Trouble using Nagios Core to monitor Remote Windows hosts

[jimbo1215]

My organization is trying to use Nagios core to monitor ~100 Windows hosts in about 10 different sites. I've installed the latest Nagios and plugins in a VM. according to the documentation. I know that in order to monitor remote windows hosts, I will have to use a public static IP and I'm also going to use NSClient++ on every Windows host and forward the correct ports on the routers in every site.


My plan was to test this in the internal network before we actually put it into production, however, I'm having trouble getting the server to talk to the host. Since it's in a VM they are technically on different subnets and I'm getting either socket timeout with windows firewall on or connection refused on port 12489 (port used by NSClient++)

nsclient.ini has the IP of the server and the password configured which is also in the check_nt service of the commands.cfg on the server side.

My linux knowledge is somewhat basic and I've only been using nagios for less than a week I know that managing the configs will probably be somewhat tedious, but can anyone point me in the right direction on how to troubleshoot this? I also messed up my httpd.conf when trying to get nagios to use the public IP instead of localhost or the internal machine IP so I may need help fixing that as well.

To reiterate my goal is to get nagios to use our public static IP instead of localhost and use NSClient++ to monitor ~100 hosts across 10 sites but I've gotten either socket timeout or connection refused on the port used by NSClient++ I also need some assistance in what .conf files I have to edit in order for nagios to sue our public IP via dynamic DNS rather than using the localhost. Thanks guys. Any recommendations to make this easier are also welcome as I'm just getting back into Linux myself.

[dwhitfield]

I have a few introductory questions that will help us help you.

First, what OS and version are you running? cat /etc/*-release should do it, but if for some reason there is no output, you can give us lsb_release -a instead. If you are really unsure what you are looking at, just give us both! Use code tags here for the output to make everyone's life easier.

Second, what version of Nagios are you running? Normally, you can find this from the web output, but it sounds like that may not be working.

Lastly, how did you install? Some OSes (OpenBSD, for example) have nagios packages. Often installing from those packages leads things to be in non-default (to us) locations. Of course, it makes your life a little easier on install. The packages are always going to lag behind as far as the newest features and bug fixes. We can help with both, but since you are just getting started, you might want to think about about what you want going forward. If you want to install from source and have access to the latest features, now is the time to do that - not after you have a bunch of working configs you need to migrate.

Turning off the Windows firewall: https://support.microsoft.com/en-us/ins ... -on-or-off. Your firewalls may get turned back on by group policy, so you may need to speak with a Windows admin if you are having trouble turning off the Windows firewall. I don't suggest leaving the firewalls off longterm, but just for testing, since you have a testing setup.

As for turning off the Linux firewall, that will depend on the distribution and version, so I await your response. Of course, this is true of Windows too, but it sounds like you are more confident with Windows, so I am not as concerned about that piece at the moment.

[jimbo1215]

Sorry that would have been useful info. Installing on CentOS 7. Version 4.2.1 and the latest version of nagios plugins installed according to the documentation located here

https://assets.nagios.com/downloads/nag ... entos7.pdf

Linux firewall, windows firewall, and SELinux disabled.

[rkennedy]

Let's look at a few things to see where you're at so far. Please post back the full outputs from these commands.

On the test Windows machine you're using please run these commands-

Code: Select all

netstat -an | findstr 5666
netstat -an | findstr 12489

Also, post a copy of your NSC.ini or nsclient.ini file. Then, post your nsclient.log file for us to review.

On the Linux machine, please run the following -

Code: Select all

nmap ip.of.windows.machine -p 12489
nmap ip.of.windows.machine -p 5666

This should all help to see what's going on. It does not matter that they are on a different subnet, as long as a route is still functional.

[jimbo1215]

Netstat shows 0.0.0.0 LISTENING on both ports.

Code: Select all

# If you want to fill this file with all available options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; TODO
[/settings/default]

; Undocumented key
password = pass123

; Undocumented key
allowed hosts = 192.168.186.128


; TODO
[/settings/NRPE/server]

; Undocumented key
ssl options = no-sslv2,no-sslv3

; Undocumented key
verify mode = peer-cert

; Undocumented key
insecure = false


; TODO
[/modules]

; Undocumented key
CheckExternalScripts = 1

; Undocumented key
CheckHelpers = 1

; Undocumented key
CheckNSCP = 1

; Undocumented key
CheckDisk = 1

; Undocumented key
CheckSystem = 1

; Undocumented key
NSClientServer = 1

; Undocumented key
CheckEventLog = 1

; Undocumented key
NSCAClient = 1

; Undocumented key
WEBSErver = 1

; Undocumented key
NRPEServer = 1

NMAP on linux shows filtered uknown for both ports. For what it's worth, the ports have been forwarded in my router interface and I was able to get apache working on port 88 instead for the time being, but I'm still getting those errors (Socket Timeout, host unreachable)

IP of windows machine is 192.168.1.146
IP of server is 192.168.186.128

Edit: Just checked and it's clearly not routable so then the question becomes how do I config nagios to use my routable public IP instead of an internal one from the VM?

[dwhitfield]

I'm not sure I understand your question, so i am going to ask a couple myself. What virtualization software are you using? Are you able to reach anything in outside the VM network from the VM? I think the second is the more important of the two, but as I mentioned, I'm not sure I understand the question.

[jimbo1215]

I'm not sure I understand your question, so i am going to ask a couple myself. What virtualization software are you using? Are you able to reach anything in outside the VM network from the VM? I think the second is the more important of the two, but as I mentioned, I'm not sure I understand the question.

I'm using VMWare. I'm not able to access nagios outside the VM so I'm wondering how I put nagios a public IP we have that's routable rather than the localhost or localhost IP.

[dwhitfield]

Setting up the VMWare networking is going to depend on which product you are using. Let us know if vSphere or Workstation (or something else), and we can help out on that piece.


As for the Linux server, check to make sure the network interface is eth0. It should show up with ifconfig if enabled. If ifconfig is not installed, you can install it through yum install net-tools. The easiest way to get a network adapter showing up in there might be to run dhcleint. There are a variety of other ways to find out, but I don't want to belabor the point, because it is probably eth0.

Once you've confirmed it is eth0*, edit/etc/sysconfig/network-scripts/ifcfg-eth0 and make sure ONBOOT=yes. That piece will mean the network comes up when you reboot. Also, remove NM_CONTROLLED=yes, if it is there.

Otherwise, you should be able to use http://www.mustbegeek.com/configure-sta ... in-centos/

Once you are doing with that document, run service network restart.

*if it isn't eth0, just change eth0 in the filename I gave you to the actual network adapter name.

[jimbo1215]

Setting up the VMWare networking is going to depend on which product you are using. Let us know if vSphere or Workstation (or something else), and we can help out on that piece.


As for the Linux server, check to make sure the network interface is eth0. It should show up with ifconfig if enabled. If ifconfig is not installed, you can install it through yum install net-tools. The easiest way to get a network adapter showing up in there might be to run dhcleint. There are a variety of other ways to find out, but I don't want to belabor the point, because it is probably eth0.

Once you've confirmed it is eth0*, edit/etc/sysconfig/network-scripts/ifcfg-eth0 and make sure ONBOOT=yes. That piece will mean the network comes up when you reboot. Also, remove NM_CONTROLLED=yes, if it is there.

Otherwise, you should be able to use http://www.mustbegeek.com/configure-sta ... in-centos/

Once you are doing with that document, run service network restart.

*if it isn't eth0, just change eth0 in the filename I gave you to the actual network adapter name.

I'm using VMWare workstation, the ethernet interface is not eth0 but I will change it when I get back in tomorrow. I tried to set up bridged mode but it was unsuccessful so I went back to shared. I can access the internet in vmware without trouble so I think you might be slightly misunderstanding what I'm trying to accomplish.

Internal IP of Nagios is 192.168.186.128:88/nagios

If I'm trying to reach clients remotely I obviously can't use that IP because it is internal to my network so my organization has a public IP of 66.87.xx.xx. I would need to use that IP to have clients reach me right? Unless I'm mistaken, I've only been using nagios for about a week

[ssax]

If you are trying to access nagios from outside of your network you will need to have your firewall/network admins configure the router/switches/firewalls, you really shouldn't have to configure apache unless you have it only listening on specific interfaces/IPs (not usually the case by default).

Do you have a VPN tunnel setup between the sites?

Are you having the nagios server reach out and actively check these sites or are you trying to have them just use passive checks to send them in?

See here for a description:

https://assets.nagios.com/downloads/nag ... hecks.html

If you are not going over a VPN and you are performing active checks, the remote hosts will automatically see your external IP address as the source.