» about » content » twitter » github »

Nagios for Network Monitoring

Prelude

This documents the installation and simple setup of Nagios on FreeBSD (can be installed on Linux or Solaris too).

Nagios is an open source host, service and network monitoring program.

These are basically notes I took when doing my own install. I based the install on the instructions found in the Nagios Book, but there are a few differences. For more detail, read the Nagios Book. For thorough detail, go to nagios.org.

I installed Nagios on the machine I set up here.

Ports

You'll need the ports installed for some of this installation, which you can do like this:

mkdir /usr/ports
portsnap fetch
portsnap extract
/usr/libexec/locate.updatedb
    

The last line can help you to track down files later.

Apache

Next, the Apache webserver needs to be installed:

cd /usr/ports/www/apache20
make
make install
make clean
    

Nagios

Time to install the Nagios port:

cd /usr/ports/net-mgmt/nagios/
make
make install
make clean
/usr/libexec/locate.updatedb
    

Apache Configuration

Modify the /usr/local/etc/apache2/httpd.conf file (add the following):


     Order allow,deny
     Allow from all



     Options ExecCGI


ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/  /usr/local/www/nagios/
    

Then restart Apache: /usr/local/sbin/apachectl restart

Nagios Configuration

First, make a copy of the sample files:

cd /usr/local/etc/nagios/
mkdir samples
cp *.cfg-sample samples
    

Next, rename files:

mv bigger.cfg-sample bigger.cfg 
mv cgi.cfg-sample cgi.cfg
mv checkcommands.cfg-sample checkcommands.cfg
mv minimal.cfg-sample minimal.cfg
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
mv resource.cfg-sample resource.cfg
    

Comment-out the following in the /usr/local/etc/nagios/nagios.cfg file:

#cfg_file=/usr/local/etc/nagios/checkcommands.cfg
#cfg_file=/usr/local/etc/nagios/misccommands.cfg
    

Modify the /usr/local/etc/nagios/minimal.cfg file:

define contact{
        contact_name                    roqetman
        alias                           Mr roqetman
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    w,u,c,r
        host_notification_options       d,r
        service_notification_commands   notify-by-email
        host_notification_commands      host-notify-by-email
        email                           roqetman@somewhere.com
        }

define contactgroup{
        contactgroup_name       admins
        alias                   Nagios Administrators
        members                 roqetman
        }

define host{
        use                     generic-host
        host_name               server-one
        alias                   server-one server
        address                 192.168.1.17
        check_command           check-host-alive
        max_check_attempts      10
        notification_interval   120
        notification_period     24x7
        notification_options    d,r
        contact_groups  admins
        }

define hostgroup{
        hostgroup_name  roq-admin
        alias           Roqet Admin Servers
        members         localhost, server-one
        }

define service{
        use                             generic-service
        host_name                       localhost, server-one
        service_description             PING
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              4
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  admins
        notification_options            w,u,c,r
        notification_interval           960
        notification_period             24x7
        check_command                   check_ping!100.0,20%!500.0,60%
        }
    

While learning Nagios, you should disable cgi authentication, but once you're a bit more knowledgeable, you should enable it again:

Modify the /usr/local/etc/nagios/cgi.cfg file:

use_authentication=0
    

Time to test the Nagios configuration:

/usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg
    

If you don't get any errors, time to start it:

/usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &
    

Test to see that it's running:

ps -aux | grep nagios
tail -f /var/spool/nagios/nagios.log
    

rc.conf Modifications

The /etc/rc.conf file controls the core of additional applications and daemons, here is a summary of the modifications I made to this file:

apache2_enable="YES"
nagios_enable="YES"
    

Monitoring Windows Servers

The Windows client plugin is called nsclient, you can find it here

The method I use to install the client:

1. Copy pNSClient.exe in any directory on the machine you want to monitor. ie. (c:\nsclient).

2. Open a dos prompt in the installation directory

3. Run the following command : >pNSClient /install

4. Start the service 'Netsaint NT Agent' (or Nagios something or other, depending on version used) in the services applet of the control panel.

5. Modify Nagios config (/usr/local/etc/nagios/minimal.cfg) to look at service/check diskspace etc. like this:

# NsClient commands
# Command to check diskspace

define command{
	command_name	check_nt_disk
	command_line	$USER1$/check_nt -H $HOSTADDRESS$ -p 1248 -v USEDDISKSPACE -l $ARG1$ -w $ARG2$ -c $ARG3$
	}

# Command to check a service

define command{
        command_name    check_nt_service
        command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 1248 -v SERVICESTATE -l $ARG1$
        }

define service{
        use                             generic-service
        host_name                       server-one
        service_description             nsclient disk check
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              4
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  admins
        notification_options            w,c,r
        notification_interval           960
        notification_period             24x7
        check_command                   check_nt_disk!D!90%!95%
        }

define service{
        use                             generic-service
        host_name                       server-one
        service_description             nsclient roqdb oracle service check
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              4
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  admins
        notification_options            w,c,r
        notification_interval           960
        notification_period             24x7
        check_command                   check_nt_service!'OracleServiceROQDB'
        }
    

There is a forum for Nagios/nsclient here.

Securing Nagios and Enabling Functionality

The above settings are fine for basic use. What follows are settings that enable greater control as to who can log into Nagios, and allow them to reschedule system checks etc. from the Nagios screen.

In the /usr/local/etc/nagios/nagios.cfg file, enable the following line:

check_external_commands=1
    

Run the following for the nagiosadmin:

htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin
    

For each user you want to allow access, run the following line:

htpasswd /usr/local/etc/nagios/htpasswd.users username
    

In the /usr/local/etc/apache2/httpd.conf file, replace the settings I gave earlier with the following:


     Order allow,deny
     Allow from all
     AuthName "Nagios Access"
     AuthType Basic
     AuthUserFile /usr/local/etc/nagios/htpasswd.users
     Require valid-user



     Options ExecCGI
     AuthName "Nagios Access"
     AuthType Basic
     AuthUserFile /usr/local/etc/nagios/htpasswd.users
     Require valid-user


ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/  /usr/local/www/nagios/
    

Then restart Apache: /usr/local/sbin/apachectl restart

In the /usr/local/etc/nagios/cgi.cfg file, modify the following lines (Note that using an * allows everyone who logs on to have access to that functionality, you can put only the user names of those who are allowed access if you want):

use_authentication=1
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_host_commands=*
    

Restart Nagios:

ps -aux | grep nagios
kill PID (as supplied by the above)
/usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &
    

Now when you browse to your Nagios console, you should be asked to login, and you can set options from the screen.

Eye Candy

To make nagios look nicer, download Nuvola Style from here, then...

backup your original directory:

tar -czvf /home/mydir/nagios-html.tar.gz /usr/local/www/nagios

then unpack the archive,

tar -xzvf nagios-nuvola-1.0.3.tar.gz

finally,

cp -r html/* /usr/local/www/nagios

Refresh your browser and voila!

More Questions?

On Nagios? : Try here and here.

On FreeBSD? : I have a bunch of FreeBSD questions and answers here, or you can look at the FreeBSD Handbook at http://www.freebsd.org..

On This document? : Contact me here.

© Roqet 2018 :: 2018-05-11 17:07:10