Configure Nagios Server to Accept Passive Check Results via NSCA

Hands-On Lab

 

Photo of Ermin Kreponic

Ermin Kreponic

Training Architect

Length

04:00:00

Difficulty

Advanced

You have a Linux server you cannot access from outside using the Nagios Server, so you need to create a custom passive check on the other end to monitor disk usage. You first need to create a local check on the Nagios server to make sure that it works, then recreate it on the client and write a script that will execute it repeatedly. Good Luck!

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configure Nagios Server to Accept Passive Check Results via NSCA

Introduction

You have a Linux server you cannot access from outside using the Nagios Server, so you need to create a custom passive check on the other end to monitor disk usage. You first need to create a local check on the Nagios server to make sure that it works, then recreate it on the client and write a script that will execute it repeatedly. Good Luck!

Solution

  1. Begin by logging in to the Nagios server using the credentials provided on the hands-on lab page.

    ssh cloud_user@PUBLIC_NAGIOS_ADDRESS

Install and Configure NSCA on the Nagios Server

  1. Download the NSCA source code. Please note that the following address uses a specific version which was the current version as of the time of authoring this lab. There may be a more recent version available when you go through this lab.

    wget https://github.com/NagiosEnterprises/nsca/releases/download/nsca-2.9.2/nsca-2.9.2.tar.gz
  2. Unpack the downloaded file.

    tar xvzf nsca-2.9.2.tar.gz
  3. Install the necessary dependencies.

    sudo yum install libmcrypt libmcrypt-devel
  4. Transfer to the NSCA directory.

    cd nsca-2.9.2
  5. Run the configure file.

    sudo ./configure
  6. After verifying there are no errors in the configure output, compile the NSCA binary.

    sudo make all
  7. Copy over the necessary files.

    sudo cp /home/cloud_user/nsca-2.9.2/src/nsca /usr/local/nagios/bin/
    sudo cp /home/cloud_user/nsca-2.9.2/src/send_nsca /usr/local/nagios/bin/
    sudo cp /home/cloud_user/nsca-2.9.2/sample-config/nsca.cfg /usr/local/nagios/etc/
    sudo cp /home/cloud_user/nsca-2.9.2/sample-config/send_nsca.cfg /usr/local/nagios/etc/
  8. Edit the NSCA config file.

    sudo vim /usr/local/nagios/etc/nsca.cfg
  9. Under the "SERVER ADDRESS" section, uncomment the line for setting server_address. Change the value to the private IP address for your Nagios server.

  1. Under the "DEBUGGING OPTION" section, change the value of Debug to be 1.

  2. Save your changes and exit the editor.

  3. Change the ownership of the appropriate NSCA files.

    sudo chown nagios:nagios /usr/local.nagios/etc/nsca.cfg
    sudo chown nagios:nagios /usr/local/nagios/etc/send_nsca.cfg
    sudo chown nagios:nagios /usr/local.nagios/bin/nsca
    sudo chown nagios:nagios /usr/local/nagios/bin/send_nsca
  4. Change the permissions for the configuration files.

    sudo chmod g+r /usr/local/nagios/etc/send_nsca.cfg
    sudo chmod g+r /usr/local/nagios/etc/nsca.cfg
  5. Open a second client and log into the Linux client using the credentials provided on the hands-on lab page.

    ssh cloud_user@PUBLIC_LINUXCLIENT_ADDRESS
  6. In the Linux client, monitor the messages log.

    sudo tail -f /var/log/messages
  7. Back in the Nagios server, run Nagios.

    sudo /usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg
  8. Add a firewall rule and then reload the firewall.

    sudo firewall-cmd --permanent --add-port=5667/tcp
    sudo firewall-cmd --reload

Test a Local Connection to the Linux Client

  1. Return to the home folder of the current user.

    cd ..
  2. Create the test file.

    touch /home/cloud_user/testFile
  3. Open the test file.

    vim /home/cloud_user/testFile
  4. Add the following data to the file. User a tab space as a delimiter between items

    PRIVATE_NAGIOS_ADDRESS  check uptime    0   IT WORKS!!!!
  5. Save your changes and exit the editor.

  6. Attempt to send information to the Linux client.

    /usr/local/nagios/bin/send_nsca PRIVATE_NAGIOS_ADDRESS 
        -c /usr/local/nagios/etc/send_nsca.cfg < /home/cloud_usr/testFile
  7. Verify the packet arrived on the Linux client.

Configure Nagios

  1. In the Nagios server terminal, edit the commands configuration file.

    sudo vim /usr/local/nagios/etc/objects/commands.cfg
  2. Add the following text to the file.

    
    define command {
        command_name    uptime
        command_line    /nagioscore-nagios-4.4.3/nagios-plugins-master/plugins/check_uptime
    }
  3. Save your changes and exit the editor.

  4. Edit the templates configuration file.

    sudo vim /usr/local/nagios/etc/objects/templates.cfg
  5. Add the following template to the bottom of the file.

    
    define service {
    
            use generic-service
            name passive_service
            active_checks_enabled 0
            passive_checks_enabled 1
            flap_detection_enabled 0
            register 0
            check_interval 1
            check_period 24X7
            max_check_attempts 2
            notification_interval 1
            notification_period 24X7
            notification_options w,u,c,r
    
    }
  6. Save your changes and exit the editor.

  7. Create the Linux-Client.cfg file and edit it.

    sudo touch /usr/local/nagios/etc/objects/Linux-Client.cfg
    sudo vim /usr/local/nagios/etc/objects/Linux-Client.cfg
  8. Add the following text to the file.

    
    define host {
        use         linux-server
        host_name   Linux_Client
        alias       linuxClient
        address     PRIVATE_NAGIOS_ADDRESS
    }
    
    define hostgroup {
    
        hostgroup_name  my-linux-servers
        alias           My Linux Servers
        members         Linux_Client
    }
    
    define service {
    
        use                     passive_service
        host_name               Linux_Client
        service_destription     check uptime
        check_command           uptime
    }
  9. Save your changes and exit the editor.

  1. Edit the Nagios configuration file.

    sudo vim /usr/local/nagios/etc/nagios.cfg
  2. Add the following to the top of the file.

    # My Definitions
    cfg_file=/usr/local/nagios/etc/objects/Linux-Client.cfg
  3. Save your changes and exit the editor.

  4. Restart Nagios.

    sudo systemctl restart nagios
  5. Check the status of Nagios.

    sudo systemctl status nagios
  6. Test the connection.

    /usr/local/nagios/bin/send_nsca PRIVATE_NAGIOS_ADDRESS 
        -c /usr/local/nagios/etc/send_nsca.cfg < /home/could_user/testFile
  7. Verify the package is received on the Linux Client.

  8. Open a browser window and navigate to http://PUBLIC_NAGIOS_ADDRESS/nagios.

  9. Log in with the username "nagiosadmin" and the password "BlaBla321", without quotes.

  10. Click Services on the left-hand menu.

  11. Verify check uptime is running and has a status of OK.

Configure NSCA

  1. Open the NSCA configuration file.

    sudo vim /usr/local/nagios/etc/nsca.cfg
  2. Under "DECRYPTION PASSWORD", uncomment the password variable and set it to "Tralala321".

  3. Under "DECRYPTION METHOD", set the decryption_method variable to 1.

  4. Save your changes and exit the editor.

  5. Open the send_nsca.cfg file.

    sudo vim /usr/local/nagios/etc/send_nsca.cfg
  6. Under "ENCRYPTION PASSWORD", uncomment the password variable and set it to "Tralala321".

  7. Under "ENCRYPTION METHOD", set the encryption_method variable to 1.

  8. Save your changes and exit the editor.

  9. Find and kill the nsca process.

    ps aux | grep -i nsca
    sudo kill ID_FOR_NSCA_PROCESS
  1. Restart the service.

    sudo /usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg
  2. Confirm the process is running.

    ps aux | grep -i nsca

Configure the Linux Client

  1. Create an SSH key pair.

    ssh-keygen
  2. In a new terminal, log into the Linux client using the credential from the hands-on lab page.

    ssh cloud_user@PUBLIC_LINUXCLIENT_ADDRESS
  3. Edit the SSH authorized keys list and navigate to the bottom of the file.

    vim /home/cloud_user/.ssh/authorized_keys
  4. In the Nagios server terminal, open the file with the generated key from a previous step.

    vim /home/cloud_user/.ssh/id_rsa.pub
  5. Select the entire key and copy it, then quit the editor.

  6. Paste the key into the bottom of the file in the Linux client terminal.

  7. Save your changes and exit the editor.

  8. In the Nagios sever terminal, attempt to log into the Linux client.

    ssh cloud_user@PUBLIC_LINUXCLIENT_ADDRESS
  9. Log out of the Linux client.

    exit
  1. Copy files over to the Linux client.

    scp /usr/local/nagios/bin/send_nsca 
        cloud_user@PUBLIC_LINUXCLIENT_ADDRESS:/home/cloud_user/
    scp /usr/local/nagios/etc/send_nsca.cfg 
        cloud_user@PUBLIC_LINUXCLIENT_ADDRESS:/home/cloud_user/
  2. In the Nagios server terminal, edit the Linux-Client.cfg file.

    sudo vim /usr/local/nagios/etc/objects/Linux-Client.cfg
  3. Add the following service definition to the bottom of the file.

    
    define service {
    
        use                     passive_service
        host_name               Linux_Client
        service_description     check uptime
        check_command           uptime
    }
  4. At the beginning of the file, under the host definition, update the address parameter to the Linux client public IP.

  5. Save your changes and close the editor.

  6. Update the commands configuration file.

    sudo vim /usr/local/nagios/etc/objects/commands.cfg
  7. Define a new command at the top by adding the following text.

    define command {
        command_name    check_disk
        command_line    /nagioscore-nagios-4.4.3/nagios-plugins-master/plugins/check_disk
    }
  8. Save your changes and exit the editor.

  9. Install wget.

    sudo yum install wget
  10. Download and install the missing packages

    wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    sudo rpm -ivh epel-release-latest-7.noarch.rpm
    sudo yum install libmcrypt libmcrypt-devel
  11. Install nagios-plugins-disk.

    sudo yum install nagios-plugins-disk

Write a Custom Script

  1. Create the script file.

    touch /home/cloud_user/disk_Passive_check.sh
  2. Edit the new script file.

    sudo vim /home/cloud_user/disk_Passive_check.sh
  3. Add the following text to the file. Note that this includes text added later in the video.

    send_nsca_cfg="/home/cloud_user/send_nsca.cfg"
    host=Linux_Client
    service_desc="check disk"
    cmd="/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% /"
    raw_result="$($cmd)"
    
    msg="$(awk '{print $4 $5 $6 $7 $8 $9 $10 $11}' <<< $raw_result | tr -d ; | tr-d |)"
    
    istatus="$(awk '{print $2'} <<< $raw_result)"
    
    if [ $status == "OK"    ]; then
        status=0
    elif [ $stats == "WARNING" ]; then
        status=1
    elif [ $stats == "CRITICAL" ]; then
        status=2
    elif [ $stats == "UNKNOWN" ]; then
        status=3
    fi
    
    echo "$host;$service_desc;$status;$msg" | /home/cloud_user/send_nsca -H PRIVATE_NAGIOS_ADDRESS -d ';' -c $send_nsca_cfg
  4. Save your changes and exit the editor.

  5. Change the permissions for disk_Passive_check.sh.

    chmod +x disk_Passive_check.sh
  6. Run the script.

    /home/cloud_user/disk_Passive_check.sh
  7. Open a browser window and navigate to http://PUBLIC_NAGIOS_ADDRESS/nagios.

  8. Log in with the username "nagiosadmin" and the password "BlaBla321", without quotes.

  9. Click Services on the left-hand menu.

  1. Verify the service check disk is running and has status information.

  2. Click check disk. Verify the timestamp of the check.

Automate the Check

  1. In the terminal for the Linux client, run crontab.

    sudo crontab -e
  2. Add the following text.

    * * * * * /home/could_user/disk_Passive_check.sh
  3. Save your changes and exit the editor.

Conclusion

Congratulations — you've completed this hands-on lab!