[it document] · installing nagios 4 with ssl certificate of nrpe 2.16rc2. title: installing nagios...

[IT DOCUMENT] PROCEDURES FOR ADMINISTERING IT SERVICES

JURI CALLERI

VERSION 2

MARCH 2017

Installing Nagios 4 with

SSL certificate of Nrpe

2.16RC2

Title: Installing Nagios 4 with SSL certificate of Nrpe 2.16RC2 1

Author: Juri Calleri

Version: 2

TABLE OF CONTENTS

1. INSTALLING NAGIOS 4 WITH SSL CERTIFICATE OF NRPE 2.16RC2 ................................................................... 3

1.1 Introduction .................................................................................................................... 3

2. PREPARE AN UBUNTU SERVER V. 14.04 ............................................................................................. 4

2.1 update the system and setup the network ............................................................................... 4

3. NAGIOS INSTALLATION ............................................................................................................... 5

3.1 Install Nagios Core ............................................................................................................ 5

3.2 Install Nagios Plugin .......................................................................................................... 6

3.3 Install NRPE 2.16RC2 .......................................................................................................... 6

3.4 Secure NRPE .................................................................................................................... 7

4. ENABLING THE WEB SERVER ............................................................................................................. 8

4.1 Protect Apache with SSL ..................................................................................................... 8

5 CONFIGURING THE SYSTEM ............................................................................................................. 10

5.1 Configure Nagios ............................................................................................................. 10

5.2 Configure the hosts .......................................................................................................... 11

5.3 Configure the services ....................................................................................................... 13

5.4 Configure the client ......................................................................................................... 14

5.5 Configure the contacts ...................................................................................................... 15

5.6 Configuring the NRPE for the server ...................................................................................... 16

6 INSTALL THE PLUGINS AND THE NRPE ON THE CLIENTS ................................................................................. 17

6.1 Installing the Nagios plugins ............................................................................................... 17

6.2 Installing NRPE on the client ............................................................................................... 17

6.3 Configuring NRPE on the client ............................................................................................ 18

6.4 How the server sends commands to the client.......................................................................... 20

7 CREATING THE CERTIFICATE ............................................................................................................ 21

7.1 Setup the Certification Authority ......................................................................................... 21

7.2 Create the certificate for NRPE Server .................................................................................. 22

7.3 Create the certificate for the NRPE client .............................................................................. 22

8 ADDING THE GRAPHS ................................................................................................................... 23

8.1 Installing pnp4nagios ........................................................................................................ 23

8.2 Configuring the program .................................................................................................... 24

8.3 Definition for hosts and services with web popups .................................................................... 26

8.4 Understanding pnp4nagios .................................................................................................. 26

9 SENDING EMAIL NOTIFICATION WITH PHP ............................................................................................... 29

9.1 Add php email command definition ....................................................................................... 29

9.2 Apply the new email template ............................................................................................ 30

10 USEFUL PLUGINS ...................................................................................................................... 35

10.1 Top 4 plugins to download ................................................................................................ 35

11 USEFUL NAGIOS COMMANDS ........................................................................................................... 37



Version: 2

11.1 Check validity of the script ............................................................................................... 37

11.2 Start Nagios service ........................................................................................................ 37

11.3 Reload the service .......................................................................................................... 37

11.4 Stop the service ............................................................................................................. 37

11.5 Restart Nagios and xinetd ................................................................................................. 37



Version: 2

1. INSTALLING NAGIOS 4 WITH SSL CERTIFICATE OF NRPE 2.16RC2

1.1 INTRODUCTION

THIS DOCUMENT CONTAINS THE INFORMATION AND STEPS TO PROCEED TO INSTALL AND CONFIGURE THE NAGIOS MONITORING SYSTEM ON AN UBUNTU SERVER 14.04 USING THE NRPE 2.16RC2. NRPE 2.16RC2 IS STILL NOT AT ITS LAST (OR DEFINED STABLE) VERSION BUT, TESTS SHOWS THAT THIS RELEASE DOES NOT HAVE PARTICULAR ISSUE. THIS PLUGIN IS A GREAT IMPROVEMENT SINCE IT PROVIDES AN INCREASE OF SECURITY THANKS TO THE USE OF SERVER-CLIENT CERTIFICATES AND AN IMPROVEMENT OF THE ENCRYPTION SYSTEM. FOR AN EASY VIEW ON THE CONFIGURATION FILE, SOME SAMPLES OF THE SAME ARE INSIDE THIS DOCUMENT.



Version: 2

2. PREPARE AN UBUNTU SERVER V. 14.04

2.1 UPDATE THE SYSTEM AND SETUP THE NETWORK

As root, run:

apt-get update && apt-get upgrade -y

Set up a static IP:

vi /etc/network/interfaces

# The primary network interface

auto eth0

iface eth0 inet static

address 192.168.0.X

netmask 255.255.255.0

network 192.168.0.0

broadcast 192.168.0.255

gateway 192.168.0.Y

dns-nameservers 192.168.0.Z 8.8.8.8

Restart the network card to apply the new IP:

ifdown eth0

ifup eth0

Install OpenSSH server (if not installed already):

apt-get install openssh-server -y

And edit sshd_config to disable rootLogin:

vi /etc/ssh/sshd_conf

PermitRootLogin no

Restart the ssh daemon:

service ssh restart



Version: 2

3. NAGIOS INSTALLATION

3.1 INSTALL NAGIOS CORE

Install the LAMP stack and secure mysql installation, when done proceed with the creation of the user that will run Nagios and its group:

useradd NagiosUser

groupadd NagiosGroup

usermod -a -G Nagiosgroup NagiosUser

passwd NagiosUser

We will install Nagios core from source therefore we need to install these packages:

apt-get install build-essential libgd2-xpm-dev openssl libssl-dev

xinetd apache2-utils unzip –y

If you want to send the emails using postfix, also install:

apt-get install postfix mailutils -y

Move to your TEMP folder or create a download folder, and download Nagios core (edit the url to match the latest Nagios core version):

curl -L -O

https://assets.nagios.com/downloads/nagioscore/releases/nagios-

4.2.4.tar.gz

tar xvf nagios-*.tar.gz

cd nagios-*

./configure --with-nagios-user=NagiosUser --with-nagios-

group=NagiosGroup --with-command-group=NagiosGroup --with-

mail=/usr/sbin/sendmail

With --with-mail=/usr/sbin/sendmail we add the ability to Nagios to send emails using postfix. In the event you wish to use the PHP_Mailer, you may skip this and the postfix installation. A benefit of using the PHP_Mailer is the possibility to edit the body of the emails in HTML format.

If instead you prefer to keep postfix, locate the mail executable in commands.cfg and make

sure it matches your OS’s /bin/mail path. In Ubuntu is in /usr/bin/mail.

Now, compile and install Nagios:

make all

make install

make install-init

-- You can stop here if you are upgrading Nagios version --

make install-commandmode

make install-config

/usr/bin/install -c -m 644 sample-config/httpd.conf

/etc/apache2/sites-available/nagios.conf

To issue external commands to Nagios, add the web server user to Nagios group:



Version: 2

usermod -G NagiosGroup www-data

3.2 INSTALL NAGIOS PLUGIN

Create a subfolder for downloading the plugins, edit the url to match their latest version, and:

curl -L -O http://nagios-plugins.org/download/nagios-plugins-

2.1.4.tar.gz

tar xvf nagios-plugins-*.tar.gz

cd nagios-plugins-*


group=NagiosGroup --with-openssl

make

make install

3.3 INSTALL NRPE 2.16RC2

UPDATE: The version used below is not the latest anymore, it has been removed from the repository as well. The following code and the certificate check would probably work with the latest version of the plugin, the NRPE 3.0.1. But it hasn't been tested yet. Create a subfolder for NRPE, and:

curl -L -O https://github.com/NagiosEnterprises/nrpe/archive/nrpe-2-

16-RC2.zip

unzip nrpe-*.zip -d nrpe

cd nrpe/nrpe*

chmod +x configure

./configure --with-nrpe-user=NagiosUser --with-nrpe-

group=NagiosGroup --with-nagios-user=NagiosUser --with-nagios-

group=NagiosGroup --with-ssl=/usr/bin/openssl --with-ssl-

lib=/usr/lib/x86_64-linux-gnu

make all

make install

make install-xinetd

make install-daemon-config

Only the xinetd that run on the client must be edited to allow the Nagios server to connect:

vi /etc/xinetd.d/nrpe

only_from = IP_OF_SERVER

Restart xinetd, if you updated nrpe on the monitored server:

service xinetd restart



Version: 2

3.4 SECURE NRPE

To secure Nrpe with the certificate, the section #7 shows how to create the certificate and apply it to the configuration.

The main error messages you may get are the following:

Status Information: Error: could not use certificate file '/usr/local/nagios/etc/ssl/client_certs/nag_serv.pem'.

CHECK_NRPE: Error - Could not complete SSL handshake with 192.168.10.219: 1

A temporary solution is to set the ../ssl/ folder and certificates permissions to 777. If now the nrpe is working, change again the permissions to secure the certificates from unauthorized users. 555 is a good set of permissions to use in this case, because both the owner, group and others can only execute it.

Version: 2

4. ENABLING THE WEB SERVER

4.1 PROTECT APACHE WITH SSL

Enable auth digest (optional):

a2enmod auth_digest

htdigest -c /usr/local/nagios/etc/.digest_pw "Nagios Access"

nagiosadmin

Add the created file in nagios.conf, for both /sbin and /share and Apache <2.3 and >=2.3 sections:

vi /etc/apache2/sites-available/nagios.conf

AuthName "Nagios Access"

AuthType Digest

AuthUserFile /usr/local/nagios/etc/.digest_pw

Use Apache2 ssl, rewrite and cgi mods:

a2enmod ssl

a2enmod rewrite

a2enmod cgi

Create the certificate for the web server that lasts 10 years:

openssl genrsa -des3 -out server.3des-key 1024

openssl rsa -in server.3des-key -out server.key

openssl req -new -key server.key -x509 -out server.crt -days 3650

chmod 600 server.key

rm server.3des-key

mv server.crt /etc/ssl/

mv server.key /etc/ssl/private/

And add these certificates in default-ssl.conf:

vi /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/ssl/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key

Edit once again nagios.conf to add SSLRequireSSL in both /sbin and /share:

vi /etc/apache2/sites-available/nagios.conf

<Directory "/usr/local/nagios/sbin">

SSLRequireSSL

[...]

<Directory "/usr/local/nagios/share">

SSLRequireSSL

Apply the new SSL and restart Apache2:



Version: 2

a2ensite default-ssl.conf

service apache2 restart

Create a symbolic link to enable the new site:

ln -s /etc/apache2/sites-available/nagios.conf /etc/apache2/sites-

enabled/

And enable Nagios to start on boot:

ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Now you can access its the Nagios web interface: https://nagios_server/nagios username: nagiosadmin password: *The one you choose earlier*

https://nagios_server/nagios



Version: 2

5 CONFIGURING THE SYSTEM

5.1 CONFIGURE NAGIOS

The main configuration file for Nagios core is nagios.cfg in /usr/local/nagios/etc. This file, among other settings, allows the addition of other paths for smaller configuration file. A clean way to configure Nagios is to understand its operation and build the configuration settings separately. This chapter shows how to split and manage the configurations. First make a backup of nagios.cfg:

cd /usr/local/nagios/etc

cp nagios.cfg nagios.cfg.original

With in mind that rows that start with the sharp sign ( # ) are comments, delete accordingly this sign from nagios.cfg where you want to activate its setting, just like below:

vi /usr/local/nagios/etc/nagios.cfg

#cfg_dir=/usr/local/nagios/etc/servers

[ and delete the ‘#’ to activate the ‘servers’ folder ]

[ Locate then this row, which is above the previous ]

# You can specify individual object config files as shown below:

[ And add as many configuration file as needed ]

cfg_file=/usr/local/nagios/etc/objects/commands.cfg

cfg_file=/usr/local/nagios/etc/objects/contacts.cfg

cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg

cfg_file=/usr/local/nagios/etc/objects/nrpecommands.cfg

cfg_file=/usr/local/nagios/etc/objects/services.cfg

cfg_file=/usr/local/nagios/etc/objects/hostconf.cfg

cfg_file=/usr/local/nagios/etc/objects/mailtemplate.cfg

[ Or, if you are confident enough you may use a single cfg_dir,

just like for ‘servers’, and place all of the above cfg_file

inside your cfg_dir ]

cfg_dir=/usr/local/nagios/etc/servers

#cfg_dir=/usr/local/nagios/etc/printers

#cfg_dir=/usr/local/nagios/etc/switches

#cfg_dir=/usr/local/nagios/etc/routers

cfg_dir=/usr/local/nagios/etc/myconfiguration

Basically, one can choose if adding the single configuration file or a whole folder. This document uses both.

A folder with all of the servers: cfg_dir=/usr/local/nagios/etc/servers

and the single setting: cfg_file=/usr/local/nagios/etc/objects/nrpecommands.cfg

nrpecommands.cfg is the heart of the nrpe plugin, we can proceed to create this file:

Version: 2

vi /usr/local/nagios/etc/objects/nrpecommands.cfg

define command{

command_name check_nrpe

command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$

}

define command{

command_name check_nrpe_cert

command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -C

/usr/local/nagios/etc/ssl/server_certs/nag_serv.pem -K

/usr/local/nagios/etc/ssl/server_certs/nag_serv.key -A

/usr/local/nagios/etc/ssl/ca/ca_cert.pem -c $ARG1$ -t 15

}

As you can see, there are both the versions of the nrpe command, this document though will

focus only in having the nrpe working with the certificate: check_nrpe_cert.

We now need to edit the contacts.cfg and enter the email address you are going to use to receive Nagios notification:

vi /usr/local/nagios/etc/objects/contacts.cfg

email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS

******

[ You may edit the name too, the most important is the email ]

5.2 CONFIGURE THE HOSTS

Each host is created grabbing information from the other configuration files. These information are the services, the timetable, the group of the servers the host belongs to [...] All of these information are called “definitions”. A configuration file is a mix of definitions, the exact same definitions used inside the “templates.cfg”. But, templates.cfg is generic and contains all the definitions used for the hosts, rather, we wish each file for each configuration, this way it is more clear to work with.

A suggestion is to open your templates.cfg and check its content. Then, we can create the single files:

vi /usr/local/nagios/etc/objects/hostconf.cfg

# Suppose you have Linux and Windows servers, or production and test

# server, or simply using groups to differentiate one host from another

## HOST GROUP DEFINITION ##

define hostgroup{

hostgroup_name Test Hostgroup

alias Test Servers

}

# This is the hostgroup, used show together all the servers with the

# same scope, can be test, webserver, domain controllers and so on..



Version: 2

## HOST BASE DEFINITION ##

define host{

Name linux-host

notifications_enabled 1

event_handler_enabled 1

flap_detection_enabled 1

process_perf_data 1

retain_status_information 1

retain_nonstatus_information 1

notification_period 24x7

check_period 24x7

retry_interval 1

max_check_attempts 5

check_command check-host-alive

contact_groups avengers

register 0

}

# This is a template that can match a very base server.

# All the servers with same scope may use the same base definition

# so they become members of the linux-host group.

# Every setting applied here is applied for all of its members.

## HOST DEFINITION ##

define host{

Name linux-test

Use linux-host

Hostgroups Test Hostgroup

check_interval 2

notification_period workhours

notification_interval 30

notification_options d,u,r

register 0

}

# This host is using the base template but it is still possible

# to override the settings, just like happened with notification_period

# and the lasts are applied

In all of them appears the register 0, which means that this is not a real host but a template.

We will configure the hosts inside /usr/local/nagios/etc/servers.



Version: 2

5.3 CONFIGURE THE SERVICES

Same as the host, the services may use groups but it is more useful to create the templates for the services:

vi /usr/local/nagios/etc/objects/services.cfg

## SERVICES DEFINITIONS ##

define service{

Name generic-service

active_checks_enabled 1

passive_checks_enabled 0

parallelize_check 1

obsess_over_service 0

check_freshness 0

notifications_enabled 1

event_handler_enabled 1


process_perf_data 0



is_volatile 0

check_period 24x7


check_interval 5

retry_interval 2

contact_groups avengers

notification_options w,u,c,r


notification_period 24x7

register 0

}

# This is the service template for a generic service

# it works exactly like the host template.

# And now we have a different kind of service!

# Below is the definition of a service to be used with a plugin able

# to check the log files.

# The application that creates this log files, is fail2ban.

# I created this service for Nagios with the purpose to define a

# different kind of service check

define service{

Name fail2banlog-service

Use generic-service




is_volatile 1



Version: 2


check_interval 4

retry_interval 2


register 0

}

# Using the base template for services, this template does not save

# the data of the service (is volatile 1), also does not check 3 times

# before sending the alarm (max_check_attempts 1 ), and can pass

# between OK and ALARM status without being blocked by Nagios for being

# “flapping” (flap_detection_enabled 0).

This document wants to be just an overview on Nagios and its configuration, which leaves the reader to read the Nagios manual and understand every options that this document does not cover.

5.4 CONFIGURE THE CLIENT

Each .cfg file is a host, we can name it after the real server hostname simply to differentiate this from another:

vi /usr/local/nagios/etc/servers/fileserver-test.cfg

## HOST ##

define host{

use linux-test

host_name fileserver-test

alias Fileserver test

address 192.168.10.11

}

define service{

name fileserver-test-service

host_name fileserver-test

register 0

}

## SERVICES ##

define service{

use generic-service,fileserver-test-service

service_description Check memory

check_command check_nrpe_cert!check_mem

}

define service{

use fail2banlog-service,fileserver-test-service

service_description Fail2ban

check_command check_nrpe_cert!check_log_fail2ban

}



Version: 2

This host is using the generic-service template for the check_mem command, and the

fail2banlog_service to check the logs of this program.

Also, each service needs the host_name definition to perform their check on the correct host. Using a service definition template you can apply to the service the corresponding host.

service description is the name appearing on the Nagios web panel.

host_name MUST match the one used under the ## HOST ##.

check_command calls the command check_mem using the server’s command

check_nrpe_cert.

check_mem is defined in the NRPE.cfg file on the host machine.

5.5 CONFIGURE THE CONTACTS

You may have noticed that in the previous chapters, “avengers” was used in the

contact_groups.

A simple contacts.cfg with two users is as follows:

vi /usr/local/nagios/etc/objects/contacts.cfg

## CONTACTS DEFINITION ##

define contact{

name generic-contact

service_notification_period 24x7

host_notification_period 24x7

service_notification_options w,u,c,r,f,s

host_notification_options d,u,r,f,s

service_notification_commands notify-service-by-email

host_notification_commands notify-host-by-email

register 0

}

## CONTACTS ##

define contact{

contact_name Tony

use generic-contact

alias Iron-man

email [email protected]

}

define contact{

contact_name Steve

use generic-contact

alias Captain America

email [email protected]

}

## CONTACT GROUPS ##

define contactgroup{

contactgroup_name avengers

alias Nagios Administrators



Version: 2

members Tony, Steve

}

Now you know why!

All the .cfg files follows the same logic. If we want to use contacts for office hours and for night shifts all we have to do is to add a new contact definition, set it up and register 0. The: service_notification_commands notify-service-by-email

host_notification_commands notify-host-by-email

are both defined inside commands.cfg. For local commands, those used on the Nagios monitoring server itself, there is no need to use the certificate.

5.6 CONFIGURING THE NRPE FOR THE SERVER

NRPE config file in /usr/local/nagios/etc/nrpe.cfg is installed at the moment of the NRPE plugin installation.

If it should act as a server or client depends by its configuration.

The server configuration can be reduced to a few lines only, there is no need of leaving the NRPE user because the connection is managed by xinetd. Several other settings were removed from this configuration. Do not forget to make a backup of the original file:

cd /usr/local/nagios/etc

cp nrpe.cfg nrpe.cfg.original

nrpe.cfg contains useful information, before using the configuration below it is better to have a look at it and once understood it you can erase its content and update:

>nrpe.cfg

vi nrpe.cfg

log_facility=daemon

pid_file=/var/run/nrpe.pid

dont_blame_nrpe=0

allow_bash_command_substitution=0

debug=0

command_timeout=60

connection_timeout=300

ssl_version=TLSv1.2+

ssl_use_adh=1

ssl_cipher_list=ALL:!MD5:@STRENGTH

ssl_client_certs=2

ssl_logging=0xff

Logs are enabled and set to full-log. When your configuration is working the ssl_logging directive can be turned off.



Version: 2

6 INSTALL THE PLUGINS AND THE NRPE ON THE CLIENTS

6.1 INSTALLING THE NAGIOS PLUGINS

The Nagios plugin installation for the hosts follows the same commands used in the previous chapter.

Follow the steps to set-up the network with a static IP

Create the user and group for Nagios, just like earlier in the document:

useradd NagiosUser

groupadd NagiosGroup

usermod -a -G NagiosGroup NagiosUser

passwd NagiosUser

Run the repository update command on the host and install a few packages:

apt-get update

apt-get install build-essential openssl libssl-

dev xinetd unzip libsys-statistics-linux-perl -y

libsys-statistics-linux-perl is used by the plugin

check_linux_stats.pl on the Nagios plugins hub. This plugin is good for checks on cpu, memory, disk and many other.

You can download it from Nagios Exchange and chmod +x to make it executable

when copied to /usr/local/nagios/libexec. But, if your plans are to use graphs for the CPU, probably you wish to use another plugin called check_cpu.py, because this plugin shows the load on the CPU and not the idle percentage.

Also, check_cpu.py comes with a template for pnp4nagios. More about pnp4nagios at its section.

Now use the same command used for installing the plugin on the Nagios server:

curl -L -O http://nagios-plugins.org/download/nagios-

plugins-2.1.4.tar.gz

tar xvf nagios-plugins-*.tar.gz

cd nagios-plugins-*


group=NagiosGroup --with-openssl

make

make install

6.2 INSTALLING NRPE ON THE CLIENT

Also the NRPE installation is the same as the one for the server.

Follow these commands:

curl -L -O

https://github.com/NagiosEnterprises/nrpe/archive/nrpe-2-

16-RC2.zip

https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_linux_stats/details

https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_cpu-2Epy/details



Version: 2

unzip nrpe-*.zip -d nrpe

cd nrpe/nrpe*

chmod +x configure

./configure --with-nrpe-user=NagiosUser --with-nrpe-

group=NagiosGroup --with-nagios-user=NagiosUser --with-

nagios-group=NagiosGroup --with-ssl=/usr/bin/openssl --

with-ssl-lib=/usr/lib/x86_64-linux-gnu

make all

make install

make install-xinetd

make install-daemon-config

And remember to update xinetd:

vi /etc/xinetd.d/nrpe

only_from = IP_OF_NAGIOS_SERVER

When done, restart it:


6.3 CONFIGURING NRPE ON THE CLIENT

All we have to do now is to set up the certificate and update the NRPE conf file.

This chapter is focusing on creating the NRPE config file for the client and the certificate

creation is left for the next section.

Previously we created the nrpecommands.cfg to store the nrpe command and certificates.

Now, the certificates are defined in the client’s nrpe config file.

Again, make a copy of the file and then erase it to copy this new settings:

cd /usr/local/Nagios/etc

cp nrpe.cfg nrpe.cfg.original

>nrpe.cfg

vi nrpe.cfg

log_facility=daemon

pid_file=/var/run/nrpe.pid

dont_blame_nrpe=0

allow_bash_command_substitution=0

debug=0

command_timeout=60

connection_timeout=300

ssl_version=TLSv1.2+

ssl_use_adh=1

ssl_cipher_list=ALL:!MD5:@STRENGTH

ssl_cacert_file=/usr/local/nagios/etc/ssl/ca_cert.pem

ssl_cert_file=/usr/local/nagios/etc/ssl/monitored.pem

ssl_privatekey_file=/usr/local/nagios/etc/ssl/monitored.key

ssl_client_certs=2



Version: 2

ssl_logging=0xff

command[check_mem]=/usr/local/nagios/libexec/check_linux_stats.pl

-M -w 100,25 -c 100,50

command[check_log_fail2ban]=/usr/local/nagios/libexec/check_log3.pl -l

/var/log/fail2ban.log -p 'Ban' -w 1 -c 5

No nrpe user needed here as well, because xinetd is taking care of the connection.

You can see it differs from the server’s one because this contains both the certificate and the

commands that the server asks the client to run:

command[check_mem]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w

100,25 -c 100,50





Version: 2

6.4 HOW THE SERVER SENDS COMMANDS TO THE CLIENT

The server contain this definition in the client’s configuration inside the ../servers folder:

define service{

use generic-service,fileserver-test-service

service_description Check memory

check_command check_nrpe_cert!check_mem

}

And the client have the check_mem defined in the nrpe.cfg file.

command[check_mem]=/usr/local/nagios/libexec/check_linux_stats

The parameters after the plugin are used to send to the client what service to check and what it

is reported as good, warning or critical status.

On the client:

cd /usr/local/nagios/libexec

./check_linux_stats.pl -M -w 100,25 -c 100,50

if you would run this command, the reply is the same that will be sent to Nagios, where in the

case of this plugin: -M is for “memory”, -w is the warning and –c the critical.

Nagios uses Linux exit codes to understand the output of the commands:

exit 0 – Good

exit 1 – Warning

exit 2 – Critical

exit 3 – Unknown # Usually due to communication errors between the server

and client

This means that it is easy to create own plugins and let Nagios run them.

Among what is reported to Nagios, there are the performance_data, more on this in the

pnp4nagios section.

performance_data are detailed information about the last check, these are widely used when

creating graphs but are flexible too.



Version: 2

7 CREATING THE CERTIFICATE

7.1 SETUP THE CERTIFICATION AUTHORITY

The certificate proposed here have a validity of 10 years, just like the one for apache2.

Nagios server will become a Certification Authority, obviously it is not trusted on the internet

and its certificates are only valid for internal use, which is enough for us.

First, set up the directories:

mkdir -p -m 750 /usr/local/nagios/etc/ssl

chown root.NagiosGroup /usr/local/nagios/etc/ssl

cd /usr/local/nagios/etc/ssl

mkdir -m 750 ca

chown root.root ca

mkdir -m 750 server_certs

chown root.NagiosGroup server_certs

mkdir -m 750 client_certs

chown root.NagiosGroup client_certs

And set up the Certification Authority (CA):


mkdir –p –m 700 demoCA/newcerts

touch demoCA/index.txt

echo "01" > demoCA/serial

chown -R root.root demoCA

chmod 600 demoCA/serial

chmod 600 demoCA/index.txt

chmod 700 demoCA

Then, create the CA:

cd /usr/local/nagios/etc/ssl/ca

openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out

ca_cert.pem -utf8 -days 3650



Version: 2

7.2 CREATE THE CERTIFICATE FOR NRPE SERVER

Create the NRPE Server Certificate Request (CSR, Certificate Signing Request) and sign it:

cd /usr/local/nagios/etc/ssl/server_certs

openssl req -new -newkey rsa:2048 -keyout nag_serv.key -out

nag_serv.csr -nodes


openssl ca -extensions usr_cert -days 3650 -notext -md sha256 -

keyfile ca/ca_key.pem -cert ca/ca_cert.pem -in

server_certs/nag_serv.csr -out server_certs/nag_serv.pem

chown root.NagiosGroup server_certs/nag_serv.pem

chmod 440 server_certs/nag_serv.pem

Copy nag-serv.pem, nag-serv.key and ca/ca_cert.pem files to the Nagios’s ssl folder.

The paths will match those used in the nrpecommands.cfg.

But, if your CA is, just like in this documentation, on your Nagios server, there is no need to

move the certificate anywhere. The paths points already to this location.

7.3 CREATE THE CERTIFICATE FOR THE NRPE CLIENT

Create the CSR of the NRPE Client and sign it:

cd /usr/local/nagios/etc/ssl/server_certs

openssl req -new -newkey rsa:2048 -keyout monitored.key -out

monitored.csr -nodes

Follow the prompts. The -nodes at the end of the lines tells openssl to generate the key

without a passphrase. Leave it off, if you want someone to enter a passphrase whenever the

machine boots.

IMPORTANT: Do not create certificates using the same Common Name (CN).

You can use one certificate for all of the servers to monitor (less secure, but acceptable).

Now you need to sign the CSR with the CA key:


openssl ca -days 3650 -notext -md sha256 -keyfile ca/ca_key.pem -cert

ca/ca_cert.pem -in client_certs/monitored.csr -out

client_certs/monitored.pem

chown root.NagiosGroup client_certs/monitored.pem

chmod 444 client_certs/monitored.pem

Copy monitored.pem, monitored.key and ca/ca_cert.pem files to every machine in the

Nagios’s ssl folder.

The paths will match those used in the nrpe.cfg.



Version: 2

8 ADDING THE GRAPHS

8.1 INSTALLING PNP4NAGIOS

Change directory to your download folder, and enter:

apt-get install rrdtool librrds-perl

curl -L -O http://docs.pnp4nagios.org/_media/dwnld/pnp4nagios-

head.tar.gz

tar -xvzf pnp4nagios*

cd pnp4nagios


group=NagiosGroup --with-httpd-conf=/etc/apache2/sites-available

Follow the prompts. The output is similar to:

*** Configuration summary for pnp4nagios-0.6.2 23-12-2009 ***

General Options:

------------------------- -------------------

Nagios user/group: NagiosUser NagiosGroup

Install directory: /usr/local/pnp4nagios

HTML Dir: /usr/local/pnp4nagios/share

Config Dir: /usr/local/pnp4nagios/etc

Location of rrdtool binary: /usr/bin/rrdtool Version 1.2.12

RRDs Perl Modules: FOUND (Version 1.2012)

RRD Files stored in: /usr/local/pnp4nagios/var/perfdata

process_perfdata.pl Logfile:

/usr/local/pnp4nagios/var/perfdata.log

Perfdata files (NPCD) stored in: /usr/local/pnp4nagios/var/spool

Web Interface Options: ------------------------- ------------

-------

HTML URL: http://localhost/pnp4nagios/

Apache Config File: /etc/apache2/sites-available/pnp4nagios.conf

Review the options above for accuracy. If they look okay,

type 'make all' to compile.

Make sure it uses the same user and group defined for Nagios and that the apache config is the

right one for your system, on Ubuntu 14.04 this is correct because of the command

--with-httpd-conf=/etc/apache2/sites-available.

Compile the program:

make all

make install



Version: 2

make install-webconf

make install-config

make install-init

[ Or, all of these commands reassumed in ]

make fullinstall

If you changed the nagiosadmin webuser authentication to use the digest, do:

vi /etc/apache2/sites-available/pnp4nagios.conf

AuthName "Nagios Access"

AuthType Digest

AuthUserFile /usr/local/nagios/etc/.digest_pw

Replace this on all of it sections.

8.2 CONFIGURING THE PROGRAM

Pnp4nagios can be configured to use several modes, but the Synchronous mode will not

work.

This document is focusing to use the Bulk mode.

Check the other configurations here: Quick-start.

To use the graphs we need to have performance data enabled.

This can be done both from the Nagios config file or from the single service configuration, which

can be used to selectively enable when it is disabled on the main Nagios configuration.

To enable it globally on the Nagios config file:

vi /usr/local/nagios/etc/nagios.cfg

[ Find ]

process_performance_data=0

[ And change it to ]

process_performance_data=1

[ Then, add the code below at the end of the file ]

#

# service performance data

#

service_perfdata_file=/usr/local/pnp4nagios/var/service-perfdata

service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET

$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$

SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE

::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICEST

ATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$

service_perfdata_file_mode=a

service_perfdata_file_processing_interval=15

service_perfdata_file_processing_command=process-service-perfdata-file

http://docs.pnp4nagios.org/pnp-0.6/start



Version: 2

#

# host performance data starting with Nagios 3.0

#

host_perfdata_file=/usr/local/pnp4nagios/var/host-perfdata

host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOS

TNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOS

TCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$

host_perfdata_file_mode=a

host_perfdata_file_processing_interval=15

host_perfdata_file_processing_command=process-host-perfdata-file

Now we need to create the command for Nagios:

vi /usr/local/nagios/etc/objects/commands.cfg

define command{

command_name process-service-perfdata-file

command_line

/usr/local/pnp4nagios/libexec/process_perfdata.pl --

bulk=/usr/local/pnp4nagios/var/service-perfdata

}

define command{

command_name process-host-perfdata-file

command_line

/usr/local/pnp4nagios/libexec/process_perfdata.pl --

bulk=/usr/local/pnp4nagios/var/host-perfdata

}

To check if the configuration is correct, pnp4nagios provides a tool in perl you can download

here.

If you receive the message PHP magic_quotes_gpc is deprecated then locate your

php.ini and set the value to Off.

Additionally, you may want to open the graphs on the main window of Nagios:

vi +325 /usr/local/nagios/etc/cgi.cfg

[ replace ]

action_url_target=_blank

[ with ]

action_url_target=main

http://docs.pnp4nagios.org/pnp-0.6/verify_pnp_config



Version: 2

8.3 DEFINITION FOR HOSTS AND SERVICES WITH WEB POPUPS

To continue the pnp4nagios configuration, another step is to add the new configuration on the

hosts and on the services, this commands shows a web popup of the graph.

On the hosts:

vi /usr/local/nagios/etc/objects/hostconf.cfg

define host{

name host-pnp

action_url

/pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_'

class='tips'

rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=_HOST_

register 0

}

On the services:

vi /usr/local/nagios/etc/objects/services.cfg

define service{

name srv-pnp

action_url

/pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$'

class='tips'

rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=$SERVICEDES

C$

register 0

}

8.4 UNDERSTANDING PNP4NAGIOS

Or better, pnp4nagios must understand what is the command used for the checks:

vi /usr/local/pnp4nagios/etc/check_command/check_nrpe_cert.cfg

#

# Adapt pnp4nagios to the check_nrpe_cert command, with this template

# Command:

# check_nrpe_cert!check_mem

# ________0______| |

# ________1_______________|

#

# User ARG1

CUSTOM_TEMPLATE = 0,1

Version: 2

Pnp4nagios uses templates to show graphs based on the command executed.

Using the nrpe, the command that the server will send to the client will always be

check_nrpe_cert_check_mem, for example.

In the pnp4nagios/share/templates folder then, we need to create a php file called

check_nrpe_cert_check_mem.php and this template will match this command.

The more commands you want to show as a graph, the more templates with the command’s

name you need to create.

There are many templates you can find on internet, all of them are php file.

There are special templates too.

The pnp4nagios/share/templates.special folder, contains the templates used to show

the graph of the same service on several different servers (like the one for the PING).

An example of special template for PING, is:

vi /usr/local/nagios/pnp4nagios/share/templates.special/ping-all.php

<?php

$this->MACRO['TITLE'] = "Ping";

$this->MACRO['COMMENT'] = "For All Servers";

$services = $this->tplGetServices("","PING");

# The Datasource Name for Graph 0

$ds_name[0] = "Ping";

$opt[0] = "--title \"Ping\"";

$def[0] = "";

# Iterate through the list of hosts

$i=0;

foreach($services as $key=>$val){

if($i == 1) {$i = 2;}

$data = $this->tplGetData($val['host'],$val['service']);

#throw new Kohana_exception(print_r($a,TRUE));

$hostname = rrd::cut($data['MACRO']['HOSTNAME']);

$def[0] .= rrd::def("var$key" , $data['DS'][0]['RRDFILE'],

$data['DS'][0]['DS'] );

$def[0] .= rrd::line1("var$key", rrd::color($i),

$hostname);

$def[0] .= rrd::gprint("var$key", array("MAX", "AVERAGE"));

$i++;

}

?>

For the special templates, you don’t need to rename the file after the command name, ping-

all.php is fine.



Version: 2

The name of the service, you can change this to match your service name.

This is where you’d want to write the name of the host, use “” for all the hosts.

Like the service name, but this is the one configured in Nagios. Be careful, if what you write

here does not match any service, it will simply not work.

In order to assign a different colour to all the hosts, the $key was replaced with a different

variable, like $i.

This, because the $key will sooner or later set itself as „1“ and that is the colour of the Yellow.

The yellow is hard to see on a white background.

To avoid this, in case $i = 1 it will be set to $i = 2.



Version: 2

9 SENDING EMAIL NOTIFICATION WITH PHP

9.1 ADD PHP EMAIL COMMAND DEFINITION

It is know that the notification sent by Nagios through email are not eye-catching. There is a

very little if not none personalization of the email’s body.

Luckily, one can apply its own style to the emails thanks to the use of PHP and HTML, of course.

Create a new configuration file for the emails:

vi /usr/local/nagios/etc/objects/mailtemplate.cfg

define command{

command_name notify-service-by-email

command_line

/usr/local/nagios/libexec/nagios_service_mail

"$NOTIFICATIONTYPE$" "$HOSTNAME$" "$HOSTALIAS$" "$HOSTSTATE$"

"$HOSTADDRESS$" "$SERVICEOUTPUT$" "$SHORTDATETIME$"

"$SERVICEDESC$" "$SERVICESTATE$" "$CONTACTEMAIL$"

"$SERVICEDURATIONSEC$" "$SERVICEEXECUTIONTIME$"

"$TOTALSERVICESWARNING$" "$TOTALSERVICESCRITICAL$"

"$TOTALSERVICESUNKNOWN$" "$LASTSERVICEOK$"

"$LASTSERVICEWARNING$" "$SERVICENOTIFICATIONNUMBER$"

"$SERVICEPERFDATA$"

}

define command{

command_name notify-host-by-email

command_line /usr/local/nagios/libexec/nagios_host_mail

"$NOTIFICATIONTYPE$" "$HOSTNAME$" "$HOSTALIAS$" "$HOSTSTATE$"

"$HOSTADDRESS$" "$HOSTOUTPUT$" "$SHORTDATETIME$" "$SERVICEDESC$"

"$SERVICESTATE$" "$CONTACTEMAIL$" "$TOTALHOSTSUP$"

"$TOTALHOSTSDOWN$"

}

Remember to update the Nagios configuration file to add this new file.

And notice the name used for the definition. Same as the one used for Nagios.

Which means we need to disable those currently in use:

vi /usr/local/nagios/etc/objects/commands.cfg

# 'notify-host-by-email' command definition

#define command{

# command_name notify-host-by-email

# command_line /usr/bin/printf "%b" "***** Nagios

*****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost:

$HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo:

$HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | mail -r $ADMINEMAIL$ -s

"** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **"

$CONTACTEMAIL$

# }

Version: 2

# 'notify-service-by-email' command definition

#define command{

# command_name notify-service-by-email

# command_line /usr/bin/printf "%b" "***** Nagios

*****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService:

$SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState:

$SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional

Info:\n$SERVICEOUTPUT$\n\nExtra Data:\n$SERVICEPERFDATA$\n\n" | mail -r

$ADMINEMAIL$ -s "** $NOTIFICATIONTYPE$ Service Alert:

$HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$

# }

To apply comments at the beginning of every row about:

notify-host-by-email

notify-service-by-email

9.2 APPLY THE NEW EMAIL TEMPLATE

A sample of nagios_host_email is as follows:

vi /usr/local/nagios/libexec/nagios_host_email

#!/usr/bin/env php

<?php

array_shift($argv);

$f_notify_type =array_shift($argv);

$f_host_name =array_shift($argv);

$f_host_alias =array_shift($argv);

$f_host_state =array_shift($argv);

$f_host_address =array_shift($argv);

$f_host_output =array_shift($argv);

$f_long_date =array_shift($argv);

$f_serv_desc =array_shift($argv);

$f_serv_state =array_shift($argv);

$f_to =array_shift($argv);

$f_totalup =array_shift($argv);

$f_totaldown=array_shift($argv);

$subject = "$f_notify_type Host: $f_host_name";

$from ="monitoring@localhost";

$body = "<html><body>Notification: $f_notify_type \r\n";

$body .= "Host: $f_host_alias \r\n";

Version: 2

$body .= "Address: $f_host_address \r\n";

$body .= "Date/Time: $f_long_date \r\n";

$body .= "More Info: <a

href='https://149.202.109.84/nagios/'>Nagios home page</a> 

\r\n";

$body .= "Additional Info: $f_host_output \r\n";

$body .= "Total Servers Up: $f_totalup ";

$body .= "Total Servers Down: $f_totaldown \r\n";

$body .= "</body></html> \r\n";

$headers = "From: $from\r\n";

$headers = $headers."Content-type: text/html\r\n";

/* Send eMail Now... */

mail($f_to, $subject, $body, $headers);

?>

Where $from ="monitoring@localhost"; can be edited to match another user and/or

domain.

And, an example of nagios_service_mail is:

vi /usr/local/nagios/libexec/nagios_service_email

#!/usr/bin/env php

<?php

# Replace the domain "kdog.cmsnagios.com" with your

# Own Nagios Server Domain... If you have a /cms/ server

# like simplecms, replace the img src path accordingly.

array_shift($argv);

$f_notify_type =array_shift($argv); /*1*/

$f_host_name =array_shift($argv); /*2*/

$f_host_alias =array_shift($argv); /*3*/

$f_host_state =array_shift($argv); /*4*/

$f_host_address =array_shift($argv); /*5*/

$f_serv_output =array_shift($argv); /*6*/

$f_long_date =array_shift($argv); /*7*/

$f_serv_desc =array_shift($argv); /*8*/

$f_serv_state =array_shift($argv); /*9*/

$f_to =array_shift($argv); /*10*/

$f_duration = round((array_shift($argv))/60,2); /*11*/

$f_exectime =array_shift($argv); /*12*/

$f_totwarnings =array_shift($argv); /*13*/



Version: 2

$f_totcritical =array_shift($argv); /*14*/

$f_totunknowns =array_shift($argv); /*15*/

$f_lastserviceok = array_shift($argv); /*16*/

$f_lastwarning = array_shift($argv); /*17*/

$f_attempts= array_shift($argv); /*18*/

$extra_info= array_shift($argv); /*19*/

$f_downwarn = $f_duration;

$f_color="#dddddd";

if($f_serv_state=="WARNING") {$f_color="#f48400";}

if($f_serv_state=="CRITICAL") {$f_color="#f40000";}

if($f_serv_state=="OK") {$f_color="#00b71a";}

if($f_serv_state=="UNKNOWN") {$f_color="#cc00de";}

// Check If File Exists ###########

if($f_notify_type=="PROBLEM")

{

$currenttime = time();

$file_name = "/tmp/$f_host_name.$f_serv_desc.txt";

if ($f_attempts==1)

{

if(file_exists($file_name)==true) {unlink($file_name);}

$currenttime = $currenttime+round(($f_duration * 60),0);

file_put_contents($file_name, "$currenttime");

}

}

if($f_notify_type=="RECOVERY")

{

$currenttime = time();

$oldtime = time();

$file_name = "/tmp/$f_host_name.$f_serv_desc.txt";

if (file_exists($file_name)==true)

{

$oldtime = intval(file_get_contents($file_name));

}

$f_downwarn = round(($currenttime - $oldtime)/60,2);

}

$f_serv_output = str_replace("(","/",$f_serv_output);

$f_serv_output = str_replace(")","/",$f_serv_output);

$f_serv_output = str_replace("[","/",$f_serv_output);

$f_serv_output = str_replace("]","/",$f_serv_output);

Version: 2

$subject = "$f_notify_type Service: $f_host_name/$f_serv_desc

[$f_serv_state]";

$from ="monitoring@localhost";

$body = "<html><body><table border=0 width='98%' cellpadding=0

cellspacing=0><tr><td valign='top'>\r\n";

$body .= "<table border=0 cellpadding=0 cellspacing=0 width='97%'>";

$body .= "<tr bgcolor=$f_color><td width='140'>Notification:</td><td>$f_notify_type

[$f_serv_state]</td></tr>\r\n";

$body .= "<tr bgcolor=#eeeeee><td>Service:</td><td>$f_serv_desc</td></tr>\r\n";

$body .= "<tr bgcolor=#fefefe><td>Server:</td><td>$f_host_alias</td></tr>\r\n";

$body .= "<tr bgcolor=#eeeeee><td>Address:</td><td>$f_host_address</td></tr>\r\n";

$body .= "<tr bgcolor=#fefefe><td>Date/Time:</td><td>$f_long_date</td></tr>\r\n";

$body .= "<tr bgcolor=#eeeeee><td>More Info:</td><td><a

href='https://149.202.109.84/nagios/'>Nagios home

page</a></td></tr>\r\n";

$body .= "<tr bgcolor=#fefefe><td>Additional

Info:</td><td>$f_serv_output</td></tr>\r\n";

$body .= "<tr bgcolor=#eeeeee><td>Extra

Info:</td><td>$extra_info</td></tr>\r\n";

$body .= "<tr bgcolor=#fefefe><td>State Duration:</td><td>$f_duration mins.</td></tr> \r\n";

$body .= "<tr bgcolor=#eeeeee><td>Service

ExecTime:</td><td>$f_exectime</td></tr></table>\r\n";

$body .= "</td><td valign='top'><table border=0 cellpadding=0

cellspacing=0 width=250><tr bgcolor=#000055><td> \r\n";

$body .= "Summary</td><td>.</td></tr>

\r\n";

$body .= "<tr bgcolor=#f6f6ff><td>Total Service Warnings: </td><td>

$f_totwarnings</td></tr>\r\n";

$body .= "<tr bgcolor=#fffef6><td>Total Service Critical: </td><td>

$f_totcritical</td></tr>\r\n";

$body .= "<tr bgcolor=#f6f6ff><td>Total Service Unknowns: </td><td>

$f_totunknowns</td></tr>\r\n";

$body .= "</table></td></tr></table> \r\n";

$body .= "</body></html> \r\n";

$headers = "From: $from\r\n";

$headers .= "Content-type: text/html\r\n";

/* Send eMail Now... */

$m_true = mail($f_to, $subject, $body, $headers);

echo $m_true;



Version: 2

?>

Edit the string $from ="monitoring@localhost"; in this sample too.

Be careful here changing the email account, this is not a real email and the notification sent by

Nagios may arrive to the spam folder of your inbox. Apply a filter to deliver all the emails from

this sender anyway.



Version: 2

10 USEFUL PLUGINS

10.1 TOP 4 PLUGINS TO DOWNLOAD

check_log3.pl

Fail2ban is a good tool to constantly monitor the system’s log and apply a ban to those

unauthorized clients that are trying to access the system, it can be ssh or postfix or any other pre-

configured service.

The check_log3.pl plugin works great and the nrpe client contains this string:



Which reads the last row of the log file and search the word ‘Ban’, if found more than 3 times the

plugin goes to a warning state, when more than 5 it is critical.

fail2ban would have the external IP addresses banned already and Nagios will send an alert email

telling the administrator what happened.

check_service.sh

You may want to check the status of the services too, not only the system health.

This plugin adapts easily to any service on your system, its configuration is simple too and should

the plugin not match the service’s response, the user can add its own “definition”.

It was the case with the postgres database, the plugin did not have the definition for the

status of this service, also, it did lack the performance_data reporting.

This modification at the plugin enabled both:

vi /usr/local/nagios/libexec/check_service.sh

[ reach the switch/case and add your service’s response message ]

# Used for postgres db

*[oO]nline*)

echo "$STATUS_MSG |online=1"

exit $OK

;;

*[dD]own*)

echo "$STATUS_MSG |online=0"

exit $CRITICAL

;;

Everything after the “|” is what is sent as performance_data.

In this example, the command service postgresql status returns:

9.3/main (port 5432): online

The switch/case contain the [oO]nline when the service is online and the [dD]own when it is

not.

The performance_data will graph on a XY axis, the values 1 and 0 according to the service

status.

https://exchange.nagios.org/directory/Plugins/Log-Files/check_log3-2Epl/details

https://exchange.nagios.org/directory/Plugins/Network-and-Systems-Management/Unix-2FLinux-Check-Service-Status/details



Version: 2

check_linux_stats.pl

This plugin checks the health of your system: cpu, memory, disk, disk i/o, load, network usage,

open files and many other.

Unfortunately, there is a bug which needs to be corrected, it affects the string the client sends to

the server about the CPU status.

To correct it:

vi /usr/local/nagios/libexec/check_linux_stats.pl

[ replace on line 62 ]

if ($o_context){

[ with ]

elsif ($o_context){

Remember though, that you would want to show the graph for the CPU, the next plugin suits best

this task of checking the cpu status.

check_cpu.py

Does what it says, no bugs and comes already with the template for pnp4nagios!

Just remember to rename the php template file after the nrpe command:

check_nrpe_cert_check_cpu.php

Your client nrpe will have this command:

command[check_cpu]=/usr/local/nagios/libexec/check_cpu.py -w 75 -c 99

Warning at 75% and critical at 99%.

https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_linux_stats/details

https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_cpu-2Epy/details



Version: 2

11 USEFUL NAGIOS COMMANDS

11.1 CHECK VALIDITY OF THE SCRIPT

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

11.2 START NAGIOS SERVICE

/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg

[ or ]

service nagios start

11.3 RELOAD THE SERVICE

/etc/rc.d/init.d/nagios reload

[ or ]

service nagios reload

11.4 STOP THE SERVICE

/etc/rc.d/init.d/nagios stop

[ or ]

service nagios stop

11.5 RESTART NAGIOS AND XINETD

/etc/rc.d/init.d/nagios restart

/etc/init.d/xinetd restart

[ or ]

service nagios restart


[it document] · installing nagios 4 with ssl certificate of nrpe 2.16rc2. title: installing nagios...

Documents