2012년 7월 22일 일요일

Nagios: Configuring passive check for Windows

Nagios' passive check has different way to active check. Active check starts from central nagios monitoring server, on the other hand, passive check begins at monitored server.

The above image(comes from http://www.nsclient.org) describes that how Nagios server and Windows computer communite each other. As you can see, this communication is triggered from monitored server.

Passive check is usually used for distributed monitoring. It can reduced the burden of Nagios server that preodically checked all of the monitored severs. In passive, Nagios sever has the role of simply getting monitoring data via NSCA (Nagios Server Check Acceptor).

On Monitored server (in this case, Windows server), in order to send data to Nagios server, I installed NSClient++ 0.4.x.(NSClient). NSClient support both check modes. Precisely speaking, however, it may have a bit different check commands. It usually use check_nt or check_nrpe in active and use check_nrpe in passive mode. While configuring NSClient, the most difficult thing was that config file had changed a lot between version 0.3.x and 0.4.x. First, config file name changed from nsc.ini to nsclient.ini. Secondly, changed expressions and propoperties in the config. When I was searched how to set properties in the config, most result was for 0.3.x.

About NSClient Configuration file :

1. Confugration general: http://www.nsclient.org/nscp/wiki/doc/configuration:
2. 0.4.x config file: http://www.nsclient.org/nscp/wiki/doc/configuration/0.4.x
3. Example for 0.4.x: http://nsclient.org/nscp/discussion/message/2575



Enabling Passive Check ( Nagios Server)
$ vi /etc/nagios/nagios.cfg
# PASSIVE SERVICE CHECK ACCEPTANCE OPTION
# This determines whether or not Nagios will accept passive
# service checks results when it initially (re)starts.
# Values: 1 = accept passive checks, 0 = reject passive checks

accept_passive_service_checks=1

$ nagios -v /etc/nagios/nagios.cfg
.....
Total Warnings: 0
Total Errors: 0

# Installing NSCA (Nagios Server Check Acceptor)
$ yum install nsca

# Start NSCA
$ service nsca start

# check if specified port (it left as default 5667) is open
$ netstat -na | grep 5667tcp 0 0 0.0.0.0:5667 0.0.0.0:* LISTEN


Configuring nsclient.ini ( Windows Server)
Here was my C:\Program Files\NSClient++sclient.ini.
===============================

; Undocumented section
[/modules]

; CheckDisk - CheckDisk can check various file and disk related things.


; The current version has commands to check Size of hard drives and directories.
CheckDisk = 1

; Event log Checker. - Check for errors and warnings in the event log.


; This is only supported through NRPE so if you plan to use only NSClient this wont help you at all.
CheckEventLog = 1

; Check External Scripts - A simple wrapper to run external scripts and batch files.
CheckExternalScripts = 1

; Helper function - Various helper function to extend other checks. This is also only supported through NRPE.
CheckHelpers = 1

; Check NSCP - Checkes the state of the agent
CheckNSCP = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckWMI - CheckWMI can check various file and disk related things.


; The current version has commands to check Size of hard drives and directories.
CheckWMI = 1

; NRPE server - A simple server that listens for incoming NRPE connection and handles them.


; NRPE is preferred over NSClient as it is more flexible. You can of cource use both NSClient and NRPE.
NRPEServer = 1

; NSCAClient - Passive check support (needs NSCA on nagios server).


; Avalible crypto are: {0=No Encryption (not safe), 1=XOR, 2=DES, 3=DES-EDE3, 4=CAST-128, 6=XTEA,

; 8=Blowfish, 9=Twofish, 11=RC2, 14=AES, 15=AES, 16=AES, 20=Serpent, 23=GOST}
NSCAClient = 1

; NSClient server - A simple server that listens for incoming NSClient (check_nt) connection and handles them.


; Although NRPE is the preferred method NSClient is fully supported and can be used for simplicity or for compatibility.
NSClientServer = 1

# Scheduler
# A scheduler which schedules checks at regular intervals
Scheduler=1

; Undocumented section
[/settings/default]

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = xxx.xxx.xxx.xxx

; PASSWORD - Password used to authenticate againast server
password = xxxxxxxx

; Section for NRPE (NRPEListener.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]

; Section for NSCA passive check module.
[/settings/NSCA/client]

# NSCA CLIENT SECTION
# Section for NSCA passive check module.
[/settings/NSCA/client]
# DELAY
#
delay=0
# HOSTNAME
# The host name of this host if set to blank (default) the windows name of the computer will be used.
hostname=adserver
# CHANNEL
# The channel to listen to.
channel=NSCA

; Target definition for: default
[/settings/NSCA/client/targets/default]

;# ENCRYPTION METHOD
; This option determines the method by which the send_nsca client will encrypt the packets it sends
; to the nsca daemon. The encryption method you choose will be a balance between security and
; performance, as strong encryption methods consume more processor resources.
; You should evaluate your security needs when choosing an encryption method.
;
; Note: The encryption method you specify here must match the decryption method the nsca daemon uses
; (as specified in the nsca.cfg file)!!
; Values:
; 0 = None (Do NOT use this option)
; 1 = Simple XOR (No security, just obfuscation, but very fast)
; 2 = DES
; 3 = 3DES (Triple DES)
; 4 = CAST-128
; 6 = xTEA
; 8 = BLOWFISH
; 9 = TWOFISH
; 11 = RC2
; 14 = RIJNDAEL-128 (AES)
; 20 = SERPENT
encryption=1

;
;# ENCRYPTION PASSWORD
; This is the password/passphrase that should be used to encrypt the sent packets.
password=xxxxxxxxxx
;
;# NAGIOS SERVER ADDRESS
; The address to the nagios server to submit results to.
;host=

;# TARGET ADDRESS
;# Target host address
address=xxx.xxx.xxx.xxx

;# TARGET PORT
;# The target server port
port=5667

# TIMEOUT
# Timeout when reading/writing packets to/from sockets.
timeout=30

; A list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
[/settings/external scripts/alias]
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s

; Configure log properties.
[/settings/log]
;# LOG DEBUG
; Set to 1 if you want debug message printed in the log file (debug messages are always printed to stdout when run with -test)
debug=1
;# LOG DATE MASK
; The format to for the date/time part of the log entry written to file.
;date_mask=%Y-%m-%d %H:%M:%S

; Configure log file properties.
[/settings/log/file]
file=C:\Program Files\NSClient++\NSC.log

; Section for configuring the shared session.
[/settings/shared session]

; A list of avalible remote target systems
[/settings/targets]

[/settings/scheduler/schedules/default]
channel=NSCA
interval=30s
report=all

[/settings/scheduler/schedules]
CPU Load=alias_cpu







Then, NClient service has to be started OR

can stat as test mode


C:\Users\Administrator\Downloads\NSCP>nscp test
d vice\logger_impl.cpp:371 Creating logger: console


d rvice\NSClient++.cpp:374 NSClient++ 0,4,0,172 2012-05-08 x64 Loading settings and logger...


d ngs_manager_impl.cpp:170 No entries found looking in (adding default): C:/Users/Administrator/Downloads/NSCP//boot.ini


d ngs_manager_impl.cpp:179 Boot order: old://${exe-path}/nsc.ini, ini://${shared-path}/nsclient.ini


d ngs_manager_impl.cpp:193 No valid settings found (tried): old://${exe-path}/nsc.ini, ini://${shared-path}/nsclient.ini


e ngs_manager_impl.cpp:201 Settings contexts exausted, will create a new ini://${shared-path}/nsclient.ini


d ngs_manager_impl.cpp:73 Creating instance for: ini://${shared-path}/nsclient.ini


d ngs/settings_ini.hpp:268 Reading INI settings from: C:/Users/Administrator/Downloads/NSCP//nsclient.ini


l rvice\NSClient++.cpp:385 NSClient++ 0,4,0,172 2012-05-08 x64 booting...


d rvice\NSClient++.cpp:386 Booted settings subsystem...


d rvice\NSClient++.cpp:453 On crash: restart: NSClientpp


d rvice\NSClient++.cpp:465 Archiving crash dumps in: C:/Users/Administrator/Downloads/NSCP//crash-dumps


d rvice\NSClient++.cpp:532 booting::loading plugins


d rvice\NSClient++.cpp:604 NSClient++ - 0,4,0,172 2012-05-08 Started!


l ce\simple_client.hpp:32 Enter command to inject or exit to terminate..




Defining service ( Nagios Server)
$ vi /etc/nagios/object/nagios.cfg

define host{
use windows-server ; Inherit default values from a template
host_name adserver ; The name we're giving to this host
alias Active Directory Server ; A longer name associated with the host
passive_checks_enabled 1
active_checks_enabled 0

address xxx.xxx.xxx.xxx ; IP address of the host
}


define service{
use generic-service
host_name adserver
passive_checks_enabled 1
active_checks_enabled 0
service_description CPU Load
check_command check_nrpe!alias_cpu
}

$ vi /etc/nagios/object/commands.cfg
# 'check_nrpe' command definition
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}


$ nagios -v /etc/nagios/nagios.cfg
Total Warnings: 0Total Errors: 0

$ servicee nagios restart

$ tail /var/log/nagios/nagios.log
[1342862307] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;adserver;cpu_check;0;OK CPU Load ok.|'5m'=0%;80;90 '1m'=1%;80;90 '30s'=2%;80;90
[1342862307] Warning: Passive check result was received for service 'cpu_check' on host 'adserver', but the service could not be found! ==> This warning casued not to defined cpu_check in commands.cfg
[1342862795] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;adserver;CPU Load;0;OK CPU Load ok.|'5m'=0%;80;90 '1m'=1%;80;90 '30s'=3%;80;90
[1342862805] PASSIVE SERVICE CHECK: adserver;CPU Load;0;OK CPU Load ok.
[1342862825] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;adserver;CPU Load;0;OK CPU Load ok.|'5m'=0%;80;90 '1m'=2%;80;90 '30s'=2%;80;90
[1342862835] PASSIVE SERVICE CHECK: adserver;CPU Load;0;OK CPU Load ok.
[1342862855] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;adserver;CPU Load;0;OK CPU Load ok.|'5m'=0%;80;90 '1m'=2%;80;90 '30s'=2%;80;90
[1342862865] PASSIVE SERVICE CHECK: adserver;CPU Load;0;OK CPU Load ok.


I am being nervous and impatient when I coudn't find effient answers to my problem. Espeically, It could be deeper during a project. It is like a situcation where time can be very limited and another works are waiting for me. Writing articles in this blog mean to save my time when I encounted in a similar problem and hope these save serchers' time.


Reference sites:
1. http://www.nsclient.org/nscp/wiki/doc/usage/nagios/nsca
2. http://assets.nagios.com/downloads/nagiosxi/docs/Using_NSClient_For_Passive_Checks.pdf

댓글 6개:

  1. IS this working? I have a doubt, when you define the check command in the service config, why are you using check_nrpe when you are doing passive checks?

    답글삭제
  2. Can I ask that you have some problem based on testing this?
    At the time of writing this, I needed to have plan of real time monitoring servers and this was my first trying.
    Nagios core has to set check_interval property to check services in periodical manner. When we want to get data that is close to real monitoring, we only can set check_interval as smaller number. However, this could maybe a problem on nagios server because active check start from nagios server and smaller number of check_interval property means more frequent checks. So I thought it could a be a burden on nagios and defined passive checks.

    답글삭제
  3. I was getting very confused about which way nagios´s services communicate through the ncsa and publishes the result from the ncsa client. The thing that i had to figure out by myself is that in the service config it recognize the values by the "description" field, so it takes the data from the host´s commands in the nsclient++ and the nsca addon. There is NO USE for the command field in the ncsa configuration.

    답글삭제