Nagios for Network Monitoring
Prelude
This documents the installation and simple setup of Nagios on FreeBSD (can be installed on Linux or Solaris too).
Nagios is an open source host, service and network monitoring program.
These are basically notes I took when doing my own install. I based the install on the instructions found in the Nagios Book, but there are a few differences. For more detail, read the Nagios Book. For thorough detail, go to nagios.org.
I installed Nagios on the machine I set up here.
Ports
You'll need the ports installed for some of this installation, which you can do like this:
mkdir /usr/ports portsnap fetch portsnap extract /usr/libexec/locate.updatedb
The last line can help you to track down files later.
Apache
Next, the Apache webserver needs to be installed:
cd /usr/ports/www/apache20 make make install make clean
Nagios
Time to install the Nagios port:
cd /usr/ports/net-mgmt/nagios/ make make install make clean /usr/libexec/locate.updatedb
Apache Configuration
Modify the /usr/local/etc/apache2/httpd.conf
file (add the following):
Order allow,deny Allow from all Options ExecCGI ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/ Alias /nagios/ /usr/local/www/nagios/
Then restart Apache: /usr/local/sbin/apachectl restart
Nagios Configuration
First, make a copy of the sample files:
cd /usr/local/etc/nagios/ mkdir samples cp *.cfg-sample samples
Next, rename files:
mv bigger.cfg-sample bigger.cfg mv cgi.cfg-sample cgi.cfg mv checkcommands.cfg-sample checkcommands.cfg mv minimal.cfg-sample minimal.cfg mv misccommands.cfg-sample misccommands.cfg mv nagios.cfg-sample nagios.cfg mv resource.cfg-sample resource.cfg
Comment-out the following in the /usr/local/etc/nagios/nagios.cfg
file:
#cfg_file=/usr/local/etc/nagios/checkcommands.cfg #cfg_file=/usr/local/etc/nagios/misccommands.cfg
Modify the /usr/local/etc/nagios/minimal.cfg
file:
define contact{ contact_name roqetman alias Mr roqetman service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r host_notification_options d,r service_notification_commands notify-by-email host_notification_commands host-notify-by-email email roqetman@somewhere.com } define contactgroup{ contactgroup_name admins alias Nagios Administrators members roqetman } define host{ use generic-host host_name server-one alias server-one server address 192.168.1.17 check_command check-host-alive max_check_attempts 10 notification_interval 120 notification_period 24x7 notification_options d,r contact_groups admins } define hostgroup{ hostgroup_name roq-admin alias Roqet Admin Servers members localhost, server-one } define service{ use generic-service host_name localhost, server-one service_description PING is_volatile 0 check_period 24x7 max_check_attempts 4 normal_check_interval 5 retry_check_interval 1 contact_groups admins notification_options w,u,c,r notification_interval 960 notification_period 24x7 check_command check_ping!100.0,20%!500.0,60% }
While learning Nagios, you should disable cgi authentication, but once you're a bit more knowledgeable, you should enable it again:
Modify the /usr/local/etc/nagios/cgi.cfg
file:
use_authentication=0
Time to test the Nagios configuration:
/usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg
If you don't get any errors, time to start it:
/usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &
Test to see that it's running:
ps -aux | grep nagios tail -f /var/spool/nagios/nagios.log
rc.conf Modifications
The /etc/rc.conf
file controls the core of additional applications and daemons, here is a summary of the modifications I made to this file:
apache2_enable="YES" nagios_enable="YES"
Monitoring Windows Servers
The Windows client plugin is called nsclient, you can find it here
The method I use to install the client:
1. Copy pNSClient.exe
in any directory on the machine you want to monitor. ie. (c:\nsclient
).
2. Open a dos prompt in the installation directory
3. Run the following command : >pNSClient /install
4. Start the service 'Netsaint NT Agent' (or Nagios something or other, depending on version used) in the services applet of the control panel.
5. Modify Nagios config (/usr/local/etc/nagios/minimal.cfg
) to look at service/check diskspace etc. like this:
# NsClient commands # Command to check diskspace define command{ command_name check_nt_disk command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 1248 -v USEDDISKSPACE -l $ARG1$ -w $ARG2$ -c $ARG3$ } # Command to check a service define command{ command_name check_nt_service command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 1248 -v SERVICESTATE -l $ARG1$ } define service{ use generic-service host_name server-one service_description nsclient disk check is_volatile 0 check_period 24x7 max_check_attempts 4 normal_check_interval 5 retry_check_interval 1 contact_groups admins notification_options w,c,r notification_interval 960 notification_period 24x7 check_command check_nt_disk!D!90%!95% } define service{ use generic-service host_name server-one service_description nsclient roqdb oracle service check is_volatile 0 check_period 24x7 max_check_attempts 4 normal_check_interval 5 retry_check_interval 1 contact_groups admins notification_options w,c,r notification_interval 960 notification_period 24x7 check_command check_nt_service!'OracleServiceROQDB' }
There is a forum for Nagios/nsclient here.
Securing Nagios and Enabling Functionality
The above settings are fine for basic use. What follows are settings that enable greater control as to who can log into Nagios, and allow them to reschedule system checks etc. from the Nagios screen.
In the /usr/local/etc/nagios/nagios.cfg
file, enable the following line:
check_external_commands=1
Run the following for the nagiosadmin
:
htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin
For each user you want to allow access, run the following line:
htpasswd /usr/local/etc/nagios/htpasswd.users username
In the /usr/local/etc/apache2/httpd.conf
file, replace the settings I gave earlier with the following:
Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/etc/nagios/htpasswd.users Require valid-user Options ExecCGI AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/etc/nagios/htpasswd.users Require valid-user ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/ Alias /nagios/ /usr/local/www/nagios/
Then restart Apache: /usr/local/sbin/apachectl restart
In the /usr/local/etc/nagios/cgi.cfg
file, modify the following lines (Note that using an *
allows everyone who logs on to have access to that functionality, you can put only the user names of those who are allowed access if you want):
use_authentication=1 authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_host_commands=*
Restart Nagios:
ps -aux | grep nagios kill PID (as supplied by the above) /usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &
Now when you browse to your Nagios console, you should be asked to login, and you can set options from the screen.
Eye Candy
To make nagios look nicer, download Nuvola Style from here, then...
backup your original directory:
tar -czvf /home/mydir/nagios-html.tar.gz /usr/local/www/nagios
then unpack the archive,
tar -xzvf nagios-nuvola-1.0.3.tar.gz
finally,
cp -r html/* /usr/local/www/nagios
Refresh your browser and voila!
More Questions?
On Nagios? : Try here and here.
On FreeBSD? : I have a bunch of FreeBSD questions and answers here, or you can look at the FreeBSD Handbook at http://www.freebsd.org..
On This document? : Contact me here.