IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Nagios

De SergiTurWiki
Share/Save/Bookmark
Dreceres ràpides: navegació, cerca
http://acacha.org/mediawiki/index.php/OpenFPnet/Mosaic/Formaci%C3%B3/Execuci%C3%B3/Servidor_de_monitoritzaci%C3%B3._NOC#Nagios
Alert.png Aquesta wiki forma part dels materials d'un curs
Curs: SeguretatXarxesInformàtiques, LinuxAdministracioAvancada, DissenyXarxesLinux
Fitxers: EinesMonitoritzacio.pdf (EinesMonitoritzacio.odp)

EinesMonitoritzacio2.pdf (EinesMonitoritzacio2.odp)

Repositori SVN: https://anonymous@svn.projectes.lafarga.cat/svn/iceupc/SeguretatXarxesInformàtiques
Usuari: anonymous
Paraula de pas: sense paraula de pas
Autors: Sergi Tur Badenas

Contingut

Instalació i primers passos

Nagios és una aplicació de monitorització de recursos. Nagios està incorporat a SkoleLinux.

En les màquines ubuntu en les que he instalat Nagios he utilitzat els repositoris main i apt-get o synaptic per instal·lar els següents paquets:

  1. nagios-common
  2. nagios-text (Es poden instalar este o nagios-mysql o nagios-postgresql.)
  3. nagios-plugins

L'altre opció és compilar el codi font. Esta explicada al manual de nagios o per exemple a aquest HOW-TO en castellà.

Nagios a Ubuntu. Instal·lació des del codi font

Consulteu el quickstart oficial.

Nagios 3.0

Per instal·lar la versió 3 de Nagios (--acacha 07:39, 23 abr 2009 (UTC)) executeu:

$ sudo apt-get install nagios3
 S'instal·laran els següents paquets extres:
  bsd-mailx exim4 exim4-base exim4-config exim4-daemon-light libfreetype6 libgd2-noxpm libjpeg62 libnet-snmp-perl
  libperl5.10 libpng12-0 libradius1 libsensors3 libsnmp-base libsnmp15 nagios-images nagios-plugins nagios-plugins-basic
  nagios-plugins-standard nagios3-common nagios3-doc radiusclient1 snmp
Paquets suggerits:
  mail-reader eximon4 exim4-doc-html exim4-doc-info libmail-spf-query-perl swaks libfreetype6-dev libgd-tools
  libcrypt-des-perl libdigest-hmac-perl libio-socket-inet6-perl lm-sensors nagios2 nagios-text nagios whois
  nagios-nrpe-plugin
Paquets recomanats:
  mailx
S'instal·laran els següents paquets NOUS:
  bsd-mailx exim4 exim4-base exim4-config exim4-daemon-light libfreetype6 libgd2-noxpm libjpeg62 libnet-snmp-perl
  libperl5.10 libpng12-0 libradius1 libsensors3 libsnmp-base libsnmp15 nagios-images nagios-plugins nagios-plugins-basic
  nagios-plugins-standard nagios3 nagios3-common nagios3-doc radiusclient1 snmp
0 actualitzats, 24 nous a instal·lar, 0 a eliminar i 20 no actualitzats.
Es necessita obtenir 11,4MB d'arxius.
After this operation, 29,7MB of additional disk space will be used.
Voleu continuar [S/n]? s

És molt possible que us faci instal·lar un servidor de correu com Postfix. Si us pregunta pel tipus de configuració del servidor de correu, escolliu:

Lloc d'Internet

i quan pregunti pel nom de màquina deixeu el FQDN (nom + domini de la màquina).

Finalment us preguntarà pel password de l'usuari administrador de Nagios (nagiosadmin).

TODO: Captures de pantalla

Ara ja podeu accedir a nagios accedint a la URL:

http://localhost/nagios3

Però us demanara un usuari i paraula de pas. L'heu d'establir amb:

$ sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin

Nagios 2.0

$ sudo apt-get install nagios2
$ sudo apt-get install nagios-text

NagiosTxtInstalation.png

Escollim la contrasenya. Ara per cal executar:

$ sudo ln -s /etc/nagios/htpasswd.users /etc/nagios2/htpasswd.users 

Per evitar l'error Nagios#Internal_Server_Error

Ara ja podem accedir a Nagios, obrint el navegador i anant a la web

http://localhost/nagios2

L'usuari i contrasenya són:

  • Usuari: nagiosadmin
  • Contrasenya: L'hem escollit durant la instal·lació.

Paquets instal·lats

nagios-plugins-basic

/etc/nagios-plugins/config/ping.cfg

check-host-alive es defineix al fitxer:

$ cat  /etc/nagios-plugins/config/ping.cfg
...
# 'check-host-alive' command definition
define command{
       command_name    check-host-alive
       command_line    /usr/lib/nagios/plugins/check_ping -H '$HOSTADDRESS$' -w 5000,100% -c 5000,100% -p 1
       }

És a dir el criteri per a indicar si una màquina està UP o no és:

On 500m és el temps dels ping i 100% és el nombre de paquets perduts.


THRESHOLD is <rta>,<pl>% where <rta> is the round trip average travel
time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the
percentage of packet loss to trigger an alarm state.
This plugin uses the ping command to probe the specified host for packet loss
(percentage) and round trip average (milliseconds). It can produce HTML output
linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in
the contrib area of the downloads section at http://www.nagios.org/

Vegeu també check_ping

Configuració de Nagios

La configuració del nagios és fa amb els fitxers de la carpeta /etc/nagios.

NOTA: a SkoleLinux els fitxers estan a /etc/nagios/debian-edu

Nagios 3

La configuració com marca l'estàndard FHS es fa a la carpeta /etc/nagios3.

$ ls /etc/nagios3
apache2.conf  cgi.cfg  commands.cfg  conf.d  htpasswd.users  nagios.cfg  resource.cfg  stylesheets

On:

El fitxer principal de configuració és:

$ cat /etc/nagios3/nagios.cfg | grep -v '^#\|^$\|^;'
log_file=/var/log/nagios3/nagios.log
cfg_file=/etc/nagios3/commands.cfg
cfg_dir=/etc/nagios-plugins/config
cfg_dir=/etc/nagios3/conf.d
object_cache_file=/var/cache/nagios3/objects.cache
precached_object_file=/var/lib/nagios3/objects.precache
resource_file=/etc/nagios3/resource.cfg
status_file=/var/cache/nagios3/status.dat
status_update_interval=10
nagios_user=nagios
nagios_group=nagios
check_external_commands=0
command_check_interval=-1
command_file=/var/lib/nagios3/rw/nagios.cmd
external_command_buffer_slots=4096
lock_file=/var/run/nagios3/nagios3.pid
temp_file=/var/cache/nagios3/nagios.tmp
temp_path=/tmp
event_broker_options=-1
log_rotation_method=d
log_archive_path=/var/log/nagios3/archives
use_syslog=1
log_notifications=1
log_service_retries=1
log_host_retries=1
log_event_handlers=1
log_initial_states=0
log_external_commands=1
log_passive_checks=1
service_inter_check_delay_method=s
max_service_check_spread=30
service_interleave_factor=s
host_inter_check_delay_method=s
max_host_check_spread=30
max_concurrent_checks=0
check_result_reaper_frequency=10
max_check_result_reaper_time=30
check_result_path=/var/lib/nagios3/spool/checkresults
max_check_result_file_age=3600
cached_host_check_horizon=15
cached_service_check_horizon=15
enable_predictive_host_dependency_checks=1
enable_predictive_service_dependency_checks=1
soft_state_dependencies=0
auto_reschedule_checks=0
auto_rescheduling_interval=30
auto_rescheduling_window=180
sleep_time=0.25
service_check_timeout=60
host_check_timeout=30
event_handler_timeout=30
notification_timeout=30
ocsp_timeout=5
perfdata_timeout=5
retain_state_information=1
state_retention_file=/var/lib/nagios3/retention.dat
retention_update_interval=60
use_retained_program_state=1
use_retained_scheduling_info=1
retained_host_attribute_mask=0
retained_service_attribute_mask=0
retained_process_host_attribute_mask=0
retained_process_service_attribute_mask=0
retained_contact_host_attribute_mask=0
retained_contact_service_attribute_mask=0
interval_length=60
use_aggressive_host_checking=0
execute_service_checks=1
accept_passive_service_checks=1
execute_host_checks=1
accept_passive_host_checks=1
enable_notifications=1
enable_event_handlers=1
process_performance_data=0
obsess_over_services=0
obsess_over_hosts=0
translate_passive_host_checks=0
passive_host_checks_are_soft=0
check_for_orphaned_services=1
check_for_orphaned_hosts=1
check_service_freshness=1
service_freshness_check_interval=60
check_host_freshness=0
host_freshness_check_interval=60
additional_freshness_latency=15
enable_flap_detection=1
low_service_flap_threshold=5.0
high_service_flap_threshold=20.0
low_host_flap_threshold=5.0
high_host_flap_threshold=20.0
date_format=iso8601
p1_file=/usr/lib/nagios3/p1.pl
enable_embedded_perl=1
use_embedded_perl_implicitly=1
illegal_object_name_chars=`~!$%^&*|'"<>?,()=
illegal_macro_output_chars=`~$&|'"<>
use_regexp_matching=0
use_true_regexp_matching=0
admin_email=root@localhost
admin_pager=pageroot@localhost
daemon_dumps_core=0
use_large_installation_tweaks=0
enable_environment_macros=1
debug_level=0
debug_verbosity=1
debug_file=/var/log/nagios3/nagios.debug
max_debug_file_size=1000000

La majoria de paràmetres generals no cal modificar-los, les opcions per defecte són correctes. El més important és:

 cfg_dir=/etc/nagios3/conf.d

que és la carpeta on es configuren els recursos a monitoritzar.

$ ls /etc/nagios3/conf.d
contacts_nagios2.cfg  generic-host_nagios2.cfg     host-gateway_nagios3.cfg  localhost_nagios2.cfg  timeperiods_nagios2.cfg
extinfo_nagios2.cfg   generic-service_nagios2.cfg  hostgroups_nagios2.cfg    services_nagios2.cfg

Aquí podeu configurar:

  • Fitxers de màquines: Per defecte es monitoritza localhosti el gateway (només pings)
  • Localhost (localhost_nagios2.cfg):
  • Gateway (host-gateway_nagios3.cfg):
  • Grups de màquines (hostgroups_nagios2.cfg):
  • Serveis (services_nagios2.cfg): S'apliquen a grups de màquines per fer més ràpida la configuració (http-servers, ping-servers, ssh-servers
  • Contactes (contacts_nagios2.cfg):
  • Plantilla de màquina genèrica (generic-host_nagios2.cfg):
  • Plantilla de servei genèric (generic-service_nagios2.cfg):

Afegir un nou host

$ cd /etc/nagios3/conf.d
$ sudo cp localhost_nagios2.cfg cop.cfg

Modifiqueu les línies:

$ sudo joe cop.cfg
define host{
       use                     generic-host            ; Name of host template to use
       host_name               cop
       alias                   cop
       address                 192.168.0.4
       }

Comenteu la resta del fitxer. Ara l'afegirem als grups:

  • servidors-debian
  • servidors-ubuntu
  • http-servers
  • ssh-servers
  • ping-servers

Vegem un exemple de com afegir al grup http-servers:

$ sudo joe hostgroups_nagios2.cfg 
# A list of your web servers
define hostgroup {
        hostgroup_name  http-servers
                alias           HTTP servers
                members         localhost,cop
        }

La resta de grups es procedeix similar. El grup servidros-ubuntu l'hem afegit amb les següents línies:

# A list of your Ubuntu GNU/Linux servers
define hostgroup {
        hostgroup_name  ubuntu-servers
                alias           Debian GNU/Linux Servers
                members         localhost,cop
        }

Per aplicar els canvis vegeu Nagios#Verificant_la_configuraci.C3.B3._Execuci.C3.B3_de_Nagios.

Nagios 2

La configuració com marca l'estàndard FHS es fa a la carpeta /etc/nagios2 o en alguns casos /etc/nagios:

$ ls /etc/nagios
apache.conf checkcommands.cfg contacts.cfg escalations.cfg hosts.cfg minimal.cfg nagios.cfg
services.cfg timeperiods.cfg cgi.cfg contactgroups.cfg dependencies.cfg hostgroups.cfg
htpasswd.users misccommands.cfg resource.cfg stylesheets

/etc/nagios/resource.cfg

En aquest fitxer es poden definir MACROS o variables que es poden utilitzar en els fitxers de configuració de Nagios. És útil per emmagatzemar dades crítiques com usuaris i contrasenyes.

Fitxer hosts.cfg

En aquest fitxers es defineixen les màquines que es volen monitoritzar.

Exemples:

# Exemple de host
define host{
      use                     generic-host            ; Name of host template to use
      host_name               NomDeLaMaquina
      alias                   Una descripcio
      address                 127.2.2.1
      check_command           check-host-alive
      max_check_attempts      20
      notification_interval   60
      notification_period     24x7
      notification_options    d,u,r
      }

Podem afegir tantes màquines com creiem convenient. Si ens fixem les màquines utilitzen una plantilla o template (intrucció use generic-host). El template es troba a l'inici del fitxer hosts.cfg

define host{
      name                            generic-host    ; The name of this host template - referenced in other host 
      notifications_enabled           1       ; Host notifications are enabled
      event_handler_enabled           0       ; Host event handler is disabled
      flap_detection_enabled          0       ; Flap detection is disabled
      process_perf_data               1       ; Process performance data
      retain_status_information       1       ; Retain status information across program restarts
      retain_nonstatus_information    1       ; Retain non-status information across program restarts
      register                        0   ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
      }

Nota: perquè el Nagios pugui trobar la màquina (host) que hem definit, haurem d'agregar el valor de "host_name" a l'arxiu /etc/hosts de la màquina

Fitxer hostsgroups.cfg

En aquest fitxers es defineixen els grups de màquines.

  1. Default gateway host group definition
define hostgroup{

      hostgroup_name  Servers
      alias           Linux Servers
      contact_groups  linux-servers-admins
      members         NomDeLaMaquina,NomDeLaMaquina2
      }

Fitxer services.cfg

Aquí és poden definir els serveis que volem monitoritzar dels hosts que hem registrat. El mateix fitxer ens ofereix infinitat d'exemples dels serveis que es poden monitoritzar (HTTP, ports TCP-IP, base de dades, recursos d'espai i memòria,etc)

Igual que el que succeïx amb el fitxer hosts.cfg és pot utilitzar un template:

define service{
      name                            generic-service    ;The 'name' of this service template, referenced in other 
      active_checks_enabled           1       ; Active service checks are enabled
      passive_checks_enabled          0       ; Passive service checks are enabled/disabled
      parallelize_check               1       ; Active service checks should be parallelized
                                              ; (disabling this can lead to major performance problems)
      obsess_over_service             1       ; We should obsess over this service (if necessary)
      check_freshness                 0       ; Default is to NOT check service 'freshness'
      notifications_enabled           0       ; Service notifications are disabled
      event_handler_enabled           0       ; Service event handler is disabled
      flap_detection_enabled          0       ; Flap detection is disabled
      process_perf_data               1       ; Process performance data
      retain_status_information       1       ; Retain status information across program restarts
      retain_nonstatus_information    1       ; Retain non-status information across program restarts
      register                        0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
      }


Fitxer contacts.cfg

En aquest fitxer es defineixen les persones i les seves dades de contacte (email, beeper, SMS) encarregades de la monitorització. Aquest contactes són els que, en el cas de que el servei monitoritzat tingui el servei d'alertes instal·lat, rebran les alertes de possibles problemes amb els serveis.

define contact{
      contact_name                    nagios
      alias                           Nagios Admin
      service_notification_period     24x7
      host_notification_period        24x7
      service_notification_options    w,u,c,r
      host_notification_options       d,u,r
      service_notification_commands   notify-by-email,notify-by-epager
      host_notification_commands      host-notify-by-email,host-notify-by-epager
      email                           emailNagiosAdmin@localhost
      pager                           pagenagios-admin@localhost
      }


Exemple de configuració

Anem a veure pas a pas que s'ha de fer per monitoritzar una màquina. La configuració de Nagios es realitza editant fitxers de la carpeta /etc/nagios2/. Normalment només caldrà modificar els fitxers de la carpeta /etc/nagios2/conf.d.

El primer que cal fer és afegir una màquina que vulguem monitoritzar:

$ cd /etc/nagios2/conf.d

I creem un fitxer per a la màquina:

$ cat host-gateway.cfg 
# a host definition for the gateway of the default route
define host {
        host_name   gateway
        alias       Default Gateway
        address     192.168.1.1
        use         generic-host    
        }

El més important és:

host_name   gateway

Aquest és el nom (descriptiu que escolliu vosaltres) que li poseu a la màquina

alias       Default Gateway

Descripció llarga. Text lliure

address     192.168.1.1

El més important. L'adreça IP de la màquina a monitoritzar

use         generic-host

Això indica que utilitzem una plantilla per aquest host. La plantilla generic-host la proporciona per defecte Nagios.

NOTA: El fitxer pot tenir el nom que vulgueu, però és interessant seguir un patró com per exemple host-nommaquina.cfg

Un cop teniu la màquina configurada, saleu el fitxer i executeu:

$ sudo /etc/init.d/nagios2 restart

Això us permetrà comprovar si hi ha algun error en la configuració.

Ara cal configurar quins serveis volem monitoritzar en aquesta màquina. Els serveix més comuns són fàcils de configurar per què Nagios ens proporciona una forma fàcil de fer-ho utilitzant grups.

Per exemple, el primer que podem fer és que Nagios controli si la màquina esta encesa mitjançant pings. Per això només cal afegir la nostra màquina al grup de màquines a les que es fa ping.

Els grups estan definits al fitxer:

$ cat hostgroups_nagios2.cfg 
# Some generic hostgroup definitions

# A simple wildcard hostgroup
define hostgroup {
        hostgroup_name  all
                alias           All Servers
                members         *
        }  

# A list of your Debian GNU/Linux servers
define hostgroup {
        hostgroup_name  debian-servers
                alias           Debian GNU/Linux Servers
                members         localhost
        }  

# A list of your web servers
define hostgroup {
        hostgroup_name  http-servers
                alias           HTTP servers
                members         localhost
        }  

# A list of your ssh-accessible servers
define hostgroup {
        hostgroup_name  ssh-servers
                alias           SSH servers
                members         localhost
       } 

# nagios doesn't like monitoring hosts without services, so this is
# a group for devices that have no other "services" monitorable
# (like routers w/out snmp for example)
define hostgroup {
        hostgroup_name  ping-servers
                alias           Pingable servers
                members         gateway
        } 

Com podeu veure al final hi ha el grup ping-servers. Afegiu la vostra màquina de la següent forma

$ sudo joe hostgroups_nagios2.cfg
...

I modifiqueu:

 define hostgroup {
        hostgroup_name  ping-servers
                alias           Pingable servers
                members         gateway,altremaquina1,altremaquina2
        } 

També podeu fer el mateix amb les màquines que tinguin un servidor web:

 # A list of your web servers
define hostgroup {
        hostgroup_name  http-servers
                alias           HTTP servers
                members         localhost,gateway
        }  

Un cop fetes les modificacions executeu:

$ sudo /etc/init.d/nagios2 restart

Comproveu que no hi ha erros i consulteu la web de Nagios (potser haureu d'esperar uns minuts per tal de que refresqui) per consultar l'estat del servidor.

Configuració dels contactes

Al fitxer

$ cat /etc/nagios2/conf.d/contacts_nagios2.cfg

es configuren els contactes de nagios. Hi ha una zona anomenada CONTACTS:

###############################################################################
###############################################################################
#
# CONTACTS
#
###############################################################################
###############################################################################
....

Aquí, després del l'exemple de contacte que hi ha (root) heu d'afegir (podeu copiar de la plantilla de l'usuari root que acabem d'esmentar):

define contact{
        contact_name                    sergi
        alias                           Sergi Tur
        service_notification_period     24x7
        host_notification_period        24x7 
        service_notification_options    w,u,c,r
        host_notification_options       d,r
        service_notification_commands   notify-by-email
        host_notification_commands      host-notify-by-email
        email                           correu_electrònic
        }

Com podeu veure hem afegit un usuari anomenat sergi (nom comple Sergi Tur) que esta disponible per rebre avisos les 24 hores dels set dies de la setmana (24x7) i que rebrà les notificacions per correu electrònic.

El correu no es mostra per evitar SPAM però s'indica a la línia:

email                           correu_electrònic

Per tal que funcioni cal tenir un servidor de correu electrònic. El més senzill possiblement és postfix i el podeu instal·lar amb:

$ sudo apt-get install postfix

Verificant la configuració. Execució de Nagios

IMPORTANT: Si teniu nagios2 en comptes de nagios3 canvieu les ordres nagios3 per nagios2 i els paths a tots els exemples d'aquest apartat. Per exemple:
$ sudo nagios2 -v /etc/nagios3/nagios.cfg

Nagios té un script que permet verificar si els fitxers de configuració no tenen cap error. Executem:

$ sudo nagios3 -v /etc/nagios3/nagios.cfg 

O si el teniu instal·lat des del codi font compilant:

$ sudo /usr/local/nagios/bin/nagios -v  /usr/local/nagios/etc/nagios.cfg

Si tot esta correctament:

Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check

Aleshores podem executar el dimoni de Nagios

$ sudo /etc/init.d/nagios3 restart
$ ps aux | grep nagios
PID TTY TIME CMD
29864 ? 00:00:00 nagios2

Ja tenim el nagios executant-se. Ara falta configurar Apache i el CGI de Nagios per poder accedir a la interfície web.

Configuració del CGI de nagios. Configuració d'Apache

Fitxer cgi.cfg

En aquest fitxer es controlen les opcions del cgi Nagios. La configuració per defecte normalment ja funciona.

Configuració d'Apache

A Apache hem de configurar l'accés a HTML i l'execució d'Scripts CGI:

CGI:

ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
<Directory "/usr/local/nagios/sbin">
  AllowOverride AuthConfig
  Options ExecCGI
  Order allow,deny
  Allow from all
</Directory>


HTML:

Alias /nagios /usr/local/nagios/share
<Directory "/usr/local/nagios/share">
  Options None
  AllowOverride AuthConfig
  Order allow,deny
  Allow from all
</Directory>

Un cop configurat Apache és necessari recarregar el dimoni:

/etc/init.d/httpd restart 

L'accés a la interface web és:

http://ip_de_la_teva_maquina/nagios

Més info sobre la configuració de la interface web : http://nagios.sourceforge.net/docs/2_0/installweb.html

Configuració de l'accés a la interface web

Tipus d'usuaris

Cal tenir en compte que hi ha dos tipus d'usuaris:

  • Usuaris autenticats (Other Authenticated Users): és un usuari que té accés a Nagios però no és contacte.
  • Contacte autenticat (Authenticated Contacts): és un usuari com l'anterior que a més el seu nom d'usuari coincideix amb el short name d'un contacte.

Tant un tipus d'usuari com l'altre han de tenir un usuari creat al fitxer htpasswd.users

Permisos per defecte

CGI Data Authenticated Contacts Authenticated Users
Host Status Information Yes No
Host Configuration Information Yes No
Host History Yes No
Host Notifications Yes No
Host Commands Yes No
Service Status Information Yes No
Service Configuration Information Yes No
Service History Yes No
Service Notifications Yes No
Service Commands Yes No
All Configuration No No
System/Process Information No No
System/Process Commands No No

Canviar el password de l'usuari administrador (nagiosadmin)

Nagios ve configurat per defecte amb un usuari nagiosadmin i un password per defecte. Es pot canviar executant:

$ sudo htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
IMPORTANT: Cal tenir en compte quina versió de nagios utilitzeu. si per exemple és la versió 3 aleshores cal canviar: /etc/nagios3/htpasswd.users

El contingut del fitxer és quelcom similar:

$ cat /etc/nagios3/htpasswd.users
nagiosadmin:dQ7rtgiurweIg

Es pot utilitzar httacces d'Apache: http://nagios.sourceforge.net/docs/2_0/cgiauth.html

Afegir un nou usuari

Nagios ve configurat per defecte amb un sol usuari (nagiosadmin). Es pot afegir un nou usuari amb:

$ sudo htpasswd /etc/nagios3/htpasswd.users nom_usuari_nou

Per exemple:

$ sudo htpasswd /etc/nagios3/htpasswd.users maria

El resultat serà que el fitxer ara contindrà un nou usuari

$ cat /etc/nagios3/htpasswd.users
nagiosadmin:dQ7rtgiurweIg
maria:4vkYuiYydeD.Q

Cal tenir en compte però que amb això només permetrà entrar a la web però no ho veureu tot (cal indicar que pot fer l'usuari). Primer cal comprovar que la configuració del CGI de Nagios permet autenticació, cal que la variable use_authentication estigui a 1:

$ cat /etc/nagios3/cgi.cfg  | grep use_authentication
use_authentication=1

Si voleu que l'usuari pugui veure certa informació cal que també sigui un contacte. Per exemple per afegir el contacte maria afegiu:

define contact{
       contact_name                    maria
       alias                           Maria Fernandez Rodriguez
       service_notification_period     24x7
       host_notification_period        24x7
       service_notification_options    w,u,c,r
       host_notification_options       d,r
       service_notification_commands   notify-service-by-email
       host_notification_commands      notify-host-by-email
       email                           acacha@gmail.com
       }

al fitxer de contactes, per exemple el fitxer /etc/nagios3/conf.d/contacts_nagios2.cfg.

Consulteu Nagios#Permisos_per_defecte per veure quins són els permisos per defecte d'un contacte autenticat.

Si voleu permetrà que l'usuari tingui més permisos cal canviar les variables:

authorized_for_system_information
authorized_for_system_commands
authorized_for_configuration_information
authorized_for_all_hosts
authorized_for_all_host_commands
authorized_for_all_services
authorized_for_all_service_commands

Per defecte només pot l'usuari nagiosadmin:

$ cat /etc/nagios3/cgi.cfg | grep authorized
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
...

Per donar tots els permisos a l'usuari el fitxer hauria de quedar:

$ cat /etc/nagios3/cgi.cfg | grep authorized
authorized_for_system_information=nagiosadmin,sergi
authorized_for_configuration_information=nagiosadmin,sergi
authorized_for_system_commands=nagiosadmin,sergi
authorized_for_all_services=nagiosadmin,sergi
authorized_for_all_hosts=nagiosadmin,sergi
authorized_for_all_service_commands=nagiosadmin,sergi
authorized_for_all_host_commands=nagiosadmin,sergi
...


Consulteu també la documentació de Nagios:

Usuaris de només lectura

A /etc/nagios3/cgi.cfg:

# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs.  This will block any service or host commands normally shown
# on the extinfo CGI pages.  It will also block comments from being shown
# to read-only users. 

#authorized_for_read_only=user1,user2

Skolelinux

A SkoleLinux els fitxers de configuració del nagios estan a un altre carpeta. Per tant:

$ sudo htpasswd -c /etc/nagios/debian-edu/htpasswd.users nagiosadmin

Plugins

Vegeu la documentació oficial:

http://nagios.sourceforge.net/docs/3_0/plugins.html

Consultar l'ajuda d'un plugin

Es fa amb l'opció --help, per exemple:

$ /usr/lib/nagios/plugins/check_http --help

Macros

La utilitat de les macros és simplificar les configuracions massives de comandes, hosts i serveis. Per exemple, es pot definir una comanda una sola vegada per tal que funcioni correctament per a un número infinit de màquines utilitzant macros.

La macro més important és la host Address Macro ($HOSTADDRESS$). Si definim un host de la següent forma:

define host{
	host_name		linuxbox
	address		192.168.1.2
	check_command	check_ping
	...
	}

A la comanda podem utilitzar la macro $HOSTADDRESS$:

define command{
	command_name    check_ping
	command_line    /usr/local/nagios/libexec/check_ping -H $HOSTADDRESS$ -w 100.0,90% -c 200.0,60%
	}

La comanda que s'executarà serà:

/usr/local/nagios/libexec/check_ping -H 192.168.1.2 -w 100.0,90% -c 200.0,60%

Vegeu la documentació oficial:

http://nagios.sourceforge.net/docs/3_0/macros.html

Command Argument Macros

Es poden passar arguments a les comandes com si fossin funcions. S'utilitzant signes d'exclamació:

define service{
	host_name		linuxbox
	service_description	PING
	check_command	check_ping!200.0,80%!400.0,40%
	...
	}

A l'exemple anterior cridem la comanda check_ping amb dos opcions:

200.0,80%

i

400.0,40%

Dins la comanda s'utilitza:

:*$ARGn$: número d'arguments passats a la comanda
  • $ARG1$: primer argument. A l'exemple anterior "200.0,80%"
  • $ARG2$: segon argument. A l'exemple anterior "400.0,40%"
  • $ARG3$: tercer argument...

Un exemple de com es defineix la comanda:

define command{
	command_name    check_ping
	command_line    /usr/lib/nagios/plugins/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$
	}

El que s'executa es doncs:

/usr/lib/nagios/plugins/check_ping -H 192.168.1.2 -w 200.0,80% -c 400.0,40%
NOTA: Si es necessita passar el caràcter ! com argument, s'ha d'escapar amb backslash (\). Igualment les contrabarres s'han d'escapar amb una contrabarra

On-Demand Macros

TODO

Normally when you use host and service macros in command definitions, they refer to values for the host or service for which the command is being run. For instance, if a host check command is being executed for a host named "linuxbox", all the standard host macros will refer to values for that host ("linuxbox").

If you would like to reference values for another host or service in a command (for which the command is not being run), you can use what are called "on-demand" macros. On-demand macros look like normal macros, except for the fact that they contain an identifier for the host or service from which they should get their value. Here's the basic format for on-demand macros:

   $HOSTMACRONAME:host_name$
   $SERVICEMACRONAME:host_name:service_description$

Replace HOSTMACRONAME and SERVICEMACRONAME with the name of one of the standard host of service macros found here.

Note that the macro name is separated from the host or service identifier by a colon (:). For on-demand service macros, the service identifier consists of both a host name and a service description - these are separated by a colon (:) as well.

Tip Tip: On-demand service macros can contain an empty host name field. In this case the name of the host associated with the service will automatically be used.

Examples of on-demand host and service macros follow:


$HOSTDOWNTIME:myhost$ <--- On-demand host macro

$SERVICESTATEID:novellserver:DS Database$ <--- On-demand service macro

$SERVICESTATEID::CPU Load$ <--- On-demand service macro with blank host name field

On-demand macros are also available for hostgroup, servicegroup, contact, and contactgroup macros. For example:


$CONTACTEMAIL:john$ <--- On-demand contact macro

$CONTACTGROUPMEMBERS:linux-admins$ <--- On-demand contactgroup macro

$HOSTGROUPALIAS:linux-servers$ <--- On-demand hostgroup macro

$SERVICEGROUPALIAS:DNS-Cluster$ <--- On-demand servicegroup macro

On-Demand Group Macros

TODO

You can obtain the values of a macro across all contacts, hosts, or services in a specific group by using a special format for your on-demand macro declaration. You do this by referencing a specific host group, service group, or contact group name in an on-demand macro, like so:

   $HOSTMACRONAME:hostgroup_name:delimiter$
   $SERVICEMACRONAME:servicegroup_name:delimiter$
   $CONTACTMACRONAME:contactgroup_name:delimiter$

Replace HOSTMACRONAME, SERVICEMACRONAME, and CONTACTMACRONAME with the name of one of the standard host, service, or contact macros found here. The delimiter you specify is used to separate macro values for each group member.

For example, the following macro will return a comma-separated list of host state ids for hosts that are members of the hg1 hostgroup:


$HOSTSTATEID:hg1:,$

This macro definition will return something that looks like this:


0,2,1,1,0,0,2

Custom Variable Macros

Any custom object variables that you define in host, service, or contact definitions are also available as macros. Custom variable macros are named as follows:

   $_HOSTvarname$
   $_SERVICEvarname$
   $_CONTACTvarname$

Take the following host definition with a custom variable called "_MACADDRESS"...


define host{

host_name linuxbox

address 192.168.1.1

_MACADDRESS 00:01:02:03:04:05

...

}

The _MACADDRESS custom variable would be available in a macro called $_HOSTMACADDRESS$. More information on custom object variables and how they can be used in macros can be found here.

Macro Cleansing

Some macros are stripped of potentially dangerous shell metacharacters before being substituted into commands to be executed. Which characters are stripped from the macros depends on the setting of the illegal_macro_output_chars directive. The following macros are stripped of potentially dangerous characters:

   $HOSTOUTPUT$
   $LONGHOSTOUTPUT$
   $HOSTPERFDATA$
   $HOSTACKAUTHOR$
   $HOSTACKCOMMENT$
   $SERVICEOUTPUT$
   $LONGSERVICEOUTPUT$
   $SERVICEPERFDATA$
   $SERVICEACKAUTHOR$
   $SERVICEACKCOMMENT$ 

Additionally, any macros that contain custom variables are stripped for safety and security.

Macros com a variables d'entorn

Most macros are made available as environment variables for easy reference by scripts or commands that are executed by Nagios. For purposes of security and sanity, $USERn$ and "on-demand" host and service macros are not made available as environment variables.

Environment variables that contain standard macros are named the same as their corresponding macro names (listed here), with "NAGIOS_" prepended to their names. For example, the $HOSTNAME$ macro would be available as an environment variable named "NAGIOS_HOSTNAME".

Llista de totes les macros disponibles

La podeu trobar a la documentació oficial:

http://nagios.sourceforge.net/docs/3_0/macrolist.html

Utilitzar paraules de pas amb les comandes

El fitxer:

$ cat /etc/nagios3/resource.cfg
###########################################################################
#
#  RESOURCE.CFG - Resource File for Nagios 
#
# You can define $USERx$ macros in this file, which can in turn be used
# in command definitions in your host config file(s).  $USERx$ macros are
# useful for storing sensitive information such as usernames, passwords, 
# etc.  They are also handy for specifying the path to plugins and 
# event handlers - if you decide to move the plugins or event handlers to
# a different directory in the future, you can just update one or two
# $USERx$ macros, instead of modifying a lot of command definitions.
#
# The CGIs will not attempt to read the contents of resource files, so
# you can set restrictive permissions (600 or 660) on them.
#
# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
#
# Resource files may also be used to store configuration directives for
# external data sources like MySQL...
#
###########################################################################

# Sets $USER1$ to be the path to the plugins
$USER1$=/usr/lib/nagios/plugins

# Sets $USER2$ to be the path to event handlers
#$USER2$=/usr/lib/nagios/plugins/eventhandlers

# Store some usernames and passwords (hidden from the CGIs)

Per exemple per indicar la paraula de pas de root

$ cat /etc/nagios3/resource.cfg
...
USER1=POSEUAQUIELVOSTREPASSWORD

check_ping

Vegeu també Nagios#.2Fetc.2Fnagios-plugins.2Fconfig.2Fping.cfg

check_http

NOTA: hi ha múltiples comandes plantilla relacionades amb check_http al fitxer: /usr/share/nagios-plugins/templates-basic/http.cfg

S'inclou per defecte a Nagios3. Vegem un exemple d'ús:

$ /usr/lib/nagios/plugins/check_http -H 192.168.50.10
HTTP OK: HTTP/1.1 200 OK - 453 bytes in 0,002 second response time |time=0,001540s;;;0,000000 size=453B;;;0

Vegem altres opcions. Per exemple, comprovar servidors HTTP en ports diferents al port per defecte (per exemple pot ser util per comprovar altres servidor web com Tomcat):

$ /usr/lib/nagios/plugins/check_http -H 192.168.1.50 -p 8080
HTTP OK HTTP/1.1 200 OK - 332 bytes in 0.004 seconds |time=0.004144s;;;0.000000 size=332B;;;0

També permet comprovar URLs específiques:

$ /usr/lib/nagios/plugins/check_http -H acacha.org -u http://acacha.org/mediawiki

Consulteu altres opcions a:

http://linux.101hacks.com/unix/check-http/

I als manuals:

$ /usr/lib/nagios/plugins/check_http
Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
      [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
      [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
      [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
      [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
      [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
      [-j method]
$ /usr/lib/nagios/plugins/check_http --help
check_http v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>
Copyright (c) 1999-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin tests the HTTP service on the specified host. It can test
normal (http) and secure (https) servers, follow redirects, search for
strings and regular expressions, check connection times, and report on
certificate expiration times. 


Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
      [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
      [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
      [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
      [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
      [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
      [-j method]
NOTE: One or both of -H and -I must be specified

Options:
-h, --help
   Print detailed help screen
-V, --version
   Print version information
-H, --hostname=ADDRESS
   Host name argument for servers using host headers (virtual host)
   Append a port to include it in the header (eg: example.com:5000)
-I, --IP-address=ADDRESS
   IP address or name (use numeric address if possible to bypass DNS lookup).
-p, --port=INTEGER
   Port number (default: 80)
-4, --use-ipv4
   Use IPv4 connection
-6, --use-ipv6
   Use IPv6 connection
-S, --ssl
  Connect via SSL. Port defaults to 443
--sni
  Enable SSL/TLS hostname extension support (SNI)
-C, --certificate=INTEGER
  Minimum number of days a certificate has to be valid. Port defaults to 443
  (when this option is used the URL is not checked.)

-e, --expect=STRING
   Comma-delimited list of strings, at least one of them is expected in
   the first (status) line of the server response (default: HTTP/1.)
   If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)
-s, --string=STRING
   String to expect in the content
-u, --url=PATH
   URL to GET or POST (default: /)
-P, --post=STRING
   URL encoded http POST data
-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)
   Set HTTP method.
-N, --no-body
   Don't wait for document body: stop reading after headers.
   (Note that this still does an HTTP GET or POST, not a HEAD.)
-M, --max-age=SECONDS
   Warn if document is more than SECONDS old. the number can also be of
   the form "10m" for min utes, "10h" for hours, or "10d" for days.
-T, --content-type=STRING 
   specify Content-Type header media type when POSTing 

 -l, --linespan
    Allow regex to span newlines (must precede -r or -R)
 -r, --regex, --ereg=STRING
    Search page for regex STRING
 -R, --eregi=STRING
    Search page for case-insensitive regex STRING
 --invert-regex
    Return CRITICAL if found, OK if not

 -a, --authorization=AUTH_PAIR
    Username:password on sites with basic authentication
 -b, --proxy-authorization=AUTH_PAIR
 	Username:password on proxy-servers with basic authentication
 -A, --useragent=STRING
    String to be sent in http header as "User Agent"
 -k, --header=STRING
     Any other tags to be sent in http header. Use multiple times for additional headers
 -L, --link
    Wrap output in HTML link (obsoleted by urlize)
 -f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>
    How to handle redirected pages. sticky is like follow but stick to the
    specified IP address. stickyport also ensure post stays the same.
 -m, --pagesize=INTEGER<:INTEGER>
    Minimum page size required (bytes) : Maximum page size required (bytes)
 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)
 
Notes:
 This plugin will attempt to open an HTTP connection with the host.
 Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL
 other errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse
 messages from the host result in STATE_WARNING return values.  If you are
 checking a virtual server that uses 'host headers' you must supply the FQDN
 (fully qualified domain name) as the [host_name] argument.

 This plugin can also check whether an SSL enabled web server is able to
 serve content (optionally within a specified time) or whether the X509 
 certificate is still valid for the specified number of days.

Examples:
CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com

 When the 'www.verisign.com' server returns its content within 5 seconds,
 a STATE_OK will be returned. When the server returns its content but exceeds
 the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,
 a STATE_CRITICAL will be returned.

 CHECK CERTIFICATE: check_http -H www.verisign.com -C 14

 When the certificate of 'www.verisign.com' is valid for more than 14 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
 the certificate is expired.

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net


Recursos

HTTPS

Es pot definir una comanda de la següent manera:

Definim la comanda

#HTTPS
define command{
       command_name    check_https
       command_line    /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -S                                      
       }

La comanda check_https, ja està definida al fitxer:

$ cat /usr/share/nagios-plugins/templates-basic/http.cfg
...
# 'check_https' command definition
define command{
	command_name    check_https
	command_line	/usr/lib/nagios/plugins/check_http --ssl -H '$HOSTADDRESS$' -I '$HOSTADDRESS$'
	}
...

Definim el servei i l'apliquem al grup https-servers:

# HTTPS
define service {
       hostgroup_name                  https-servers
       service_description             HTTPS
       check_command                   check_https    
       use                             generic-service
       notification_interval           0 ; set > 0 if you want to be renotified
}

El grup es defineix de la següent manera:

# A list of your secure web servers
define hostgroup {
       hostgroup_name  https-servers
               alias           HTTPS servers
               members         localhost,www,cop,proxmox01,gosa,localhost
       }


S'utilitza check_http amb l'opció -S:

$ /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -S 
HTTP OK: HTTP/1.1 200 OK - 453 bytes in 0,057 second response time |time=0,056505s;;;0,000000 size=453B;;;0

Un exemple de servidor amb HTTP, però no HTTPS:

$ /usr/lib/nagios/plugins/check_http -H 192.168.50.10 -S 
S’ha refusat la connexió
HTTP CRITICAL - Unable to open TCP socket

Si el port és diferent al port per defecte:

$ check_http -H 192.168.1.50 -S -p 8443
HTTP OK HTTP/1.1 200 OK - 332 bytes in 0.004 seconds |time=0.004144s;;;0.000000 size=332B;;;0

És útil també per comprovar quan expira el certificat SSL:

$ /usr/lib/nagios/plugins/check_http -H 101hacks.com -C 365
WARNING - Certificate expires in 300 day(s) (01/01/2011 10:10).

check_ssh

Les opcions són:

$ /usr/lib/nagios/plugins/check_ssh --help
check_ssh v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999 Remi Paulmier <remi@sinfomic.fr>
Copyright (c) 2000-2007 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net> 

Try to connect to an SSH server at specified server and port
 

Usage:
check_ssh [-46] [-t <timeout>] [-r <remote version>] [-p <port>] <host>

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 22)
 -4, --use-ipv4
    Use IPv4 connection
 -6, --use-ipv6
    Use IPv6 connection
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -r, --remote-version=STRING
    Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)
 -v, --verbose
   Show details for command-line debugging (Nagios may truncate output)

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

Hi ha una serie de comandes/plantilla predefinides al fitxer:

$ cat /usr/share/nagios-plugins/templates-basic/ssh.cfg
# 'check_ssh' command definition
define command{
	command_name	check_ssh
	command_line	/usr/lib/nagios/plugins/check_ssh '$HOSTADDRESS$'
	}

# 'check_ssh_port' command definition
define command{
	command_name    check_ssh_port
	command_line    /usr/lib/nagios/plugins/check_ssh -p '$ARG1$' '$HOSTADDRESS$'
	}

####
# use these checks, if you want to test IPv4 connectivity on IPv6 enabled systems
####

# 'check_ssh_4' command definition
define command{
        command_name    check_ssh_4
        command_line    /usr/lib/nagios/plugins/check_ssh -4 '$HOSTADDRESS$'
        }

# 'check_ssh_port_4' command definition
define command{
	command_name    check_ssh_port_4
	command_line    /usr/lib/nagios/plugins/check_ssh -4 -p '$ARG1$' '$HOSTADDRESS$'
	}

check_udp

El plugin es troba a:

/usr/lib/nagios/plugins/check_udp

Un exemple d'ús:

$ /usr/lib/nagios/plugins/check_udp

El manual:

$ /usr/lib/nagios/plugins/check_udp --help
check_udp v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>
Copyright (c) 1999-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin tests UDP connections with the specified host (or unix socket).

Usage:
check_udp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <days to cert expiry>] [-S <use SSL>] [-E]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: none)
 -4, --use-ipv4
    Use IPv4 connection
 -6, --use-ipv6
    Use IPv6 connection
 -E, --escape
    Can use \n, \r, \t or \ in send or quit string. Must come before send or quit option
    Default: nothing added to send, \r\n added to end of quit
 -s, --send=STRING
    String to send to the server
 -e, --expect=STRING
    String to expect in server response (may be repeated)
 -A, --all
   All expect strings need to occur in server response. Default is any
 -q, --quit=STRING
    String to send server to initiate a clean close of the connection
 -r, --refuse=ok|warn|crit
    Accept TCP refusals with states ok, warn, crit (default: crit)
 -M, --mismatch=ok|warn|crit
    Accept expected string mismatches with states ok, warn, crit (default: warn)
 -j, --jail
    Hide output from TCP socket
 -m, --maxbytes=INTEGER
    Close connection once more than this number of bytes are received
 -d, --delay=INTEGER
    Seconds to wait between sending string and polling for response
 -D, --certificate=INTEGER
    Minimum number of days a certificate has to be valid.
 -S, --ssl
    Use SSL for the connection.
 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output) 

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

check_dhcp

NOTA: Si només es volen comprovar els ports, es pot utilitzar check_tcp i/o check_udp

Aquest plugin cal executar-lo com a root:

$ sudo /usr/lib/nagios/plugins/check_dhcp 192.168.50.10
CRITICAL: No DHCPOFFERs were received.

Si no s'executa com a root:

Warning: This plugin must be either run as root or setuid root.
To run as root, you can use a tool like sudo.
To set the setuid permissions, use the command:
	chmod u+s yourpluginfile
Error: Could not bind socket to interface eth0.  Check your privileges...

Establiu el bit setuid:

$ sudo chmod u+s /usr/lib/nagios/plugins/check_dhcp

El manual dona les següents opcions:

$ /usr/lib/nagios/plugins/check_dhcp --help
check_dhcp v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2001-2004 Ethan Galstad (nagios@nagios.org)
Copyright (c) 2001-2007 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin tests the availability of DHCP servers on a network.
 

Usage:
check_dhcp [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]
                 [-i interface] [-m mac]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)
 -s, --serverip=IPADDRESS
    IP address of DHCP server that we must hear from
 -r, --requestedip=IPADDRESS
    IP address that should be offered by at least one DHCP server
 -t, --timeout=INTEGER
    Seconds to wait for DHCPOFFER before timeout occurs
 -i, --interface=STRING
    Interface to to use for listening (i.e. eth0)
 -m, --mac=STRING
    MAC address to use in the DHCP request
 -u, --unicast
    Unicast testing: mimic a DHCP relay, requires -s

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

Hi ha una sèrie de comandes predefinides al fitxer:

$ cat /usr/share/nagios-plugins/templates-basic/dhcp.cfg
# note: these plugins require root privilege.  see README.Debian for
# more information on how it is recommended that you do this.

# 'check_dhcp' command definition
define command{ 
	command_name	check_dhcp
	command_line	/usr/lib/nagios/plugins/check_dhcp -s '$HOSTADDRESS$' 
	}

# 'check_dhcp_interface' command definition
define command{
 	command_name	check_dhcp_interface 
	command_line	/usr/lib/nagios/plugins/check_dhcp -s '$HOSTADDRESS$' -i '$ARG1$' 
	}

Si us dona el Warning/Error:

Warning: This plugin must be either run as root or setuid root.

check-dns

El plugin el trobareu a:

/usr/lib/nagios/plugins/check_dns

També hi ha el plugin:

/usr/lib/nagios/plugins/check_dig

el primer utilitzaa l'ordre nslookup i el segon l'ordre dig per tal de comprovar el funcionament dels servidors DNS.

Els manuals:

$ /usr/lib/nagios/plugins/check_dns --help
check_dns v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>
Copyright (c) 2000-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin uses the nslookup program to obtain the IP address for the given host/domain query.
An optional DNS server to use may be specified.
If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used.
 

Usage:
check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=HOST
    The name or address you want to query
 -s, --server=HOST
    Optional DNS server you want to use for the lookup
 -a, --expected-address=IP-ADDRESS|HOST
    Optional IP-ADDRESS you expect the DNS server to return. HOST must end with
    a dot (.). This option can be repeated multiple times (Returns OK if any
    value match). If multiple addresses are returned at once, you have to match
    the whole string of addresses separated with commas (sorted alphabetically).
 -A, --expect-authority
    Optionally expect the DNS server to be authoritative for the lookup
 -w, --warning=seconds
    Return warning if elapsed time exceeds value. Default off
 -c, --critical=seconds
    Return critical if elapsed time exceeds value. Default off
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

i:

$ /usr/lib/nagios/plugins/check_dig --help
check_dig v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2000 Karl DeBisschop <kdebisschop@users. sourceforge.net>
Copyright (c) 2002-2008 Nagios Plugin Development Team 
	<nagiosplug-devel@lists.sourceforge.net>

This plugin test the DNS service on the specified host using dig

Usage:
check_dig -l <query_address> [-H <host>] [-p <serve r port>]
 [-T <query type>] [-w <warning interval>] [-c <cri tical interval>]
 [-t <timeout>] [-a <expected answer address>] [-v] 

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 53)
 -l, --query_address=STRING
    Machine name to lookup
 -T, --record_type=STRING
    Record type to lookup (default: A)
 -a, --expected_address=STRING
    An address expected to be in the answer section. If not set, uses whatever
    was in -l
 -A, --dig-arguments=STRING
    Pass STRING as argument(s) to dig
 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)

Examples:
 check_dig -H DNSSERVER -l www.example.com -A "+tcp"
 This will send a tcp query to DNSSERVER for www.example.com

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net


La comanda check_dns es troba definida al fitxer:

$ cat /usr/share/nagios-plugins/templates-standard/dns.cfg
# 'check_dns' command definition
define command{ 
	command_name	check_dns
	command_line	/usr/lib/nagios/plugins/check_dns -H www.google.com -s '$HOSTADDRESS$'
}

# 'check_dig' command definition
define command{
	command_name    check_dig
	command_line    /usr/lib/nagios/plugins/check_dig -H '$HOSTADDRESS$' -l '$ARG1$'
}

check-ntp

Amb els plugins bàsics venen les comandes:

/usr/lib/nagios/plugins/check_ntp
/usr/lib/nagios/plugins/check_ntp_peer
/usr/lib/nagios/plugins/check_ntp_time

La primera està deprecated, no la utilitzeu:

$ /usr/lib/nagios/plugins/check_ntp
WARNING: check_ntp is deprecated. Please use check_ntp_peer or
check_ntp_time instead.
...

La segona serveix per monitortizar un servidor NTP remot.

La tercera serveix per comparar l'hora local amb l'hora d'un servidor NTP.

Les sinopsis són:

$ /usr/lib/nagios/plugins/check_ntp_time 
Usage:
check_ntp_time -H <host> [-w <warn>] [-c <crit>] [-v verbose]

i

$ /usr/lib/nagios/plugins/check_ntp_peer 
Usage:
check_ntp_peer -H <host> [-w <warn>] [-c <crit>] [-W <warn>] [-C <crit>]
      [-j <warn>] [-k <crit>] [-v verbose]

I les ajudes:

$ /usr/lib/nagios/plugins/check_ntp_peer --help
check_ntp_peer v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2006 Sean Finney
Copyright (c) 2006-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin checks the selected ntp server
 

Usage:
 check_ntp_peer -H <host> [-w <warn>] [-c <crit>] [-W <warn>] [-C <crit>]
       [-j <warn>] [-k <crit>] [-v verbose]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 123)
 -q, --quiet
    Returns UNKNOWN instead of CRITICAL or WARNING if server isn't synchronized
 -w, --warning=THRESHOLD
    Offset to result in warning status (seconds)
 -c, --critical=THRESHOLD
    Offset to result in critical status (seconds)
 -W, --swarn=THRESHOLD
    Warning threshold for stratum
 -C, --scrit=THRESHOLD
    Critical threshold for stratum
 -j, --jwarn=THRESHOLD
    Warning threshold for jitter
 -k, --jcrit=THRESHOLD
    Critical threshold for jitter
 -m, --twarn=THRESHOLD
    Warning threshold for number of usable time sources ("truechimers")
 -n, --tcrit=THRESHOLD
    Critical threshold for number of usable time sources ("truechimers")
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)  

This plugin checks an NTP server independent of any commandline
programs or external libraries. 

Notes:
 Use this plugin to check the health of an NTP server. It supports
 checking the offset with the sync peer, the jitter and stratum. This
 plugin will not check the clock offset between the local host and NTP
 server; please use check_ntp_time for that purpose.

 See:
 http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT
 for THRESHOLD format and examples.

Examples:
 Simple NTP server check:
  ./check_ntp_peer -H ntpserv -w 0.5 -c 1

 Check jitter too, avoiding critical notifications if jitter isn't available
 (See Notes above for more details on thresholds formats):
  ./check_ntp_peer -H ntpserv -w 0.5 -c 1 -j -1:100 -k -1:200

 Only check the number of usable time sources ("truechimers"):
  ./check_ntp_peer -H ntpserv -m :5 -n :3

 Check only stratum:
  ./check_ntp_peer -H ntpserv -W 4 -C 6

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

i

$ /usr/lib/nagios/plugins/check_ntp_time --help
check_ntp_time v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2006 Sean Finney
Copyright (c) 2006-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin checks the clock offset with the ntp server


Usage:
 check_ntp_time -H <host> [-w <warn>] [-c <crit>] [-v verbose]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 123)
 -q, --quiet
    Returns UNKNOWN instead of CRITICAL if offset cannot be found
 -w, --warning=THRESHOLD
    Offset to result in warning status (seconds)
 -c, --critical=THRESHOLD
    Offset to result in critical status (seconds)
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)

This plugin checks the clock offset between the local host and a
remote NTP server. It is independent of any commandline programs or
external libraries.

Notes:
 If you'd rather want to monitor an NTP server, please use
 check_ntp_peer.

 See:
 http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT
 for THRESHOLD format and examples. 

Examples:
  ./check_ntp_time -H ntpserv -w 0.5 -c 1

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net


Hi ha una sèrie de comandes predefinides al fitxer:

$ cat /usr/share/nagios-plugins/templates-basic/ntp.cfg
# 'check_ntp' command definition
define command{ 
	command_name	check_ntp 
	command_line	/usr/lib/nagios/plugins/check_ntp_peer -H '$HOSTADDRESS$'
	}

# 'check_ntp_ntpq' command definition
define command{
	command_name	check_ntp_ntpq 
	command_line	/usr/lib/nagios/plugins/check_ntp_peer -H '$HOSTADDRESS$' -j 10 -k 15
	}

# 'check_time' command definition
define command{
	command_name	check_time
	command_line	/usr/lib/nagios/plugins/check_time -H '$HOSTADDRESS$'
	}

check_ldap

Hi ha dos plugins:

/usr/lib/nagios/plugins/check_ldap
/usr/lib/nagios/plugins/check_ldaps

Serveixen per comprovar respectivament Ldap sense SSL i Ldap amb SSL. Ens centrarem en el cas de Ldap sense SSL.

Un exemple d'ús:

$ /usr/lib/nagios/plugins/check_ldap -H 192.168.50.30 -b "dc=iesmontsia,dc=org" -3

Correspon a comprovar l'accés anònim a un servidor Ldap remot (192.168.50.30) amb la versió 3 de Ldap.

Un exemple d'ús:

La comanda:

define command {
       command_name    check_anonymous_ldap3
       command_line    /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3
       }

El servei seria:

#LDAP ANONYMOUS BIND
define service {
        hostgroup_name                  ldap-servers
        service_description             LDAP BIND ANONYMOUS
        check_command                   check_anonymous_ldap3!dc=iesmontsia,dc=org
        use                             generic-service
        notification_interval           0 ; set > 0 if you want to be renotified
}

I el host-group:

# Ldap servers
define hostgroup {
       hostgroup_name  ldap-servers
               alias           Ldap servers
               members         localhost,cop,gosa,samba01,proxyguifi,www
       }

El manual és el següent:

$ /usr/lib/nagios/plugins/check_ldap --help
check_ldap v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)
Copyright (c) 2000-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

Usage:
 check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 389)
 -4, --use-ipv4
    Use IPv4 connection
 -6, --use-ipv6
    Use IPv6 connection
 -a [--attr]
    ldap attribute to search (default: "(objectclass=*)"
 -b [--base]
    ldap base (eg. ou=my unit, o=my org, c=at
 -D [--bind]
    ldap bind DN (if required)
 -P [--pass]
    ldap password (if required)
 -T [--starttls]
    use starttls mechanism introduced in protocol version 3
 -S [--ssl]
    use ldaps (ldap v2 ssl method). this also sets the default port to 636
 -2 [--ver2]
    use ldap protocol version 2
 -3 [--ver3]
    use ldap protocol version 3
    (default protocol version: 2)
 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)

Notes:
 If this plugin is called via 'check_ldaps', method 'STARTTLS' will be
 implied (using default port 389) unless --port=636 is specified. In that case
 'SSL on connect' will be used no matter how the plugin was called.
 This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags
 to define the behaviour explicitly instead.  

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

Hi ha una sèrie de comandes predefinides:

/usr/share/nagios-plugins/templates-standard$ cat ldap.cfg 
# 'check_ldap' command definition
define command{
	command_name	check_ldap 
	command_line	/usr/lib/nagios/plugins/check_ldap -H '$HOSTADDRESS$' -b '$ARG1$' 

}

# 'check_ldaps' command definition
define command{ 
	command_name	check_ldaps
	command_line	/usr/lib/nagios/plugins/check_ldaps -H '$HOSTADDRESS$' -b '$ARG1$'
	}

####
# use these checks, if you want to test IPv4 connectivity on IPv6 enabled systems
####

# 'check_ldap_4' command definition
define command{
 	command_name	check_ldap_4  
	command_line	/usr/lib/nagios/plugins/check_ldap -H '$HOSTADDRESS$' -b '$ARG1$' -4
	}

# 'check_ldaps_4' command definition
define command{ 
 	command_name	check_ldaps_4 
	command_line	/usr/lib/nagios/plugins/check_ldaps -H '$HOSTADDRESS$' -b '$ARG1$' -4
	}

check_ldap_syncrepl_status.pl

Vegeu Ldap#Monitoritzaci.C3.B3._Nagios

check_mysql

El plugin es troba a:

/usr/lib/nagios/plugins/check_mysql

La comanda a:

$ cat /usr/share/nagios-plugins/templates-standard/mysql.cfg 
# 'check_mysql' command definition
define command{
        command_name    check_mysql
	command_line    /usr/lib/nagios/plugins/check_mysql -H '$HOSTADDRESS$'
}

# 'check_mysql_cmdlinecred' command definition
define command{ 
	command_name    check_mysql_cmdlinecred
	command_line    /usr/lib/nagios/plugins/check_mysql -H '$HOSTADDRESS$' -u '$ARG1$' -p '$ARG2$'
}

# 'check_mysql_database' command definition
define command{
	command_name	check_mysql_database
	command_line	/usr/lib/nagios/plugins/check_mysql -d '$ARG3$' -H '$HOSTADDRESS$' -u '$ARG1$' -p '$ARG2$'
}

Un exemple d'ús:

$ /usr/lib/nagios/plugins/check_mysql
Access denied for user 'sergi'@'localhost' (using password: NO)

Com podeu veure calautenticar-se:

$ /usr/lib/nagios/plugins/check_mysql -H localhost -u root -p PARAULADEPAS
Uptime: 148224  Threads: 1  Questions: 8384  Slow queries: 0  Opens: 712690  Flush tables: 1  Open tables: 400  Queries per second avg: 0.056

Cal recordar que per defecte MySQL no utilitza TCP/IP i que els servidors no són accesibles en remot, sinó que només es permet l'accés des de localhost ai mab unix socket. Per tant per monitortizar servidor MySQL remots caldrà utilitzar NRPE.

El manual diu:

$ /usr/lib/nagios/plugins/check_mysql --help
check_mysql v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 1999-2007 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This program tests connections to a MySQL server


Usage:
 check_mysql [-d database] [-H host] [-P port] [-s socket]
       [-u user] [-p password] [-S]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -P, --port=INTEGER
    Port number (default: 3306)
  -s, --socket=STRING
    Use the specified socket (has no effect if -H is used)
 -d, --database=STRING
    Check database with indicated name
 -u, --username=STRING
    Connect using the indicated username
 -p, --password=STRING
    Use the indicated password to authenticate the connection
    ==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!! <==
    Your clear-text password could be visible as a process table entry
 -S, --check-slave
    Check if the slave thread is running properly.
 -w, --warning
    Exit with WARNING status if slave server is more than INTEGER seconds
    behind master
 -c, --critical
    Exit with CRITICAL status if slave server is more then INTEGER seconds
    behind master

 There are no required arguments. By default, the local database is checked
 using the default unix socket. You can force TCP on localhost by using an
 IP address or FQDN ('localhost' will use the socket as well).

Notes:
 You must specify -p with an empty string to force an empty password,
 overriding any my.cnf settings.

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

check snmmp

El plugin es troba a:

/usr/lib/nagios/plugins/check_snmp

Les comandes estan definides a:

$ cat /usr/share/nagios-plugins/templates-standard/snmp.cfg
# 'snmp_load' command definition
define command{
	command_name	snmp_load
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.10.1.5.1,.1.3.6.1.4.1.2021.10.1.5.2,.1.3.6.1.4.1.2021.10.1.5.3 -w  :'$ARG2$',:'$ARG3$',:'$ARG4$' -c :'$ARG5$',:'$ARG6$',:'$ARG7$' -l load
	}


# 'snmp_cpustats' command definition
define command{
	command_name	snmp_cpustats
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.11.9.0,.1.3.6.1.4.1.2021.11.10.0,.1.3.6.1.4.1.2021.11.11.0 -l 'CPU usage (user system idle)' -u '%'
	}


# 'snmp_procname' command definition
define command{
	command_name	snmp_procname
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.2.1.5.'$ARG2$' -w '$ARG3$':'$ARG4$' -c '$ARG5$':'$ARG6$'
	}


# 'snmp_disk' command definition
define command{
	command_name	snmp_disk
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.9.1.7.'$ARG2$',.1.3.6.1.4.1.2021.9.1.9.'$ARG2$' -w '$ARG3$':,:'$ARG4$' -c '$ARG5$':,:'$ARG6$' -u 'kB free (','% used)' -l 'disk space'
	}


# 'snmp_mem' command definition
define command{
	command_name	snmp_mem
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.4.6.0,.1.3.6.1.4.1.2021.4.5.0 -w '$ARG2$': -c '$ARG3$':
	}


# 'snmp_swap' command definition
define command{
	command_name	snmp_swap
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.2021.4.4.0,.1.3.6.1.4.1.2021.4.3.0 -w '$ARG2$': -c '$ARG3$':
	}

# 'snmp_procs' command definition
define command{
	command_name	snmp_procs
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrSystem.hrSystemProcesses -w :'$ARG2$' -c :'$ARG3$' -l processes
	}


# 'snmp_users' command definition
define command{
	command_name	snmp_users
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrSystem.hrSystemNumUsers -w :'$ARG2$' -c :'$ARG3$' -l users
	}


# 'snmp_mem2' command definition
define command{
	command_name	snmp_mem2
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
	}


# 'snmp_swap2' command definition
define command{
	command_name	snmp_swap2
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
	}


# 'snmp_mem3' command definition
define command{ 
	command_name	snmp_mem3
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
	}


# 'snmp_swap3' command definition
define command{
	command_name	snmp_swap3
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$',host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageSize.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
	}


# 'snmp_disk2' command definition
define command{
	command_name	snmp_disk2
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageUsed.'$ARG2$' -w '$ARG3$' -c '$ARG4$'
	}
 

# 'snmp_tcpopen' command definition
define command{
	command_name	snmp_tcpopen
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o tcp.tcpCurrEstab.0 -w '$ARG2$' -c '$ARG3$'
	}


# 'snmp_tcpstats' command definition
define command{
	command_name	snmp_tcpstats
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o  tcp.tcpActiveOpens.0,tcp.tcpPassiveOpens.0,tcp.tcpInSegs.0,tcp.tcpOutSegs.0,tcp.tcpRetransSegs.0 -l 'TCP stats'
	}


# 'check_snmp_bgpstate' command definition
define command{
	command_name	check_snmp_bgpstate
	command_line	/usr/lib/nagios/plugins/check_bgpstate '$HOSTADDRESS$' -c '$ARG1$'
	}


# 'check_netapp_uptime' command definition
define command{
	command_name	check_netapp_uptime
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.2.1.1.3.0 --delimiter=')' -l "Uptime is"
	}
 

# 'check_netapp_cpuload' command definition
define command{
	command_name	check_netapp_cpuload
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.789.1.2.1.3.0 -w 90 -c 95 -u '%' -l "CPU LOAD "
	}


# 'check_netapp_numdisks' command definition
define command{
	command_name	check_netapp_numdisks
	command_line	/usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.789.1.6.4.1.0,.1.3.6.1.4.1.789.1.6.4.2.0,.1.3.6.1.4.1.789.1.6.4.8.0,.1.3.6.1.4.1.789.1.6.4.7.0 -u 'Total Disks','Active','Spare','Failed' -l ""
	}


# 'check_compaq_thermalCondition' command definition
define command{
	command_name	check_compaq_thermalCondition
	command_line	 /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C '$ARG1$' -o .1.3.6.1.4.1.232.6.2.1.0,.1.3.6.1.4.1.232.6.2.2.0,.1.3.6.1.4.1.232.6.2.3.0,.1.3.6.1.4.1.232.6.2.4.0 -u 'ThermalCondition','ThermalTemp','ThermalSystem','ThermalCPUFan' -w 2:2,2:2,2:2,2:2 -c 1:2,1:2,1:2,1:2 -l "Thermal status "
 	}

check_apt

Aquest plugin es troba a:

/usr/lib/nagios/plugins/check_apt

Les comandes es troben a:

$ cat /etc/nagios-plugins/config/apt.cfg
# 'check_apt' command definition
define command{
	command_name	check_apt
	command_line	/usr/lib/nagios/plugins/check_apt
	}

# 'check_apt_distupgrade' command definition
define command{
	command_name	check_apt_distupgrade 
	command_line	/usr/lib/nagios/plugins/check_apt -d 
	}

L'ajuda del plugin és:

$ /usr/lib/nagios/plugins/check_apt --help
check_apt v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2006-2008 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

This plugin checks for software updates on systems that use
package management systems based on the apt-get(8) command
found in Debian GNU/Linux


Usage:
check_apt [[-d|-u|-U]opts] [-n] [-t timeout]

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -U, --upgrade=OPTS
    [Default] Perform an upgrade.  If an optional OPTS argument is provided,
    apt-get will be run with these command line options instead of the
    default (-o 'Debug::NoLocking=true' -s -qq).
     Note that you may be required to have root privileges if you do not use
    the default options.
 -d, --dist-upgrade=OPTS
    Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS
    can be provided to override the default options.
  -n, --no-upgrade
    Do not run the upgrade.  Probably not useful (without -u at least).
  -i, --include=REGEXP
    Include only packages matching REGEXP.  Can be specified multiple times
    the values will be combined together.  Any patches matching this list
    cause the plugin to return WARNING status.  Others will be ignored.
    Default is to include all packages.
 -e, --exclude=REGEXP
    Exclude packages matching REGEXP from the list of packages that would
    otherwise be included.  Can be specified multiple times; the values
    will be combined together.  Default is to exclude no packages.
 -c, --critical=REGEXP
    If the full package information of any of the upgradable packages match
    this REGEXP, the plugin will return CRITICAL status.  Can be specified
    multiple times like above.  Default is a regexp matching security
    upgrades for Debian and Ubuntu:
    	^[^\(]*\([^ ]* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)
    Note that the package must first match the include list before its
    information is compared against the critical list. 

The following options require root privileges and should be used with care:

 -u, --update=OPTS
    First perform an 'apt-get update'.  An optional OPTS parameter overrides
    the default options.  Note: you may also need to adjust the global
    timeout (with -t) to prevent the plugin from timing out if apt-get
    upgrade is expected to take longer than the default timeout.

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net

check_swap

El plugin es troba a:

$ /usr/lib/nagios/plugins/check_swap

Un exemple d'ús:

$ /usr/lib/nagios/plugins/check_swap -w 80 -c 50
SWAP OK - 100% free (511 MB out of 511 MB) |swap=511MB;0;0;0;511

No he trobat cap comanda predefinida... Per definir la comanda per a ús local:

define command {
       command_name    check_swap
       command_line    /usr/lib/nagios/plugins/check_swap -w 80 -c 50
       }
define command {
       command_name    check_swap_args
       command_line    /usr/lib/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$
       }

Per utilitzar-la:

#SWAP LOCAL
define service {
       host_name                       hostname
       service_description             SWAP
       check_command                   check_swap!80!50
       use                             generic-service
       notification_interval           0 ; set > 0 if you want to be renotified
}


Però el més habitual es utilitzar NRPE:

al client nrpe:

#SWAP
define service {
       hostgroup_name                  nrpe-servers
       service_description             SWAP
       check_command                   check_nrpe_1arg!check_swap
       use                             generic-service
       notification_interval           0 ; set > 0 if you want to be renotified
}

Al server afegir la línia:

command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 80 -c 50

Al fitxer:

/etc/nagios/nrpe.cfg


El manual:

$ /usr/lib/nagios/plugins/check_swap --help
check_swap v1.4.15 (nagios-plugins 1.4.15)
Copyright (c) 2000-2007 Nagios Plugin Development Team
	<nagiosplug-devel@lists.sourceforge.net>

Check swap space on local machine.


Usage:
check_swap [-av] -w <percent_free>% -c <percent_free>%
check_swap [-av] -w <bytes_free> -c <bytes_free>

Options:
 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
 -w, --warning=INTEGER
    Exit with WARNING status if less than INTEGER bytes of swap space are free
 -w, --warning=PERCENT%%
    Exit with WARNING status if less than PERCENT of swap space is free
 -c, --critical=INTEGER
    Exit with CRITICAL status if less than INTEGER bytes of swap space are free
 -c, --critical=PERCENT%%
    Exit with CRITCAL status if less than PERCENT of swap space is free
 -a, --allswaps
    Conduct comparisons for all swap partitions, one by one
 -v, --verbose
    Show details for command-line debugging (Nagios may truncate output)

Notes:
 On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s.

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net


check_samba

IMPORTANT: No hi ha un plugin per defecte al Nagios 3 per a Samba

El que es pot fer es comprovar els ports públics utilitzant check_tcp i check_udp

Si que tenim però un script que permet comprovar l'espai lliure en recursos compartits de xarxa Windows:

$ /usr/lib/nagios/plugins/check_disk_smb --help
check_disk_smb v1.4.15 (nagios-plugins 1.4.15)
The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
Copyright (c) 2000 Michael Anthon/Karl DeBisschop

Perl Check SMB Disk plugin for Nagios

Usage: check_disk_smb -H <host> -s <share> -u <user> -p <password> 
      -w <warn> -c <crit> [-W <workgroup>] [-P <port>] [-a <IP>]

-H, --hostname=HOST
   NetBIOS name of the server
-s, --share=STRING
   Share name to be tested
-W, --workgroup=STRING
   Workgroup or Domain used (Defaults to "WORKGROUP")
-a, --address=IP
   IP-address of HOST (only necessary if HOST is in another network)
-u, --user=STRING
   Username to log in to server. (Defaults to "guest")
-p, --password=STRING
   Password to log in to server. (Defaults to an empty password)
-w, --warning=INTEGER or INTEGER[kMG]
   Percent of used space at which a warning will be generated (Default: 85%)
      
-c, --critical=INTEGER or INTEGER[kMG]
   Percent of used space at which a critical will be generated (Defaults: 95%)
-P, --port=INTEGER
   Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default)
   
   If thresholds are followed by either a k, M, or G then check to see if that
   much disk space is available (kilobytes, Megabytes, Gigabytes)  
 
   Warning percentage should be less than critical 
   Warning (remaining) disk space should be greater than critical.

Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net.
Please include version information with all correspondence (when possible,
use output from the --version option of the plugin itself).

check_procs

El plugin check_procs el trobareu a:

/usr/lib/nagios/plugins/check_procs

Forma part del paquet nagios-plugins-basic:

$ dpkg -S /usr/lib/nagios/plugins/check_procs
nagios-plugins-basic: /usr/lib/nagios/plugins/check_procs

Recursos:

check_dhcpd

Afegiu la línia:

command[check_dhcpd]=/usr/lib/nagios/plugins/check_procs -c 1:1 -C dhcpd

al fitxer:

/etc/nagios/nrpe.cfg

I podeu monitoritzar remotament DHCP utilitzant el plugin nrpe:

#DHCP
define service { 
        hostgroup_name                  dhcp-servers 
        service_description             DHCPD
        check_command                   check_nrpe_1arg!check_dhcpd
        use                             generic-service 
        notification_interval           0 ; set > 0 if you want to be renotified 
}

Altres plugins

Es poden trobar altres plugins a:

   Nagios Plugins Project: http://nagiosplug.sourceforge.net/
   Nagios Downloads Page: http://www.nagios.org/download/
   NagiosExchange.org: http://www.nagiosexchange.org/

Serveis

Serveis configurats per defecte. http i ssh

Per defecte ja es configuren els serveis HTTP i SSH, utilitzant les comandes check_ssh i check_http

$ cat /etc/nagios3/conf.d/services.cfg
# check that web services are running
define service {
       hostgroup_name                  http-servers
       service_description             HTTP
	check_command                   check_http
       use                             generic-service
	notification_interval           0 ; set > 0 if you want to be renotified
}
# check that ssh services are running
define service {
        hostgroup_name                  ssh-servers
        service_description             SSH
	check_command                   check_ssh
        use                             generic-service
	notification_interval           0 ; set > 0 if you want to be renotified
}


Configurar els teus propis serveis

Nagios utilitza un sistema de plugins que permet la seva extensibilitat i la possibilitat d'implementar els teus propis serveis.

Status map

Definir relacions entre màquines

TODO

Afegir icones

Les icones les trobareu a:

/usr/share/nagios/htdocs/images/logos

Les imatges són proporcionades pel paquet nagios-images:

$ dpkg -S /usr/share/nagios/htdocs/images/logos
nagios-images: /usr/share/nagios/htdocs/images/logos

Si no el teniu instal·lar poseu:

$ sudo apt-get install nagios-images

Cal indicar la imatge de la màquina a la seva definició:

define hostextinfo{
   host_name router
   icon_image switch40.jpg
   icon_image_alt switch40.gif
   statusmap_image switch40.gd2
}

Un altre exemple:

define host{
	use		generic-switch		; Inherit default values from a template
	host_name	AP09		; The name we're giving to this switch
	alias		AP09 (Planta 2: davant les aules 27 i 28)	; A longer name associated with the switch
	address		192.168.140.159		; IP address of the switch
	hostgroups	switches		; Host groups this switch is associated with
       parents         R2SS1
       icon_image      base/wifi3.png
       icon_image_alt  AP
       vrml_image      base/wifi3.png
       statusmap_image base/wifi3.gd2
	}

Ara anem a veure un exemple de com afegir la icona d'Ubuntu a una llista de servidors Ubuntu. Editeu el fitxer:

$ sudo joe /etc/nagios3/conf.d/extinfo_nagios2.cfg
...
define hostextinfo{
       hostgroup_name   ubuntu-servers
       notes            Ubuntu GNU/Linux servers
#       notes_url        http://webserver.localhost.localdomain/hostinfo.pl?host=netware1
       icon_image       base/ubuntu.png
       icon_image_alt   Ubuntu GNU/Linux
       vrml_image       ubuntu.png
       statusmap_image  base/ubuntu.gd2
       }


Imatge de fons

TODO

10.2.1- Imagen de Fondo

Tal vez, tengamos a nuestras maquinas monitorizadas, en diferentes habitaciones, lugares, ciudades , o edificios diferentes, como el caso del wireless ;) . ¿ No creeis que sería interesante y llamativo, tener un Mapa de la ciudad, con cada uno de los Hosts en SU lugar ? Llamativo, eh ? Pues con Nagios podemos hacerlo, y personalizar aún más nuestro statusmap.

En el fichero cgi.cfg deberemos poner el nombre del fichero que va a formar la imagen de fondo ( background ) :

statusmap_background_image=ciudad.gd2 , el fichero debera ir en el directorio .../share/images/

Mucho cuidado, solamente podremos poner imagenes en el formato GD2, para lo cual deberemos convertir las imagenes desde PNG a GD2 con la herramienta pngtogd2. Para convertir la imagen haremos:

  1. pngtogd2 /path/imagen.png /usr/local/nagios/share/images/ciudad.gd2 1 1

- El 1 1 son parámetros FIJOS, no los cambies o no te funcionará.

Asi de fácil :D

Monitoritzar informació privada de màquines Unix/Linux Remotes

Es pot fer mitjançant el plugin nrpe. Utilitza una arquitectura client-servidor:

Client (nagios-nrpe-plugin)

En aquest cas el client és la màquina on està instal·lat Nagios. Cal instal·lar el plugin:

$ sudo apt-get install nagios-nrpe-plugin

Els fitxers instal·lats són:

$ dpkg -L nagios-nrpe-plugin
/.
/usr
/usr/lib
/usr/lib/nagios
/usr/lib/nagios/plugins
/usr/lib/nagios/plugins/check_nrpe
/usr/share
/usr/share/doc
/usr/share/doc/nagios-nrpe-plugin
/usr/share/doc/nagios-nrpe-plugin/changelog.Debian.gz
/usr/share/doc/nagios-nrpe-plugin/copyright
/usr/share/doc/nagios-nrpe-plugin/NEWS.Debian.gz
/etc
/etc/nagios-plugins
/etc/nagios-plugins/config
/etc/nagios-plugins/config/check_nrpe.cfg


Atenció: sí teniu instal·lat Nagios des de una compilació del codi font podeu fer:

$ sudo cp /usr/lib/nagios/plugins/check_nrpe /usr/local/nagios/libexec
$ sudo chown nagios:nagios /usr/local/nagios/libexec//check_nrpe 

També es pot instal·lar la documentació amb:

$ sudo apt-get install nagios-nrpe-doc
NOTA: No és imprescindible aquest últim fitxer... Només és la documentació

Configuració. /etc/nagios-plugins/config/check_nrpe.cfg

$ cat /etc/nagios-plugins/config/check_nrpe.cfg
# this command runs a program $ARG1$ with arguments $ARG2$
define command {
	command_name	check_nrpe
	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$
}

# this command runs a program $ARG1$ with no arguments
define command { 
	command_name	check_nrpe_1arg
	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Servidor (nagios-nrpe-server)

A la màquina remota que es vol monitoritzar, cal instal·lar:

$ sudo apt-get install nagios-nrpe-server nagios-plugins

Els fitxers instal·lats són:

$ dpkg -L nagios-nrpe-server 
/.
/usr
/usr/sbin
/usr/sbin/nrpe
/usr/share
/usr/share/doc
/usr/share/doc/nagios-nrpe-server
/usr/share/doc/nagios-nrpe-server/changelog.Debian.gz
/usr/share/doc/nagios-nrpe-server/LEGAL
/usr/share/doc/nagios-nrpe-server/README.Debian
/usr/share/doc/nagios-nrpe-server/README.SSL
/usr/share/doc/nagios-nrpe-server/copyright
/usr/share/doc/nagios-nrpe-server/SECURITY
/usr/share/doc/nagios-nrpe-server/README.gz
/usr/share/doc/nagios-nrpe-server/NEWS.Debian.gz
/usr/share/man
/usr/share/man/man8
/usr/share/man/man8/nrpe.8.gz
/etc
/etc/init.d
/etc/init.d/nagios-nrpe-server
/etc/default
/etc/default/nagios-nrpe-server
/etc/nagios
/etc/nagios/nrpe_local.cfg
/etc/nagios/nrpe.cfg
/etc/nagios/nrpe.d

I definir quins Nagios tenen permisos per a fer consultes en aquesta màquina. Editeu el fitxer /etc/nagios/nrpe_local.cfg:

$ sudo joe /etc/nagios/nrpe_local.cfg

I afegiu la línia:

allowed_hosts=127.0.0.1,ipaddress.of.your.nagiosserver

Poseu la IP del vostre servidor Nagios.

NOTA: Si afegiu més d'una línia d'allowed hosts, la última línia serà la única que s'aplicarà. Deixeu la IP local per tal que continuí funcionant en local

També és important configurar el fitxer:

$ cat /etc/default/nagios-nrpe-server
# defaults file for nagios-nrpe-server
# (this file is a /bin/sh compatible fragment)  

# DAEMON_OPTS are any extra cmdline parameters you'd like to
#             pass along to the nrpe daemon
#DAEMON_OPTS="--no-ssl"

# NICENESS is if you want to run the server at a different nice() priority
#NICENESS=5

# INETD is if you want to run the server via inetd (default=0, run as daemon)
#INETD=0

Sobretot descomentar:

DAEMON_OPTS="--no-ssl"

Si no es vol utilitzar SSL.

Cal tornar a iniciar el servei amb :

$ sudo /etc/init.d/nagios-nrpe-server restart
NOTA: No calen els següents passos (tatxats): Ja està definida l'ordre al fitxer /etc/nagios-plugins/config/check_nrpe.cfg

Al client heu d'afegir una definició de comanda al fitxer commands.cfg (normalment es troba a /etc/nagios3):

define command{
       command_name check_nrpe
       command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
       }

IMPORTANT: Copieu literalment els valors del quadre anterior. $USER1$,$HOSTADDRESS$ i $ARG1$ són macros de nagios

Podeu comprovar que teniu accés amb:

$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.0.7 -c check_load
IMPORTANT: Canvieu la Ip de l'exemple (192.168.0.7) per la IP del vostre servidor nrpe

o si la instal·lació s'ha fet a mà (no s'aplica si ho feu amb apt-get)

$ /usr/local/nagios/libexec/check_nrpe -H 192.168.0.7 -c check_load 
OK - load average: 0.22, 0.20, 0.18|load1=0.220;15.000;30.000;0; load5=0.200;10.000;25.000;0; load15=0.180;5.000;20.000;0;

El fitxer nrpe_local.cfg s'inclou al fitxer principal de configuració: '/etc/nagios/nrpe.cfg. Si llegiu el fitxer /etc/nagios/nrpe.cfg veureu que per defecte la IP de localhost ja te permisos.

El port que utilitza el servidor és el 5666. Podeu comprovar que el port està obert amb:

$ sudo nmap 192.168.0.7 -p 5666
Starting Nmap 4.53 ( http://insecure.org ) at 2009-05-14 10:49 CEST
Interesting ports on 192.168.0.7:
PORT     STATE SERVICE
5666/tcp open  unknown
MAC Address: 00:0F:FE:DE:81:6C (G-pro Computer)

Nmap done: 1 IP address (1 host up) scanned in 0.152 seconds

També des del servidor es pot executar:

$ sudo netstat -at | grep 5666
tcp        0      0 *:5666                  *:*                    LISTEN     

Ara a la configuració de nagios podeu afegir els següents serveis al host:

IMPORTANT: Hi ha dos comandes check_nrpe quan hi ha dos arguments i check_nrpe_1arg quan n'hi ha un!
define service{
            use                         generic-service
            host_name                   remotehost
            service_description         CPU Load
            check_command               check_nrpe_1arg!check_load
            }

define service{
            use                         generic-service
            host_name                   remotehost
            service_description         Current Users
            check_command               check_nrpe_1arg!check_users
            }

define service{
            use                         generic-service
            host_name                   remotehost
            service_description         /dev/sda1 Free Space
            check_command               check_nrpe_1arg!check_sda1
            }
define service{
            use                         generic-service
            host_name                   remotehost
            service_description         Root Free Space
            check_command               check_nrpe_1arg!check_rootfreespace
            }
  
define service{
            use                        generic-service
            host_name                  remotehost
            service_description        Total Processes
            check_command              check_nrpe_1arg!check_total_procs
            }

define service{
         use                           generic-service
         host_name                     remotehost
         service_description           Zombie Processes
         check_command                 check_nrpe_1arg!check_zombie_procs
         }
Atenció: Modifiqueu remotehost pel nom de la màquina remota que heu escollit.

Tingueu en compte que hi ha una comanda a mida!:

command[check_rootfreespace]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
NOTA: Als servidors Ubuntu, la partició /dev/sda1 sol ser la partició de boot i la partició arrel és una partició LVM. Per monitortizar l'arrel en aquests casos el millor és utilitzar la comanda indicada amunt!

Recursos:

Configuració del servidor. Fitxer /etc/nagios/nrpe.cfg

La configuració del servidor la trobareu al fitxer:

$ cat /etc/nagios/nrpe.cfg
#############################################################################
# Sample NRPE Config File 
# Written by: Ethan Galstad (nagios@nagios.org)
# 
# Last Modified: 11-23-2007
#
# NOTES:
# This is a sample configuration file for the NRPE daemon.  It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################  

# LOG FACILITY
# The syslog facility that should be used for logging purposes. 

log_facility=daemon


# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number.  The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode. 

pid_file=/var/run/nrpe.pid



# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666

# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd  

#server_address=127.0.0.1



# NRPE USER
# This determines the effective user that the NRPE daemon should run as.  
# You can either supply a username or a UID.
# 
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 

nrpe_user=nagios

# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.  
# You can either supply a group name or a GID.
# 
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 

nrpe_group=nagios
 
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames 
# that are allowed to talk to the NRPE daemon.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1
 
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.  
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***  
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=0

# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario: 
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing 
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password.  If you do this, make sure you don't give
# random users write access to that directory or its contents!  

# command_prefix=/usr/bin/sudo 

# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on 

debug=0


# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off. 

command_timeout=60


# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low. 

connection_timeout=300 

# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness  

#allow_weak_random_seed=1 

# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>

# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
 
# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory.  Also note that you will have to modify the definitions below
# to match the argument format the plugins expect.  Remember, these are
# examples only! 
 
# The following examples use hardcoded command arguments...

command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200  

# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for 
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'.  This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.  

#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$

#
# local configuration:
#	if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg 

# 
# you can place your config snipplets into nrpe.d/
include_dir=/etc/nagios/nrpe.d/

Exemple pas a pas. OpenFPnet

Exemple de configuració del client:

http://acacha.org/mediawiki/index.php/OpenFPnet/Mosaic/Formaci%C3%B3/Execuci%C3%B3/M%C3%A0quines_virtuals_plantilla#Nagios_client._nagios-nrpe-server

Exemple configuració nagios:

sergi@noc:/etc/nagios3/conf.d$ cat openfpnet_services.cfg
$ cat openfpnet_commands.cfg
#HTTPS

define command {
	command_name    check_https_certification
	command_line    /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -S -C $ARG1$
	}

define command {
        command_name    check_anonymous_ldap3
        command_line    /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3
        }

define command {
        command_name    check_admin_ldap3
        command_line    /usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$ -b '$ARG1$' -3 -D '$ARG2$' -p '$USER3'
        }

define command {
        command_name    check_moodle
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /moodle/index.php
        }

define command {
        command_name    check_mediawiki
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /maninfo/index.php
        }

define command {
        command_name    check_phpmyadmin
        command_line    /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -u /phpmyadmin
        }

define command {
        command_name    check_wordpress
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /wordpress
        }

define command {
        command_name    check_ocsreports
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /ocsreports
        }

define command {
        command_name    check_glpi
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.80 -u /glpi
        }

define command {
        command_name    check_gestioip
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /gestioip -e '401 Authorization Required'
        }

define command {
        command_name    check_cacti  
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /cacti
        }

define command {
        command_name    check_munin
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /munin
        }

define command {
        command_name    check_nagiosurl
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.50 -u /nagios3 -e '401 Authorization Required'
        }

define command {
        command_name    check_calamaris_cop
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.10 -u /calamaris 
        }

define command {
        command_name    check_calamaris_proxyguifi
        command_line    /usr/lib/nagios/plugins/check_http -H 192.168.50.61 -u /calamaris 
        }

 sergi@noc:/etc/nagios3/conf.d$ cat openfpnet_hostgroups.cfg
# Some generic hostgroup definitions

# A simple wildcard hostgroup
define hostgroup {
        hostgroup_name  all
		alias           All Servers
		members         *
        }

# A list of your Debian GNU/Linux servers
define hostgroup {
        hostgroup_name  debian-servers
		alias           Debian GNU/Linux Servers
		members         proxmox01,proxmox02
        }

# A list of your web servers
define hostgroup {
        hostgroup_name  http-servers
		alias           HTTP servers
		members         localhost,www,cop,proxmox01,proxmox02,gosa,localhost,mirror,tallafocsasi,R0SC1,R10SC1,R10SC2,R11SS1,R12SS1,R13SS1,R14SS0,R17SS2,R26SS1,R5SS2
        }

# A list of your secure web servers
define hostgroup {
        hostgroup_name  https-servers
                alias           HTTPS servers
                members         localhost,www,cop,proxmox01,proxmox02,gosa,localhost,tallafocsasi
        }


# A list of your ssh-accessible servers
define hostgroup {
        hostgroup_name  ssh-servers
		alias           SSH servers
		members         localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas
        }

#OPENFPNET
#Afegit per Sergi Tur el 19 d'agost de 2012

# NRPE SERVERS
define hostgroup {    
        hostgroup_name  nrpe-servers
                alias           SSH servers
                members         localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas
        }

# SNMP SERVERS
define hostgroup {    
        hostgroup_name snmp-servers
                alias           SSH servers
                members         localhost,cop,proxmox01,proxmox02,ns2,gosa,samba01,samba02,samba03,samba04,localhost,proxyguifi,mirror,www,tallafocsasi,nas,R0SC1,R10SC1,R10SC2,R11SS1,R12SS1,R13SS1,R14SS0,R17SS2,R26SS1,R5SS2
        }

#GATEWAYS
define hostgroup {
        hostgroup_name  gateways
                alias           Gateways servers
                members         gateway01,routerxeba,router1,router2,router3,router4
        }

# Ubuntu servers      
define hostgroup {
        hostgroup_name  ubuntu-servers
                alias           Ubuntu servers
                members         localhost,cop,ns2,gosa,samba01,samba02,samba03,samba04,proxyguifi,mirror,www,tallafocsasi
        }

# Ldap servers
define hostgroup {
        hostgroup_name  ldap-servers
                alias           Ldap servers
                members         localhost,cop,gosa,samba01,samba02,samba03,samba04,proxyguifi,www,tallafocsasi
        }

# MySQL servers
define hostgroup {
        hostgroup_name  mysql-servers
                alias           Ldap servers
                members         localhost,gosa,www
        }


# DNS servers
define hostgroup {
        hostgroup_name  dns-servers
                alias           DNS servers
                members         cop,ns2,tallafocsasi
        }

# DHCP servers
define hostgroup {
        hostgroup_name  dhcp-servers
                alias           DHCP servers 
#                members              
        }

#Squid servers
define hostgroup {
        hostgroup_name  squid-servers
                alias           Squid servers
                members         cop,proxyguifi,tallafocsasi
        }

#NTP servers
define hostgroup {
        hostgroup_name  ntp-servers
                alias           NTP servers
                members         ns2,cop,tallafocsasi
        }

#Samba servers
define hostgroup {
        hostgroup_name  samba-servers
                alias          Samba servers 
                members        samba01,samba02,samba03,samba04
        }

#Proxmox servers
define hostgroup {
        hostgroup_name  proxmox-servers
                alias          Proxmox servers
                members        proxmox01,proxmox02
        }


#IPERF Servers
define hostgroup {
        hostgroup_name  iperf-servers
                alias           IPERF servers
                members         localhost
        }

#SMTP Servers
define hostgroup {
        hostgroup_name  smtp-servers
                alias           SMTP servers
                members         localhost,www
        }

#WINBOX Devices 
define hostgroup {
        hostgroup_name  winbox-devices
                alias           Winbox
                members         gateway01
        }

#RPCBIND Servers
define hostgroup {
        hostgroup_name rpcbind-servers
                alias           RPCBIND servers
                members         proxmox01,proxmox02
        }

Comandes nrpe

Excepte la comanda check_nrpe (què és la única que s'executa des del client ), les comandes "internes" de check_nrpe formen part del servidor, i les podeu trobar al fitxer:

$ cat /etc/nagios/nrpe.cfg
...
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200

Activar el log

Cal activar-lo al fitxer /etc/nagios/nrpe.cfg:

debug=1

Cal reiniciar el servidor per activar el canvi:

$ sudo /etc/init.d/nagios-nrpe-server restart

Els logs sortiran per syslog:

$ sudo tail -f /var/log/syslog
May 14 10:59:19 moodle nrpe[22354]: Caught SIGTERM - shutting down... 
May 14 10:59:19 moodle nrpe[22354]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges.
May 14 10:59:19 moodle nrpe[22354]: Daemon shutdown 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
May 14 10:59:20 moodle nrpe[23033]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
May 14 10:59:20 moodle nrpe[23034]: Starting up daemon
May 14 10:59:20 moodle nrpe[23034]: Listening for connections on port 5666 
May 14 10:59:20 moodle nrpe[23034]: Allowing connections from: 192.168.0.7 
May 14 11:00:01 moodle CRON[23069]: Sigfile not found

Monitoritzar informació privada de màquines Windoze Remotes

Fitxer:NSCLIENTNagiosUsageGuide.pdf

Anem a veure com podeu monitoritzar dades "privades" d'una màquina remota Windows. Concretament podreu monitoritzar:

  • Memory usage
  • CPU load
  • Disk usage
  • Service states
  • Running processes
  • etc.

Per poder monitorizar Windows cal instal·lar un agent. L'agent a instal·lar és:

NSClient++

I el plugin (client) de Nagios a utilitzar és:

check_nt (normalment es troba a: /usr/lib/nagios/plugins/check_nt)

El plugin es proporcionat pel paquet:

$ dpkg -S /usr/lib/nagios/plugins/check_nt
nagios-plugins-basic: /usr/lib/nagios/plugins/check_nt

Que es comunica amb l'agent/servidor NSClient++.

NOTA: Hi ha altres agents com NC_Net i també podríem utilitzar SNMP

Prerequisits

Només el primer cop que vulgueu monitoritzar una màquina Windows cal que editeu el fitxer:

$ sudo joe /etc/nagios3/nagios.cfg

I descomenteu:

#cfg_file=/etc/nagios3/objects/windows.cfg 

Ha de quedar:

...
# Definitions for monitoring a Windows machine
cfg_file=/etc/nagios3/objects/windows.cfg 
...

Al fitxer /etc/nagios3/objects/windows.cfg definireu els host Windows (teniu exemples de com fer-ho al mateix fitxer).

IMPORTANT: Si no teniu el fitxer el podeu buscar a /usr/share/doc/nagios3-common/examples/template-object/windows.cfg. Per tant feu:
$ sudo cp /usr/share/doc/nagios3-common/examples/template-object/windows.cfg /etc/nagios3/conf.d

Configuració de Nagios

Heu de tenir disponibles les següents ordres:

  • L'ordre check_nt de nagios. La tindreu definida a:
/etc/nagios-plugins/config/nt.cfg
# If you are confused about this command definition, cause you was
# reading other suggestions, please have a look into
# /usr/share/doc/nagios-plugins/README.Debian 

# 'check_nt' command definition
define command { 
	command_name    check_nt
	command_line    /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -v '$ARG1$'
}

# 'check_nscp' command definition
define command { 
	command_name	check_nscp 
	command_line	/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$'
}

També us cal una plantilla, la teniu a:

/usr/share/doc/nagios3-common/examples/template-object/windows.cfg

Per instal·lar l'Agent de Windows

nsclient++ /install
nsclient++ SysTray

Obriu el gestor de serveis de Windows i assegureu-vos que NSClientpp té permisos per interactuar amb l'escriptori (vegeu la pestanya "Log On")

  • Descomenteu tots el mòduls (secció [modules]) excepte CheckWMI.dll i RemoteConfiguration.dll
  • Opcional podeu requerir d'una paraula de pas per tal de poder-se connectar.
  • Indiqueu els clients permesos 'allowed_hosts a la secció [Settings], poseu la Ip del servidor Nagios o deixeu en blanc per tal de permetre totes les màquines.
  • El port per defecte (opció port) ha de ser 12489

Inicieu el servei NSClient++ amb:

nsclient++ /start

Si l'heu instal·lat correctament una nova icona apareixerà al System Tray (cercle groc amb una M negra dins)

Ara vegem un exemple de configuració de màquina Windows:

$ cat /etc/nagios3/conf.d/windows.cfg

define host{

	use		windows-server	; Inherit default values from a Windows server template (make sure you keep this line!)
	host_name	winserver
	alias		My Windows Server
	address		192.168.1.2
	}

I ara afegim un servei:

define service{
	use			generic-service
	host_name			winserver
	service_description	NSClient++ Version
	check_command		check_nt!CLIENTVERSION
	}

Podeu monitoritzar el uptime:

define service{
	use			generic-service
	host_name		winserver
	service_description	Uptime
	check_command		check_nt!UPTIME
	}

O l'ús de la CPU (la càrrega durant es últims 5 minuts és de més de 90% --> CRITICAL o WARNING a 80%)

IMPORTANT: La documentació de Nagios està malament!!! us diuen de posar opcions tipus -l! No les poseu. Simplement:
define service{
	use			generic-service
	host_name			winserver
	service_description	CPU Load
	check_command		check_nt!CPULOAD!80!90
	}

Ús de memòria (CRITICAL:90% WARNING:80%):

define service{
	use			generic-service
	host_name			winserver
	service_description	Memory Usage
	check_command		check_nt!MEMUSE!80!90
	}

Espai del disc C:\ (CRITICAL:90% WARNING:80%)

define service{
	use			generic-service
	host_name			winserver
	service_description	C:\ Drive Space
	check_command		check_nt!USEDDISKSPACE!80!90
	}

Monitoritzar el servei W3SVC:

define service{
	use			generic-service
	host_name			winserver
	service_description	W3SVC
	check_command		check_nt!SERVICESTATE!SHOWALL!W3SVC
	}

Per monitoritzar el procés Explorer.exe process (alerta crítica si no està en execució):

define service{
	use			generic-service
	host_name			winserver
	service_description	Explorer
	check_command		check_nt!PROCSTATE!SHOWALL!Explorer.exe
	}

Exemple amb paraula de pas, cal posar l'opció -s:

IMPORTANT: Ojo que ja teniu la comanda posada a nagios-plugins, cal afegir només -s PASSWORD
define command{
	command_name	check_nt
	command_line	$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s PASSWORD -v $ARG1$ $ARG2$
	}

Cal tornar a iniciar Nagios per tal d'aplicar els canvis.

Recursos:

Monitorització de commutadors (switches) i encaminadors (routers)

Per monitoritzar commutadors el primer que cal fer és activar la línia (treien el símbol de comentari - # - ):

# Definitions for monitoring a router/switch
cfg_file=/usr/local/nagios/etc/objects/switch.cfg

Al fitxer de configuració de nagios: nagios.cfg. El podeu trobar a:

/usr/local/nagios/etc/nagios.cfg

o

/etc/nagios/nagios.cfg

Depenent si l'heu instal·lat compilant o des de els repositoris.

Això el que fa és activar les definicions per a commutadors i encaminadors.

Ara ja podeu crear una definició d'objecte de Nagios, per tal de poder monitoritzar un commutador o encaminador. Editeu el fitxer switch.cfg

$ sudo joe /usr/local/nagios/etc/objects/switch.cfg

I afegiu una nova definició de màquina (host). Un exemple

define host{
	use		generic-switch		; Inherit default values from a template
	host_name	linksys-srw224p		; The name we're giving to this switch
	alias		Linksys SRW224P Switch	; A longer name associated with the switch
	address		192.168.1.253		; IP address of the switch
	hostgroups	allhosts,switches	; Host groups this switch is associated with
	}

Observeu que el fitxer està ple d'exemples. Potser caldrà comentar o esborrar els exemples per tal d'evitar errors.

Recursos:

Pings a commutadors

Es pot utilitzar la comanda check_ping per tal de definir un servei de monitorització d'un commutador:

define service{
	use			generic-service	; Inherit values from a template
 	host_name			linksys-srw224p	; The name of the host the service is associated with
	service_description	PING		; The service description 
	check_command		check_ping!200.0,20%!600.0,60%	; The command used to monitor the service
	normal_check_interval	5	; Check the service every 5 minutes under normal conditions
	retry_check_interval	1	; Re-check the service every minute until its final/hard state is determined
	}

SNMP

Es pot utilitzar per fer preguntes específiques als commutadors o encaminadors.

Per exemple, per saber l'estat d'un port:

#Port 2: connexió al router del centre
define service{
      use                     generic-service ; Inherit values from a template
      host_name               Switch_Cisco_Servidors
      service_description     Port 2 Link Status: Router Centre
      check_command           check_snmp!-C public -o ifOperStatus.2 -r 1 -m RFC1213-MIB
      }

On:

  • -C public: indica la comunitat pública de SNMP
  • -o ifOperStatus.1: és el OID de SNMP que indica l'estat del port 1.
  • -r 1: indica que l'estat serà OK si el valor retornat és 1 i sinó donarà un error (CRITICAL)
  • -m RFC1213-MIB: opcional

Hi ha un munt de paràmetres SNMP que es poden utilitzar. Es pot consultar els paràmetres amb la comanda:

$ snmpwalk -v1 -c public 192.168.1.253 -m ALL .1 

O per saber el temps que porta encès el dispositiu:

define service{
      use                     generic-service                          ; Inherit values from a template
      host_name               Switch_Cisco_Servidors
      service_description     Uptime
      check_command           check_snmp!-C public -o sysUpTime.0
      }


Vegeu també l'article sobre SNMP.

Monitoritzar impressores

Podem monitoritzar impressores HP o que suportin JetDirect amb la comanda de nagios check_hpjd. Per saber si el vostre Nagios disposa d'aquesta comanda:

$ ls /usr/local/nagios/libexec | grep hp
check_hpjd

Per monitoritzar commutadors el primer que cal fer és activar la línia (treient el símbol de comentari - # - ):

# Definitions for monitoring a network printer
cfg_file=/usr/local/nagios/etc/objects/printer.cfg

Al fitxer de configuració de nagios: nagios.cfg. El podeu trobar a:

/usr/local/nagios/etc/nagios.cfg

o

/etc/nagios/nagios.cfg

Depenent si l'heu instal·lat compilant o des dels repositoris. Això el que fa és activar les definicions per a commutadors i encaminadors.

Ara ja podeu crear una definició d'objecte de Nagios, per tal de poder monitoritzar un commutador o encaminador. Editeu el fitxer printer.cfg

$ sudo joe /usr/local/nagios/etc/objects/printer.cfg

I afegiu una nova definició de màquina (host). Un exemple

define host{
       use             generic-printer         ; Inherit default values from a template
       host_name       hplj2605dn              ; The name we're giving to this printer
       alias           HP LaserJet 2605dn      ; A longer name associated with the printer
       address         192.168.1.30            ; IP address of the printer
       hostgroups      network-printers        ; Host groups this printer is associated with
       }

Observeu que el fitxer està ple d'exemples. Potser caldrà esborrar-los o comentar-los per tal d'evitar problemes.

Recursos:

Status i ping a la impressora

Per obtenir l'estatus de la impressora:

define service{
	use			generic-service		; Inherit values from a template
	host_name			hplj2605dn		; The name of the host the service is associated with
	service_description	Printer Status		; The service description
	check_command		check_hpjd!-C public	; The command used to monitor the service
	normal_check_interval	10	; Check the service every 10 minutes under normal conditions
	retry_check_interval	1	; Re-check the service every minute until its final/hard state is determined
	}

I per a fer-li un ping:

define service{
       use                     generic-service
       host_name               hplj2605dn
       service_description     PING
       check_command           check_ping!3000.0,80%!5000.0,100%
       normal_check_interval   10
       retry_check_interval    1
       }

Exemple des de la línia de comandes

$ /usr/local/nagios/libexec/check_hpjd -H 192.168.12.50 -C public
Printer ok - ("Modo Suspensi.n activado")


Valors a monitoritzar

#define HPJD_LINE_STATUS		".1.3.6.1.4.1.11.2.3.9.1.1.2.1"
#define HPJD_PAPER_STATUS		".1.3.6.1.4.1.11.2.3.9.1.1.2.2"
#define HPJD_INTERVENTION_REQUIRED	".1.3.6.1.4.1.11.2.3.9.1.1.2.3"
#define HPJD_GD_PERIPHERAL_ERROR	".1.3.6.1.4.1.11.2.3.9.1.1.2.6"
#define HPJD_GD_PAPER_JAM		".1.3.6.1.4.1.11.2.3.9.1.1.2.8"
#define HPJD_GD_PAPER_OUT		".1.3.6.1.4.1.11.2.3.9.1.1.2.9"
#define HPJD_GD_TONER_LOW		".1.3.6.1.4.1.11.2.3.9.1.1.2.10"
#define HPJD_GD_PAGE_PUNT		".1.3.6.1.4.1.11.2.3.9.1.1.2.11"
#define HPJD_GD_MEMORY_OUT		".1.3.6.1.4.1.11.2.3.9.1.1.2.12"
#define HPJD_GD_DOOR_OPEN	 	".1.3.6.1.4.1.11.2.3.9.1.1.2.17"
#define HPJD_GD_PAPER_OUTPUT		".1.3.6.1.4.1.11.2.3.9.1.1.2.19"
#define HPJD_GD_STATUS_DISPLAY		".1.3.6.1.4.1.11.2.3.9.1.1.3"

Recursos:

Autenticació

Bàsica (per defecte)

Nagios per defecte utilitza autenticació HTTP. Els usuaris es troben al fitxer:

/etc/nagios3/htpasswd.users

Podeu utilitzar l'ordre htpasswd per gestionar els usuaris d'aquest fitxer.

IMPORTANT: No oblideu que l'autenticació HTTP només controla l'accés a Nagios. Un cop l'usuari accedeix a Nagios, és necessari que sigui un contacte de Nagios, és a dir que estigui definit al fitxer contacts, per tal de que tingui permisos per gestionar el Nagios)

Vegeu també Nagios#Afegir_un_nou_usuari.

La configuració de Nagios per tal d'utilitzar autenticació HTTP es troba a:

<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
       Options FollowSymLinks

       DirectoryIndex index.php index.html

       AllowOverride AuthConfig
       Order Allow,Deny
       Allow From All

       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios3/htpasswd.users
       # nagios 1.x:
       #AuthUserFile /etc/nagios/htpasswd.users
       require valid-user
</DirectoryMatch>


Ldap

Per tal d'utilitzar Ldap com a sistema d'autenticació, també s'utilitza l'autenticació HTTP però aquest cop amb aquesta autenticació configurada per tal d'utilitzar Ldap.

Cal activar el mòdul authnz_ldap:

$ sudo a2enmod authnz_ldap
$ sudo service apache2 restart

Per configurar l'autenticació HTTP cal modificar:

$ cat /etc/apache2/conf.d/nagios3.conf
...
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
       Options FollowSymLinks

       DirectoryIndex index.php index.html

       AllowOverride AuthConfig
       Order Allow,Deny
       Allow From All

       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios3/htpasswd.users
       # nagios 1.x:
       #AuthUserFile /etc/nagios/htpasswd.users
       #require valid-user

       AuthBasicProvider ldap file
       AuthzLDAPAuthoritative off
       AuthLDAPURL "ldap://localhost/ou=All,dc=iesalfacs,dc=cat?uid?sub"
       AuthLDAPGroupAttributeIsDN off
       AuthLDAPGroupAttribute memberUid

       require valid-user
       require ldap-group cn=nagios,ou=GrupsNOC,ou=Grups,ou=All,dc=iesalfacs,dc=cat                       
        
</DirectoryMatch>

Per aplicar els canvis cal reiniciar Apache:

$ sudo /etC/init.d/apache2 restart

Recordeu que amb això només permetrem l'accés. Un cop dins de Nagios cal ser usuari que estigui donat d'alta al fitxer contacts i assignar-li permisos. Consulteu Nagios#Afegir_un_nou_usuari

Vegeu també Apache#Autenticaci.C3.B3_amb_Ldap

Plugins

Macros

Scripts

A la carpeta /usr/lib/nagios/plugins/ podem trobar diferents scripts de control de serveis de nagios. Aquest scripts són les comandes que s'executen per comprovar el funcionament dels serveis.

Tal i com podem veure amb la comanda:

$ dpkg -S check_time
nagios-plugins-basic: /usr/lib/nagios/plugins/check_time

o amb

$ apt-cache search nagios 
sudo apt-cache search nagios
arrayprobe - command line HP (Compaq) SmartArray status checker
mailping - monitor email service availability and functioning
munin - network-wide graphing framework (grapher/gatherer)
nagat - Nagios Administration Tool
nagcon - console application interfacing to Nagios
nagios-common - A host/service/network monitoring and management system
nagios-images - Collection of images and icons for the nagios system
nagios-mysql - A host/service/network monitoring and management system
nagios-nrpe-plugin - Nagios Remote Plugin Exectutor Plugin
nagios-nrpe-server - Nagios Remote Plugin Exectutor Server
nagios-pgsql - A host/service/network monitoring and management system
nagios-plugins - Plugins for the nagios network monitoring and management system
nagios-plugins-basic - Plugins for the nagios network monitoring and management system
nagios-plugins-extra - radius plugin for nagios network monitoring and management system
nagios-plugins-standard - Plugins for the nagios network monitoring and management system
nagios-statd-client - nagios client for montioring remote system information
nagios-statd-server - nagios server for monitoring remote system information
nagios-text - A host/service/network monitoring and management system
nagios2 - A host/service/network monitoring and management system
nagios2-common - support files for nagios2
nagios2-dbg - debugging symbols for nagios2
nagios2-doc - documentation for nagios2
nsca - Nagios service monitor agent

Els paquets que ens proporcionen aquests scripts són les nagios-plugins-*

Configuració i ús d'scripts

A la carpeta /etc/nagios-plugins/config trobem la configuració dels scripts. Veiem un exemple, l'script check_dns:

$ cat /etc/nagios-plugins/config/dns.cfg 
# 'check_dns' command definition
define command{
        command_name    check_dns
        command_line    /usr/lib/nagios/plugins/check_dns -H www.google.com -s $HOSTADDRESS$
}  

# 'check_dig' command definition
define command{
        command_name    check_dig
        command_line    /usr/lib/nagios/plugins/check_dig -H $HOSTNAME$ -l $ARG1$
}  

Com podem veure també configura dig. Els paràmetres que cal tenir en compte:

  • $HOSTADDRESS$: és una variable que se substitueix per el nom de màquina de la que estem controlant el servei
  • $ARG1$: Primer paràmetre
  • $ARG2$: Segon paràmetre
  • $ARG3$: tercer paràmetre...


Els paràmetres es poden passar de la següent forma (utilitzant el símbol exclamació):

define service{

      use                             generic-service   
      host_name                       localhost
      service_description             dig
              check_command                   check_dig!www.example.com
      }

Nagios a SkoleLinux

Per tal d'accedir remotament al nagios (fora de la xarxa interna) cal afegir la següent línia al fitxer /etc/hosts

217.149.150.23 tjener.intern tjener

Sino dona error que no es pot accedir a tjener.intern.

Exemples

iperf

TODO:

Since Nagios only runs on Unix-like operating systems, I wrote a little Nagios script which is basically a wrapper around Iperf for bandwidth monitoring.

check_iperf

#!/bin/bash
#
#  Nagios plugin which runs iperf tests.
#
# (C) 2011 Robert Veznaver, released under the BSD licence
#

lockfile="/tmp/iperf-lock"
 
# get arguments
while getopts ':s:u:w:c:h' OPT; do
 case $OPT in
   s)  host=$OPTARG;;
   u)  unit=$OPTARG;;
   w)  warn=$OPTARG;;
   c)  crit=$OPTARG;;
   h)  hlp="yes";;
 esac
done

# usage
HELP="
   usage: $0 [ -s iperf_server -u unit -w value -c value -h ]

   syntax:
           -s  iperf server
           -u  unit for reporting (Mbps, Kbps, bps)
           -w  warning integer value
           -c  critical integer value
           -p  print out performance data
           -h  print this help screen
"
if [ "$hlp" = "yes" -o $# -lt 1 ]; then
 echo "$HELP"
 exit 0
fi

# check options
if [ -z $host ]; then
 echo "-s missing"
 exit
elif [ -z $warn ]; then
 echo "-w missing"
 exit
elif [ -z $crit ]; then
 echo "-c missing"
 exit
fi

# select unit
case $unit in
 Mbps)  unit_num="1000000";;
 Kbps)  unit_num="1000";;
 bps)   unit_num="1";;
 *)     unit="bps" unit_num="1";;
esac

# lock
while ! ( set -o noclobber; echo "$$" > "$lockfile" ) 2> /dev/null
do
# check for stale lock
 otherpid="$(cat "${lockfile}")"
 if ! kill -0 $otherpid &>/dev/null; then
   # lock is stale - remove lock
   rm -rf "$lockfile"
 fi
 # wait for lock
 sleep 1
done
# remove lockfile on unexpected exit
trap 'rm -f "$lockfile"; exit $?' INT TERM EXIT

# configure iperf
iperf_cmd="iperf -c $host -r -y c"
cut_field="cut -d, -f9"

read up down <<< $($iperf_cmd | $cut_field)

# release lock
rm -f $lockfile
trap - INT TERM EXIT

if [ -z $up ]; then
 up=0
fi

if [ -z $down ]; then
 down=0
fi

let up_scaled="$up/$unit_num"
let down_scaled="$down/$unit_num"

output="UNKNOWN"

if [ $up_scaled -lt $crit -o $down_scaled -lt $crit ]; then
 output="CRITICAL"
elif [ $up_scaled -lt $warn -o $down_scaled -lt $warn ]; then
 output="WARNING"
else
  output="OK"
fi

# append stats
output="$output - UP: $up_scaled $unit / DOWN: $down_scaled $unit"

echo $output


The script creates a lock so you can't test multiple servers from one location simultaneously. If you decide to run more than one instance it will run them sequentially in no particular order. I suggest making a special Nagios schedule for each link you want to test so the chances of hitting both the lock and the Nagios timeout threshold will be minimized.

Altres eines relacionades

http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1745.html;d=1

Nconf

Consulteu Nconf.

Firefox addon. Nagios checker

Monarch

Recursos

Ignoramus

Recursos

NagiosAdmin

Recursos

Fruity

Recursos:

FAN

NSCA

Consulteu també Munin#Munin_i_Nagios.

Munin i Nagios

Consulteu Munin#Munin_i_Nagios.

Monitoritzant Nagios. nagiosstats

$ nagios3stats

Nagios Stats 3.2.3
Copyright (c) 2003-2008 Ethan Galstad (www.nagios.org)
Last Modified: 10-03-2010
License: GPL

Error reading status file '/var/cache/nagios3/status.dat': Permission denied

Cal executar amb sudo:

$ sudo nagios3stats 

Nagios Stats 3.2.3
Copyright (c) 2003-2008 Ethan Galstad (www.nagios.org)
Last Modified: 10-03-2010
License: GPL

CURRENT STATUS DATA
------------------------------------------------------
Status File:                            /var/cache/nagios3/status.dat
Status File Age:                        0d 0h 0m 0s
Status File Version:                    3.2.3

Program Running Time:                   0d 0h 17m 10s
Nagios PID:                             20412
Used/High/Total Command Buffers:        0 / 0 / 4096

Total Services:                         186
Services Checked:                       186
Services Scheduled:                     186
Services Actively Checked:              186
Services Passively Checked:             0
Total Service State Change:             0.000 / 5.990 / 0.669 %
Active Service Latency:                 0.006 / 0.258 / 0.128 sec
Active Service Execution Time:          0.005 / 10.022 / 0.425 sec
Active Service State Change:            0.000 / 5.990 / 0.669 %
Active Services Last 1/5/15/60 min:     36 / 185 / 186 / 186
Passive Service Latency:                0.000 / 0.000 / 0.000 sec
Passive Service State Change:           0.000 / 0.000 / 0.000 %
Passive Services Last 1/5/15/60 min:    0 / 0 / 0 / 0
Services Ok/Warn/Unk/Crit:              102 / 1 / 13 / 70
Services Flapping:                      0
Services In Downtime:                   0

Total Hosts:                            11
Hosts Checked:                          11
Hosts Scheduled:                        11
Hosts Actively Checked:                 11
Host Passively Checked:                 0
Total Host State Change:                0.000 / 0.000 / 0.000 %
Active Host Latency:                    0.020 / 0.256 / 0.118 sec
Active Host Execution Time:             0.006 / 1.004 / 0.104 sec
Active Host State Change:               0.000 / 0.000 / 0.000 %
Active Hosts Last 1/5/15/60 min:        4 / 11 / 11 / 11
Passive Host Latency:                   0.000 / 0.000 / 0.000 sec
Passive Host State Change:              0.000 / 0.000 / 0.000 %
Passive Hosts Last 1/5/15/60 min:       0 / 0 / 0 / 0
Hosts Up/Down/Unreach:                  10 / 1 / 0
Hosts Flapping:                         0
Hosts In Downtime:                      0

Active Host Checks Last 1/5/15 min:     17 / 84 / 266
   Scheduled:                           3 / 10 / 32
   On-demand:                           14 / 74 / 234
   Parallel:                            3 / 10 / 37
   Serial:                              0 / 0 / 0
   Cached:                              14 / 74 / 229
Passive Host Checks Last 1/5/15 min:    0 / 0 / 0
Active Service Checks Last 1/5/15 min:  35 / 186 / 576
   Scheduled:                           35 / 186 / 576
   On-demand:                           0 / 0 / 0
   Cached:                              0 / 0 / 0
Passive Service Checks Last 1/5/15 min: 0 / 0 / 0

External Commands Last 1/5/15 min:      0 / 0 / 0


Gluster

Resolució de problemes (Troubleshooting)

Evitar notificacions de serveis quan un host està down

IMPORTANT: Per defecte el nagios ja ho fa, si el host està down no es mostren missatges sobre els serveis! Un altre tema és que a vegades els serveis fallen i no pas el host, i aleshores és normal rebre les notificacions dels serveis

Recursos:

Sorry, but Nagios is currently not checking for external commands, so your command will not be committed!

Les external commands són necessàries per poder utilitzar les comandes des de la web de Nagios. Cal canviar el paràmetre check_external_commands al fitxer /etc/nagios3/nagios.cfg:

$ sudo joe /etc/nagios3/nagios.cfg
check_external_commands=1

Normalment va seguit de l'error:

Error: Could not stat() command file '/var/lib/nagios3/rw/nagios.cmd'!

Per solucionar-h0:

$ sudo /etc/init.d/nagios3 stop
$ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
$ sudo  dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
$ sudo /etc/init.d/nagios3 start 

Recursos:

INFO: SSL/TLS NOT initialized. Network encryption DISABLED.

Aquest error apareix al fitxer de log si activem el log del servidor nrpe:

$ sudo tail -f /var/log/syslog
Aug 19 21:49:49 ns2 nrpe[16998]: Daemon shutdown
Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
Aug 19 21:49:50 ns2 nrpe[17286]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
Aug 19 21:49:50 ns2 nrpe[17286]: INFO: SSL/TLS NOT initialized. Network encryption DISABLED.
Aug 19 21:49:50 ns2 nrpe[17287]: Starting up daemon
Aug 19 21:49:50 ns2 nrpe[17287]: Listening for connections on port 5666
Aug 19 21:49:50 ns2 nrpe[17287]: Allowing connections from: 127.0.0.1,192.168.50.50

No té per que ser un error, igual hem indicat que no voliem SSL, amb l'opció:

DAEMON_OPTS="--no-ssl"

Del fitxer: /etc/default/nagios-nrpe-server

Could not complete SSL handshake. 1

Cal estar segur que tant el client (compte amb l'opció -n) com el servidor ( DAEMON_OPTS="--no-ssl" al fitxer /etc/default/nagios-nrpe-server ) volen comunicar-se de la mateixa forma, és a dir o tots dos amb SSL o cap dels dos amb SSL.

$ sudo tail -f /var/log/syslog
Aug 19 21:54:22 ns2 nrpe[17723]: Connection from 192.168.50.50 port 49881
Aug 19 21:54:22 ns2 nrpe[17723]: Host address is in allowed_hosts
Aug 19 21:54:22 ns2 nrpe[17723]: Handling the connection...
Aug 19 21:54:22 ns2 nrpe[17723]: Error: Could not complete SSL handshake. 1
Aug 19 21:54:22 ns2 nrpe[17723]: Connection from 192.168.50.50 closed.

Network server bind failure (98: Address already in use)

A vegades al fitxer de log trobareu l'error (cal posar l'opció debug=1 al fitxer /etc/nagios/nrpe.cfg):

$ sudo tail -f /var/log/syslog | grep nrpe
...
Aug 20 18:28:52 www nrpe[29569]: Network server bind failure (98: Address already in use)

Això vol dir que teniu una instància del servidor penjada o que funciona incorrectament. La sol·lució és localitzar el servidor amb

$ ps aux | grep nrpe

I matar-lo amb:

$ kill -9 PID

I aleshores tornar a arrancar el servidor:

$ sudo /etc/init.d/nagios-nrpe-server start

CHECK_NRPE: Error receiving data from daemon.

$ sudo /usr/local/nagios/libexec/check_nrpe -n -H 192.168.0.8 -c check_load 
CHECK_NRPE: Error receiving data from daemon.

L'opció -n indica

Do not use SSL

o si la instal·lació està feta amb apt-get:

$ sudo /usr/lib/nagios/plugins/check_nrpe -n -H 192.168.0.8 -c check_load 

Vigileu al utilitzar la opció -n. Això només s'aplica si el servidor no utilitza SSL (no és recomana per que aleshores es pot interceptar les dades intercanviades entre servidor i client).

A Ubuntu, per defecte el servidor nrpe utilitza SSL:

$ cat /etc/default/nagios-nrpe-server
# defaults file for nagios-nrpe-server
# (this file is a /bin/sh compatible fragment)  

# DAEMON_OPTS are any extra cmdline parameters you'd like to
#             pass along to the nrpe daemon
DAEMON_OPTS="--no-ssl"

# NICENESS is if you want to run the server at a different nice() priority
#NICENESS=5

Per tant;

$ sudo /usr/local/nagios/libexec/check_nrpe -H 192.168.0.8 -c check_load 

Si el problema persisteix, activeu el log (opció debug=1 al fitxer de configuració del dimoni) i llegiu els logs amb:

$ sudo tail -f /var/log/syslog
May 14 10:59:19 moodle nrpe[22354]: Caught SIGTERM - shutting down... 
May 14 10:59:19 moodle nrpe[22354]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges.
May 14 10:59:19 moodle nrpe[22354]: Daemon shutdown 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z 
May 14 10:59:20 moodle nrpe[23033]: Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
May 14 10:59:20 moodle nrpe[23033]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
May 14 10:59:20 moodle nrpe[23034]: Starting up daemon
May 14 10:59:20 moodle nrpe[23034]: Listening for connections on port 5666 
May 14 10:59:20 moodle nrpe[23034]: Allowing connections from: 192.168.0.7 

Assegureu-vos que la IP del client apareix a Allowing connections from:

Internal Server Error

Sempre que ens surti aquest missatge podem consultar el log d'errors d'apache2 $ sudo tail -f /var/log/apache2/error.log [Tue Nov 27 14:16:38 2007] [error] [client 127.0.0.1] (2)No such file or directory: Could not open password file: /etc/nagios2/htpasswd.users

El fitxer /etc/nagios2/htpasswd.users no existeix. El que si existeix és el de la versió 1. Podem solucionar-ho creant un link

$ sudo ln -s /etc/nagios/htpasswd.users /etc/nagios2/htpasswd.users

Whoops! Error: Could not read host and service status information!

Aquest error ens indica que hi ha algun problema amb el cgi de nagios. Comproveu que s'esta executant Nagios. Llegiu el fitxer de log /var/log/nagios/nagios.log.

Error: Could not connect to MySQL database ...

No s'ha configurat l'accés a la base de dades de Nagios en MySql. Si s'ha instalat Nagios utilitzant el paquet Debian (nagios-mysql) podem trobar la solució d'aquest error a:

/usr/share/doc/nagios-mysql
El fitxer README.Debian. Explica com configurar L'accés a base de dades de Nagios

Una solució potser més sencilla és utilitzar nagios en mode text: Es a dir instalar el paquet nagios-text en comptes del nagios-mysql.

Monitoritzar el log de Nagios

tail -f --lines=200 /var/log/nagios/nagios.log

No funciona el mapa 3D. Es descarrega el fitxer CGI

Cal utilitzar un plugin de navegador que permeti visualitzar fitxers VRML. Podeu provar amb whitedune.

Vegeu també

Enllaços externs

OpenFPnet
IES Nicolau Copèrnic