Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Passive Alerts With NSCA not working

https://support.nagios.com/forum/viewtopic.php?t=46696

Page 3 of 6

Re: Passive Alerts With NSCA not working

Posted: Wed Dec 27, 2017 3:35 pm
by npolovenko
@cybergene, We might be able to get more information on this issue if you increase the loglevel verbosity:
In ncpa.cfg find the [passive] section and please chnage:

Code: Select all

loglevel = info
to

Code: Select all

loglevel = debug
Restart the service, give it 5 minutes and then check the var/log/ncpa_passive.log file.

Also, what version of python do you have installed on your ncpa client server?

Re: Passive Alerts With NSCA not working

Posted: Thu Dec 28, 2017 7:37 am
by cybergene
See attached log file.

Re: Passive Alerts With NSCA not working

Posted: Thu Dec 28, 2017 11:06 am
by npolovenko
@cybergene, Seems like NRDP is working. Have you taken a look at /usr/local/nagios/var/nagios.log on the Nagios Server recently? If you still do not see new entries in the log file, or in your defined service checks, I'd test to see if the firewall causing problems. From your monitored server run the following:

Code: Select all

yum install telnet
telnet 54.165.9.118 80
and
54.165.9.118 443
Does this test says everything is ok, or do you see a message that connection was refused?

PS: when we get this to work don't forget to change the log level from debug back to info to avoid using too much of a disk space.

Re: Passive Alerts With NSCA not working

Posted: Tue Jan 02, 2018 1:13 pm
by cybergene
Hi @ npolovenko

I'm getting:

Code: Select all

telnet: Unable to connect to remote host: Connection refused
on both ports.

I checked the inbound rules on Nagios Core in AWS, and I made it open for both ports and still.

Re: Passive Alerts With NSCA not working

Posted: Wed Jan 03, 2018 1:26 pm
by npolovenko
@cybergene, Can you post the full /usr/local/nagios/var/nagios.log file from the Nagios Server?

Re: Passive Alerts With NSCA not working

Posted: Thu Jan 04, 2018 1:51 pm
by cybergene
Attached few logs files, let me know if you need more.

Re: Passive Alerts With NSCA not working

Posted: Thu Jan 04, 2018 4:52 pm
by npolovenko
@cybergene, Thank you for the log files. I've talked to my colleagues and was told that very often amazon aws server has it's own firewall restrictions. That means even though you enabled ports 80 and 443 on the VM, there could still be another layer of limitations. So if you can't:

Code: Select all

nmap 54.165.9.118 -p 80
or

Code: Select all

nmap 54.165.9.118 -p 443
Then I suggest contacting Amazon so they can direct you on how to open their firewall.

Re: Passive Alerts With NSCA not working

Posted: Fri Jan 05, 2018 11:58 am
by cybergene
Hi @ npolovenko,

After some investigation heere are the results for Nmap.

nmap 54.165.9.118 -p 80

Code: Select all

Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-05 10:42 EST
Nmap scan report for NAGIOS (54.165.9.118)
Host is up (0.032s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
nmap 54.165.9.118 -p 443

Code: Select all

Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-05 10:42 EST
Nmap scan report for NAGIOS (54.165.9.118)
Host is up (0.032s latency).
PORT    STATE  SERVICE
443/tcp closed https
You might be right about the ports, although I have the SG rule open specifically for the remote server, it still shows 443 closed. I'm not sure if it is AWS or VmWare where the remote resides.

From what I undestand so far is that NCPA depends on port 80 and 443 to communicate with NRDP server? You didn't mention any other ports that they communicate over...

Re: Passive Alerts With NSCA not working

Posted: Fri Jan 05, 2018 1:31 pm
by npolovenko
@cybergene, Since you're using NCPA to send passive checks its only ports 80 and 443. If you used active checks the default port would've been 5693. But this shouldn't matter in our case.
Are you able to just open a web browser on the remote NCPA server and in the URL bar type in the nagios_ip/nrdp. Are you able to acess that page?

Re: Passive Alerts With NSCA not working

Posted: Fri Jan 05, 2018 1:56 pm
by cybergene
Thanks for the clarification @npolovenko.

Yes, I can curl it and it seems to work curl http://54.165.9.118/nrdp/.

Code: Select all

<strong>Submit Nagios Command:</strong><br>
        <form action="" method="get">
        <input type="hidden" name="cmd" value="submitcmd">
        Token: <input type="text" name="token" value="" size="15"><br>
        Command: <input type="text" name="command" size="50" value="DISABLE_HOST_NOTIFICATIONS;somehost"><br>
        <input type="submit" name="btnSubmit" value="Submit Command">
        </form>

        <hr>

        <strong>Submit Check Data</strong><br>
        <form action="" method="post">
        <input type="hidden" name="cmd" value="submitcheck">
        Token: <input type="text" name="token" value="" size="15"><br>
        Check Data:<br>
<textarea cols="80" rows="15" name="XMLDATA">
<?xml version='1.0'?>
<checkresults>
        <checkresult type='host'>
                <hostname>somehost</hostname>
                <state>0</state>
                <output>Everything looks okay!|perfdata</output>
        </checkresult>
        <checkresult type='service'>
                <hostname>somehost</hostname>
                <servicename>someservice</servicename>
                <state>1</state>
                <output>WARNING: Danger Will Robinson!|perfdata</output>
        </checkresult>
</checkresults>
</textarea><br>
        <input type="submit" name="btnSubmit" value="Submit Check Data">
        </form>
All times are UTC-05:00
Page 3 of 6

Powered by phpBB® Forum Software © phpBB Limited