Monitoring_with_Nagios
HOW TO CONFIGURE NAGIOS TO MONITOR THE ESIS FRAMEWORK
CHECK NAGIOS VERSION
This feature starts with version 3.x of Nagios®. It won’t work with any previous version.
Type the following command to check the version of Nagios:
$ /usr/local/nagios/bin/nagios -v Nagios 3.0.2 Copyright (c) 1999-2008 Ethan Galstad (http://www.nagios.org) Last Modified: 05-19-2008 License: GPL
CONFIGURE SSH TO ALLOW NAGIOS TO MONITOR ESIS
The connection in between the Nagios and ESIS servers is secured and encrypted with the SSH protocol via the Nagios check_by_ssh command. However to automate the connection it is required to authorize the Nagios server to connect as the esis user.
1 - Create a specific key pair that will be used by Nagios for the sole and unique purpose of connecting to ESIS. For security reason it is important to use a dedicated key pair, as it will be password-less.
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /usr/local/nagios/ssh-register/esis_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/nagios/ssh-register/esis_rsa. Your public key has been saved in /usr/local/nagios/ssh-register/esis_rsa.pub. The key fingerprint is: fb:58:3c:ab:2c:83:ce:31:e3:06:39:65:ae:1b:f0:9f nagios@LP550.example.com
2 = The public key must now be added to the authorized keys for the esis user on the ESIS server. To do this, one need to connect to the ESIS server and edit the .ssh/authorized_keys file of the esis user.
# ssh ESIS_SERVER –l esis Last login: Thu May 22 16:03:32 2008 from dhcp18.example.com *********** WARNING / AVERTISSEMENT ************* THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE PUNISHABLE UNDER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM, DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES AND DATA BEING MONITORED. ALL PERSONS ARE HEREBY NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO MONITORING AND AUDITING. ************************************************* $ vi .ssh/authorized_keys
3 - Add the public key to the file using the from keyword to restrict the use of this key for connection originating from the Nagios server, and the command keyword to restrict the connection to the sole purpose of running the monitoring command. For security reasons and as the key pair is password-less it is important to store these in a restricted access directory.
The section for Nagios in the authorized_keys file of the esis user on the ESIS server should look like this example:
from="NAGIOS_IP" command="/opt/ESIS/bin/check_esis_cmd" ssh-rsa AAAAB3Nza...LiPk==user@example.net
4 - Last ensure that the ~/.ssh/authorized_keys file is not accessible by other users (chmod 700) :
$ ls -l -rw-r----- 1 esis esisgp 613 Sep 2 2007 authorized_keys
CONFIGURE NAGIOS TO MONITOR ESIS
Enabling the monitoring of ESIS requires to modify one of the configuration file of Nagios.
1 - Open the commands.cfg in the /usr/local/nagios/etc/objects directory.
$ vi /usr/local/nagios/etc/objects/commands.cfg
2 - At the end of the file add the following sections:
# check_esis
define command{
command_name check_esis
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -l esis –i YOUR_SSH_ID -C /opt/ESIS/bin/check_esis
}
# check_esis_incidents
define command{
command_name check_esis_incidents
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -l esis -C "/opt/MY_APP/bin/check_esis_cmd check_incidents"
}
# check_esis_probes
define command{
command_name check_esis_probes
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -l esis -C "/opt/MY_APP/bin/check_esis_cmd check_probes"
}
# check_esis_postgresql
define command{
command_name check_esis_postgresql
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -l esis -C "/opt/MY_APP/bin/check_esis_cmd check_postgresql"
}
3 - Save the configuration file.
4 - Edit the configuration file of the ESIS server (ie /usr/local/nagios/etc/objects/sun-fire.cfg).
$ vi /usr/local/nagios/etc/objects/esis-server.cfg
5 - Add ESIS to the list of the monitored services.
define service{
use generic-service
host_name YOUR_HOSTNAME
service_description ESIS
check_command check_esis
}
define service{
use generic-service
host_name YOUR_HOSTNAME
service_description ESIS incidents
check_command check_esis_incidents
}
define service{
use generic-service
host_name YOUR_HOSTNAME
service_description ESIS probes
check_command check_esis_probes
}
define service{
use generic-service
host_name YOUR_HOSTNAME
service_description ESIS postgresql
check_command check_esis_postgresql
}
6 - Test the Nagios configuration.
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nagios 3.0.2
Copyright (c) 1999-2008 Ethan Galstad (http://www.nagios.org)
Last Modified: 05-19-2008
License: GPL
Reading configuration data...
Running pre-flight check on configuration data...
Checking services...
Checked 18 services.
Checking hosts...
Checked 3 hosts.
Checking host groups...
Checked 3 host groups.
Checking service groups...
Checked 0 service groups.
Checking contacts...
Checked 1 contacts.
Checking contact groups...
Checked 1 contact groups.
Checking service escalations...
Checked 0 service escalations.
Checking service dependencies...
Checked 0 service dependencies.
Checking host escalations...
Checked 0 host escalations.
Checking host dependencies...
Checked 0 host dependencies.
Checking commands...
Checked 28 commands.
Checking time periods...
Checked 5 time periods.
Checking for circular paths between hosts...
Checking for circular host and service dependencies...
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check
ESIS PLUGINS FOR NAGIOS
The two scripts bin/check_esis and bin/check_esis_cmd are pure Nagios plugins as they return the appropriate status code and only one line of text. They embed calls to the specific bin/esis nagios commands.
INCIDENTS MONITORING
The command bin/esis nagios check_incidents returns information about incidents raised by users.
# bin/esis nagios check_incidents Incidents OK: No incident in the last 7 days in 0:0:1
DATABASE MONITORING
The command bin/esis nagios check_postgresql returns information about issues with the embedded postgreSQL databases.
# bin/esis nagios check_postgresql Db Warning: Timezones are the same for the datawarehouse and the server in 0:0:1
PROBES MONITORING
The command bin/esis nagios check_probes returns information about issues with the ESIS probes.
# bin/esis nagios check_probes in 0:0:3
REFERENCES
The following URLs point to documents that can provide further help.
