Nagios Directory Structure

0

Nagios Directory Structure

Main Config File
/usr/local/nagios/etc/nagios.cfg

Log File
/usr/local/nagios/var/nagios.log

Object Config Files
/usr/local/nagios/etc/objects/*.cfg

Nagios Plugins
/usr/local/nagios/libexec     // defined in /usr/local/nagios/etc/resource.cfg file

Nagios Web interface
/usr/local/nagios/etc/cgi.cfg

Nagios config file for Apache to interpret
/usr/local/apache/conf.d/nagios.conf

This contains directives for the following URLs
http://<nagios-host>/nagios/
http://<nagios-host>/nagios/cgi-bin/

Nagios Log rotation configuration File
/etc/logrotate.d/nagios

Nagios Installation

6

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end-users and customers
This article deals with the step by step installation and configuration of Nagios.

Login as root

Download the latest version of Nagios from http://www.nagios.org/download.

Unpacking The Distribution

To unpack the Nagios distribution:

tar xzf nagios-version.tar.gz

cd nagios-version

Create Nagios User/Group

Add a new user (and group) to the system with the following command :

adduser nagios

Create Installation Directory

Create the base directory where to install Nagios as follows…

mkdir /usr/local/nagios

Change the owner of the base installtion directory to be the Nagios user and group you added earlier as follows:

chown nagios.nagios /usr/local/nagios

Identify Web Server User

The following command can be used to quickly determine what user Apache is running as :

grep “^User” /etc/httpd/conf/httpd.conf

Add Command File Group

Create a new group whose members include the user of the web server is running as and the user Nagios is running . Call this new group ‘nagcmd‘ & name it .

/usr/sbin/groupadd nagcmd

Next, add the users that web server and Nagios run as to the newly created group with the following commands:

/usr/sbin/usermod -G nagcmd apache
/usr/sbin/usermod -G nagcmd nagios

Run the Configure Script

Run the configure script to initialize variables and create a Makefile as follows…(the last two options: –with-command-xxx are optional, but needed if you want to issue external commands)

./configure –prefix=prefix –with-cgiurl=cgiurl –with-htmurl=htmurl –with-nagios-user=someuser –with-nagios-group=somegroup –with-command-group=cmdgroup

Replace prefix with the installation directory that you created in the step above (default is /usr/local/nagios)
Replace cgiurl with the actual url you will be using to access the CGIs (default is /nagios/cgi-bin). Do NOT append a slash at the end of the url.
Replace htmurl with the actual url you will be using to access the HTML for the main interface and documentation (default is /nagios/)
Replace someuser with the name of a user on your system that will be used for setting permissions on the installed files (default is nagios)
Replace somegroup with the name of a group on your system that will be used for setting permissions on the installed files (default is nagios)
Replace cmdgroup with the name of the group running the web server (default is nagios, in the example above it was nagcmd). This will allow group members (i.e. your web server) to be able to submit external commands to Nagios.
OR

./configure To configure with the default options,not needed to provide all the options given as above

Compile Nagios and the CGIs with the following command:

make all

Install the binaries and HTML files with the following command:

make install

Install the sample init script to /etc/rc.d/init.d/nagios with the following command:

make install-init

Directory Structure And File Locations

cd /usr/local/nagios

You should see five different subdirectories. A brief description of what each directory contains is given in the table below.

Sub-Directory Contents
bin/ Nagios core program
etc/ Main, resource, object, and CGI configuration files should be put here
sbin/ CGIs
share/ HTML files (for web interface and online documentation)
var/ Empty directory for the log file, status file, retention file, etc.
var/archives Empty directory for the archived logs
var/rw Empty directory for the external command file
Open the Apache configuration file & add the following;

ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName “Nagios Access” AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-userAlias /nagios /usr/local/nagios/share Options None AllowOverride None Order allow,deny Allow from all AuthName “Nagios Access” AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-userRestart ApacheConfigure Web Authentication Running the following command will create a new file called htpasswd.users in the /usr/local/nagios/etc directssory. It will also create a username/password entry for nagiosadmin. It will be asked to provide a password that will be used when nagiosadmin authenticates to the web server.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Once the htpasswd file is created ,we can add more users to access the CGIs. Use the following command to add additional users, replacing with the actual username you want to add. Note that the -c option is not used, since you already created the initial file.
htpasswd /usr/local/nagios/etc/htpasswd.users

When we are pointing the web browser to access the Nagios , username and password will prompt and provide the same.

Enabling Authentication/Authorization Functionality In The CGIs

Make sure that the CGIs are configured to use the authentication and authorization functionality in determining what information and/or commands users have access to. This is done be setting the use_authentication variable in the CGI configuration file to a non-zero value.

Open the CGI file using ;

vi /usr/local/nagios/etc/cgi.cfg

Check whether use_authentication is 1 or 0,If its 0 make it 1

Example:

use_authentication=1

Download and Install Nagios Plugins

[root@server1 ~]#cd /usr/src
[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.14/nagios-plugins-1.4.14.tar.gz?use_mirror=dfn
[root@server1 ~]#tar xzf nagios-plugins-1.4.13.tar.gz
[root@server1 ~]#cd nagios-plugins1.4.13
Compile and Configure Nagios Plugins

We need the openssl-devel package installed to compile plugins with ssl support.

[root@server1 ~]# yum -y install openssl-devel
[root@server1 ~]#./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-openssl
[root@server1 ~]#make
[root@server1 ~]#make install

Configure nagiosadmin email address for alerts:-

[root@server1 ~]#vi /usr/local/nagios/etc/objects/contacts.cfg

email nagios@localhost ; <<– CHANGE THIS TO YOUR EMAIL ADDRESS

eg. mail.zoom@gmail.com

Verify the sample Nagios configuration files:-

[root@server1 ~]#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Total Warnings: 0
Total Errors: 0
Enable Nagios to start at system startup / boot

[root@server1 ~]#chkconfig –add nagios
[root@server1 ~]#chkconfig nagios on
[root@server1 ~]#chkconfig httpd on

Start Nagios:-

[root@server1 ~]#service nagios start

Access the web interface now by:-

http://ip-address/nagios/

Eg: http://216.36.54.3/nagios

NRPE Installation and Setup:-

Download nrpe

OR

[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz?use_mirror=nchc

Extract the Files:

[root@server1 ~]#tar -xzf nrpe-2.12.tar.gz
[root@server1 ~]#cd nrpe-2.12

Compile & configure NRPE using;

[root@server1 ~]# ./configure

[root@server1 ~]#make all

[root@server1 ~]#make install-plugin

[root@server1 ~]#make install-daemon

[root@server1 ~]#make install-daemon-config
[root@server1 ~]#make install-xinetd

Post NRPE Configuration:

Edit Xinetd NRPE entry:

Add Nagios Monitoring server to the “only_from” directive
[root@server1 ~]# vi /etc/xinetd.d/nrpe

Entry will be like this:-

service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /etc/nrpe.conf –inetd
log_on_failure += USERID
disable = no
# only_from = 127.0.0.1
}

only_from = 127.0.0.1

Edit services file entry:

Add entry for nrpe daemon

[root@server1 ~]# vi /etc/services

nrpe 5666/tcp # NRPE

Restart Xinetd and Set to start at boot:

[root@server1 ~]#chkconfig xinetd on

[root@server1 ~]#service xinetd restart

Test NRPE Daemon Install

Check NRPE daemon is running and listening on port 5666:

[root@server1 ~]# netstat -at |grep nrpe

Output should be:-

tcp 0 0 *:nrpe *.* LISTEN
or
[root@server1 src]# netstat -plan | grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 15721/xinetd

Check NRPE daemon is functioning:

[root@server1 src]# /usr/local/nagios/libexec/check_nrpe -H localhost

Output should be NRPE version:

NRPE v2.12

Open Port 5666 on Firewall

Make sure to open port 5666 on the firewall of the remote server so that the Nagios monitoring server can access the NRPE daemon.

you need to create the files /usr/local/nagios/etc/objects/hosts.cfg ,/usr/local/nagios/etc/objects/servicess.cfg manually & add it into /usr/local/nagios/etc/nagios.cfg as follows .

[root@server1 src]#vi /usr/local/nagios/etc/nagios.cfg
########These entries are imporatant############
cfg_file=/usr/local/nagios/etc/objects/commands.cfg
cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
cfg_file=/usr/local/nagios/etc/objects/services.cfg
cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
cfg_file=/usr/local/nagios/etc/objects/templates.cfg
########These entries are imporatant#############

Open the file /usr/local/nagios/etc/objects/commands.cfg and add the following entry to it.

root@server1]#vi /usr/local/nagios/etc/objects/commands.cfg

define command{
command_name check_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Now edit the file /usr/local/nagios/etc/objects/contacts.cfg and add your contact details there;

define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email jamesakm@yahoo.co.in ; <<— CHANGE THIS TO YOUR EMAIL ADDRESS

}
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin
}

Edit the file /usr/local/nagios/etc/objects/hosts.cfg. entries will be like this:-

[root@server1 ~]# vi /usr/local/nagios/etc/objects/hosts.cfg

define hostgroup{
hostgroup_name Fsck
alias Fsck
members exam2.admin-ahead.com

}

define host{
use generic-host ; Name of host template to use
host_name exam2.admin-ahead.com
alias Fsck
address 216.36.54.3
check_command check-host-alive
max_check_attempts 3
notification_interval 300
notification_period 24×7
notification_options d,u,r
contact_groups admins
}

Now we need to edit the /usr/local/nagios/etc/objects/services.cfg file.
This file is used to define all the services. Entries will be like this:-

[root@server1 ~]# vi /usr/local/nagios/etc/objects/services.cfg

# Service definition

define service{

use generic-service ; Name of service template to use

# host_name exam2.admin-ahead.com

hostgroup_name nagios

service_description FTP

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_ftp

}

Repeat the same block for every services by changing service_description with the required service name( Eg. HTTP,SMTP,POP ) and check_command with check_ service name( Eg. HTTP,SMTP,POP ) like check_smtp,check_pop etc.

Client side (To monitor a remote client)

Use th NRPE daemon to execute Nagios plugins on the remote server and report back to the monitoring host server.

Create Nagios user account on the client :

[root@server1 ~]# useradd nagios
[root@server1 ~]# passwd nagios

Download and Install Nagios Plugins:

[root@server1 ~]# cd /usr/src

[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.14/nagios-plugins-1.4.14.tar.gz?use_mirror=dfn

Extract Files:

[root@server1 ~]#tar xzf nagios-plugins-1.4.14.tar.gz

[root@server1 ~]#cd nagios-plugins-1.4.14.tar.gz

Compile and Configure Nagios Plugins

You need the openssl-devel package installed to compile plugins with ssl support.

[root@server1 ~]# yum -y install openssl-devel

Install Plugins:-

[root@server1 ~]# ./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-openssl

[root@server1 ~]# make

[root@server1 ~]# make install

The permissions on the plugin directory and the plugins will need to be changed to nagios user

[root@server1 ~]# chown nagios.nagios /usr/local/nagios

[root@server1 ~]# chown -R nagios.nagios /usr/local/nagios/libexec

Install the xinetd Package

[root@server1 ~]# yum install xinetd

Downlad and Install NRPE Daemon

[root@server1 ~]#wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz?use_mirror=nchc

Extract the Files:

[root@server1 ~]#tar -xzf nrpe-2.12.tar.gz # cd nrpe-2.12

Compile and Configure NRPE

You need the openssl-devel package installed to compile NRPE with ssl support.

Install NRPE:

[root@server1 ~]# ./configure

[root@server1 ~]#make all

[root@server1 ~]#make install-plugin

[root@server1 ~]#make install-daemon

[root@server1 ~]#make install-daemon-config
[root@server1 ~]#make install-xinetd

Post NRPE Configuration

Edit Xinetd NRPE entry:

Add Nagios Monitoring server to the “only_from” directive

[root@server1 ~]# vi /etc/xinetd.d/nrpe

Entry will be like this:-

service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /etc/nrpe.conf –inetd
log_on_failure += USERID
disable = no
# only_from = 127.0.0.1
}

only_from = 127.0.0.1

Edit services file entry:

Add entry for nrpe daemon
[root@server1 ~]# vi /etc/services

nrpe 5666/tcp # NRPE

Restart Xinetd and Set to start at boot:

[root@server1 ~]#chkconfig xinetd on

[root@server1 ~]#service xinetd restart

Test NRPE Daemon Install

Check NRPE daemon is running and listening on port 5666:

[root@server1 ~]# netstat -at |grep nrpe

Output should be:-

tcp 0 0 *:nrpe *.* LISTEN

or

[root@server1 src]# netstat -plan | grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 15721/xinetd

Check NRPE daemon is functioning:

[root@server1 src]# /usr/local/nagios/libexec/check_nrpe -H localhost

Output should be NRPE version:

NRPE v2.12

[root@server1 ~]#vi /etc/nrpe.conf

Entries:-

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 5,100,100 -c 10,100,100
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_procs]=/usr/local/nagios/libexec/check_procs -w 500 -c 1000
command[check_cron]=/usr/local/nagios/libexec/check_procs -w 1:5 -c 1:20 -C crond
command[check_mem]=/usr/local/nagios/libexec/check_mem -w 90 -c 95
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 10% -c 5%

Test Connection to NRPE daemon on Remote Server:-

Make sure that the NRPE on ther Nagios server can talk to the NRPE daemon on the remote server (Client) we want to monitor.
Execute the command:-

[root@server1 src]# /user/local/nagios/libexec/check_nrpe -H
NRPE v2.12

From the Server side:

Go to the Nagios Server side again and add the following changes.

Open the file /usr/local/nagios/etc/objects/hosts.cfg

[root@exam2 ~]# vim /usr/local/nagios/etc/objects/hosts.cfg

Add the clientside details along with the server side details , for example consider the following;

#For Server side

define hostgroup{

hostgroup_name nagios

alias Nagios Administrators

members exam2.admin-ahead.com

}

define host{

use generic-host ; Name of host template to use

host_name exam2.admin-ahead.com

alias Nagios Administrators

address 216.36.54.3

check_command check-host-alive

max_check_attempts 3

notification_interval 300

notification_period 24x7_sans_holidays

notification_options d,u,r

contact_groups admins

}

#For client side

define hostgroup{

hostgroup_name client

alias Client Administrator

members test.admin-ahead.com

}

define host{

use generic-host ; Name of host template to use

#use test.admin-ahead.com ; Name of host template to use

host_name test.admin-ahead.com

alias Client Administrator

address 67.219.63.169

check_command check-host-alive

max_check_attempts 3

notification_interval 300

notification_period 24x7_sans_holidays

Open the /usr/local/nagios/etc/objects/services.cfg file for adding client side Services;

[root@exam2 ~]# vim /usr/local/nagios/etc/objects/services.cfg

#Entries here for monitoring Server side FTP & client side FTP,HTTP,SSH & PING only ,we can customize as suitable to our requirement

# Service definition

define service{

use generic-service ; Name of service template to use

# host_name exam2.admin-ahead.com

hostgroup_name nagios

service_description FTP

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_ftp

}

define service{

use generic-service ; Name of service template to use

# host_name test.admin-ahead.com

hostgroup_name client

service_description HTTP

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_http

}

define service{

use generic-service ; Name of service template to use

# host_name test.admin-ahead.com

hostgroup_name client

service_description FTP

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_ftp

}

define service{

use generic-service ; Name of service template to use

# host_name test.admin-ahead.com

hostgroup_name client

service_description SSH

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_ssh

}

define service{

use generic-service ; Name of service template to use

# host_name test.admin-ahead.com

hostgroup_name client

service_description PING

is_volatile 0

check_period 24x7_sans_holidays

max_check_attempts 3

normal_check_interval 3

retry_check_interval 1

contact_groups admins

notification_interval 300

notification_period 24x7_sans_holidays

notification_options c

check_command check_ping

}

Restart the service;

[root@exam2 ~]#service nagios restart

[root@exam2 ~]#chkconfig nagios on
============================================