Page 1 of 6

Forwarding status and events from one server to another

Posted: Fri Feb 02, 2018 12:04 pm
by rjconroy
Hello;
I've been doing a lot of research on this and I cant seem to find anything current about doing some kind of a solution for using one or more remote installation to forward to another central server or siem solution.
There was some talk of an older apparently outdated plugin called NSCA but it seems to be no longer viable.
I read thru the distributed solutions papers but again it seems dated.
Is there any way to do this? it would seem a relatively simply concept, what am I missing?
Can I just forward log files or is there any other method to do this that would include both events such as whats found in /var/log/Nagios/Nagios.log as well as the asset state using passive monitoring at the main location?
Any hints or references appreciated.

Re: Forwarding status and events from one server to another

Posted: Fri Feb 02, 2018 3:48 pm
by npolovenko
Hello, @rjconroy. You could use the NRDP agent.
1. First, you'd install the NRDP agent on the Core Server#1 server that will receive forwarded host and service check results from the Core server#2.
https://support.nagios.com/kb/article/n ... e-602.html

2. After the installation make sure you can access the NRDP web interface:
http://nagios_core#1_ip/nrdp

3. Then on the Core Server #2 you'll be running checks and be sending the results to the Core Server#1:
https://assets.nagios.com/downloads/nag ... h-NRDP.pdf
Start reading at
Configure Distributed Nagios Core Server(s)
till
Unconfigured Objects
4. If the previous steps were successful, on the Core Server #1 in /usr/local/nagios/var/nagios.log you'll see similar messages:

Code: Select all

[1508380204] Error: Got host checkresult for 'S1601', but no such host can be found
[1508380204] Error: Got check result for service 'CPU Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Swap Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Memory Usage' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Process Count' on host 'S1601'. Unable to find service
[1508380204] Error: Got check result for service 'Disk Usage E' on host 'S1601'. Unable to find service
5. On the core server#1 use this manual to add service and host check definitions. That way all the incoming check results from the Core Server#2 will be recognized.
https://support.nagios.com/kb/article/n ... s-762.html

Re: Forwarding status and events from one server to another

Posted: Fri Feb 02, 2018 5:41 pm
by rjconroy
Great response thank you, for some reason I thought the NRDP agent was for endpoints, not other Nagios servers. I guess that may have been a misunderstanding on my part.
I will follow up with this on Monday and advise as to results.

PS is this the only way or the best/preferred way?

Re: Forwarding status and events from one server to another

Posted: Mon Feb 05, 2018 11:15 am
by npolovenko
Thanks, @rjconroy.
Another way to accomplish this would be using SNMP traps:
https://support.nagios.com/kb/article.php?id=77
There's no really the best way. Some administrators go the NRDS route and some prefer snmp traps. I guess it will depend on what protocol you prefer, or whatever is easier to integrate with the software solution you're going to be using on the receiving server. I'm not very familiar with siem.

Re: Forwarding status and events from one server to another

Posted: Wed Feb 07, 2018 7:06 pm
by rjconroy
Finally got to check this today and ran into a couple opf snags.

First off on receiver server I get an error on the json check "BAD CHECK RESULTS DIR", this persists even after setting permissions on folder to 777 recursive to test.

Secondly, on sender server side how can I add the conf without the gui? do I simply edit the send.nrdp.php script? does it need more than the host url and token to work? aside from obvious host parameters

Re: Forwarding status and events from one server to another

Posted: Wed Feb 07, 2018 7:30 pm
by rjconroy
Disregard "Bad Check Results" error, I resolved this, turns out I made a silly typo. After it was fixed I got the expect "OK" status. However, nothing appeared in my logs using the "somehost" name.

I also tried the commands from the links
./send_nrdp.php --url=http://w.x.y.z/nrdp --token=token1 --host=centos01 --state=0 --output="The host is up and OK"

./send_nrdp.php --url=http://w,x,y,z/nrdp --token=token1 --host=centos01 --service="Disk Usage" --state=1 --output="WARNING: The disk is 75% full"
On running the commands to send the checks though I'm seeing nothing in the logs under that hostname either, even if run locally from receiving server or remote server.

Re: Forwarding status and events from one server to another

Posted: Thu Feb 08, 2018 10:23 am
by dwhitfield
It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!

Re: Forwarding status and events from one server to another

Posted: Thu Feb 08, 2018 10:42 am
by rjconroy
Actually issue is still pending, the error was solved but I'm still not getting the events in the logs.

Re: Forwarding status and events from one server to another

Posted: Thu Feb 08, 2018 11:16 am
by npolovenko
@rjconroy, What version of Nagios Core are you using? Can you upload this file from the receiving server:

Code: Select all

/usr/local/nagios/var/nagios.log
Are you able to access the nrdp interface?

Code: Select all

http://recieving_server_ip/nrdp
Please submit a test check using the web interface and let us know if gives you any errors in return.

Re: Forwarding status and events from one server to another

Posted: Thu Feb 08, 2018 11:36 am
by rjconroy
Yes I can access the nrdp interface on the reciving server and I got it to pass the json checks.
The version number per the log file is Nagios 3.5.1
However, it appears to be a slightly customized installation that is part of a siem application.
The executables and files are not in the same paths or locations as the default Nagios install as a result. For example the main Nagios files are not in /usr/local/... , they are in /etc/nagios3. The main log file is in /var/log/nagios3/Nagios.log.
They have apparently moved some things around which is where I think I'm getting stuck trying to identify the correct locations for some of these things and make the conf file adjustments accordingly.