11:41 AM
Unknown
Installing Nagios in server
Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better.
Nagios was originally designed to run under Linux, but also runs well on other Unix variants. It is free software, licensed under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
------------------------------
1. [root@hooligunsrpg ~] yum update nagios nagios-plugins nagios-devel nagios-plugins-nrpe
2. Configure the Nagios Apache file
Unless you want other options such as SSL configurations or allowing access to the CGI from only certain hosts, then the default nagios.conf file will suit your needs. Here's what it looks like:
ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
Alias /nagios "/usr/share/nagios"
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
Unless you want other options configured, that's it for now. Let's set up authentication now.
3. Set up the password file
[root@hooligunsrpg ~] htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password: type_your_password
Re-type new password: re-type_your_password
Adding password for user nagiosadmin
If you want a guest account, add the account.
[me@mymachine ~] htpasswd /etc/nagios/htpasswd.users guest
New password: type_your_password
Re-type new password: re-type_your_password
Adding password for user guest
NOTE: Notice I took away the "-c" option. This is the create option. Since you already created the file, make sure any other accounts you add are not with the create option. You'll wipe the file out if you do.
4. http://localhost/nagios/
5. [root@hooligunsrpg ~] cd /etc/nagios/objects
6. [root@hooligunsrpg objects] touch.cfg
7. [root@hooligunsrpg objects]# cat.cfg
define host{
use redversd-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name
alias redversd
address 77.92.85.127
}
define hostgroup{
hostgroup_name redversd-servers ; The name of the hostgroup
alias redversd ; Long name of the group
members
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description MYSQL
check_command check_nrpe!check_mysql!
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Load
check_command check_nrpe!check_load!10.0,9.0,8.0
notifications_enabled 1
}
#define service{
# use redversd-service
# hostgroup_name graeme-servers
# service_description Total Procs
# check_command check_nrpe!check_total_procs!
# notifications_enabled 1
# }
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Mail Service
check_command check_smtp
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Disk check
check_command check_nrpe!check_sda3!
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description HTTP
check_command check_http
notifications_enabled 1
}
8. [root@hooligunsrpg objects]# vi templates.cfg
edit "define host" under "# Linux host definition template - This is NOT a real host, just a template!"
define host{
name linux-server ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 24x7 ; By default, Linux hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
; Note that the notification_period variable is being overridden from
; the value that is inherited from the generic-host template!
notification_interval 120 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
edit under "# Generic service definition template - This is NOT a real service, just a template!"
define service{
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24x7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
normal_check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24x7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
9. [root@hooligunsrpg objects]# cd ..
10. [root@hooligunsrpg nagios]# vi nagios.cfg
set the path for.cfg
# Definitions for monitoring the local (Linux) host
cfg_file=/etc/nagios/objects/localhost.cfg
cfg_file=/etc/nagios/objects/.cfg
11. [root@hooligunsrpg nagios]# cd objects/
12. [root@hooligunsrpg objects]# vi contacts.cfg
define contact{
contact_name tech ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email tech@jomongee.co.uk ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
--------------------------------
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin,tech
}
13. [root@hooligunsrpg objects]# vi commands.cfg
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
14. [root@hooligunsrpg nagios]# /etc/init.d/httpd start
15. [root@hooligunsrpg nagios]# /etc/init.d/nagios start
Nagios in client
------------------
1. Installing NRPE (Nagios Client) on CentOS 5 VIA repo
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
sudo yum install nagios-nrpe-2.5.2-1.el5.rf.x86_64.rpm
If you installed via yum, skip down to the section on Check and configure NRPE.
or
1. You'll see that nagios assumes that you will be running NRPE under the user "nagios", so lets add that user and group.
root@ds-red [~]# /usr/sbin/adduser nagios
root@ds-red [~]# passwd nagios
2. Grab the current NRPE installer from the nagios website http://www.nagios.org/download/addons/
root@ds-red [~]# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
3. root@ds-red [~]# tar -xvf nrpe-2.12.tar.gz
4. If you want to add SSL support, add --enable-ssl to the command below.
root@ds-red [~]# ./configure
In my case I was missing the SSL headers, so I will install them via yum.
root@ds-red [~]# yum install openssl-devel
5. By default CentOS does not come with xinetd, so we need to grab that from YUM.
root@ds-red [~]# yum install xinetd
root@ds-red [~]# ./configure
root@ds-red [~]# make all
root@ds-red [~]# make install-plugin
root@ds-red [~]# make install-daemon
root@ds-red [~]# make install-daemon-config
root@ds-red [~]# make install-xinetd
*Optional but not required below
root@ds-red [~]# cp src/nrpe /usr/local/nagios/libexec/
root@ds-red [~]# cp src/check_nrpe /usr/local/nagios/libexec/
13. Now we need to install the plug-ins so we will grab them from Nagios as well on the http://sourceforge.net/projects/nagiosplug/files/
root@ds-red [~]# wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
root@ds-red [~]# tar -xf nagios-plugins-1.4.14.tar.gz
root@ds-red [~]# cd nagios-plugins-1.4.14
root@ds-red [~]# ./configure -prefix=/usr/local/nagios
root@ds-red [~]# make
root@ds-red [~]# make install
14. Now in the configuration find and update the allowed hosts line to be the IP of your nagios server(s)
root@ds-red [~]# vi /usr/local/nagios/etc/nrpe.cfg
....
allowed_hosts=serverip
server_address=serverip
# The following examples use hardcoded command arguments...
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_mysql]=/usr/local/nagios/libexec/check_mysql
15. root@ds-red [~]# vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1
CHANGE TO
only_from = serverip
If you have more than one Nagios server, you would seperate them with a ','.
16. Last, we need to append the following line to /etc/services:
root@ds-red [~]# vi /etc/services
....
nrpe 5666/tcp
17. Check and configure your NRPE client
First, and most important, if you are running iptables or a firewall between the server and host, make sure that the host is allowing port 5666 from the server's IP address.
Here is an example for the iptables entry:
root@ds-red [~]# iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
18. Last, lets set those permissions correctly:
root@ds-red [~]# chown nagios.nagios /usr/local/nagios
root@ds-red [~]# chown -R nagios.nagios /usr/local/nagios/libexec
19. Next lets start xinetd:
root@ds-red [~]# /sbin/service xinetd restart
20. Lets check if NRPE is listening:
root@ds-red [~]# netstat -at | grep nrpe
....
tcp 0 0 *:nrpe *:* LISTEN
21. Now you should be able to add the host as normal to your nagios server config files.
You can test that everything is working by using the following command on the host:
root@ds-red [~]# /usr/local/nagios/libexec/check_nrpe -H localhost
This should return the version output:
NRPE v2.12
root@ds-red [~]# /usr/local/nagios/libexec/check_nrpe -n -H xxx.xxx.xxx.xxx-p 5666
Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better.
Nagios was originally designed to run under Linux, but also runs well on other Unix variants. It is free software, licensed under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
------------------------------
1. [root@hooligunsrpg ~] yum update nagios nagios-plugins nagios-devel nagios-plugins-nrpe
2. Configure the Nagios Apache file
Unless you want other options such as SSL configurations or allowing access to the CGI from only certain hosts, then the default nagios.conf file will suit your needs. Here's what it looks like:
ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
Alias /nagios "/usr/share/nagios"
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
Unless you want other options configured, that's it for now. Let's set up authentication now.
3. Set up the password file
[root@hooligunsrpg ~] htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password: type_your_password
Re-type new password: re-type_your_password
Adding password for user nagiosadmin
If you want a guest account, add the account.
[me@mymachine ~] htpasswd /etc/nagios/htpasswd.users guest
New password: type_your_password
Re-type new password: re-type_your_password
Adding password for user guest
NOTE: Notice I took away the "-c" option. This is the create option. Since you already created the file, make sure any other accounts you add are not with the create option. You'll wipe the file out if you do.
4. http://localhost/nagios/
5. [root@hooligunsrpg ~] cd /etc/nagios/objects
6. [root@hooligunsrpg objects] touch
7. [root@hooligunsrpg objects]# cat
define host{
use redversd-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name
alias redversd
address 77.92.85.127
}
define hostgroup{
hostgroup_name redversd-servers ; The name of the hostgroup
alias redversd ; Long name of the group
members
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description MYSQL
check_command check_nrpe!check_mysql!
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Load
check_command check_nrpe!check_load!10.0,9.0,8.0
notifications_enabled 1
}
#define service{
# use redversd-service
# hostgroup_name graeme-servers
# service_description Total Procs
# check_command check_nrpe!check_total_procs!
# notifications_enabled 1
# }
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Mail Service
check_command check_smtp
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description Disk check
check_command check_nrpe!check_sda3!
notifications_enabled 1
}
define service{
use redversd-service
hostgroup_name redversd-servers
service_description HTTP
check_command check_http
notifications_enabled 1
}
8. [root@hooligunsrpg objects]# vi templates.cfg
edit "define host" under "# Linux host definition template - This is NOT a real host, just a template!"
define host{
name linux-server ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 24x7 ; By default, Linux hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
; Note that the notification_period variable is being overridden from
; the value that is inherited from the generic-host template!
notification_interval 120 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
edit under "# Generic service definition template - This is NOT a real service, just a template!"
define service{
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24x7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
normal_check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24x7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
9. [root@hooligunsrpg objects]# cd ..
10. [root@hooligunsrpg nagios]# vi nagios.cfg
set the path for
# Definitions for monitoring the local (Linux) host
cfg_file=/etc/nagios/objects/localhost.cfg
cfg_file=/etc/nagios/objects/
11. [root@hooligunsrpg nagios]# cd objects/
12. [root@hooligunsrpg objects]# vi contacts.cfg
define contact{
contact_name tech ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email tech@jomongee.co.uk ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
--------------------------------
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin,tech
}
13. [root@hooligunsrpg objects]# vi commands.cfg
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
14. [root@hooligunsrpg nagios]# /etc/init.d/httpd start
15. [root@hooligunsrpg nagios]# /etc/init.d/nagios start
Nagios in client
------------------
1. Installing NRPE (Nagios Client) on CentOS 5 VIA repo
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
sudo yum install nagios-nrpe-2.5.2-1.el5.rf.x86_64.rpm
If you installed via yum, skip down to the section on Check and configure NRPE.
or
1. You'll see that nagios assumes that you will be running NRPE under the user "nagios", so lets add that user and group.
root@ds-red [~]# /usr/sbin/adduser nagios
root@ds-red [~]# passwd nagios
2. Grab the current NRPE installer from the nagios website http://www.nagios.org/download/addons/
root@ds-red [~]# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
3. root@ds-red [~]# tar -xvf nrpe-2.12.tar.gz
4. If you want to add SSL support, add --enable-ssl to the command below.
root@ds-red [~]# ./configure
In my case I was missing the SSL headers, so I will install them via yum.
root@ds-red [~]# yum install openssl-devel
5. By default CentOS does not come with xinetd, so we need to grab that from YUM.
root@ds-red [~]# yum install xinetd
root@ds-red [~]# ./configure
root@ds-red [~]# make all
root@ds-red [~]# make install-plugin
root@ds-red [~]# make install-daemon
root@ds-red [~]# make install-daemon-config
root@ds-red [~]# make install-xinetd
*Optional but not required below
root@ds-red [~]# cp src/nrpe /usr/local/nagios/libexec/
root@ds-red [~]# cp src/check_nrpe /usr/local/nagios/libexec/
13. Now we need to install the plug-ins so we will grab them from Nagios as well on the http://sourceforge.net/projects/nagiosplug/files/
root@ds-red [~]# wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
root@ds-red [~]# tar -xf nagios-plugins-1.4.14.tar.gz
root@ds-red [~]# cd nagios-plugins-1.4.14
root@ds-red [~]# ./configure -prefix=/usr/local/nagios
root@ds-red [~]# make
root@ds-red [~]# make install
14. Now in the configuration find and update the allowed hosts line to be the IP of your nagios server(s)
root@ds-red [~]# vi /usr/local/nagios/etc/nrpe.cfg
....
allowed_hosts=serverip
server_address=serverip
# The following examples use hardcoded command arguments...
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_mysql]=/usr/local/nagios/libexec/check_mysql
15. root@ds-red [~]# vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1
CHANGE TO
only_from = serverip
If you have more than one Nagios server, you would seperate them with a ','.
16. Last, we need to append the following line to /etc/services:
root@ds-red [~]# vi /etc/services
....
nrpe 5666/tcp
17. Check and configure your NRPE client
First, and most important, if you are running iptables or a firewall between the server and host, make sure that the host is allowing port 5666 from the server's IP address.
Here is an example for the iptables entry:
root@ds-red [~]# iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
18. Last, lets set those permissions correctly:
root@ds-red [~]# chown nagios.nagios /usr/local/nagios
root@ds-red [~]# chown -R nagios.nagios /usr/local/nagios/libexec
19. Next lets start xinetd:
root@ds-red [~]# /sbin/service xinetd restart
20. Lets check if NRPE is listening:
root@ds-red [~]# netstat -at | grep nrpe
....
tcp 0 0 *:nrpe *:* LISTEN
21. Now you should be able to add the host as normal to your nagios server config files.
You can test that everything is working by using the following command on the host:
root@ds-red [~]# /usr/local/nagios/libexec/check_nrpe -H localhost
This should return the version output:
NRPE v2.12
root@ds-red [~]# /usr/local/nagios/libexec/check_nrpe -n -H xxx.xxx.xxx.xxx-p 5666
