1 | Registry Operations Curriculum |
---|
2 | Nagios Installation and Configuration |
---|
3 | |
---|
4 | Notes: |
---|
5 | ------ |
---|
6 | * Commands preceded with "$" imply that you should execute the command as |
---|
7 | a general user - not as root. |
---|
8 | * Commands preceded with "#" imply that you should be working as root. |
---|
9 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
---|
10 | imply that you are executing commands on remote equipment, or within |
---|
11 | another program. |
---|
12 | |
---|
13 | Exercises |
---|
14 | --------- |
---|
15 | |
---|
16 | Exercises Part I |
---|
17 | ---------------- |
---|
18 | |
---|
19 | 0. Log in to your PC or open a terminal window as the tladmain user. |
---|
20 | |
---|
21 | |
---|
22 | 1. You could nstall Nagios version 3. You would do this as root or as the tldadmin |
---|
23 | user and use the "sudo" command: |
---|
24 | |
---|
25 | # apt-get install nagios3 |
---|
26 | |
---|
27 | Nagios version 3 is already installed, but you can still run the command. |
---|
28 | |
---|
29 | |
---|
30 | 2. Create the Web user password file: |
---|
31 | |
---|
32 | # htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin |
---|
33 | |
---|
34 | New password: |
---|
35 | Re-type new password: |
---|
36 | |
---|
37 | We suggest you use your standard user password used in class. |
---|
38 | |
---|
39 | |
---|
40 | 2. You should already have a working Nagios! |
---|
41 | |
---|
42 | - Open a browser, and go to |
---|
43 | |
---|
44 | http://localhost/nagios3/ |
---|
45 | |
---|
46 | - At the login prompt, login as: |
---|
47 | |
---|
48 | user: nagiosadmin |
---|
49 | pass: |
---|
50 | |
---|
51 | 3. Let's look at the interface together... |
---|
52 | |
---|
53 | # cd /etc/nagios3/ |
---|
54 | |
---|
55 | # ls -l |
---|
56 | -rw-r--r-- 1 root root 1882 2008-12-18 13:42 apache2.conf |
---|
57 | -rw-r--r-- 1 root root 10524 2008-12-18 13:44 cgi.cfg |
---|
58 | -rw-r--r-- 1 root root 2429 2008-12-18 13:44 commands.cfg |
---|
59 | drwxr-xr-x 2 root root 4096 2009-02-14 12:33 conf.d |
---|
60 | -rw-r--r-- 1 root root 26 2009-02-14 12:36 htpasswd.users |
---|
61 | -rw-r--r-- 1 root root 42539 2008-12-18 13:44 nagios.cfg |
---|
62 | -rw-r----- 1 root nagios 1293 2008-12-18 13:42 resource.cfg |
---|
63 | drwxr-xr-x 2 root root 4096 2009-02-14 12:32 stylesheets |
---|
64 | |
---|
65 | # ls -l conf.d/ |
---|
66 | |
---|
67 | -rw-r--r-- 1 root root 1695 2008-12-18 13:42 contacts_nagios2.cfg |
---|
68 | -rw-r--r-- 1 root root 418 2008-12-18 13:42 extinfo_nagios2.cfg |
---|
69 | -rw-r--r-- 1 root root 1152 2008-12-18 13:42 generic-host_nagios2.cfg |
---|
70 | -rw-r--r-- 1 root root 1803 2008-12-18 13:42 generic-service_nagios2.cfg |
---|
71 | -rw-r--r-- 1 root root 210 2009-02-14 12:33 host-gateway_nagios3.cfg |
---|
72 | -rw-r--r-- 1 root root 976 2008-12-18 13:42 hostgroups_nagios2.cfg |
---|
73 | -rw-r--r-- 1 root root 2167 2008-12-18 13:42 localhost_nagios2.cfg |
---|
74 | -rw-r--r-- 1 root root 1005 2008-12-18 13:42 services_nagios2.cfg |
---|
75 | -rw-r--r-- 1 root root 1609 2008-12-18 13:42 timeperiods_nagios2.cfg |
---|
76 | |
---|
77 | Notice that the package does not have renamed filenames for the conf.d |
---|
78 | directory - they are the same files as used for the Nagios version 2 |
---|
79 | Ubuntu package. There was an update made to the host-gateway configuration |
---|
80 | file so this has been renamed. |
---|
81 | |
---|
82 | PART II |
---|
83 | Configuring Equipment |
---|
84 | ----------------------------------------------------------------------------- |
---|
85 | |
---|
86 | 0. Order of configuration |
---|
87 | |
---|
88 | Conceptually we will build our configuration files from the "top" of our network down. That |
---|
89 | is we define entries for our gateway router and swith first, then our group routers and switches. |
---|
90 | Once we have these entries we will add an entry for our NOC machine, then pc1, pc2, pc3, etc... |
---|
91 | |
---|
92 | By going in this order you will have defined the devices that act as parents for other devices. |
---|
93 | |
---|
94 | |
---|
95 | 1. Let's configure Nagios to start monitoring our classroom gateway router: |
---|
96 | |
---|
97 | # cd /etc/nagios3/conf.d/ |
---|
98 | |
---|
99 | # vi routers.cfg |
---|
100 | |
---|
101 | define host { |
---|
102 | use generic-host |
---|
103 | host_name bb-gw |
---|
104 | alias aroc border router |
---|
105 | address 10.10.10.254 |
---|
106 | } |
---|
107 | |
---|
108 | Now define entries for our two group routers: |
---|
109 | |
---|
110 | define host { |
---|
111 | use generic-host |
---|
112 | host_name router1 |
---|
113 | alias aroc-en router 1 router |
---|
114 | address 10.10.10.21 |
---|
115 | } |
---|
116 | |
---|
117 | define host { |
---|
118 | use generic-host |
---|
119 | host_name router2 |
---|
120 | alias aroc-en router 2 router |
---|
121 | address 10.10.10.22 |
---|
122 | } |
---|
123 | |
---|
124 | Save and exit from the file /etc/nagios3/conf.d/routers.cfg |
---|
125 | |
---|
126 | |
---|
127 | 2. Configure our classroom switches |
---|
128 | |
---|
129 | Now that we have our routers configured we can configure our switches. Note that each |
---|
130 | switch will have a parent relationship with the router next to them. |
---|
131 | |
---|
132 | # vi switches.cfg |
---|
133 | |
---|
134 | First the switch on our classroom backbone: |
---|
135 | |
---|
136 | define host { |
---|
137 | use generic-host |
---|
138 | host_name bb-sw |
---|
139 | alias cctld backbone switch |
---|
140 | address 10.10.10.253 |
---|
141 | parents bb-gw |
---|
142 | } |
---|
143 | |
---|
144 | Notice the "parents" entry. You can only add the parent entry once you have a definition for |
---|
145 | "bb-gw". We did this in our routers.cfg file, so this will work. |
---|
146 | |
---|
147 | Save and exit from the file switches.cfg |
---|
148 | |
---|
149 | |
---|
150 | 3. Update the file routers.cfg with parents |
---|
151 | |
---|
152 | The border router does not have a parent for purposes of our class. In reality it does, but |
---|
153 | you have to stop your monitoring somewhere. |
---|
154 | |
---|
155 | Our two group routers, however, now have a parent defined. This is the backbone switch. We |
---|
156 | need to update our group router entries to look like this: |
---|
157 | |
---|
158 | define host { |
---|
159 | use generic-host |
---|
160 | host_name router1 |
---|
161 | alias aroc-en router 1 router |
---|
162 | address 10.10.10.21 |
---|
163 | parents bb-sw |
---|
164 | } |
---|
165 | |
---|
166 | define host { |
---|
167 | use generic-host |
---|
168 | host_name router2 |
---|
169 | alias aroc-en router 2 router |
---|
170 | address 10.10.10.22 |
---|
171 | parents bb-sw |
---|
172 | } |
---|
173 | |
---|
174 | Save and exit from the file routers.cfg |
---|
175 | |
---|
176 | |
---|
177 | 4. Create entries for each PC in the classroom |
---|
178 | |
---|
179 | Now that we have our routers and switches defined it is quite easy to create entries for all our |
---|
180 | PCs. Think about the parent relationships. The parent of the NOC is the backbone switch. The |
---|
181 | parent of pc1 through pc9 is the switch for group 1. The parent for pc10-18 is the switch for |
---|
182 | group 2. |
---|
183 | |
---|
184 | Below are three sample entries. One for the NOC, one for pc1 and one for pc10. You should be able |
---|
185 | to use this example to create entries for all 18 classroom pcs plus the NOC: |
---|
186 | |
---|
187 | We could put these entries in to separate files, but as our network is small we'll use a single |
---|
188 | file called pcs.cfg. |
---|
189 | |
---|
190 | NOTE! You do not add in an entry for your PC. This has already been defined in the file |
---|
191 | /etc/nagios3/conf.d/localhost_nagios2.cfg. This definition is what define's the Nagios |
---|
192 | network viewpoint. So, when you come to the spot where you might add an entry for your PC |
---|
193 | you should skip this and go on to the next PC in the list (i.e. from pc1 to pc18). |
---|
194 | |
---|
195 | # vi pcs.cfg |
---|
196 | |
---|
197 | # Our classroom NOC |
---|
198 | |
---|
199 | define host { |
---|
200 | use generic-host |
---|
201 | host_name noc |
---|
202 | alias aroc NOC machine |
---|
203 | address 10.10.10.10 |
---|
204 | parents bb-sw |
---|
205 | } |
---|
206 | |
---|
207 | # Group 1 PCs |
---|
208 | |
---|
209 | define host { |
---|
210 | use generic-host |
---|
211 | host_name tld1 |
---|
212 | alias tld1 aroc-en cctld |
---|
213 | address 10.10.10.41 |
---|
214 | parents router1 |
---|
215 | } |
---|
216 | |
---|
217 | # Group 2 PCs |
---|
218 | |
---|
219 | define host { |
---|
220 | use generic-host |
---|
221 | host_name tld14 |
---|
222 | alias tld14 aroc-en cctld |
---|
223 | address 10.10.10.54 |
---|
224 | parents router2 |
---|
225 | } |
---|
226 | |
---|
227 | Take the three entries above and now expand this to create the remaining entries for pc1-pc9 and |
---|
228 | for pc10-pc18. If you have any questions about IP addresses, etc. you can review the Network |
---|
229 | Diagram for the class linked off the classroom wiki main page at http://localhost/trac/. |
---|
230 | |
---|
231 | Exit and save the file pcs.cfg |
---|
232 | |
---|
233 | Now let's verify that our initial Nagios configuration is working: |
---|
234 | |
---|
235 | |
---|
236 | 5. Verify that your configuration files are OK: |
---|
237 | |
---|
238 | # nagios3 -v /etc/nagios3/nagios.cfg |
---|
239 | |
---|
240 | ... You should get : |
---|
241 | |
---|
242 | Total Warnings: 0 |
---|
243 | Total Errors: 0 |
---|
244 | |
---|
245 | Things look okay - No serious problems were detected during the check. |
---|
246 | |
---|
247 | |
---|
248 | 5. Reload/Restart Nagios |
---|
249 | |
---|
250 | # /etc/init.d/nagios3 restart |
---|
251 | |
---|
252 | Not always 100% reliable to use the "restart" option due to a bug in the Nagios init script. |
---|
253 | To be sure you may want to get used to doing: |
---|
254 | |
---|
255 | # /etc/init.d/nagios3 stop |
---|
256 | # /etc/init.d/nagios3 start |
---|
257 | |
---|
258 | 6. Go to the web interface (http://localhost/nagios3) and check that the hosts |
---|
259 | you just added are now visible in the interface. Click on the "Host Detail" item |
---|
260 | on the left of the Nagios screen to see this. |
---|
261 | |
---|
262 | |
---|
263 | PART III |
---|
264 | Configure Service check for your the classroom NOC |
---|
265 | ----------------------------------------------------------------------------- |
---|
266 | |
---|
267 | 0. Configuring |
---|
268 | |
---|
269 | Now that we have our hardware configured we can start telling Nagios what services to monitor |
---|
270 | on the configured hardware, how to group the hardware in interesting ways, how to group |
---|
271 | services, etc. |
---|
272 | |
---|
273 | 1. Associate a service check for our classroom NOC |
---|
274 | |
---|
275 | # vi hostgroups_nagios2.cfg |
---|
276 | |
---|
277 | - Find the hostgroup named "ssh-servers". In the members section of the defintion |
---|
278 | change the line: |
---|
279 | |
---|
280 | members localhost |
---|
281 | |
---|
282 | to |
---|
283 | |
---|
284 | members localhost,noc,tld1,tld2,tld3,tld4 |
---|
285 | |
---|
286 | |
---|
287 | |
---|
288 | Exit and save the file. |
---|
289 | |
---|
290 | Verify that your changes are OK: |
---|
291 | |
---|
292 | # nagios3 -v /etc/nagios3/nagios.cfg |
---|
293 | |
---|
294 | Restart Nagios to see the new service assocation with your host: |
---|
295 | |
---|
296 | # /etc/init.d/nagios3 Restart |
---|
297 | |
---|
298 | Click on the "Service Detail" link in the Nagios web interface to see your new entry. |
---|
299 | |
---|
300 | |
---|
301 | PART IV |
---|
302 | Defining Services for all PCs |
---|
303 | ----------------------------------------------------------------------------- |
---|
304 | |
---|
305 | 1. Determine what services to define for what devices |
---|
306 | |
---|
307 | - This is core to how you use Nagios and network monitoring tools in |
---|
308 | general. So far we are simply using ping to verify that physical hosts |
---|
309 | are up on our network and we have started monitoring a single service on |
---|
310 | a single host (your PC). The next step is to decide what services you wish |
---|
311 | to monitor for each host in the classroom. |
---|
312 | |
---|
313 | - In this particular class we have: |
---|
314 | |
---|
315 | routers: running ssh and snmp |
---|
316 | switches: running telnet and possibly ssh as well as snmp |
---|
317 | pcs: All PCs are running ssh and http and should be running snmp |
---|
318 | The NOC is currently running an snmp daemon |
---|
319 | |
---|
320 | So, let's configure Nagios to check for these services for these |
---|
321 | devices. |
---|
322 | |
---|
323 | 2.) Verify that SSH is running on the routers and workshop PCs images |
---|
324 | |
---|
325 | - In the file services_nagios2.cfg there is already an entry for the SSH |
---|
326 | service check, so you do not need to create this step. Instead, you |
---|
327 | simply need to re-define the "ssh-servers" entry in the file |
---|
328 | /etc/nagios3/conf./hostgroups_nagios2.cfg. The initial entry in the file |
---|
329 | looked like: |
---|
330 | |
---|
331 | # A list of your ssh-accessible servers |
---|
332 | define hostgroup { |
---|
333 | hostgroup_name ssh-servers |
---|
334 | alias SSH servers |
---|
335 | members localhost |
---|
336 | } |
---|
337 | |
---|
338 | What do you think you should change? Correct, the "members" line. You should |
---|
339 | add in entries for all the classroom pcs, routers and the switches that run ssh. |
---|
340 | With this information and the network diagram you should be able complete this entry. |
---|
341 | |
---|
342 | The entry will look something like this: |
---|
343 | |
---|
344 | define hostgroup { |
---|
345 | hostgroup_name ssh-servers |
---|
346 | alias SSH servers |
---|
347 | members localhost,tld1,tld2,tld3,tld14,noc |
---|
348 | } |
---|
349 | |
---|
350 | Note: leave in "localhost" - This is your PC and represents Nagios' network point of |
---|
351 | view. So, for instance, if you are on "pc3" you would not include "pc3" in the list |
---|
352 | of all the classroom pcs as it is represented by the "localhost" entry. |
---|
353 | |
---|
354 | The "members" entry will be a long line and will likely wrap on the screen. |
---|
355 | |
---|
356 | Remember to include all your PCs. |
---|
357 | |
---|
358 | - Once you are done, run the pre-flight check: |
---|
359 | |
---|
360 | # nagios3 -v /etc/nagios3/nagios.cfg |
---|
361 | |
---|
362 | If everything looks good, then restart Nagios |
---|
363 | |
---|
364 | # /etc/init.d/nagios3 stop |
---|
365 | # /etc/init.d/nagios3 start |
---|
366 | |
---|
367 | and view your changes in the Nagios web interface. |
---|
368 | |
---|
369 | 3.) Check that http is running on all the classroom PCs. |
---|
370 | |
---|
371 | - This is almost identical to the previous exercise. Just make the change to the |
---|
372 | HTTP service adding in each PC (no routers or switches). Remember, you don't need |
---|
373 | to add your machine as it is already defined as "localhost". |
---|
374 | |
---|
375 | PART V |
---|
376 | Create More Host Groups |
---|
377 | ----------------------------------------------------------------------------- |
---|
378 | |
---|
379 | 1. Update /etc/nagios3/conf.d/hostgroups_nagios2.cfg |
---|
380 | |
---|
381 | - For the following exercises it will be very useful if we have created |
---|
382 | or update the following hostgroups: |
---|
383 | |
---|
384 | debian-servers |
---|
385 | routers |
---|
386 | switches |
---|
387 | |
---|
388 | If you edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg you |
---|
389 | will see an entry for debian-servers that just contains localhost. |
---|
390 | Update this entry to include all the classroom PCs, including the |
---|
391 | noc (this assumes that you created a "noc" entry in your pcs.cfg |
---|
392 | file). Remember to skip your PC entry as it is represented by the |
---|
393 | localhost entry. |
---|
394 | |
---|
395 | # vi /etc/nagios3/conf.d/hostgroups_nagios2.cfg |
---|
396 | |
---|
397 | Update the entry that says: |
---|
398 | |
---|
399 | |
---|
400 | # A list of your Debian GNU/Linux servers |
---|
401 | define hostgroup { |
---|
402 | hostgroup_name debian-servers |
---|
403 | alias Debian GNU/Linux Servers |
---|
404 | members localhost |
---|
405 | } |
---|
406 | |
---|
407 | So that the "members" parameter contains something like this. Use your |
---|
408 | classroom network diagram to confirm the exact number of machines and names |
---|
409 | in your workshop. |
---|
410 | |
---|
411 | members localhost,pc1,pc2,pc3,pc4,pc5,pc6,pc7,pc8,pc9 |
---|
412 | pc10,pc11,pc12,pc13,pc14,pc15,pc16,pc17,pc18 |
---|
413 | |
---|
414 | Be sure that the line wraps and is not on two separate lines. Otherwise |
---|
415 | you will get an error when you go to restart Nagios. |
---|
416 | |
---|
417 | - Once you have done this, add in two more entries. One for routers and |
---|
418 | one for switches. Call these entries "routers" and "switches". |
---|
419 | |
---|
420 | - When you are done be sure to verify your work and restart Nagios. |
---|
421 | |
---|
422 | |
---|
423 | PART VI |
---|
424 | Extended Host Information ("making your graphs pretty") |
---|
425 | ----------------------------------------------------------------------------- |
---|
426 | |
---|
427 | 1. Update extinfo_nagios2.cfg |
---|
428 | |
---|
429 | - If you would like to use appropriate icons for your defined hosts in |
---|
430 | Nagios this is where you do this. We have the three types of devices: |
---|
431 | |
---|
432 | Cisco routers |
---|
433 | Cisco switches |
---|
434 | Ubuntu servers |
---|
435 | |
---|
436 | There is a fairly large repository of icon images available for you to |
---|
437 | use located here: |
---|
438 | |
---|
439 | /usr/share/nagios/htdocs/images/logos/ |
---|
440 | |
---|
441 | these were installed by default as dependent packages of the nagios3 |
---|
442 | package in Ubuntu. In some cases you can find model-specific icons for |
---|
443 | your hardware, but to make things simpler we will use the following |
---|
444 | icons for our hardware: |
---|
445 | |
---|
446 | /usr/share/nagios/htodcs/images/logos/base/debian.* |
---|
447 | /usr/share/nagios/htdocs/images/logos/cook/router.* |
---|
448 | /usr/share/nagios/htdocs/images/logos/cook/switch.* |
---|
449 | |
---|
450 | - The next step is to edit the file /etc/nagios3/conf.d/extinfo_nagios2.cfg |
---|
451 | and tell nagios what image you would like to use to represent your devices. |
---|
452 | |
---|
453 | # vi /etc/nagios3/conf.d/extinfo_nagios2.cfg |
---|
454 | |
---|
455 | Here is what an entry for your routers looks like (there is already an entry |
---|
456 | for debian-servers that will work as is). Note that the router model (3600) |
---|
457 | is not all that important. The image used represents a router in general. |
---|
458 | |
---|
459 | define hostextinfo { |
---|
460 | hostgroup_name routers |
---|
461 | icon_image cook/router.png |
---|
462 | icon_image_alt Cisco Routers (3600) |
---|
463 | vrml_image router.png |
---|
464 | statusmap_image cook/router.gd2 |
---|
465 | } |
---|
466 | |
---|
467 | Now add an entry for your switches. Once you are done check your |
---|
468 | work and restart Nagios. Take a look at the Status Map in the web interface. |
---|
469 | It should be much nicer. |
---|
470 | |
---|
471 | PART VII |
---|
472 | Create Service Groups |
---|
473 | ----------------------------------------------------------------------------- |
---|
474 | |
---|
475 | 1. Create service groups for ssh and http for each set of pcs. |
---|
476 | |
---|
477 | - The idea here is to create three service groups. Each service group will |
---|
478 | be for the group of PCs that are connected to each router xxxxxxx, |
---|
479 | yyyyyy, zzzzzz, etc. We want to see these PCs grouped together |
---|
480 | and include status of their ssh and http services. To do this edit |
---|
481 | and create the file: |
---|
482 | |
---|
483 | # vi /etc/nagios3/conf.d/servicegroups.cfg |
---|
484 | |
---|
485 | Here is a sample of the service group for group 1: |
---|
486 | |
---|
487 | define servicegroup { |
---|
488 | servicegroup_name group1-servers |
---|
489 | alias group 1 servers |
---|
490 | members pc1,SSH,pc1,HTTP,pc2,SSH,pc2,HTTP,pc3,SSH,pc3,HTTP,pc4,SSH,pc4,HTTP,pc5,SSH, |
---|
491 | pc5,HTTP,pc6,SSH,pc6,HTTP,pc7,SSH,pc7,HTTP,pc8,SSH,pc8,HTTP,pc9,SSH,pc9,HTTP |
---|
492 | } |
---|
493 | |
---|
494 | - Note that the members line should wrap and not be on two lines. |
---|
495 | |
---|
496 | - Note that "SSH" and "HTTP" need to be uppercase as this is how the service_description is |
---|
497 | written in the file /etc/nagios3/conf.d/services_nagios2.cfg |
---|
498 | |
---|
499 | - You should create an entry for the group 2 servers as well. |
---|
500 | |
---|
501 | - Save your changes, verify your work and restart Nagios. Now if you click on |
---|
502 | the Servicegroup menu items in the Nagios web interface you should see |
---|
503 | this information grouped together. |
---|
504 | |
---|
505 | - Be sure you to this for TLD1 through TLD8 to create a servicegroup of SSH |
---|
506 | and HTTP servers for all 8 TLDs in the classroom. |
---|
507 | |
---|
508 | |
---|
509 | PART VIII |
---|
510 | Configure Guest Access to the Nagios Web Interface |
---|
511 | ----------------------------------------------------------------------------- |
---|
512 | |
---|
513 | 1. Edit /etc/nagios3/cgi.cfg to give read only guest user access to the Nagios |
---|
514 | web interface. |
---|
515 | |
---|
516 | - By default Nagios is configured to give full r/w access via the Nagios |
---|
517 | web interface to the user nagiosadmin. You can change the name of this |
---|
518 | user, add other users, change how you authenticate users, what users |
---|
519 | have access to what resources and more via the cgi.cfg file. |
---|
520 | |
---|
521 | - First, lets create a "guest" user and password in the htpasswd.users |
---|
522 | file. |
---|
523 | |
---|
524 | # cd /etc/nagios3 |
---|
525 | # htpasswd /etc/nagios3/htpasswd.users guest |
---|
526 | |
---|
527 | You can use any password you want (or none). A password of "guest" is |
---|
528 | not a bad choice. |
---|
529 | |
---|
530 | - Next, edit the file /etc/nagios3/cgi.cfg and look for what type of access |
---|
531 | has been given to the nagiosadmin user. By default you will see the following |
---|
532 | directives (note, there are comments between each directive): |
---|
533 | |
---|
534 | authorized_for_system_information=nagiosadmin |
---|
535 | authorized_for_configuration_information=nagiosadmin |
---|
536 | authorized_for_system_commands=nagiosadmin |
---|
537 | authorized_for_all_services=nagiosadmin |
---|
538 | authorized_for_all_hosts=nagiosadmin |
---|
539 | authorized_for_all_service_commands=nagiosadmin |
---|
540 | authorized_for_all_host_commands=nagiosadmin |
---|
541 | |
---|
542 | Now lets tell Nagios to allow the "guest" user some access to |
---|
543 | information via the web interface. You can choose whatever you would |
---|
544 | like, but what is pretty typical is this: |
---|
545 | |
---|
546 | authorized_for_system_information=nagiosadmin,guest |
---|
547 | authorized_for_configuration_information=nagiosadmin,guest |
---|
548 | authorized_for_system_commands=nagiosadmin |
---|
549 | authorized_for_all_services=nagiosadmin,guest |
---|
550 | authorized_for_all_hosts=nagiosadmin,guest |
---|
551 | authorized_for_all_service_commands=nagiosadmin |
---|
552 | authorized_for_all_host_commands=nagiosadmin |
---|
553 | |
---|
554 | - Once you make the changes, save the file cgi.cfg, verify your |
---|
555 | work and restart Nagios. |
---|
556 | |
---|
557 | - To see if you can log in as the "guest" user you may need to clear |
---|
558 | the cookies in your web browser. You will not notice any difference |
---|
559 | in the web interface. The difference is that a number of items that |
---|
560 | are available via the web interface (forcing a service/host check, |
---|
561 | scheduling checks, comments, etc.) will not work for the guest |
---|
562 | user. |
---|
563 | |
---|
564 | |
---|
565 | OPTIONAL |
---|
566 | -------- |
---|
567 | |
---|
568 | 5.) Check that SNMP is running on the classroom NOC |
---|
569 | |
---|
570 | - First you will need to add in the appropriate service check for SNMP in the file |
---|
571 | /etc/nagios3/conf.d/services_nagios2.cfg. This is where Nagios is impressive. There |
---|
572 | are hundreds, if not thousands, of service checks available via the various Nagios |
---|
573 | sites on the web. You can see what plugins are installed by Ubuntu in the nagios3 |
---|
574 | package that we've installed by looking in the following directory: |
---|
575 | |
---|
576 | # ls /usr/lib/nagios/plugins |
---|
577 | |
---|
578 | As you'll see there is already a check_snmp plugin available to us. If you are |
---|
579 | interested in the options the plugin takes you can execute the plugin from the |
---|
580 | command line by typing: |
---|
581 | |
---|
582 | # /usr/lib/nagios/plugins/check_snmp |
---|
583 | |
---|
584 | to see what options are available, etc. You can use the check_snmp plugin and |
---|
585 | Nagios to create very complex or specific system checks. |
---|
586 | |
---|
587 | - Now to see all the various service/host checks that have been created using the |
---|
588 | check_snmp plugin you can look in /etc/nagios-plugins/config/snmp.cfg. You will |
---|
589 | see that there are a lot of preconfigured checks using snmp, including: |
---|
590 | |
---|
591 | snmp_load |
---|
592 | snmp_cpustats |
---|
593 | snmp_procname |
---|
594 | snmp_disk |
---|
595 | snmp_mem |
---|
596 | snmp_swap |
---|
597 | snmp_procs |
---|
598 | snmp_users |
---|
599 | snmp_mem2 |
---|
600 | snmp_swap2 |
---|
601 | snmp_mem3 |
---|
602 | snmp_swap3 |
---|
603 | snmp_disk2 |
---|
604 | snmp_tcpopen |
---|
605 | snmp_tcpstats |
---|
606 | snmp_bgpstate |
---|
607 | check_netapp_uptime |
---|
608 | check_netapp_cupuload |
---|
609 | check_netapp_numdisks |
---|
610 | check_compaq_thermalCondition |
---|
611 | |
---|
612 | And, even better, you can create additional service checks quite easily. |
---|
613 | For the case of verifying that snmpd (the SNMP service on Linux) is running we |
---|
614 | need to ask SNMP a question. If we don't get an answer, then Nagios can assume |
---|
615 | that the SNMP service is down on that host. When you use service checks such as |
---|
616 | check_http, check_ssh and check_telnet this is what they are doing as well. |
---|
617 | |
---|
618 | - In our case, let's create a new service check and call it "check_system". This |
---|
619 | service check will connect with the specified host, use the private community |
---|
620 | string we have defined in class and ask a question of snmp on that ask - in this |
---|
621 | case we'll ask about the System Description, or the OID "sysDescr.0" - |
---|
622 | |
---|
623 | - To do this start by editing the file /etc/nagios-plugins/config/snmp.cfg: |
---|
624 | |
---|
625 | # vi /etc/nagios-plugins/config/snmp.cfg |
---|
626 | |
---|
627 | At the top (or the bottom, your choice) add the following entry to the file: |
---|
628 | |
---|
629 | # 'check_system' command definition |
---|
630 | define command{ |
---|
631 | command_name check_system |
---|
632 | command_line /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C |
---|
633 | '$ARG1$' -o sysDescr.0 |
---|
634 | } |
---|
635 | |
---|
636 | You may wish to copy and past this vs. trying to type this out. |
---|
637 | |
---|
638 | Note that "command_line" is a single line. If you copy and paste in vi the line |
---|
639 | may not wrap properly and you may have to manually add the part: |
---|
640 | |
---|
641 | '$ARG1$' -o sysDescr.0 |
---|
642 | |
---|
643 | to the end of the line. |
---|
644 | |
---|
645 | - Now you need to edit the file /etc/nagios3/conf.d/services_nagios2.cfg and add |
---|
646 | in this service check. We'll run this check against all our servers in the |
---|
647 | classroom, or the hostgroup "debian-servers" |
---|
648 | |
---|
649 | - Edit the file /etc/nagios3/conf.d/services_nagios2.cfg |
---|
650 | |
---|
651 | # vi /etc/nagios3/conf.d/services_nagios2.cfg |
---|
652 | |
---|
653 | At the bottom of the file add the following definition: |
---|
654 | |
---|
655 | # check that snmp is up on all servers |
---|
656 | define service { |
---|
657 | hostgroup_name snmp-servers |
---|
658 | service_description SNMP |
---|
659 | check_command check_system!xxxxxx |
---|
660 | use generic-service |
---|
661 | notification_interval 0 ; set > 0 if you want to be renotified |
---|
662 | } |
---|
663 | |
---|
664 | The "xxxxxx" is the community string previously (or to be) defined in class. |
---|
665 | |
---|
666 | Note that we have included our private community string here vs. hard-coding |
---|
667 | it in the snmp.cfg file earlier. You must change the "xxxxx" to be the snmp |
---|
668 | community string given in class or this check will not work. |
---|
669 | |
---|
670 | - Now we must create the "snmp-servers" group in our hostgroups_nagios2.cfg file. |
---|
671 | Edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg and go to the end of the |
---|
672 | file. Add in the following hostgroup definition: |
---|
673 | |
---|
674 | # A list of snmp-enabled devices on which we wish to run the snmp service check |
---|
675 | define hostgroup { |
---|
676 | hostgroup_name snmp-servers |
---|
677 | alias snmp servers |
---|
678 | members noc,tld1,tld2,etc |
---|
679 | } |
---|
680 | |
---|
681 | - Note that for "members" you could, also, add in the switches and routers for |
---|
682 | group 1 and 2. But, the particular item (MIB) we are checking for "sysDescr.0" |
---|
683 | may not be available on the switches and/or routers, so the check would then fail. |
---|
684 | |
---|
685 | - Now verify that your changes are correct and restart Nagios. |
---|
686 | |
---|
687 | - If you click on the Service Detail menu choice in web interface you should see |
---|
688 | the SNMP check appear. |
---|
689 | |
---|
690 | - After we do the SNMP presentation and exercises in class, then you could come |
---|
691 | back to this exercise and add in all the classroom PCs to the members list in the |
---|
692 | hostgroups_nagios2.cfg file, snmp-servers hostgroup definition. Remember to list |
---|
693 | your PC as "localhost". |
---|
694 | |
---|
695 | |
---|
696 | |
---|
697 | |
---|
698 | Last update 30 September, 2010 by MM |
---|