Saturday, October 6, 2012

Nagios Installation and Configuration

Nagios is  the popular open source computer system and network monitoring software application, watches hosts and services, alerting users when things go wrong, and when they get better. This article deals with the step by step installation and configuration of Nagios. Here it goes:
Become Root
Login as root
Download the latest version of Nagios from http://www.nagios.org/download.
Unpacking The Distribution
To unpack the Nagios distribution:
tar xzf nagios-version.tar.gz
cd nagios-version
Create Nagios User/Group
Add a new user (and group) to the system with the following command :
adduser nagios
Create Installation Directory
Create the base directory where to install Nagios as follows…
mkdir /usr/local/nagios
Change the owner of the base installtion directory to be the Nagios user and group you added earlier as follows:
chown nagios.nagios /usr/local/nagios
Identify Web Server User
The following command can be used to quickly determine what user Apache is running as :
grep “^User” /etc/httpd/conf/httpd.conf
Add Command File Group
Create a new group whose members include the user of the web server is running as and the user Nagios is running . Call this new group ‘nagcmd‘ & name it .
/usr/sbin/groupadd nagcmd
Next, add the users that web server and Nagios run as to the newly created group with the following commands:
/usr/sbin/usermod -G nagcmd apache
/usr/sbin/usermod -G nagcmd nagios
Run the Configure Script
Run the configure script to initialize variables and create a Makefile as follows…(the last two options: –with-command-xxx are optional, but needed if you want to issue external commands)
./configure –prefix=prefix –with-cgiurl=cgiurl –with-htmurl=htmurl –with-nagios-user=someuser –with-nagios-group=somegroup –with-command-group=cmdgroup
  • Replace prefix with the installation directory that you created in the step above (default is /usr/local/nagios)
  • Replace cgiurl with the actual url you will be using to access the CGIs (default is /nagios/cgi-bin). Do NOT append a slash at the end of the url.
  • Replace htmurl with the actual url you will be using to access the HTML for the main interface and documentation (default is /nagios/)
  • Replace someuser with the name of a user on your system that will be used for setting permissions on the installed files (default is nagios)
  • Replace somegroup with the name of a group on your system that will be used for setting permissions on the installed files (default is nagios)
  • Replace cmdgroup with the name of the group running the web server (default is nagios, in the example above it was nagcmd). This will allow group members (i.e. your web server) to be able to submit external commands to Nagios.
OR
./configure To configure with the default options,not needed to provide all the options given as above
Compile Binaries
Compile Nagios and the CGIs with the following command:
make all
Installing The Binaries And HTML Files
Install the binaries and HTML files with the following command:
make install
Installing An Init Script
Install the sample init script to /etc/rc.d/init.d/nagios with the following command:
make install-init
Directory Structure And File Locations
cd /usr/local/nagios
You should see five different subdirectories. A brief description of what each directory contains is given in the table below.
Sub-Directory
Contents
bin/
Nagios core program
etc/
Main, resource, object, and CGI configuration files should be put here
sbin/
share/
HTML files (for web interface and online documentation)
var/
Empty directory for the log file, status file, retention file, etc.
var/archives
Empty directory for the archived logs
var/rw
Empty directory for the external command file
Open the Apache configuration file & add the following;
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user
Alias /nagios /usr/local/nagios/share Options None AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user
Restart ApacheConfigure Web Authentication
Running the following command will create a new file called htpasswd.users in the /usr/local/nagios/etc directssory. It will also create a username/password entry for nagiosadmin. It will be asked to provide a password that will be used when nagiosadmin authenticates to the web server.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Once the htpasswd file is created ,we can add more users to access the CGIs. Use the following command to add additional users, replacing with the actual username you want to add. Note that the -c option is not used, since you already created the initial file.
htpasswd /usr/local/nagios/etc/htpasswd.users
When we are pointing the web browser to access the Nagios , username and password will prompt and provide the same.
Enabling Authentication/Authorization Functionality In The CGIs
Make sure that the CGIs are configured to use the authentication and authorization functionality in determining what information and/or commands users have access to. This is done be setting the use_authentication variable in the CGI configuration file to a non-zero value.
Open the CGI file using ;
vi /usr/local/nagios/etc/cgi.cfg
Check whether use_authentication is 1 or 0,If its 0 make it 1
Example:
use_authentication=1
Download and Install Nagios Plugins
[root@server1 ~]#cd /usr/src
[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.14/nagios-plugins-1.4.14.tar.gz?use_mirror=dfn
[root@server1 ~]#tar xzf nagios-plugins-1.4.13.tar.gz
[root@server1 ~]#cd nagios-plugins1.4.13
Compile and Configure Nagios Plugins
We need the openssl-devel package installed to compile plugins with ssl support.
[root@server1 ~]# yum -y install openssl-devel
[root@server1 ~]#./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-openssl
[root@server1 ~]#make
[root@server1 ~]#make install
Configure nagiosadmin email address for alerts:-
[root@server1 ~]#vi /usr/local/nagios/etc/objects/contacts.cfg
email nagios@localhost ; <<– CHANGE THIS TO YOUR EMAIL ADDRESS
eg. mail.zoom@gmail.com
Verify the sample Nagios configuration files:-
[root@server1 ~]#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Total Warnings: 0
Total Errors: 0
Enable Nagios to start at system startup / boot
[root@server1 ~]#chkconfig –add nagios
[root@server1 ~]#chkconfig nagios on
[root@server1 ~]#chkconfig httpd on
Start Nagios:-
[root@server1 ~]#service nagios start
Access the web interface now by:-
http://ip-address/nagios/
NRPE  Installation and Setup:-
Download nrpe
[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz?use_mirror=nchc
Extract the Files:
[root@server1 ~]#tar -xzf nrpe-2.12.tar.gz
[root@server1 ~]#cd nrpe-2.12
Compile & configure NRPE using;
[root@server1 ~]# ./configure
[root@server1 ~]#make all
[root@server1 ~]#make install-plugin
[root@server1 ~]#make install-daemon
[root@server1 ~]#make install-daemon-config[root@server1 ~]#make install-xinetd
Post NRPE Configuration:
Edit Xinetd NRPE entry:
Add Nagios Monitoring server to the “only_from” directive
[root@server1 ~]# vi /etc/xinetd.d/nrpe
Entry will be like this:-
service nrpe
{
flags           = REUSE
socket_type     = stream
port            = 5666
wait            = no
user            = nagios
group           = nagios
server          = /usr/local/nagios/bin/nrpe
server_args     = -c /etc/nrpe.conf –inetd
log_on_failure  += USERID
disable         = no
#       only_from       = 127.0.0.1
}
only_from = 127.0.0.1 66.71.249.201 or comment it>
Edit services file entry:
Add entry for nrpe daemon
[root@server1 ~]# vi /etc/services
nrpe 5666/tcp # NRPE
Restart Xinetd and Set to start at boot:
[root@server1 ~]#chkconfig xinetd on
[root@server1 ~]#service xinetd restart
Test NRPE Daemon Install
Check NRPE daemon is running and listening on port 5666:
[root@server1 ~]# netstat -at |grep nrpe
Output should be:-
tcp 0 0 *:nrpe *.* LISTEN
or[root@server1 src]# netstat -plan | grep 5666
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      15721/xinetd
Check NRPE daemon is functioning:
[root@server1 src]# /usr/local/nagios/libexec/check_nrpe -H localhost
Output should be NRPE version:
NRPE v2.12
Open Port 5666 on Firewall
Make sure to open port 5666 on the firewall of the remote server so that the Nagios monitoring server can access the NRPE daemon.

you need to create the files /usr/local/nagios/etc/objects/hosts.cfg ,/usr/local/nagios/etc/objects/servicess.cfg manually & add it into /usr/local/nagios/etc/nagios.cfg as follows .
[root@server1 src]#vi /usr/local/nagios/etc/nagios.cfg
########These entries are imporatant############
cfg_file=/usr/local/nagios/etc/objects/commands.cfg
cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
cfg_file=/usr/local/nagios/etc/objects/services.cfg
cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
cfg_file=/usr/local/nagios/etc/objects/templates.cfg
########These entries are imporatant#############
Open the file /usr/local/nagios/etc/objects/commands.cfg and add the following entry to it.
root@server1]#vi /usr/local/nagios/etc/objects/commands.cfg
define command{
command_name    check_nrpe
command_line    /usr/local/nagios/libexec/check_nrpe  -H  $HOSTADDRESS$ -c $ARG1$
}
Now edit the file /usr/local/nagios/etc/objects/contacts.cfg and add your contact details there;
define contact{
contact_name             nagiosadmin             ; Short name of user
use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
alias                           Nagios Admin            ; Full name of user
email                      jamesakm@yahoo.co.in  ; <<— CHANGE THIS TO YOUR EMAIL ADDRESS
}
define contactgroup{
contactgroup_name       admins
alias                   Nagios Administrators
members                 nagiosadmin
}
Edit the file /usr/local/nagios/etc/objects/hosts.cfg. entries will be like this:-
[root@server1 ~]# vi /usr/local/nagios/etc/objects/hosts.cfg
define hostgroup{
hostgroup_name  Fsck
alias           Fsck
members   exam2.admin-ahead.com
}
define host{
use                     generic-host            ; Name of host template to use
host_name             exam2.admin-ahead.com
alias                   Fsck
address                 216.36.54.3
check_command           check-host-alive
max_check_attempts      3
notification_interval   300
notification_period     24×7
notification_options    d,u,r
contact_groups          admins
}
Now we need to edit the /usr/local/nagios/etc/objects/services.cfg file.
This file is used to define all the services. Entries will be like this:-
[root@server1 ~]# vi /usr/local/nagios/etc/objects/services.cfg
# Service definition
define service{
use generic-service ; Name of service template to use
# host_name exam2.admin-ahead.com
hostgroup_name nagios
service_description FTP
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_ftp
}
Repeat the same block for every services by changing service_description with the required service name( Eg. HTTP,SMTP,POP ) and check_command with check_ service name( Eg. HTTP,SMTP,POP ) like check_smtp,check_pop etc.
Client side (To monitor a remote client)
Use th NRPE daemon to execute Nagios plugins on the remote server and report back to the monitoring host server.
Create Nagios user account on the client :
[root@server1 ~]# useradd nagios[root@server1 ~]# passwd nagios
Download and Install Nagios Plugins:
[root@server1 ~]# cd /usr/src
[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.14/nagios-plugins-1.4.14.tar.gz?use_mirror=dfn
Extract Files:
[root@server1 ~]#tar xzf nagios-plugins-1.4.14.tar.gz
[root@server1 ~]#cd nagios-plugins-1.4.14.tar.gz
Compile and Configure Nagios Plugins
You need the openssl-devel package installed to compile plugins with ssl support.
[root@server1 ~]# yum -y install openssl-devel
Install Plugins:-
[root@server1 ~]# ./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-openssl
[root@server1 ~]# make
[root@server1 ~]# make install
The permissions on the plugin directory and the plugins will need to be changed to nagios user
[root@server1 ~]#  chown nagios.nagios /usr/local/nagios
[root@server1 ~]# chown -R nagios.nagios /usr/local/nagios/libexec
Install the xinetd Package
[root@server1 ~]# yum install xinetd
Downlad and Install NRPE Daemon
[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz?use_mirror=nchc
Extract the Files:
[root@server1 ~]#tar -xzf nrpe-2.12.tar.gz # cd nrpe-2.12
Compile and Configure NRPE
You need the openssl-devel package installed to compile NRPE with ssl support.
Install NRPE:
[root@server1 ~]# ./configure
[root@server1 ~]#make all
[root@server1 ~]#make install-plugin
[root@server1 ~]#make install-daemon
[root@server1 ~]#make install-daemon-config[root@server1 ~]#make install-xinetd
Post NRPE Configuration
Edit Xinetd NRPE entry:
Add Nagios Monitoring server to the “only_from” directive
[root@server1 ~]# vi /etc/xinetd.d/nrpe
Entry will be like this:-
service nrpe
{
flags           = REUSE
socket_type     = stream
port            = 5666
wait            = no
user            = nagios
group           = nagios
server          = /usr/local/nagios/bin/nrpe
server_args     = -c /etc/nrpe.conf –inetd
log_on_failure  += USERID
disable         = no
#       only_from       = 127.0.0.1
}
only_from = 127.0.0.1 66.71.249.201 or comment it>
Edit services file entry:
Add entry for nrpe daemon
[root@server1 ~]# vi /etc/services
nrpe 5666/tcp # NRPE
Restart Xinetd and Set to start at boot:
[root@server1 ~]#chkconfig xinetd on
[root@server1 ~]#service xinetd restart
Test NRPE Daemon Install
Check NRPE daemon is running and listening on port 5666:
[root@server1 ~]# netstat -at |grep nrpe
Output should be:-
tcp 0 0 *:nrpe *.* LISTEN

or

[root@server1 src]# netstat -plan | grep 5666
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      15721/xinetd
Check NRPE daemon is functioning:
[root@server1 src]# /usr/local/nagios/libexec/check_nrpe -H localhost
Output should be NRPE version:
NRPE v2.12
[root@server1 ~]#vi /etc/nrpe.conf
Entries:-
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 5,100,100 -c 10,100,100
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_procs]=/usr/local/nagios/libexec/check_procs -w 500 -c 1000
command[check_cron]=/usr/local/nagios/libexec/check_procs -w 1:5 -c 1:20 -C crond
command[check_mem]=/usr/local/nagios/libexec/check_mem -w 90 -c 95
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 10% -c 5%
Test Connection to NRPE daemon on Remote Server:-
Make sure that the NRPE on ther Nagios server can talk to the NRPE daemon on the remote server (Client) we want to monitor.
Execute the command:-
[root@server1 src]# /user/local/nagios/libexec/check_nrpe -H
NRPE v2.12
From the Server side:
Go to the Nagios Server side again and add the following changes.
Open the file /usr/local/nagios/etc/objects/hosts.cfg
[root@exam2 ~]# vim /usr/local/nagios/etc/objects/hosts.cfg
Add the clientside details along with the server side details , for example consider the following;
#For Server side
define hostgroup{
hostgroup_name nagios
alias Nagios Administrators
members exam2.admin-ahead.com
}
define host{
use generic-host ; Name of host template to use
host_name exam2.admin-ahead.com
alias Nagios Administrators
address 216.36.54.3
check_command check-host-alive
max_check_attempts 3
notification_interval 300
notification_period 24x7_sans_holidays
notification_options d,u,r
contact_groups admins
}
#For client side
define hostgroup{
hostgroup_name client
alias Client Administrator
members test.admin-ahead.com
}
define host{
use generic-host ; Name of host template to use
#use test.admin-ahead.com ; Name of host template to use
host_name test.admin-ahead.com
alias Client Administrator
address 67.219.63.169
check_command check-host-alive
max_check_attempts 3
notification_interval 300
notification_period 24x7_sans_holidays
Open the /usr/local/nagios/etc/objects/services.cfg file for adding client side Services;
[root@exam2 ~]# vim /usr/local/nagios/etc/objects/services.cfg
#Entries here for monitoring Server side FTP & client side FTP,HTTP,SSH & PING only ,we can customize as suitable to our requirement
# Service definition
define service{
use generic-service ; Name of service template to use
# host_name exam2.admin-ahead.com
hostgroup_name nagios
service_description FTP
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_ftp
}
define service{
use generic-service ; Name of service template to use
# host_name test.admin-ahead.com
hostgroup_name client
service_description HTTP
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_http
}
define service{
use generic-service ; Name of service template to use
# host_name test.admin-ahead.com
hostgroup_name client
service_description FTP
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_ftp
}
define service{
use generic-service ; Name of service template to use
# host_name test.admin-ahead.com
hostgroup_name client
service_description SSH
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_ssh
}
define service{
use generic-service ; Name of service template to use
# host_name test.admin-ahead.com
hostgroup_name client
service_description PING
is_volatile 0
check_period 24x7_sans_holidays
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 300
notification_period 24x7_sans_holidays
notification_options c
check_command check_ping
}
Restart the service;
[root@exam2 ~]#service nagios restart
[root@exam2 ~]#chkconfig nagios on
Posted by at No comments:
Subscribe to: Posts (Atom)