1
edit
Changes
no edit summary
::::::::: <u>'''Version 0.47'''</u>
== 1.0 About Nagios ==
[[File:nagios_logo.png||right]]
'''Nagios''' is a system and network monitoring application. It watches hosts and services that you specify, and provides critical notifications to administrators, when the system/network performance is being negatively impacted.
* Optional web interface for viewing current network status, notification and problem history, log file, etc.
== 2.0 Server Installation (using tarball) ==
This guide will provide you with instructions on how to install Nagios from source (code) on Fedora 13 and have it monitoring your local and client machines.
* Monitor Nagios clients
'''2.2 Prerequisites'''
<code>wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz </code>
'''2.5 Compile and Install Nagios'''
4. Install binaries, init script, sample config files and set permissions on the external command directory.
<pre>Note: you You have to be root to issue the following commands.</pre>
<code>make install </code>
<pre>Note: DO NOT start Nagios yet</pre>
'''2.6 Customize Configuration'''
<code>vi /usr/local/nagios/etc/objects/contacts.cfg </code>
<pre>Note: this will be changed to Chris Tyler’s email.</pre>define contact{ contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template(defined above)
alias Nagios Admin ; Full name of user
email email@learn.senecac.on.ca ; *****CHANGE THIS TO YOUR EMAIL ADDRESS *****
}
</pre>
'''2.7 Configure the Web Interface'''
3. Restart Apache to make the new settings take effect.
<code>service httpd restart</code>
'''2.8 Compile and Install the Nagios Plugins'''
<code>make install</code>
'''2.9 Start Nagios'''
3. If there are no errors, start Nagios. If you got errors, please check nagios.cfg file in step 2, and try it again.
<code>service nagios start </code>
'''2.10 Modify SELinux Settings'''
<code>chcon -R -t httpd_sys_content_t /usr/local/nagios/share/ </code>
'''2.11 Login to the Web Interface'''
Click on the "Service Detail" navigational bar link to see details of what's being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.
'''2.12 Open Port 5666 on Firewall'''
<code>service iptables save</code>
'''2.13 You're Done'''
[[File:Nagios.jpg|200px400px|thumb|centre|Nagios]]
== 3.0 Additional Server configuration ==
1. Create a Nagios_NRPE folder.
<code>mkdir -p ~/Nagios/Nagios_NRPE</code>
<pre>
Note: The command.cfg file does not exist in /usr/local/nagios/etc/ directory so it has to be created, and the script block has to be added to the aformentioned file.
</pre>
2. Add the following at the end of the file:
<pre>define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
<code>vi /usr/local/nagios/etc/objects/linux-box-remote.cfg</code>
<pre>Note: Information below is just an example of the template file.</pre>
notification_options d,r
contact_groups admins
register 0 ; DONT DO NOT REGISTER THIS - ITS A TEMPLATE
}
define host{
use linux-box-remote ; Inherit default values from a template host_name Centos5 ; The name we're giving to this server alias Centos5 ; A longer name for the server address 142.204.133.90 ; IP address of the server
}
<code>service nagios restart</code>
== 4.0 Server Installation (using yum utility)==
'''4.1 Required packages'''
Make sure you've installed the following packages on your Fedora 13 installation before continuing.
<pre>Note: You have to be root to install the following packages.</pre>
1. Install the following packages using yum install utility.
<code>yum -y install httpd gcc glib glibc-common gd gd-devel </code>
<code>yum -y install nagios </code>
<code>yum -y install nagios-plugin-all </code>
<code>yum -y install nrpe </code>
'''4.2 Create Account Information'''
1. While you still have root privileges from a previous step, create a new nagios user account and give it a password.
<code>useradd -m nagios </code>
<code>passwd (your password is here)</code>
2. Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.
groupadd nagcmd
<code>usermod -a -G nagcmd nagios </code>
<code>usermod -a -G nagcmd apache </code>
'''4.3 Configure the Web Interface'''
1. Create a nagiosadmin account for logging into the Nagios web interface.
<code>htpasswd -c /etc/nagios/htpasswd.users nagiosadmin </code>
Type the password: (your password is here)
<pre>Note: When you have installed all the required plugins, using the “yum” utility, you will have to exhibit due diligence by
ensuring that the “check_nrpe” plugin and check_nagios plugin are located in the /usr/lib64/nagios/plugins directory. If the
check_nrpe plugin is not present you will have to either copy it from a compatible machine that already contains the appropriate
or required plugin(s),or try uninstalling the previous installation of the nagios plugins and proceed to re-installing the plugins,
using yum install. </pre>
'''4.4 Nagios Configuration File'''
<pre>
Note: Here is view of what your configuration files should look like, in order to have successfully installed and configured version of
Nagios. The following lines were either added or modified for the nagios.cfg file on the Nagios monitoring host.
</pre>
1. Open nagios.cfg and edit it with your favourite editor.
<code>vi /etc/nagios/nagios.cfg</code>
<pre>
#Definitions for monitoring the local (Linux) host
cfg_file=/etc/nagios/objects/localhost.cfg
#Definitions for monitoring a Remote (Linux) machine
cfg_file=/etc/nagios/objects/linux-remote.cfg
#Definitions for monitoring second Remote (Linux) machine
cfg_file=/etc/nagios/objects/linux-romania.cfg
</pre>
2. Open nrpe.cfg and edit it with your favourite editor.
<code>vi /etc/nagios/nrpe.cfg</code>
<pre>
Note: In the nrpe.cfg the following lines can be modified to meet the current system needs
</pre>
<code>#Allowed_hosts=127.0.0.1</code> is typically altered on the Remote host ONLY changes in IP address that allows a host to access the nrpe daemon system depends on an entity/organizations network requirements.
<pre>
Note: The following examples use hardcoded command arguments
</pre>
<code>command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10</code>
<code>command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20</code>
<code>command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1</code>
<code>command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z</code>
<code>command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 700 -c 900</code>
<pre>Note: If you're running the NRPE daemon as a standalone daemon you'll need to restart it (using the command service nrpe restart). </pre>
'''4.5 Create a command definition'''
<pre>Note: You'll need to create a command definition in one of your Nagios object configuration files in order to use the
check_nrpe plugin. Open the sample commands.cfg file for editing...</pre>
<code>vi /etc/nagios/objects/commands.cfg</code>
and add the following definition to the file:
<code>define command{</code>
<code> command_name check_nrpe</code>
<code> command_line /usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$</code>
<code>}</code>
You are now ready to start adding services that should be monitored on the remote machine to the Nagios configuration...
'''4.6 Edit the localhost.cfg file located in the /etc/nagios/objects directory'''
<pre>Note: The localhost.cfg file can be created from one of the templates.cfg files located in the /etc/nagios/objects
directory, here is a brief view of how your localhost.cfg file should appear</pre>
<pre>
# Define a host for the local machine
define host{
use linux-server ; Name of host template$
; This host definition $
; in (or inherited by) $
host_name localhost
alias chile #Example machine in this scenario
check_interval 5
retry_interval 1
max_check_attempts 10
check_command check-host-alive
notification_period 24x7
notification_interval 24x7
notification_options d,r
contact_groups admins
address 127.0.0.1
}
</pre>
'''4.7 Contacts Configuration File'''
1. Edit contacts.cfg file is pretty straight forward and easy to decipher.
<code>vi /etc/nagios/objects/contacts.cfg</code>
<pre>
#CONTACTS################################################################
# Just one contact defined by default - the Nagios admin (that's you)
# This contact definition inherits a lot of default values from the 'generic-contact'
# template which is defined elsewhere.
define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template(defined above)
alias Nagios Admin ; Full name of user
email email@learn.senecac.on.ca ; ß CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
</pre>
'''4.8 ScriptAlias NAGIOS.CFG'''
<pre>Note: ScriptAlias directory path will differ based on what version of OS (Operating System) you are running on your machine.</pre>
1. Edit nagios.cfg file located in apache (httpd) config files directory.
<code>vi /etc/httpd/conf.d/nagios.cfg </code>
<pre>Note: The current machine has Fedora 13, however, for a machine running Fedora 12 it may differ eg. ScriptAlias /nagios
/cgi-bin “/usr/lib64/nagios/cgi-bin/” It's important that these directory paths exist and contain the appropriate content.
</pre>
<code>ScriptAlias /nagios/cgi-bin/ "/usr/local/sbin/"</code>
<code><Directory "/usr/local/sbin"> </code>
<code># SSLRequireSSL</code>
<code> Options ExecCGI Indexes</code>
<code> AllowOverride None</code>
<code> Order allow,deny</code>
<code> Allow from all</code>
<code># Order deny,allow</code>
<code># Deny from all</code>
<code># Allow from 127.0.0.1</code>
<code> AuthName "Nagios Access"</code>
<code> AuthType Basic</code>
<code> AuthUserFile /etc/nagios/htpasswd.users</code>
<code> Require valid-user</code>
<code></Directory></code>
<code>Alias /nagios "/usr/share/nagios/html"</code>
<code> <Directory "/usr/share/nagios/html"> </code>
<code># SSLRequireSSL</code>
<code> Options Indexes</code>
<code> AllowOverride None</code>
<code> Order allow,deny</code>
<code> Allow from all</code>
<code># Order deny,allow</code>
<code># Deny from all</code> <code># Allow from 127.0.0.1</code> <code> AuthName "Nagios Access"</code> <code> AuthType Basic</code> <code> AuthUserFile /etc/nagios/htpasswd.users</code> <code> Require valid-user</code> <code></Directory></code> '''4.9 Note: This section highlights a brief snippet of two critical detailed steps REQUIRED for the installation and successful configuration of a Remote host (on an ARM machine) Cdot-guru-4-1 (Utilize the installation steps (5.0) that follow this section).''' <pre>Using the 'yum utility' install the nrpe daemon/ nrpe addon & required plugins</pre> The nrpe.d directory is located in /etc/nagios/nrpe.d The nagios plugins are located in directory path /usr/lib/nagios/plugins 1. Ensure that the required plugins are located in current directory paths. Open nrpe.cfg and edit it with your favourite editor. <code>vi /etc/nagios/nrpe.cfg</code> Note: Hong Kong has two NICs so the allowed_hosts entry would be entered twice with the two corressponding IPs for both NICs <code>allowed_hosts=<Both the External & Internal IP Address for the monitoring hosts> </code> comment out the line: <code>#allowed_hosts=127.0.0.1 </code> 2. Change ownership on the plugins directory to reflect ownership to nagios. <code>chown nagios.nagios /usr/lib64/nagios/plugins</code> == 5.0 Setting up the Remote Host (using yum utility) == <pre>Note: This section will show how to setup the remote host with the nrpe daemon/nrpe addon & required plugins.</pre> 1. To install the nrpe daemon and nagios plugins run the following commands. <code>yum -y install nrpe </code> <code>yum -y install Nagios-plugins-all </code> 2. Open nrpe.cfg and edit it with your favourite editor. <code>vi /etc/nagios/nrpe.cfg</code> Add an allowed_hosts IP Address to nrpe.cfg file eg. 142.204.133.123 (chile’s IP Address), but for future configurations Hong Kong's IP Address will be used: <code> Allowed_hosts= 142.204.133.123 </code> 3. Test the nrpe daemon locally using the command: <code>netstat -at | grep nrpe </code> <pre>Note: The output of the command should look something like this: tcp 0 0 *:nrpe *:* LISTEN</pre> 4. Add a firewall rule to the INPUT chain - CAVEAT: The ARM machines do not utilize iptables, so the line below may not be required. <code>iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT</code> 5. Save the firewall settings so it survives reboot <code> service iptables save </code> <pre>Note: Files locations after install: /etc/nagios/ -> contains the nrpe.cfg /etc/nrpe.d -> contains the daemon /usr/lib64/nagios/plugins -> contains all plugins added during install /usr/sbin/nrpe -> contains the nrpe execution file /usr/share/docs/nrpe-2.12 -> contains the related README, Changelog files and .pdf etc </pre> 6. Check to make sure the NRPE daemon is functioning properly. To accomplish this, run the check_nrpe plugin that was installed for testing purposes. The directory make be different depending OS. <code>/usr/local/nagios/libexec/check_nrpe -H localhost <ip of the Remote host> </code> Or <code>/usr/lib64/naigos/plugins/check_nrpe -H localhost <ip of the Remote host> </code> 7. Some of these commands can be executed on the Remote host for testing daemon functionality <code>/usr/local/nagios/libexec/check_nrpe -H localhost -c check_users</code> <code>/usr/local/nagios/libexec/check_nrpe -H localhost -c check_load</code> <code>/usr/local/nagios/libexec/check_nrpe -H localhost -c check_hda1</code> <code>/usr/local/nagios/libexec/check_nrpe -H localhost -c check_total_procs</code> <code>/usr/local/nagios/libexec/check_nrpe -H localhost -c check_zombie_procs</code> 8. At this point your installation and configuration of both the Nagios monitoring host and Remote host should be completed successfully. First ensure that your apache server and nagios is running on the corresponding monitoring host. To achieve a Frontend (GUI) view of Nagios functionality, go to your browser address field and type in the url-> http://<ip address of monitoring host goes here>/nagios. At the authentication prompt enter the username and password you set during the installation process. == 5.1 Additional Details == <pre>This section will discuss some additional initiatives that were implemented on the Nagios Remote host. Due to the inability to obtaina plugin that is capable of monitoring mounted devices (on ARM machines) upon boot. A supplemental perl script was identified andutilize for this purpose. The check_mounted_disks script was conveniently added to /etc/init.d directory, and a few symlinks(soft links)were linked to appropriate runlevels on the ARM system. Once the system is rebooted the aforementioned script willexecute automatically and perform a verification check of all devices that should be mounted on boot.</pre> 1. Symlinks were created using the command syntax. <code> ln -s /etc/init.d/check_mounted_disks /etc/rc/rc2.d/S50check_mounted_disks ln -s /etc/init.d/check_mounted_disks /etc/rc/rc2.d/K50check_mounted_disks</code> 2. When the check_mounted_disks script is executed on the command line, the following results are exhibited on the display monitor: <code> [root@cdot-guru-4-1/]#./check_mounted_disks "OK: All disks are mounted and persistent"</code> == 6.0 IRC Notification Bot Configuration (Server configuration) ==
<pre>Note: please keep in mind this was done on Fedora 13 with Nagios 3.2.3 and NagIRCBot 0.0.30.</pre>
1. Download the IRC bot. <code> wget http://www.vanheusden.com/nagircbot/nagircbot-0.0.30.tgz </code> 2. Unzip the archive. <code>tar -xvzf nagircbot-0.0.30.tgz </code> 3. Become the root user.
<code>su – </code>
<code>yum install openssl-devel </code>
<code>yum nstall gcc </code>
from:
to:
<pre>Note: only has to be done sometimes, when you getting an error about lcrypto</pre>
<code>LDFLAGS+=$(DEBUG) -lssl -lstdc++ -lcrypto </code>
<code>make</code>
<code>make install</code>
<code>nagircbot -f /var/log/nagios/status.dat -s irc.freenode.net:6667 -c \#mathon seneca-cdot -C -n test22283833 -u ident NagiosBot -U realname NagiosIRCBot -I 900 </code>
Nagios bot options can be queried on the IRC channel. If you open private messages with the bot you can issue and control it by using the following commands:
{|border="1" cellpadding="1" cellspacing="0" align="left"
== 7.0 Client Installation ==
'''57.1 Create Account Information on Client Machine'''
SSH to Iraq machine (142.204.133.98) and issue the following commands:
<code>useradd -m nagios</code>
<code>passwd senecaCdot (your password is here) </code>
3. Create a folder for Nagios plugins.
<pre>Note: For the next step make sure you are connected to the Internet to download nagios plugins.</pre>
<code>wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nrpe-2.8.tar.gz</code>
<code>tar xzf nrpe-2.8.tar.gz </code>
<code>cd nrpe-2.8</code>
<code>./configure </code>
<code>make all</code>
<code>make install-plugin</code>
'''57.2 Compile and Configure Nagios Plugins'''
<pre>
<code>yum -y install openssl-devel</code>
<code>./configure --with-nagios-user=nagios --with-nagios-group=nagios</code>
<code>make install</code>
<code>chown nagios.nagios /usr/local/nagios</code>
<code>chown -R nagios.nagios /usr/local/nagios/libexec</code>
<code>yum install xinetd</code>
<code>service xinetd start</code>
'''57.3 Downlad and Install NRPE Daemon'''
1. Create a forlder ~/Nagios/Nagios_NRPE.
<code>cd nrpe-2.12</code>
'''57.4 Compile and Configure NRPE'''
1. Install NRPE:
<code>make install-xinetd</code>
'''57.5 Post NRPE Configuration'''
1. Edit Xinetd NRPE entry:
<code>service xinetd restart</code>
'''57.6 Test NRPE Daemon Install'''
1. Check NRPE daemon is running and listening on port 5666:
<pre>NRPE v2.12</pre>
'''57.7 Open Port 5666 on Firewall'''
<pre>Note: Make sure to open port 5666 on the firewall of the remote server so that the Nagios monitoring server can access the NRPE daemon.
<code>service iptables save</code>
'''57.8 Congratulations'''
Congratulations! You have successfully completed the configuration of the Nagios Server/Client setup.
== 68.0 Demonstration ==
{| class="standard-table"|-|[[File:Network map.jpg|400px|thumb|left|Network map]]|[[File:Host_Status_Details.jpg|200px400px|thumb|leftright|Host Status Details]]|-|-|[[File:System Status Details.jpg|200px400px|thumb|left|System Status Details]] |[[File:Services Detail Pane.jpg|200px400px|thumb|leftright|Services Detail Pane]]|-|}