Monitor DMZ server

tgfde · Post by **tgfde** » Thu Jun 02, 2011 9:24 am

Is it possible to monitor a DMZ server with Nagios? I'm trying to monitor the FTP server and the physical host.

Thanks.

tonyyarusso · Post by **tonyyarusso** » Thu Jun 02, 2011 9:38 am

Anything that you allow connectivity to in one way or another you will be able to monitor. There is a wizard available for FTP monitoring set up also.

Post by **nscott** » Thu Jun 02, 2011 9:44 am

Yeah its possible to monitor a service like that in a DMZ. Obviously SNMP isn't allowed but you can still use NRPE. There is a detailed write up on installing NRPE here:

http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf

With that you should be able to find a plethora of plugins on the Exchange the checks you specified.

tgfde · Post by **tgfde** » Thu Jun 02, 2011 11:21 am

Tony,

I tried to monitor a FTP server on this DMZ server via "Configuration Wizard" but failed with the following message:
Error: Could not find any host matching '192.168.xx.xx' (config file '/usr/local/nagios/etc/services/192.168.xx.xx.cfg', starting on line 14)

The config for this service is attaced.

ftp_DMZ.txt

Thanks.

tonyyarusso · Post by **tonyyarusso** » Thu Jun 02, 2011 11:28 am

If find it a bit hard to believe that's your actual config file, as it doesn't even have a host declaration in it.

tgfde · Post by **tgfde** » Fri Jun 03, 2011 2:59 pm

Tony,

I though I replied this post asking if check_ftp requires an agent installed on the remote host. I wasn't really sure how this plugin works since this is my first time using it. Sorry about that.

Thanks.

Post by **nscott** » Mon Jun 06, 2011 9:40 am

tgfde,

If you just wanted to check to see if people can login to the ftp server you shouldn't need to install an agent for that as the Nagios server would simply attempt to connect to the server, and if it couldn't, it would raise an error. However, if you wanted to check other statistics of that ftp server, such as Disk Space or CPU Usage, you would need to install an NRPE agent on the FTP server.

tgfde · Post by **tgfde** » Thu Oct 20, 2011 9:46 am

Besides opening port 12489 for NSClient to monitor a server in a DMZ via NSClient, are there other ports I need to open for communications between Nagios server and the agent?

Thank you in advanced.

tgfde · Post by **tgfde** » Thu Oct 20, 2011 10:26 am

To be more specific here are the ports I've requested to be open and its direction.

12489 on DMZ servers – Corpmon6 outbound to DMZ
5666 on DMZ servers – Corpmon6 outbound to DMZ
5667 on corpmon6 – DMZ outbound to Corpmon6

Thanks.

Post by **nscott** » Thu Oct 20, 2011 11:19 am

No those should be all that it takes. NRPE will try to access port 5666 [default] so you've got that one covered. I'm not totally sure if the 5667 will be necessary as the socket has already been established, but it can't hurt. Also, are you going to be running check_nt checks against this server? If so, then the 12489 addition is great, if not then its unecessary.

Nagios Support Forum

Monitor DMZ server

Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server

Re: Monitor DMZ server