serveis HTTP i SSH, utilitzant les comandes check_ssh i check_http
$ cat /etc/nagios3/conf.d/services.cfg # check that web services are running define service { hostgroup_name http-servers service_description HTTP check_command check_http use generic-service notification_interval 0 ; set > 0 if you want to be renotified }
# check that ssh services are running
define service {
hostgroup_name ssh-servers
service_description SSH
check_command check_ssh
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
Nagios utilitza un sistema de plugins que permet la seva extensibilitat i la possibilitat d'implementar els teus propis serveis.
TODO
Les icones les trobareu a:
/usr/share/nagios/htdocs/images/logos
Les imatges són proporcionades pel paquet nagios-images:
$ dpkg -S /usr/share/nagios/htdocs/images/logos nagios-images: /usr/share/nagios/htdocs/images/logos
Si no el teniu instal·lar poseu:
$ sudo apt-get install nagios-images
Cal indicar la imatge de la màquina a la seva definició:
define hostextinfo{
host_name router
icon_image switch40.jpg
icon_image_alt switch40.gif
statusmap_image switch40.gd2
}
Un altre exemple:
define host{
use generic-switch ; Inherit default values from a template
host_name AP09 ; The name we're giving to this switch
alias AP09 (Planta 2: davant les aules 27 i 28) ; A longer name associated with the switch
address 192.168.140.159 ; IP address of the switch
hostgroups switches ; Host groups this switch is associated with
parents R2SS1
icon_image base/wifi3.png
icon_image_alt AP
vrml_image base/wifi3.png
statusmap_image base/wifi3.gd2
}
Ara anem a veure un exemple de com afegir la icona d'Ubuntu a una llista de servidors Ubuntu. Editeu el fitxer:
$ sudo joe /etc/nagios3/conf.d/extinfo_nagios2.cfg ... define hostextinfo{ hostgroup_name ubuntu-servers notes Ubuntu GNU/Linux servers # notes_url http://webserver.localhost.localdomain/hostinfo.pl?host=netware1 icon_image base/ubuntu.png icon_image_alt Ubuntu GNU/Linux vrml_image ubuntu.png statusmap_image base/ubuntu.gd2 }
TODO
10.2.1- Imagen de Fondo
Tal vez, tengamos a nuestras maquinas monitorizadas, en diferentes habitaciones, lugares, ciudades , o edificios diferentes, como el caso del wireless ;) . ¿ No creeis que sería interesante y llamativo, tener un Mapa de la ciudad, con cada uno de los Hosts en SU lugar ? Llamativo, eh ? Pues con Nagios podemos hacerlo, y personalizar aún más nuestro statusmap.
En el fichero cgi.cfg deberemos poner el nombre del fichero que va a formar la imagen de fondo ( background ) :
statusmap_background_image=ciudad.gd2 , el fichero debera ir en el directorio .../share/images/
Mucho cuidado, solamente podremos poner imagenes en el formato GD2, para lo cual deberemos convertir las imagenes desde PNG a GD2 con la herramienta pngtogd2. Para convertir la imagen haremos:
- El 1 1 son parámetros FIJOS, no los cambies o no te funcionará.
Asi de fácil :D
Es pot fer mitjançant el plugin nrpe. Utilitza una arquitectura client-servidor:
En aquest cas el client és la màquina on està instal·lat Nagios. Cal instal·lar el plugin:
$ sudo apt-get install nagios-nrpe-plugin
Els fitxers instal·lats són:
$ dpkg -L nagios-nrpe-plugin /. /usr /usr/lib /usr/lib/nagios /usr/lib/nagios/plugins /usr/lib/nagios/plugins/check_nrpe /usr/share /usr/share/doc /usr/share/doc/nagios-nrpe-plugin /usr/share/doc/nagios-nrpe-plugin/changelog.Debian.gz /usr/share/doc/nagios-nrpe-plugin/copyright /usr/share/doc/nagios-nrpe-plugin/NEWS.Debian.gz /etc /etc/nagios-plugins /etc/nagios-plugins/config /etc/nagios-plugins/config/check_nrpe.cfg
Atenció: sí teniu instal·lat Nagios des de una compilació del codi font podeu fer:
$ sudo cp /usr/lib/nagios/plugins/check_nrpe /usr/local/nagios/libexec $ sudo chown nagios:nagios /usr/local/nagios/libexec//check_nrpe
També es pot instal·lar la documentació amb:
$ sudo apt-get install nagios-nrpe-doc
NOTA: No és imprescindible aquest últim fitxer... Només és la documentació
$ cat /etc/nagios-plugins/config/check_nrpe.cfg # this command runs a program $ARG1$ with arguments $ARG2$ define command { command_name check_nrpe command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ } # this command runs a program $ARG1$ with no arguments define command { command_name check_nrpe_1arg command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ }
A la màquina remota que es vol monitoritzar, cal instal·lar:
$ sudo apt-get install nagios-nrpe-server nagios-plugins
Els fitxers instal·lats són:
$ dpkg -L nagios-nrpe-server /. /usr /usr/sbin /usr/sbin/nrpe /usr/share /usr/share/doc /usr/share/doc/nagios-nrpe-server /usr/share/doc/nagios-nrpe-server/changelog.Debian.gz /usr/share/doc/nagios-nrpe-server/LEGAL /usr/share/doc/nagios-nrpe-server/README.Debian /usr/share/doc/nagios-nrpe-server/README.SSL /usr/share/doc/nagios-nrpe-server/copyright /usr/share/doc/nagios-nrpe-server/SECURITY /usr/share/doc/nagios-nrpe-server/README.gz /usr/share/doc/nagios-nrpe-server/NEWS.Debian.gz /usr/share/man /usr/share/man/man8 /usr/share/man/man8/nrpe.8.gz /etc /etc/init.d /etc/init.d/nagios-nrpe-server /etc/default /etc/default/nagios-nrpe-server /etc/nagios /etc/nagios/nrpe_local.cfg /etc/nagios/nrpe.cfg /etc/nagios/nrpe.d
I definir quins Nagios tenen permisos per a fer consultes en aquesta màquina. Editeu el fitxer /etc/nagios/nrpe_local.cfg:
$ sudo joe /etc/nagios/nrpe_local.cfg
I afegiu la línia:
allowed_hosts=127.0.0.1,ipaddress.of.your.nagiosserver
Poseu la IP del vostre servidor Nagios.
NOTA: Si afegiu més d'una línia d'allowed hosts, la última línia serà la única que s'aplicarà. Deixeu la IP local per tal que continuí funcionant en local
També és important configurar el fitxer:
$ cat /etc/default/nagios-nrpe-server # defaults file for nagios-nrpe-server # (this file is a /bin/sh compatible fragment) # DAEMON_OPTS are any extra cmdline parameters you'd like to # pass along to the nrpe daemon #DAEMON_OPTS="--no-ssl" # NICENESS is if you want to run the server at a different nice() priority #NICENESS=5 # INETD is if you want to run the server via inetd (default=0, run as daemon) #INETD=0
Sobretot descomentar:
DAEMON_OPTS="--no-ssl"
Si no es vol utilitzar SSL.
Cal tornar a iniciar el servei amb :
$ sudo /etc/init.d/nagios-nrpe-server restart
NOTA: No calen els següents passos (tatxats): Ja està definida l'ordre al fitxer /etc/nagios-plugins/config/check_nrpe.cfg
Al client heu d'afegir una definició de comanda al fitxer commands.cfg (normalment es troba a /etc/nagios3):
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
IMPORTANT: Copieu literalment els valors del quadre anterior. $USER1$,$HOSTADDRESS$ i $ARG1$ són macros de nagios
Podeu comprovar que teniu accés amb:
$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.0.7 -c check_load
IMPORTANT: Canvieu la Ip de l'exemple (192.168.0.7) per la IP del vostre servidor nrpe
o si la instal·lació s'ha fet a mà (no s'aplica si ho feu amb apt-get)
$ /usr/local/nagios/libexec/check_nrpe -H 192.168.0.7 -c check_load OK - load average: 0.22, 0.20, 0.18|load1=0.220;15.000;30.000;0; load5=0.200;10.000;25.000;0; load15=0.180;5.000;20.000;0;
El fitxer nrpe_local.cfg s'inclou al fitxer principal de configuració: '/etc/nagios/nrpe.cfg. Si llegiu el fitxer /etc/nagios/nrpe.cfg veureu que per defecte la IP de localhost ja te permisos.
El port que utilitza el servidor és el 5666. Podeu comprovar que el port està obert amb:
$ sudo nmap 192.168.0.7 -p 5666 Starting Nmap 4.53 ( http://insecure.org ) at 2009-05-14 10:49 CEST Interesting ports on 192.168.0.7: PORT STATE SERVICE 5666/tcp open unknown MAC Address: 00:0F:FE:DE:81:6C (G-pro Computer) Nmap done: 1 IP address (1 host up) scanned in 0.152 seconds
També des del servidor es pot executar:
$ sudo netstat -at | grep 5666 tcp 0 0 *:5666 *:* LISTEN
Ara a la configuració de nagios podeu afegir els següents serveis al host:
IMPORTANT: Hi ha dos comandes check_nrpe quan hi ha dos arguments i check_nrpe_1arg quan n'hi ha un!
define service{
use generic-service
host_name remotehost
service_description CPU Load
check_command check_nrpe_1arg!check_load
}
define service{
use generic-service
host_name remotehost
service_description Current Users
check_command check_nrpe_1arg!check_users
}
define service{
use generic-service
host_name remotehost
service_description /dev/sda1 Free Space
check_command check_nrpe_1arg!check_sda1
}
define service{
use generic-service
host_name remotehost
service_description Root Free Space
check_command check_nrpe_1arg!check_rootfreespace
}
define service{
use generic-service
host_name remotehost
service_description Total Processes
check_command check_nrpe_1arg!check_total_procs
}
define service{
use generic-service
host_name remotehost
service_description Zombie Processes
check_command check_nrpe_1arg!check_zombie_procs
}
Atenció: Modifiqueu remotehost pel nom de la màquina remota que heu escollit.
Tingueu en compte que hi ha una comanda a mida!:
command[check_rootfreespace]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
NOTA: Als servidors Ubuntu, la partició /dev/sda1 sol ser la partició de boot i la partició arrel és una partició LVM. Per monitortizar l'arrel en aquests casos el millor és utilitzar la comanda indicada amunt!
Recursos:
La configuració del servidor la trobareu al fitxer:
$ cat /etc/nagios/nrpe.cfg ############################################################################# # Sample NRPE Config File # Written by: Ethan Galstad ([email protected]) # # Last Modified: 11-23-2007 # # NOTES: # This is a sample configuration file for the NRPE daemon. It needs to be # located on the remote host that is running the NRPE daemon, not the host # from which the check_nrpe client is being executed. ############################################################################# # LOG FACILITY # The syslog facility that should be used for logging purposes. log_facility=daemon # PID FILE # The name of the file in which the NRPE daemon should write it's process ID # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. pid_file=/var/run/nrpe.pid # PORT NUMBER # Port number we should wait for connections on. # NOTE: This must be a non-priviledged port (i.e. > 1024). # NOTE: This option is ignored if NRPE is running under either inetd or xinetd server_port=5666 # SERVER ADDRESS # Address that nrpe should bind to in case there are more than one interface # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #server_address=127.0.0.1 # NRPE USER # This determines the effective user that the NRPE daemon should run as. # You can either supply a username or a UID. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd nrpe_user=nagios # NRPE GROUP # This determines the effective group that the NRPE daemon should run as. # You can either supply a group name or a GID. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd nrpe_group=nagios # ALLOWED HOST ADDRESSES # This is an optional comma-delimited list of IP address or hostnames # that are allowed to talk to the NRPE daemon. # # Note: The daemon only does rudimentary checking of the client's IP # address. I would highly recommend adding entries in your /etc/hosts.allow # file to allow only the specified host to connect to the port # you are running this daemon on. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd allowed_hosts=127.0.0.1 # COMMAND ARGUMENT PROCESSING # This option determines whether or not the NRPE daemon will allow clients # to specify arguments to commands that are executed. This option only works # if the daemon was configured with the --enable-command-args configure script # option. # # *** ENABLING THIS OPTION IS A SECURITY RISK! *** # Read the SECURITY file for information on some of the security implications # of enabling this variable. # # Values: 0=do not allow arguments, 1=allow command arguments dont_blame_nrpe=0 # COMMAND PREFIX # This option allows you to prefix all commands with a user-defined string. # A space is automatically added between the specified prefix string and the # command line from the command definition. # # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** # Usage scenario: # Execute restricted commmands using sudo. For this to work, you need to add # the nagios user to your /etc/sudoers. An example entry for alllowing # execution of the plugins from might be: # # nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ # # This lets the nagios user run all commands in that directory (and only them) # without asking for a password. If you do this, make sure you don't give # random users write access to that directory or its contents! # command_prefix=/usr/bin/sudo # DEBUGGING OPTION # This option determines whether or not debugging messages are logged to the # syslog facility. # Values: 0=debugging off, 1=debugging on debug=0 # COMMAND TIMEOUT # This specifies the maximum number of seconds that the NRPE daemon will # allow plugins to finish executing before killing them off. command_timeout=60 # CONNECTION TIMEOUT # This specifies the maximum number of seconds that the NRPE daemon will # wait for a connection to be established before exiting. This is sometimes # seen where a network problem stops the SSL being established even though # all network sessions are connected. This causes the nrpe daemons to # accumulate, eating system resources. Do not set this too low. connection_timeout=300 # WEEK RANDOM SEED OPTION # This directive allows you to use SSL even if your system does not have # a /dev/random or /dev/urandom (on purpose or because the necessary patches # were not applied). The random number generator will be seeded from a file # which is either a file pointed to by the environment valiable $RANDFILE # or $HOME/.rnd. If neither exists, the pseudo random number generator will # be initialized and a warning will be issued. # Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness #allow_weak_random_seed=1 # INCLUDE CONFIG FILE # This directive allows you to include definitions from an external config file. #include=<somefile.cfg> # INCLUDE CONFIG DIRECTORY # This directive allows you to include definitions from config files (with a # .cfg extension) in one or more directories (with recursion). #include_dir=<somedirectory> #include_dir=<someotherdirectory> # COMMAND DEFINITIONS # Command definitions that this daemon will run. Definitions # are in the following format: # # command[<command_name>]=<command_line> # # When the daemon receives a request to return the results of <command_name> # it will execute the command specified by the <command_line> argument. # # Unlike Nagios, the command line cannot contain macros - it must be # typed exactly as it should be executed. # # Note: Any plugins that are used in the command lines must reside # on the machine that this daemon is running on! The examples below # assume that you have plugins installed in a /usr/local/nagios/libexec # directory. Also note that you will have to modify the definitions below # to match the argument format the plugins expect. Remember, these are # examples only! # The following examples use hardcoded command arguments... command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for # command arguments *AND* the dont_blame_nrpe directive in this # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. #command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ #command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ #command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ #command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ # # local configuration: # if you'd prefer, you can instead place directives here include=/etc/nagios/nrpe_local.cfg # # you can place your config snipplets into nrpe.d/ include_dir=/etc/nagios/nrpe.d/
Exemple de configuració del client:
http://acacha.org/mediawiki/index.php/OpenFPnet/Mosaic/Formaci%C3%B3/Execuci%C3%B3/M%C3%A0quines_virtuals_plantilla#Nagios_client._nagios-nrpe-server
Exemple configuració nagios:
[email protected]:/etc/nagios3/conf.d$ cat openfpnet_services.cfg $ cat openfpnet_commands.cfg #HTTPS define command { command_name check_https_certification command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -S -C $ARG1$ } define command { command_name check_anonymous_ldap3 command_line /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3 } define command { command_name check_admin_ldap3 command_line /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3 -D '$ARG2$' -p '$USER3' } define command { command_name check_moodle command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /moodle/index.php } define command { command_name check_mediawiki command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /maninfo/index.php } define command { command_name check_phpmyadmin command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -u /phpmyadmin } define command { command_name check_wordpress command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /wordpress } define command { command_name check_ocsreports command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /ocsreports } define command { command_name check_glpi command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /glpi } define command { command_name check_gestioip command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /gestioip -e '401 Authorization Required' } define command { command_name check_cacti command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /cacti } define command { command_name check_munin command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /munin } define command { command_name check_nagiosurl command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /nagios3 -e '401 Authorization Required' } define command { command_name check_calamaris_cop command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.10 -u /calamaris } define command { command_name check_calamaris_proxyguifi command_line /usr/lib/nagios/plugins/check_http -H 192.168.50.61 -u /calamaris }
[email protected]:/etc/nagios3/conf.d$ cat openfpnet_hostgroups.cfg # Some generic hostgroup definitions # A simple wildcard hostgroup define hostgroup { hostgroup_name all alias All Servers members * } # A list of your Debian GNU/Linux servers define hostgroup { hostgroup_name debian-servers alias Debian GNU/Linux Servers members proxmox01,proxmox02 } # A list of your web servers define hostgroup { hostgroup_name http-servers alias HTTP servers members localhost,www,cop,proxmox01,proxmox02,gosa,localhost,mirror,tallafocsasi,R0SC1,R10SC1,R10SC2,R11SS1,R12SS1,R13SS1,R14SS0,R17SS2,R26SS1,R5SS2 } # A list of your secure web servers define hostgroup { hostgroup_name https-servers alias HTTPS servers members localhost,www,cop,proxmox01,proxmox02,gosa,localhost,tallafocsasi } # A list of your ssh-accessible servers define hostgroup { hostgroup_name ssh-servers alias SSH servers members localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas } #OPENFPNET #Afegit per Sergi Tur el 19 d'agost de 2012 # NRPE SERVERS define hostgroup { hostgroup_name nrpe-servers alias SSH servers members localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas } # SNMP SERVERS define hostgroup { hostgroup_name snmp-servers alias SSH servers members localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas,R0SC1,R10SC1,R10SC2,R11SS1,R12SS1,R13SS1,R14SS0,R17SS2,R26SS1,R5SS2 } #GATEWAYS define hostgroup { hostgroup_name gateways alias Gateways servers members gateway01,routerxeba,router1,router2,router3,router4 } # Ubuntu servers define hostgroup { hostgroup_name ubuntu-servers alias Ubuntu servers members localhost,cop,ns2,gosa,samba01,samba02,samba03,samba04,proxyguifi,mirror,www,tallafocsasi } # Ldap servers define hostgroup { hostgroup_name ldap-servers alias Ldap servers members localhost,cop,gosa,samba01,samba02,samba03,samba04,proxyguifi,www,tallafocsasi } # MySQL servers define hostgroup { hostgroup_name mysql-servers alias Ldap servers members localhost,gosa,www } # DNS servers define hostgroup { hostgroup_name dns-servers alias DNS servers members cop,ns2,tallafocsasi } # DHCP servers define hostgroup { hostgroup_name dhcp-servers alias DHCP servers # members } #Squid servers define hostgroup { hostgroup_name squid-servers alias Squid servers members cop,proxyguifi,tallafocsasi } #NTP servers define hostgroup { hostgroup_name ntp-servers alias NTP servers members ns2,cop,tallafocsasi } #Samba servers define hostgroup { hostgroup_name samba-servers alias Samba servers members samba01,samba02,samba03,samba04 } #Proxmox servers define hostgroup { hostgroup_name proxmox-servers alias Proxmox servers members proxmox01,proxmox02 } #IPERF Servers define hostgroup { hostgroup_name iperf-servers alias IPERF servers members localhost } #SMTP Servers define hostgroup { hostgroup_name smtp-servers alias SMTP servers members localhost,www } #WINBOX Devices define hostgroup { hostgroup_name winbox-devices alias Winbox members gateway01 } #RPCBIND Servers define hostgroup { hostgroup_name rpcbind-servers alias RPCBIND servers members proxmox01,proxmox02 }
Excepte la comanda check_nrpe (què és la única que s'executa des del client ), les comandes "internes" de check_nrpe formen part del servidor, i les podeu trobar al fitxer:
$ cat /etc/nagios/nrpe.cfg ... command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
Cal activar-lo al fitxer /etc/nagios/nrpe.cfg:
debug=1
Cal reiniciar el servidor per activar el canvi:
$ sudo /etc/init.d/nagios-nrpe-server restart
Els logs sortiran per syslog:
$ sudo tail -f /var/log/syslog May 14 10:59:19 moodle nrpe[22354]: Caught SIGTERM - shutting down... May 14 10:59:19 moodle nrpe[22354]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges. May 14 10:59:19 moodle nrpe[22354]: Daemon shutdown May 14 10:59:20 moodle nrpe[23033]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 May 14 10:59:20 moodle nrpe[23033]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 May 14 10:59:20 moodle nrpe[23033]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1 May 14 10:59:20 moodle nrpe[23033]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z May 14 10:59:20 moodle nrpe[23033]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 May 14 10:59:20 moodle nrpe[23033]: INFO: SSL/TLS initialized. All network traffic will be encrypted. May 14 10:59:20 moodle nrpe[23034]: Starting up daemon May 14 10:59:20 moodle nrpe[23034]: Listening for connections on port 5666 May 14 10:59:20 moodle nrpe[23034]: Allowing connections from: 192.168.0.7 May 14 11:00:01 moodle CRON[23069]: Sigfile not found
Fitxer:NSCLIENTNagiosUsageGuide.pdf
Anem a veure com podeu monitoritzar dades "privades" d'una màquina remota Windows. Concretament podreu monitoritzar:
Per poder monitorizar Windows cal instal·lar un agent. L'agent a instal·lar és:
NSClient++
I el plugin (client) de Nagios a utilitzar és:
check_nt (normalment es troba a: /usr/lib/nagios/plugins/check_nt)
El plugin es proporcionat pel paquet:
$ dpkg -S /usr/lib/nagios/plugins/check_nt nagios-plugins-basic: /usr/lib/nagios/plugins/check_nt
Que es comunica amb l'agent/servidor NSClient++.
NOTA: Hi ha altres agents com NC_Net i també podríem utilitzar SNMP
Prerequisits
Només el primer cop que vulgueu monitoritzar una màquina Windows cal que editeu el fitxer:
$ sudo joe /etc/nagios3/nagios.cfg
I descomenteu:
#cfg_file=/etc/nagios3/objects/windows.cfg
Ha de quedar:
... # Definitions for monitoring a Windows machine cfg_file=/etc/nagios3/objects/windows.cfg ...
Al fitxer /etc/nagios3/objects/windows.cfg definireu els host Windows (teniu exemples de com fer-ho al mateix fitxer).
IMPORTANT: Si no teniu el fitxer el podeu buscar a /usr/share/doc/nagios3-common/examples/template-object/windows.cfg. Per tant feu:
$ sudo cp /usr/share/doc/nagios3-common/examples/template-object/windows.cfg /etc/nagios3/conf.d
Configuració de Nagios
Heu de tenir disponibles les següents ordres:
/etc/nagios-plugins/config/nt.cfg # If you are confused about this command definition, cause you was # reading other suggestions, please have a look into # /usr/share/doc/nagios-plugins/README.Debian # 'check_nt' command definition define command { command_name check_nt command_line /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -v '$ARG1$' } # 'check_nscp' command definition define command { command_name check_nscp command_line /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' }
També us cal una plantilla, la teniu a:
/usr/share/doc/nagios3-common/examples/template-object/windows.cfg
Per instal·lar l'Agent de Windows
nsclient++ /install
nsclient++ SysTray
Obriu el gestor de serveis de Windows i assegureu-vos que NSClientpp té permisos per interactuar amb l'escriptori (vegeu la pestanya "Log On")
Inicieu el servei NSClient++ amb:
nsclient++ /start
Si l'heu instal·lat correctament una nova icona apareixerà al System Tray (cercle groc amb una M negra dins)
Ara vegem un exemple de configuració de màquina Windows:
$ cat /etc/nagios3/conf.d/windows.cfg define host{ use windows-server ; Inherit default values from a Windows server template (make sure you keep this line!) host_name winserver alias My Windows Server address 192.168.1.2 }
I ara afegim un servei:
define service{
use generic-service
host_name winserver
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
Podeu monitoritzar el uptime:
define service{
use generic-service
host_name winserver
service_description Uptime
check_command check_nt!UPTIME
}
O l'ús de la CPU (la càrrega durant es últims 5 minuts és de més de 90% --> CRITICAL o WARNING a 80%)
IMPORTANT: La documentació de Nagios està malament!!! us diuen de posar opcions tipus -l! No les poseu. Simplement:
define service{
use generic-service
host_name winserver
service_description CPU Load
check_command check_nt!CPULOAD!80!90
}
Ús de memòria (CRITICAL:90% WARNING:80%):
define service{
use generic-service
host_name winserver
service_description Memory Usage
check_command check_nt!MEMUSE!80!90
}
Espai del disc C:\ (CRITICAL:90% WARNING:80%)
define service{
use generic-service
host_name winserver
service_description C:\ Drive Space
check_command check_nt!USEDDISKSPACE!80!90
}
Monitoritzar el servei W3SVC:
define service{
use generic-service
host_name winserver
service_description W3SVC
check_command check_nt!SERVICESTATE!SHOWALL!W3SVC
}
Per monitoritzar el procés Explorer.exe process (alerta crítica si no està en execució):
define service{
use generic-service
host_name winserver
service_description Explorer
check_command check_nt!PROCSTATE!SHOWALL!Explorer.exe
}
Exemple amb paraula de pas, cal posar l'opció -s:
IMPORTANT: Ojo que ja teniu la comanda posada a nagios-plugins, cal afegir només -s PASSWORD
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s PASSWORD -v $ARG1$ $ARG2$
}
Cal tornar a iniciar Nagios per tal d'aplicar els canvis.
Recursos:
Per monitoritzar commutadors el primer que cal fer és activar la línia (treien el símbol de comentari - # - ):
# Definitions for monitoring a router/switch cfg_file=/usr/local/nagios/etc/objects/switch.cfg
Al fitxer de configuració de nagios: nagios.cfg. El podeu trobar a:
/usr/local/nagios/etc/nagios.cfg
o
/etc/nagios/nagios.cfg
Depenent si l'heu instal·lat compilant o des de els repositoris.
Això el que fa és activar les definicions per a commutadors i encaminadors.
Ara ja podeu crear una definició d'objecte de Nagios, per tal de poder monitoritzar un commutador o encaminador. Editeu el fitxer switch.cfg
$ sudo joe /usr/local/nagios/etc/objects/switch.cfg
I afegiu una nova definició de màquina (host). Un exemple
define host{
use generic-switch ; Inherit default values from a template
host_name linksys-srw224p ; The name we're giving to this switch
alias Linksys SRW224P Switch ; A longer name associated with the switch
address 192.168.1.253 ; IP address of the switch
hostgroups allhosts,switches ; Host groups this switch is associated with
}
Observeu que el fitxer està ple d'exemples. Potser caldrà comentar o esborrar els exemples per tal d'evitar errors.
Recursos:
Es pot utilitzar la comanda check_ping per tal de definir un servei de monitorització d'un commutador:
define service{
use generic-service ; Inherit values from a template
host_name linksys-srw224p ; The name of the host the service is associated with
service_description PING ; The service description
check_command check_ping!200.0,20%!600.0,60% ; The command used to monitor the service
normal_check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_check_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
Es pot utilitzar per fer preguntes específiques als commutadors o encaminadors.
Per exemple, per saber l'estat d'un port:
#Port 2: connexió al router del centre
define service{
use generic-service ; Inherit values from a template
host_name Switch_Cisco_Servidors
service_description Port 2 Link Status: Router Centre
check_command check_snmp!-C public -o ifOperStatus.2 -r 1 -m RFC1213-MIB
}
On:
Hi ha un munt de paràmetres SNMP que es poden utilitzar. Es pot consultar els paràmetres amb la comanda:
$ snmpwalk -v1 -c public 192.168.1.253 -m ALL .1
O per saber el temps que porta encès el dispositiu:
define service{
use generic-service ; Inherit values from a template
host_name Switch_Cisco_Servidors
service_description Uptime
check_command check_snmp!-C public -o sysUpTime.0
}
Vegeu també l'article sobre SNMP.
Podem monitoritzar impressores HP o que suportin JetDirect amb la comanda de nagios check_hpjd. Per saber si el vostre Nagios disposa d'aquesta comanda:
$ ls /usr/local/nagios/libexec | grep hp check_hpjd
Per monitoritzar commutadors el primer que cal fer és activar la línia (treient el símbol de comentari - # - ):
# Definitions for monitoring a network printer cfg_file=/usr/local/nagios/etc/objects/printer.cfg
Al fitxer de configuració de nagios: nagios.cfg. El podeu trobar a:
/usr/local/nagios/etc/nagios.cfg
o
/etc/nagios/nagios.cfg
Depenent si l'heu instal·lat compilant o des dels repositoris. Això el que fa és activar les definicions per a commutadors i encaminadors.
Ara ja podeu crear una definició d'objecte de Nagios, per tal de poder monitoritzar un commutador o encaminador. Editeu el fitxer printer.cfg
$ sudo joe /usr/local/nagios/etc/objects/printer.cfg
I afegiu una nova definició de màquina (host). Un exemple
define host{
use generic-printer ; Inherit default values from a template
host_name hplj2605dn ; The name we're giving to this printer
alias HP LaserJet 2605dn ; A longer name associated with the printer
address 192.168.1.30 ; IP address of the printer
hostgroups network-printers ; Host groups this printer is associated with
}
Observeu que el fitxer està ple d'exemples. Potser caldrà esborrar-los o comentar-los per tal d'evitar problemes.
Recursos:
Per obtenir l'estatus de la impressora:
define service{
use generic-service ; Inherit values from a template
host_name hplj2605dn ; The name of the host the service is associated with
service_description Printer Status ; The service description
check_command check_hpjd!-C public ; The command used to monitor the service
normal_check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_check_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
I per a fer-li un ping:
define service{
use generic-service
host_name hplj2605dn
service_description PING
check_command check_ping!3000.0,80%!5000.0,100%
normal_check_interval 10
retry_check_interval 1
}
$ /usr/local/nagios/libexec/check_hpjd -H 192.168.12.50 -C public
Printer ok - ("Modo Suspensi.n activado")
#define HPJD_LINE_STATUS ".1.3.6.1.4.1.11.2.3.9.1.1.2.1" #define HPJD_PAPER_STATUS ".1.3.6.1.4.1.11.2.3.9.1.1.2.2" #define HPJD_INTERVENTION_REQUIRED ".1.3.6.1.4.1.11.2.3.9.1.1.2.3" #define HPJD_GD_PERIPHERAL_ERROR ".1.3.6.1.4.1.11.2.3.9.1.1.2.6" #define HPJD_GD_PAPER_JAM ".1.3.6.1.4.1.11.2.3.9.1.1.2.8" #define HPJD_GD_PAPER_OUT ".1.3.6.1.4.1.11.2.3.9.1.1.2.9" #define HPJD_GD_TONER_LOW ".1.3.6.1.4.1.11.2.3.9.1.1.2.10" #define HPJD_GD_PAGE_PUNT ".1.3.6.1.4.1.11.2.3.9.1.1.2.11" #define HPJD_GD_MEMORY_OUT ".1.3.6.1.4.1.11.2.3.9.1.1.2.12" #define HPJD_GD_DOOR_OPEN ".1.3.6.1.4.1.11.2.3.9.1.1.2.17" #define HPJD_GD_PAPER_OUTPUT ".1.3.6.1.4.1.11.2.3.9.1.1.2.19" #define HPJD_GD_STATUS_DISPLAY ".1.3.6.1.4.1.11.2.3.9.1.1.3"
Recursos:
Nagios per defecte utilitza autenticació HTTP. Els usuaris es troben al fitxer:
/etc/nagios3/htpasswd.users
Podeu utilitzar l'ordre htpasswd per gestionar els usuaris d'aquest fitxer.
IMPORTANT: No oblideu que l'autenticació HTTP només controla l'accés a Nagios. Un cop l'usuari accedeix a Nagios, és necessari que sigui un contacte de Nagios, és a dir que estigui definit al fitxer contacts, per tal de que tingui permisos per gestionar el Nagios)
Vegeu també Nagios#Afegir_un_nou_usuari.
La configuració de Nagios per tal d'utilitzar autenticació HTTP es troba a:
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride AuthConfig
Order Allow,Deny
Allow From All
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios3/htpasswd.users
# nagios 1.x:
#AuthUserFile /etc/nagios/htpasswd.users
require valid-user
</DirectoryMatch>
Per tal d'utilitzar Ldap com a sistema d'autenticació, també s'utilitza l'autenticació HTTP però aquest cop amb aquesta autenticació configurada per tal d'utilitzar Ldap.
Cal activar el mòdul authnz_ldap:
$ sudo a2enmod authnz_ldap $ sudo service apache2 restart
Per configurar l'autenticació HTTP cal modificar:
$ cat /etc/apache2/conf.d/nagios3.conf ... <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)> Options FollowSymLinks DirectoryIndex index.php index.html AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Nagios Access" AuthType Basic AuthUserFile /etc/nagios3/htpasswd.users # nagios 1.x: #AuthUserFile /etc/nagios/htpasswd.users #require valid-user AuthBasicProvider ldap file AuthzLDAPAuthoritative off AuthLDAPURL "ldap://localhost/ou=All,dc=iesalfacs,dc=cat?uid?sub" AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid require valid-user require ldap-group cn=nagios,ou=GrupsNOC,ou=Grups,ou=All,dc=iesalfacs,dc=cat </DirectoryMatch>
Per aplicar els canvis cal reiniciar Apache:
$ sudo /etC/init.d/apache2 restart
Recordeu que amb això només permetrem l'accés. Un cop dins de Nagios cal ser usuari que estigui donat d'alta al fitxer contacts i assignar-li permisos. Consulteu Nagios#Afegir_un_nou_usuari
Vegeu també Apache#Autenticaci.C3.B3_amb_Ldap
A la carpeta /usr/lib/nagios/plugins/ podem trobar diferents scripts de control de serveis de nagios. Aquest scripts són les comandes que s'executen per comprovar el funcionament dels serveis.
Tal i com podem veure amb la comanda:
$ dpkg -S check_time nagios-plugins-basic: /usr/lib/nagios/plugins/check_time
o amb
$ apt-cache search nagios sudo apt-cache search nagios arrayprobe - command line HP (Compaq) SmartArray status checker mailping - monitor email service availability and functioning munin - network-wide graphing framework (grapher/gatherer) nagat - Nagios Administration Tool nagcon - console application interfacing to Nagios nagios-common - A host/service/network monitoring and management system nagios-images - Collection of images and icons for the nagios system nagios-mysql - A host/service/network monitoring and management system nagios-nrpe-plugin - Nagios Remote Plugin Exectutor Plugin nagios-nrpe-server - Nagios Remote Plugin Exectutor Server nagios-pgsql - A host/service/network monitoring and management system nagios-plugins - Plugins for the nagios network monitoring and management system nagios-plugins-basic - Plugins for the nagios network monitoring and management system nagios-plugins-extra - radius plugin for nagios network monitoring and management system nagios-plugins-standard - Plugins for the nagios network monitoring and management system nagios-statd-client - nagios client for montioring remote system information nagios-statd-server - nagios server for monitoring remote system information nagios-text - A host/service/network monitoring and management system nagios2 - A host/service/network monitoring and management system nagios2-common - support files for nagios2 nagios2-dbg - debugging symbols for nagios2 nagios2-doc - documentation for nagios2 nsca - Nagios service monitor agent
Els paquets que ens proporcionen aquests scripts són les nagios-plugins-*
A la carpeta /etc/nagios-plugins/config trobem la configuració dels scripts. Veiem un exemple, l'script check_dns:
$ cat /etc/nagios-plugins/config/dns.cfg
# 'check_dns' command definition
define command{
command_name check_dns
command_line /usr/lib/nagios/plugins/check_dns -H www.google.com -s $HOSTADDRESS$
}
# 'check_dig' command definition
define command{
command_name check_dig
command_line /usr/lib/nagios/plugins/check_dig -H $HOSTNAME$ -l $ARG1$
}
Com podem veure també configura dig. Els paràmetres que cal tenir en compte:
Els paràmetres es poden passar de la següent forma (utilitzant el símbol exclamació):
define service{
use generic-service
host_name localhost
service_description dig
check_command check_dig!www.example.com
}
Per tal d'accedir remotament al nagios (fora de la xarxa interna) cal afegir la següent línia al fitxer /etc/hosts
217.149.150.23 tjener.intern tjener
Sino dona error que no es pot accedir a tjener.intern.
TODO:
Since Nagios only runs on Unix-like operating systems, I wrote a little Nagios script which is basically a wrapper around Iperf for bandwidth monitoring.
check_iperf #!/bin/bash # # Nagios plugin which runs iperf tests. # # (C) 2011 Robert Veznaver, released under the BSD licence # lockfile="/tmp/iperf-lock" # get arguments while getopts ':s:u:w:c:h' OPT; do case $OPT in s) host=$OPTARG;; u) unit=$OPTARG;; w) warn=$OPTARG;; c) crit=$OPTARG;; h) hlp="yes";; esac done # usage HELP=" usage: $0 [ -s iperf_server -u unit -w value -c value -h ] syntax: -s iperf server -u unit for reporting (Mbps, Kbps, bps) -w warning integer value -c critical integer value -p print out performance data -h print this help screen " if [ "$hlp" = "yes" -o $# -lt 1 ]; then echo "$HELP" exit 0 fi # check options if [ -z $host ]; then echo "-s missing" exit elif [ -z $warn ]; then echo "-w missing" exit elif [ -z $crit ]; then echo "-c missing" exit fi # select unit case $unit in Mbps) unit_num="1000000";; Kbps) unit_num="1000";; bps) unit_num="1";; *) unit="bps" unit_num="1";; esac # lock while ! ( set -o noclobber; echo "$$" > "$lockfile" ) 2> /dev/null do # check for stale lock otherpid="$(cat "${lockfile}")" if ! kill -0 $otherpid &>/dev/null; then # lock is stale - remove lock rm -rf "$lockfile" fi # wait for lock sleep 1 done # remove lockfile on unexpected exit trap 'rm -f "$lockfile"; exit $?' INT TERM EXIT # configure iperf iperf_cmd="iperf -c $host -r -y c" cut_field="cut -d, -f9" read up down <<< $($iperf_cmd | $cut_field) # release lock rm -f $lockfile trap - INT TERM EXIT if [ -z $up ]; then up=0 fi if [ -z $down ]; then down=0 fi let up_scaled="$up/$unit_num" let down_scaled="$down/$unit_num" output="UNKNOWN" if [ $up_scaled -lt $crit -o $down_scaled -lt $crit ]; then output="CRITICAL" elif [ $up_scaled -lt $warn -o $down_scaled -lt $warn ]; then output="WARNING" else output="OK" fi # append stats output="$output - UP: $up_scaled $unit / DOWN: $down_scaled $unit" echo $output
The script creates a lock so you can't test multiple servers from one location simultaneously. If you decide to run more than one instance it will run them sequentially in no particular order. I suggest making a special Nagios schedule for each link you want to test so the chances of hitting both the lock and the Nagios timeout threshold will be minimized.
http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1745.html;d=1
Consulteu Nconf.
Recursos
Recursos
Recursos
Recursos:
Consulteu també Munin#Munin_i_Nagios.
Consulteu Munin#Munin_i_Nagios.
$ nagios3stats Nagios Stats 3.2.3 Copyright (c) 2003-2008 Ethan Galstad (www.nagios.org) Last Modified: 10-03-2010 License: GPL Error reading status file '/var/cache/nagios3/status.dat': Permission denied
Cal executar amb sudo:
$ sudo nagios3stats Nagios Stats 3.2.3 Copyright (c) 2003-2008 Ethan Galstad (www.nagios.org) Last Modified: 10-03-2010 License: GPL CURRENT STATUS DATA ------------------------------------------------------ Status File: /var/cache/nagios3/status.dat Status File Age: 0d 0h 0m 0s Status File Version: 3.2.3 Program Running Time: 0d 0h 17m 10s Nagios PID: 20412 Used/High/Total Command Buffers: 0 / 0 / 4096 Total Services: 186 Services Checked: 186 Services Scheduled: 186 Services Actively Checked: 186 Services Passively Checked: 0 Total Service State Change: 0.000 / 5.990 / 0.669 % Active Service Latency: 0.006 / 0.258 / 0.128 sec Active Service Execution Time: 0.005 / 10.022 / 0.425 sec Active Service State Change: 0.000 / 5.990 / 0.669 % Active Services Last 1/5/15/60 min: 36 / 185 / 186 / 186 Passive Service Latency: 0.000 / 0.000 / 0.000 sec Passive Service State Change: 0.000 / 0.000 / 0.000 % Passive Services Last 1/5/15/60 min: 0 / 0 / 0 / 0 Services Ok/Warn/Unk/Crit: 102 / 1 / 13 / 70 Services Flapping: 0 Services In Downtime: 0 Total Hosts: 11 Hosts Checked: 11 Hosts Scheduled: 11 Hosts Actively Checked: 11 Host Passively Checked: 0 Total Host State Change: 0.000 / 0.000 / 0.000 % Active Host Latency: 0.020 / 0.256 / 0.118 sec Active Host Execution Time: 0.006 / 1.004 / 0.104 sec Active Host State Change: 0.000 / 0.000 / 0.000 % Active Hosts Last 1/5/15/60 min: 4 / 11 / 11 / 11 Passive Host Latency: 0.000 / 0.000 / 0.000 sec Passive Host State Change: 0.000 / 0.000 / 0.000 % Passive Hosts Last 1/5/15/60 min: 0 / 0 / 0 / 0 Hosts Up/Down/Unreach: 10 / 1 / 0 Hosts Flapping: 0 Hosts In Downtime: 0 Active Host Checks Last 1/5/15 min: 17 / 84 / 266 Scheduled: 3 / 10 / 32 On-demand: 14 / 74 / 234 Parallel: 3 / 10 / 37 Serial: 0 / 0 / 0 Cached: 14 / 74 / 229 Passive Host Checks Last 1/5/15 min: 0 / 0 / 0 Active Service Checks Last 1/5/15 min: 35 / 186 / 576 Scheduled: 35 / 186 / 576 On-demand: 0 / 0 / 0 Cached: 0 / 0 / 0 Passive Service Checks Last 1/5/15 min: 0 / 0 / 0 External Commands Last 1/5/15 min: 0 / 0 / 0
IMPORTANT: Per defecte el nagios ja ho fa, si el host està down no es mostren missatges sobre els serveis! Un altre tema és que a vegades els serveis fallen i no pas el host, i aleshores és normal rebre les notificacions dels serveis
Recursos:
Les external commands són necessàries per poder utilitzar les comandes des de la web de Nagios. Cal canviar el paràmetre check_external_commands al fitxer /etc/nagios3/nagios.cfg:
$ sudo joe /etc/nagios3/nagios.cfg check_external_commands=1
Normalment va seguit de l'error:
Error: Could not stat() command file '/var/lib/nagios3/rw/nagios.cmd'!
Per solucionar-h0:
$ sudo /etc/init.d/nagios3 stop $ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw $ sudo dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3 $ sudo /etc/init.d/nagios3 start
Recursos:
Aquest error apareix al fitxer de log si activem el log del servidor nrpe:
$ sudo tail -f /var/log/syslog Aug 19 21:49:49 ns2 nrpe[16998]: Daemon shutdown Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 Aug 19 21:49:50 ns2 nrpe[17286]: INFO: SSL/TLS NOT initialized. Network encryption DISABLED. Aug 19 21:49:50 ns2 nrpe[17287]: Starting up daemon Aug 19 21:49:50 ns2 nrpe[17287]: Listening for connections on port 5666 Aug 19 21:49:50 ns2 nrpe[17287]: Allowing connections from: 127.0.0.1,192.168.50.50
No té per que ser un error, igual hem indicat que no voliem SSL, amb l'opció:
DAEMON_OPTS="--no-ssl"
Del fitxer: /etc/default/nagios-nrpe-server
Cal estar segur que tant el client (compte amb l'opció -n) com el servidor ( DAEMON_OPTS="--no-ssl" al fitxer /etc/default/nagios-nrpe-server ) volen comunicar-se de la mateixa forma, és a dir o tots dos amb SSL o cap dels dos amb SSL.
$ sudo tail -f /var/log/syslog Aug 19 21:54:22 ns2 nrpe[17723]: Connection from 192.168.50.50 port 49881 Aug 19 21:54:22 ns2 nrpe[17723]: Host address is in allowed_hosts Aug 19 21:54:22 ns2 nrpe[17723]: Handling the connection... Aug 19 21:54:22 ns2 nrpe[17723]: Error: Could not complete SSL handshake. 1 Aug 19 21:54:22 ns2 nrpe[17723]: Connection from 192.168.50.50 closed.
A vegades al fitxer de log trobareu l'error (cal posar l'opció debug=1 al fitxer /etc/nagios/nrpe.cfg):
$ sudo tail -f /var/log/syslog | grep nrpe ... Aug 20 18:28:52 www nrpe[29569]: Network server bind failure (98: Address already in use)
Això vol dir que teniu una instància del servidor penjada o que funciona incorrectament. La sol·lució és localitzar el servidor amb
$ ps aux | grep nrpe
I matar-lo amb:
$ kill -9 PID
I aleshores tornar a arrancar el servidor:
$ sudo /etc/init.d/nagios-nrpe-server start
$ sudo /usr/local/nagios/libexec/check_nrpe -n -H 192.168.0.8 -c check_load CHECK_NRPE: Error receiving data from daemon.
L'opció -n indica
Do not use SSL
o si la instal·lació està feta amb apt-get:
$ sudo /usr/lib/nagios/plugins/check_nrpe -n -H 192.168.0.8 -c check_load
Vigileu al utilitzar la opció -n. Això només s'aplica si el servidor no utilitza SSL (no és recomana per que aleshores es pot interceptar les dades intercanviades entre servidor i client).
A Ubuntu, per defecte el servidor nrpe utilitza SSL:
$ cat /etc/default/nagios-nrpe-server # defaults file for nagios-nrpe-server # (this file is a /bin/sh compatible fragment) # DAEMON_OPTS are any extra cmdline parameters you'd like to # pass along to the nrpe daemon DAEMON_OPTS="--no-ssl" # NICENESS is if you want to run the server at a different nice() priority #NICENESS=5
Per tant;
$ sudo /usr/local/nagios/libexec/check_nrpe -H 192.168.0.8 -c check_load
Si el problema persisteix, activeu el log (opció debug=1 al fitxer de configuració del dimoni) i llegiu els logs amb:
$ sudo tail -f /var/log/syslog May 14 10:59:19 moodle nrpe[22354]: Caught SIGTERM - shutting down... May 14 10:59:19 moodle nrpe[22354]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges. May 14 10:59:19 moodle nrpe[22354]: Daemon shutdown May 14 10:59:20 moodle nrpe[23033]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 May 14 10:59:20 moodle nrpe[23033]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 May 14 10:59:20 moodle nrpe[23033]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1 May 14 10:59:20 moodle nrpe[23033]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z May 14 10:59:20 moodle nrpe[23033]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 May 14 10:59:20 moodle nrpe[23033]: INFO: SSL/TLS initialized. All network traffic will be encrypted. May 14 10:59:20 moodle nrpe[23034]: Starting up daemon May 14 10:59:20 moodle nrpe[23034]: Listening for connections on port 5666 May 14 10:59:20 moodle nrpe[23034]: Allowing connections from: 192.168.0.7
Assegureu-vos que la IP del client apareix a Allowing connections from:
Sempre que ens surti aquest missatge podem consultar el log d'errors d'apache2 $ sudo tail -f /var/log/apache2/error.log [Tue Nov 27 14:16:38 2007] [error] [client 127.0.0.1] (2)No such file or directory: Could not open password file: /etc/nagios2/htpasswd.users
El fitxer /etc/nagios2/htpasswd.users no existeix. El que si existeix és el de la versió 1. Podem solucionar-ho creant un link
$ sudo ln -s /etc/nagios/htpasswd.users /etc/nagios2/htpasswd.users
Aquest error ens indica que hi ha algun problema amb el cgi de nagios. Comproveu que s'esta executant Nagios. Llegiu el fitxer de log /var/log/nagios/nagios.log.
No s'ha configurat l'accés a la base de dades de Nagios en MySql. Si s'ha instalat Nagios utilitzant el paquet Debian (nagios-mysql) podem trobar la solució d'aquest error a:
/usr/share/doc/nagios-mysql El fitxer README.Debian. Explica com configurar L'accés a base de dades de Nagios
Una solució potser més sencilla és utilitzar nagios en mode text: Es a dir instalar el paquet nagios-text en comptes del nagios-mysql.
tail -f --lines=200 /var/log/nagios/nagios.log
Cal utilitzar un plugin de navegador que permeti visualitzar fitxers VRML. Podeu provar amb whitedune.