Michael Hammer/ blog/ Nagios 3

Home

About me

Blog

Software

Projects

Science

Teaching

c++ debian electronics gentoo hardware howto mac privat software

I did not have any monitoring services despite some automatic sent emaild quite a while. But the amount of hosts I should maintain is increasing and I felt like loosing the overview. On the other hand I was afraid of using Nagios as I always found it much to complicated. But yesterday I started my first attempts on it and I have to say it is much easier to install and maintain than I thought. I would like to collect some of the main steps here.

Debian

Installation

apt-get install nagios3 nagios-plugins

The cgi script (webinterface) uses a directory where files are written to initialize commands. This method (external commands called) is not only usable for the cgi script but also for other external (not nagios) tools. For example you can trigger a service update this way. In debian we have to do 2 things to make this working. In the file /etc/nagios3/nagios.cfg set

check_external_commands=1
command_check_interval=15s

and fix the permissions of this external command directory (which could be changed in /etc/nagios3/nagios.cfg of course)

/etc/init.d/nagios3 stop
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
/etc/init.d/nagios3 start

Apache integration

Per default we can now access nagios with the URL

http://$SERVER/nagios3

and also per https. The first thing I want to do is the access of https only. Therfore we comment the Alias parts in /etc/apache2/conf.d/nagios3.conf

#ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
#ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
#Alias /nagios3/stylesheets /etc/nagios3/stylesheets
#Alias /nagios3 /usr/share/nagios3/htdocs

and add those line without comments into your ssl config file - e.g. /etc/apache2/sites-available/default-ssl. Now we can acces nagios with

https://$SERVER/nagios3

only.

The next step is the login configuration. Per default nagios uses a htpasswd file. As I already use apache mod_macro and have configured PAM to work with apache (I am using kerberos as auth) I do the following. First the macro

<Macro AuthPAMValidUser $auth_name>
       AuthPAM_Enabled on
       AuthBasicAuthoritative Off
       AuthUserFile /dev/null 
       AuthType Basic
       AuthName "$auth_name"
       require valid-user
</Macro>

and now the config in /etc/apache2/conf.d/nagios3.conf inside the DirectoryMatch directive

# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /etc/nagios3/htpasswd.users
# # nagios 1.x:
# #AuthUserFile /etc/nagios/htpasswd.users
# require valid-user
Use AuthPAMValidUser "Nagios Access"

Now we can authenticate ourself against apache. What we now have to tell nagios is, which user rights are connected to the user name. We configure this inside /etc/nagios3/cgi.cfg and I've choosen the following configuration (you have to insert admin user name for $admin)

authorized_for_system_information=$admin
authorized_for_system_commands=$admin
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=$admin
authorized_for_all_host_commands=$admin

Now it's time to restart the services (and first check if configs are ok)

nagios3 -v /etc/nagios3/nagios.cfg
/etc/init.d/nagios3 restart
/etc/init.d/apache2 restart

We the default configuration of debian you should already see a localhost with some default services. Now go on and configure hosts and services!

Nagios Grapher

That's a very cool software which produces with RRD graphs of the states.

apt-get install nagiosgrapher

It uses a very simple interface which can be activated in debian with

process_performance_data=1
service_perfdata_command=ngraph-process-service-perfdata-pipe

NRPE

Sometimes it make sens to start remote checks. Therefore we use the NRPE plugin. On the $SERVER we have to install

aptitude install nagios-nrpe-plugin

On the $HOST we have to install

aptitude install nagios-nrpe-server nagios-plugins

We will start the service on the $HOST with the debian init script. It's also possible to run the NRPE server with xinetd. You can configure NRPE in /etc/nagios/nrpe.cfg. I'd say you have to configure at least the following

allowed_hosts=$SERVER

and be sure to open port 5666 on the firewall.

You should be able to test NRPE on the $SERVER with a command like the following

/usr/lib/nagios/plugins/check_nrpe -H $HOST -c check_load

If this works you can add a service on the $SERVER with a statement like the following

define service{
          use                 generic-service
          host_name           $HOST
          service_description Current Load
          check_command       check_nrpe_1arg!check_load
          }

Gentoo

On Gentoo the situation is quite similar - the ebuilds are called

net-analyzer/nagios
net-analyzer/nagios-nrpe
net-analyzer/nagios-plugins

and the installed plugins are chossen with the help of USE flags.