Nagios Monitoring Server + Nagios Monitored Servers + MySQL Setup

Strictly speaking, this is not an article i wrote myself. I am here simply combine this up for my conveniences and for people who visited this blog [ there are just too many article flying around for me to search each time šŸ™ ]. I am using Centos 5.5

Easy way to install Nagios

Apparently there is a simple way via yum

yum install epel-release
yum install nagios nagios-devel nagios-plugins* gd gd-devel httpd php gcc glibc glibc-common

Above will install all nagios required plugins and the only thing you will need to do is to install apache to get it up.

Installing Nagios on the Monitoring server

Please refer to the quick installation guide at http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

Nagios Monitoring Server

Downlad and Install NRPE Plugin

# mkdir -p /opt/Nagios/Nagios_NRPE

# cd /opt/Nagios/Nagios_NRPE

Save file to directory /opt/Nagios

http://www.nagios.org/download/download.php

As of this writing NRPE 2.12 (Stable)

Extract the Files:

# tar -xzf nrpe-2.12.tar.gz

# cd nrpe-2.12

Compile and Configure NRPE

# ./configure

# make all

# make install-plugin

Test Connection to NRPE daemon on Remote Server

Lets now make sure that the NRPE on our Nagios server can talk to the NRPE daemon on the remote server we want to monitor. Replace ā€œā€ with the remote servers IP address. Please take note that must be a remote IP address that you wish to monitor. At this point of time, you may not have any such server. Hence, you can skip this if you wish to.

# /usr/local/nagios/libexec/check_nrpe -H
NRPE v2.12

Create NRPE Command Definition

A command definition needs to be created in order for the check_nrpe plugin to be used by nagios.

# vi /usr/local/nagios/etc/objects/commands.cfg

Add the following:

###############################################################################
# NRPE CHECK COMMAND
#
# Command to use NRPE to check remote host systems
###############################################################################

define command{
        command_name check_nrpe
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
        }

Create Linux Object template

In order to be able to add the remote linux machine to Nagios we need to create an object template file adn add some object definitions.

Create new linux-box-remote object template file:

# vi /usr/local/nagios/etc/objects/linux-box-remote.cfg

Add the following and replace the values ā€œhost_nameā€ ā€œaliasā€ ā€œaddressā€ with the values that match your setup:

** The ā€œhost_nameā€ you set for the ā€œdefine_hostā€ section must match the ā€œhost_nameā€ in the ā€œdefine_serviceā€ section **

define host{
          name                  linux-box-remote             ; Name of this template
          use                   generic-host          ; Inherit default values
          check_period          24x7
          check_interval        5
          retry_interval        1
          max_check_attempts    10
          check_command         check-host-alive
          notification_period   24x7
          notification_interval 30
          notification_options  d,r
          contact_groups        admins
          register              0          ; DONT REGISTER THIS - ITS A TEMPLATE
          }

define host{
          use       linux-box-remote     ; Inherit default values from a template
          host_name Centos5    ; The name we're giving to this server
          alias     Centos5 ; A longer name for the server
          address   192.168.0.5   ; IP address of the server
          }

define service{
          use                 generic-service
          host_name           Centos5
          service_description CPU Load
          check_command       check_nrpe!check_load
          }
define service{
          use                 generic-service
          host_name           Centos5
          service_description Current Users
          check_command       check_nrpe!check_users
          }
define service{
          use                 generic-service
          host_name           Centos5
          service_description /dev/hda1 Free Space
          check_command       check_nrpe!check_hda1
          }
define service{
          use                 generic-service
          host_name           Centos5
          service_description Total Processes
          check_command       check_nrpe!check_total_procs
          }
define service{
          use                 generic-service
          host_name           Centos5
          service_description Zombie Processes
          check_command       check_nrpe!check_zombie_procs
          }

Activate the linux-box-remote.cfg template:

# vi /usr/local/nagios/etc/nagios.cfg

And add:

# Definitions for monitoring remote Linux machine
cfg_file=/usr/local/nagios/etc/objects/linux-box-remote.cfg

Next you will need to add nrpe onto your command list.

[root@ns ~]# vi /etc/nagios/objects/commands.cfg

# add at the bottom
define command{
command_namecheck_nrpe
command_line$USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

this will allow you to use the command check_nrpe.

Verify Nagios Configuration Files:

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Total Warnings: 0
Total Errors:   0

Restart Nagios:

# service nagios restart

Check Nagios Monitoring server that the remote linux box was added and is being monitored !

Nagios Monitored Server

This is the setting for ALL of your monitored servers (Server that you want to be monitor by the central monitoring server)

Firstly, install the required package.

yum install gcc glibc glibc-common gd gd-devel openssl-devel make

Setup the users

Just setup nagios as a user to execute all nagios instruction later

useradd nagios
passwd nagios

add your own password.

Download and Install Nagios Plugins

go to your src folder and download all the required nagios stuff which is nagios plugin and nrpe. Both plugin and nrpe is located at http://www.nagios.org/download/download.php. find the link and wget it like i show below.
here's the link of the two nagios required plugins

  • http://www.nagios.org/download/plugins/
  • http://exchange.nagios.org/directory/Addons/Monitoring-Agents/NRPE-%252D-Nagios-Remote-Plugin-Executor/details
cd /usr/local/src/
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz

Once download is completed, tar both files

tar xzf nagios-plugins-1.4.15.tar.gz
tar xzf nrpe-2.12.tar.gz

Compile and Configure Nagios Plugins

We will need to install the openssl library before installing them

yum install -y openssl-devel

Once you install and tar both files, its time to install them.

cd nagios-plugins-1.4.15
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec

Now, we will need to install xinetd to ensure it is secure.

yum install -y xinetd

Next, we will need to configure xinetd to allow certain port and nrpe.

Install NRPE Daemon

Time to install NRPE Daemon!

cd nrpe-2.12
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd

We will need to confiure xinetd now.

Post NRPE Configuration

Edit Xinetd NRPE entry:

Add Nagios Monitoring server to the "only_from" directive

vi /etc/xinetd.d/nrpe

find only_from directive and add your nagios monitoring server ip address so that the monitoring server can access your monitored server.

only_from = 127.0.0.1

Edit services file entry:

Add entry for nrpe daemon

vi /etc/services

add nrpe into the list.

nrpe      5666/tcp    # NRPE

lastly restart the service and make it start on boot time.

chkconfig xinetd on
service xinetd restart

Open Firewall port for NRPE

Next, we will need to open up the firewall

vi /etc/sysconfig/iptables

add 5666 to your whitelist

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT

Its time to test!

Test NRPE Daemon Install

Check NRPE daemon is running and listening on port 5666:

netstat -at |grep nrpe

Output should be:

tcp    0    0 *:nrpe    *.*    LISTEN

Check NRPE daemon is functioning:

/usr/local/nagios/libexec/check_nrpe -H localhost

Output should be NRPE version:

NRPE v2.12

Monitoring MySQL Server With Nagios

Nagios Ping /bin/ping Unknown status problem

This is simply a permission problem caused by the script /bin/ping. Hence, all you need to do is the following,

chmod u+s /bin/ping

After a while, nagios should be able to ping your server ip.

TroubleShooting

NRPE ./configure error:

checking for SSL headersā€¦ configure: error: Cannot find ssl headers

Solution:

You need to install the openssl-devel package

# yum -y install openssl-devel

CHECK_NRPE: Error ā€“ Could not complete SSL handshake

Solution:

This is most likely not a probem with SSL but rather with Xinetd access restrictions.

Check the following files:

/etc/xinetd.d/nrpe

/etc/hosts.allow

/etc/hosts.deny

no acceptable c compiler found in $PATH

When I gave the ./configure command i got this error saying: no acceptable c compiler found in $PATH and then it stops.

After a quick google search I found a topic saying that i needed to install gcc so i entered:

yum install gcc glibc glibc-common gd gd-devel

Hope it helps, you if need any web hosting solutions or have any question, feel free to pm me šŸ™‚

Making Mount DVD/CDROM Executable in Linux

Interestingly, if you try to mount your dvd or cdrom and try to run the files in your dvd/cdrom in linux, chances are you will most likely get an error stating that the file doesn't have the permission to perform the task. If you mount your media into linux and receives an error saying that your cd/dvd is write-protected and your mounted drive is only good for read-only, you will definitely get permission denial error when you try to execute any .sh files in your mounted drive.

The solutions for this is pretty simple. All you need to do is to fire up your fstab file at

vi /etc/fstab

and add/edit the following line so that you can mount and execute the files on your mounted drive.

/dev/dvd        /mnt/dvd        auto        ro,user,noauto,exec      0 0

The trick to make your dvd/cd executable is to set "exec" after "user" because by default once "user" is seen, it will automatically change your media to "noexec" and overwrite the "exec" you have defined either before or after you mount the dvd.

mount -o exec /dev/dvd 

and you will see that it stills fail if on your fstab user is placed at the end or after exec statement. Cheers!

Changing SSH Port Fail To Login In Centos – No route to host

Recently i have been setting up with my own server in Centos playing around with Centos and understanding more about Linux. It has been a challenging and interesting process for me. From a beginner point of view, there is really a lot to learn and explore with hardware. One of this problem i faced was ssh giving me a headache when i change the ssh port to something different rather than port 22.

The whole process of changing SSH port 22 to something else was really to harden the security side for SSH. However, who would have though problem will come for something so simple such as changing SSH port to something else rather than 22?

If you are getting the following message

connect to host xxx.xxx.xxx.xxx port 2222: No route to host

and you are sure that you did the correct thing and started staring at your hardware switch. Don't. This should have nothing to do with your layer 3 switch if you hasn't touch it yet.

The reason why only port 22 is accessible via SSH and not other port was because Centos has its own Firewall called Iptables. If you are like me who suspect it might be Centos firewall who is causing the problem, you have found the right answer.

In order to determine whether is it the rule of Centos Iptables who is causing this problem, all you have to do is to initialize the following command,

iptables -F

this will flush the iptables rules and make it clean from centos default rules. Now, try to ssh to your machine and see whether it works?

If it does, you just found the culprit for your headache. Next, we will need to change the iptables rule so that it stays permanent on the iptables. Navigation down to

/etc/sysconfig/iptables

look for the last 3rd line where you will see --dport 22, change it to your new ssh port and restart your iptables and sshd

service sshd restart
service iptables restart

and you should be able to ssh properly from another machine to your server. Cheers!