Forwarding status and events from one server to another

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Forwarding status and events from one server to another

Post by rjconroy »

Hello;
I've been doing a lot of research on this and I cant seem to find anything current about doing some kind of a solution for using one or more remote installation to forward to another central server or siem solution.
There was some talk of an older apparently outdated plugin called NSCA but it seems to be no longer viable.
I read thru the distributed solutions papers but again it seems dated.
Is there any way to do this? it would seem a relatively simply concept, what am I missing?
Can I just forward log files or is there any other method to do this that would include both events such as whats found in /var/log/Nagios/Nagios.log as well as the asset state using passive monitoring at the main location?
Any hints or references appreciated.
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Post by npolovenko »

Hello, @rjconroy. You could use the NRDP agent.
1. First, you'd install the NRDP agent on the Core Server#1 server that will receive forwarded host and service check results from the Core server#2.
https://support.nagios.com/kb/article/n ... e-602.html

2. After the installation make sure you can access the NRDP web interface:
http://nagios_core#1_ip/nrdp

3. Then on the Core Server #2 you'll be running checks and be sending the results to the Core Server#1:
https://assets.nagios.com/downloads/nag ... h-NRDP.pdf
Start reading at
Configure Distributed Nagios Core Server(s)
till
Unconfigured Objects
4. If the previous steps were successful, on the Core Server #1 in /usr/local/nagios/var/nagios.log you'll see similar messages:

Code: Select all

[1508380204] Error: Got host checkresult for 'S1601', but no such host can be found
[1508380204] Error: Got check result for service 'CPU Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Swap Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Memory Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Process Count' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage E' on host 'S1601'. Unable to find service
5. On the core server#1 use this manual to add service and host check definitions. That way all the incoming check results from the Core Server#2 will be recognized.
https://support.nagios.com/kb/article/n ... s-762.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Post by rjconroy »

Great response thank you, for some reason I thought the NRDP agent was for endpoints, not other Nagios servers. I guess that may have been a misunderstanding on my part.
I will follow up with this on Monday and advise as to results.

PS is this the only way or the best/preferred way?
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Post by npolovenko »

Thanks, @rjconroy.
Another way to accomplish this would be using SNMP traps:
https://support.nagios.com/kb/article.php?id=77
There's no really the best way. Some administrators go the NRDS route and some prefer snmp traps. I guess it will depend on what protocol you prefer, or whatever is easier to integrate with the software solution you're going to be using on the receiving server. I'm not very familiar with siem.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Post by rjconroy »

Finally got to check this today and ran into a couple opf snags.

First off on receiver server I get an error on the json check "BAD CHECK RESULTS DIR", this persists even after setting permissions on folder to 777 recursive to test.

Secondly, on sender server side how can I add the conf without the gui? do I simply edit the send.nrdp.php script? does it need more than the host url and token to work? aside from obvious host parameters
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Post by rjconroy »

Disregard "Bad Check Results" error, I resolved this, turns out I made a silly typo. After it was fixed I got the expect "OK" status. However, nothing appeared in my logs using the "somehost" name.

I also tried the commands from the links
./send_nrdp.php --url=http://w.x.y.z/nrdp --token=token1 --host=centos01 --state=0 --output="The host is up and OK"

./send_nrdp.php --url=http://w,x,y,z/nrdp --token=token1 --host=centos01 --service="Disk Usage" --state=1 --output="WARNING: The disk is 75% full"
On running the commands to send the checks though I'm seeing nothing in the logs under that hostname either, even if run locally from receiving server or remote server.
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Forwarding status and events from one server to another

Post by dwhitfield »

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Post by rjconroy »

Actually issue is still pending, the error was solved but I'm still not getting the events in the logs.
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Forwarding status and events from one server to another

Post by npolovenko »

@rjconroy, What version of Nagios Core are you using? Can you upload this file from the receiving server:

Code: Select all

/usr/local/nagios/var/nagios.log
Are you able to access the nrdp interface?

Code: Select all

http://recieving_server_ip/nrdp
Please submit a test check using the web interface and let us know if gives you any errors in return.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
rjconroy
Posts: 38
Joined: Fri Feb 02, 2018 11:57 am

Re: Forwarding status and events from one server to another

Post by rjconroy »

Yes I can access the nrdp interface on the reciving server and I got it to pass the json checks.
The version number per the log file is Nagios 3.5.1
However, it appears to be a slightly customized installation that is part of a siem application.
The executables and files are not in the same paths or locations as the default Nagios install as a result. For example the main Nagios files are not in /usr/local/... , they are in /etc/nagios3. The main log file is in /var/log/nagios3/Nagios.log.
They have apparently moved some things around which is where I think I'm getting stuck trying to identify the correct locations for some of these things and make the conf file adjustments accordingly.
Locked