Creating an Event Handler for the Nagios Server

Hands-On Lab

 

Photo of Ermin Kreponic

Ermin Kreponic

Training Architect

Length

03:00:00

Difficulty

Advanced

For this lab, you need to create your own event handler for the Nagios server. It needs to work in a way where, if it can apply a fix (restart the service) to a certain event that happens, it won't send a notification. On the other hand, if it cannot apply a fix, it sends a notification.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating an Event Handler for the Nagios Server

Introduction

For this lab, you need to create you own event handler for the Nagios server. It needs to work in a way where, if it can apply a fix (restart the service) to a certain event that happens, it won't send a notification. On the other hand, if it cannot apply a fix, it sends a notification.

Solution

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page.

    ssh cloud_user@PUBLIC_IP_ADDRESS

Configure Nagios to Perform a Check

  1. Create a configuration file.

    sudo touch /usr/local/nagios/etc/objects/Linux-FTP-Server.cfg
  2. Edit the configuration file.

    sudo vim /usr/local/nagios/etc/objects/Linux-FTP-Server.cfg
  3. Add the following lines to the file. The LINUXCLIENT_IP_ADDRESS can be found on the hands-on lab page. Note that event_handler is disabled at a later step in the video.

    define host {
        use             linux-sever
        host_name       linux-ftp-server
        alias           ftpSrv
        address         LINUXCLIENT_IP_ADDRESS
    }
    
    define hostgroup {
        hostgroup_name      linux-ftp-servers
        alias               linux FTP Servers
        members             linux-ftp-server
    }
    
    define service {
        use                     generic-service
        host_name               linux-ftp-server
        service_description     ftp server check
        check_command           ftp_server_check
        check_interval          1
        max_check_attempts      2
     #   event_handler           restart_ftp_server
    }
  4. Save your changes and exit the editor.

  5. Edit the commands configuration file.

    sudo vim /usr/local/nagios/etc/objects/commands.cfg
  6. Add the following lines to the file.

    
    define command {
        command_name        ftp_server_check
        command_line        /usr/local/nagios/libexec/check_ftp -H $HOSTADDRESS$
    }
  7. Save your changes and exit the editor.

  8. Edit the Nagios configuration file.

    sudo vim /usr/local/nagios/etc/nagios.cfg
  9. Add the following lines to the file.

    #My files
    cfg_file=/usr/local/nagios/etc/objects/Linux-FTP-Server.cfg
  1. Save your changes and exit the editor.

  2. Check to make sure you don't have any errors.

    sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
  3. Restart Nagios.

    sudo systemctl restart nagios

Configure the Linux Client

  1. In a new terminal, log in to the Linux Client using SSH using the credentials found on the hands-on lab page.

    ssh cloud_user@LINUXCLIENT_IP_ADDRESS
  2. Install vsftpd.

    sudo yum install vsftpd
  3. Start vsftpd.

    sudo systemctl start vsftpd
  4. Verify vsftpd is running.

    sudo systemctl status vsftpd
  5. Open a firewall port.

    sudo firewall-cmd --permanent --add-port=21/tcp
  6. Reload the firewall.

    sudo firewall-cmd --reload
  7. Back in the server terminal, change the user to nagios.

    sudo su nagios
  8. Transfer to the nagios directory.

    cd ../nagios
  9. Generate a key pair. Press enter for all of the options to create a default pair.

    ssh-keygen
  1. Open the key file.

    vim .ssh/id_rsa.pub
  2. Select the entire key and copy it.

  3. Exit the editor.

  4. Back in the client terminal, transfer to being the super user.

    sudo su
  5. Edit the authorized keys.

    vim /root/.ssh/authorized_keys
  6. Paste the key from the server to the end of the file.

  7. Save your changes and exit the editor.

  8. Back in the server terminal, SSH into the client.

    ssh root@LINUXCLIENT_IP_ADDRESS

Configure the Restart Event Handler

  1. Make sure you are in the server, and then install mlocate.

    sudo yum install mlocate
  2. Find the eventhandler directory for Nagios.

    locate -i eventhandler
  3. Copy the default Nagios directory for event handlers. This is the base directory.

  4. Edit the commands configuration file.

    sudo vim /usr/local/nagios/etc/objects/commands.cfg
  5. Add the following lines to the file. Make sure to paste the directory from the previous steps as the EVENT_HANDLER_DIRECTORY.

    define command {
        command_name        restart_ftp_server
        command_line        EVENT_HANDLER_DIRECTORY/restart_ftp_server.sh $SERVICESTATE$ $HOSTADDRESS$
    }
  6. Copy the full path and file name for restart_ftp_server.sh above.

  7. Save your changes and exit the editor.

  8. Create and edit the restart_ftp_server.sh file.

    sudo vim EVENT_HANDLER_DIRECTORY/restart_ftp_server.sh
  9. Paste the following text into the file.

    #!/bin/bash
    
    if [[ $1 == "CRITICAL" ]]; then
        ssh root@$2 "systemctl restart vsftpd"
    fi
  1. Save your changes and exit the editor.

  2. Change ownership and permissions of the file.

    sudo chown nagios:nagios EVENT_HANDLER_DIRECTORY/restart_ftp_server.sh
    sudo chmod +x EVENT_HANDLER_DIRECTORY/restart_ftp_server.sh
  3. Edit the configuration file.

    sudo vim /usr/local/nagios/etc/objects/Linux-FTP-Server.cfg
  4. Uncomment the line for event_handler by removing the # character.

  5. Save your changes and exit the editor.

  6. Check to make sure you don't have any errors.

    sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
  7. Restart Nagios.

    sudo systemctl restart nagios
  8. Verify the status of Nagios.

    sudo systemctrl status nagios
  9. Transfer to the client terminal and verify the status of vsftpd.

    systemctl status vsftpd

Test the Restart Event Handler

  1. Open a browser to the public IP address of the server running Nagios. Use the address SERVER_PUBLIC_IP/nagios.

  2. Log in with the username "nagiosadmin" and the password "BlaBla321", without quotes.

  3. Click on Services from the left-hand menu.

  4. In the server terminal, check the log file.

    sudo tail -f /var/log/messages
  5. Do the same thing in the client terminal.

    sudo tail -f /var/log/messages
  6. Exit the log reporting.

  7. Stop vsftpd.

    sudo systemctl stop vsftpd
  8. Verify vsftpd was stopped.

    sudo tail -f /var/log/messages
  9. Wait and watch the logs. Verify that the client is eventually restarted.

Conclusion

Congratulations — you've completed this hands-on lab!