Forwarding status and events from one server to another

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Forwarding status and events from one server to another

Postby rjconroy » Fri Feb 02, 2018 12:04 pm

Hello;
I've been doing a lot of research on this and I cant seem to find anything current about doing some kind of a solution for using one or more remote installation to forward to another central server or siem solution.
There was some talk of an older apparently outdated plugin called NSCA but it seems to be no longer viable.
I read thru the distributed solutions papers but again it seems dated.
Is there any way to do this? it would seem a relatively simply concept, what am I missing?
Can I just forward log files or is there any other method to do this that would include both events such as whats found in /var/log/Nagios/Nagios.log as well as the asset state using passive monitoring at the main location?
Any hints or references appreciated.
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Postby npolovenko » Fri Feb 02, 2018 3:48 pm

Hello, @rjconroy. You could use the NRDP agent.
1. First, you'd install the NRDP agent on the Core Server#1 server that will receive forwarded host and service check results from the Core server#2.
https://support.nagios.com/kb/article/n ... e-602.html

2. After the installation make sure you can access the NRDP web interface:
http://nagios_core#1_ip/nrdp

3. Then on the Core Server #2 you'll be running checks and be sending the results to the Core Server#1:
https://assets.nagios.com/downloads/nag ... h-NRDP.pdf
Start reading at
Configure Distributed Nagios Core Server(s)
till
Unconfigured Objects


4. If the previous steps were successful, on the Core Server #1 in /usr/local/nagios/var/nagios.log you'll see similar messages:
Code: Select all
[1508380204] Error: Got host checkresult for 'S1601', but no such host can be found
[1508380204] Error: Got check result for service 'CPU Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Swap Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Memory Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Process Count' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage E' on host 'S1601'. Unable to find service


5. On the core server#1 use this manual to add service and host check definitions. That way all the incoming check results from the Core Server#2 will be recognized.
https://support.nagios.com/kb/article/n ... s-762.html
User avatar
npolovenko
Support Tech
 
Posts: 1327
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Postby rjconroy » Fri Feb 02, 2018 5:41 pm

Great response thank you, for some reason I thought the NRDP agent was for endpoints, not other Nagios servers. I guess that may have been a misunderstanding on my part.
I will follow up with this on Monday and advise as to results.

PS is this the only way or the best/preferred way?
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Postby npolovenko » Mon Feb 05, 2018 11:15 am

Thanks, @rjconroy.
Another way to accomplish this would be using SNMP traps:
https://support.nagios.com/kb/article.php?id=77
There's no really the best way. Some administrators go the NRDS route and some prefer snmp traps. I guess it will depend on what protocol you prefer, or whatever is easier to integrate with the software solution you're going to be using on the receiving server. I'm not very familiar with siem.
User avatar
npolovenko
Support Tech
 
Posts: 1327
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Postby rjconroy » Wed Feb 07, 2018 7:06 pm

Finally got to check this today and ran into a couple opf snags.

First off on receiver server I get an error on the json check "BAD CHECK RESULTS DIR", this persists even after setting permissions on folder to 777 recursive to test.

Secondly, on sender server side how can I add the conf without the gui? do I simply edit the send.nrdp.php script? does it need more than the host url and token to work? aside from obvious host parameters
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Postby rjconroy » Wed Feb 07, 2018 7:30 pm

Disregard "Bad Check Results" error, I resolved this, turns out I made a silly typo. After it was fixed I got the expect "OK" status. However, nothing appeared in my logs using the "somehost" name.

I also tried the commands from the links
./send_nrdp.php --url=http://w.x.y.z/nrdp --token=token1 --host=centos01 --state=0 --output="The host is up and OK"

./send_nrdp.php --url=http://w,x,y,z/nrdp --token=token1 --host=centos01 --service="Disk Usage" --state=1 --output="WARNING: The disk is 75% full"
On running the commands to send the checks though I'm seeing nothing in the logs under that hostname either, even if run locally from receiving server or remote server.
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Postby dwhitfield » Thu Feb 08, 2018 10:23 am

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
dwhitfield
Former Nagios Staff
 
Posts: 4568
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN

Re: Forwarding status and events from one server to another

Postby rjconroy » Thu Feb 08, 2018 10:42 am

Actually issue is still pending, the error was solved but I'm still not getting the events in the logs.
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Postby npolovenko » Thu Feb 08, 2018 11:16 am

@rjconroy, What version of Nagios Core are you using? Can you upload this file from the receiving server:
Code: Select all
/usr/local/nagios/var/nagios.log

Are you able to access the nrdp interface?
Code: Select all
http://recieving_server_ip/nrdp

Please submit a test check using the web interface and let us know if gives you any errors in return.
User avatar
npolovenko
Support Tech
 
Posts: 1327
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Postby rjconroy » Thu Feb 08, 2018 11:36 am

Yes I can access the nrdp interface on the reciving server and I got it to pass the json checks.
The version number per the log file is Nagios 3.5.1
However, it appears to be a slightly customized installation that is part of a siem application.
The executables and files are not in the same paths or locations as the default Nagios install as a result. For example the main Nagios files are not in /usr/local/... , they are in /etc/nagios3. The main log file is in /var/log/nagios3/Nagios.log.
They have apparently moved some things around which is where I think I'm getting stuck trying to identify the correct locations for some of these things and make the conf file adjustments accordingly.
rjconroy
 
Posts: 33
Joined: Fri Feb 02, 2018 11:57 am

Next

Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 6 guests