Nagios Subinstances 2

[tariqondego]

@Slansing.The idea of giving access to customers though authenticated, to our nagios sever did not go well with the bosses.
The server is in a protected(PCI) zone and holds sensitive data.

Is it possible to have nagios installed at customer site and have our nagios server push only required host/service information to that particular client?

Please advise.

[slansing]

Yes it is, what you could do is set up another core system, and have it passively send check results to the main nagios server. This is commonly done with NSCA:

http://exchange.nagios.org/directory/Ad ... CA/details

http://nagios.sourceforge.net/download/ ... _Setup.pdf

I am trying to dig up an old document on this, I know there is one around here somewhere, with Nagios XI this is all already set up so we rarely need to use it.

[tariqondego]

Thanks,@Slansing,but what I actually need is to have the main nagios server send information to the customer core and not vice-versa.This way the customer will be able to view status information about their hosts only.

Please advise.

[slansing]

It works either direction, you just reverse the steps or use them on the other system first. You can create a contact named the exact same as your user and then assign that contact to what you want the user to be able to see, and nothing else. Then make the user read_only in:

Code: Select all

/usr/local/nagios/etc/resource.cfg

[tariqondego]

Hello,@Slansing,thanks for reply ,sorry was away on other projects for a while.

Let me explain the whole scenario:

RemoteHost1(Belongs to Customer1)
-I have NSCA here running and sending passive checks for service 'TestService1' to Nagios Server.
-I have a custom made sw that looks at the status of 'TestService1' on this host and writes the result to a text file for NSCA to pick and send to Nagios Server.

|
v

Nagios Server(Belongs to ME)
-I have service 'TestService1' defined using a passive_check_enabled = 1 template.
-From here 'I' can view results of 'TestService1' from my browser within my domain.

|
v

HostCustomer1
-Wants to see the results of 'TestService1' belonging to RemoteHost1.

So my questions are:
-You advised I set up passive check for service 'TestService1' on HostCustomer1,will this be possible even though 'TestService1' is already a passive check on Nagios Server,and that it is dependant on getting results from NSCA at RemoteHost1?
-After installing NSCA on NAgios Server,will I need to build a custom sw that would pick this result from Nagios,write them to text file for it to pick and send to HostCustomer1?

Please advise.

[sreinhardt]

In this scenario, the easiest route would be to give the customer access to RemoteHost1 with read only access to view the nagios information. This will have the active checks with live data for them to look at. As slansing mentioned, you can have remotehost1 send to nagios server or nagios server send to remotehost1, and yes you can explicitly filter what is sent on either system to the other(nsca has this built in), so you could allow the nagios server to only send remotehost1 it's own results. However I don't see much point in doing that since you already have the information at the customers location, or so it seems.

So I understand your companies dislike of allowing access to nagios server, but if remotehost1 is already at the customers site, they own it, and would like to view the data, I really feel like giving them access to that system would be the easiest route, unless I am missing something.

[tariqondego]

Thanks for reply at sreinhardt:
Ok,for clarity purposes:
-RemoteHost1 is an ATM(customer has no access to this,I have).I have NSCA sending ATM status to NAgios Server(ME).
-I dont need Nagios Server to send anything to the ATM,but receive ATM status as passive checks.
-I need Nagios server to send status of ATM to HostCustomer1(which is at customer site).
-HostCustomer1 wants to see status of ATM(RemoteHost1).

I just need to exploit all other possible and more secure options,before settling with the option of giving the customer read only access to my Nagios Server.

Please advise.

[sreinhardt]

OK that paints a more clear picture. Well you have three main options as I see it.

1) Setup a nagios core instance at the customer location, and configure a set of passive hosts and services for every device that they need to see.
2) Do they same as option 1, but with Nagios XI. They both will utilize outbound transfers from you to customer 1 on the details of remote host 1 and any others. The really nice thing with XI is that any new objects (hosts\services) can be pointed at the customer location and will go into unconfigured objects and can be easily added, opposed to /dev/null and manual file creation with core.
3) Is unfortunately to give your customer access to your current infrastructure.

Unless there is another interface that will accept outbound transfers from nrdp or nsca and store them in a nagios like interface, these are the main options I can think of.

[tariqondego]

Thanks,how would I then Pass the values of required hosts services to a text file.This is the file that i will pass to nsca to send to customer site.

[slansing]

What do you mean? Are you talking about backing up your current configs and moving them to the other server? Could you explain the step you have questions about?