Nagios and off site Windows monitoring

[jdalrymple]

The last nsclient.ini in the thread didn't include anything to setup the passive check. Did you implement that? If so can we take a look at it?

[tgriep]

This line from the netstat shows that the system is listening on port 5667

Code: Select all

tcp        0      0 0.0.0.0:5667            0.0.0.0:*               LISTEN      1745/nsca

The tcpdump command is used to verify that some system sent data to the Nagios system on port 5667.

So, I would assume that your Windows system isn't sending any data to the Nagios system.
You may want to run the tcpdump for a long time to see if any data is received.

[Jam1987]

The last nsclient.ini in the thread didn't include anything to setup the passive check. Did you implement that? If so can we take a look at it?

Do you mean something like this? I just added after your message.

[jdalrymple]

I do. Are passive checks being submitted now? If not then you need to watch your nsclient log to figure out why.

[Jam1987]

Ok had a bit of a breakthrough with the local unit I was testing on, it connected to Nagios using the NSClient but it was over port 12489 which I'm delighted about as the server is actually working on that port which hopefuly means I'm closer to my goal.

I do. Are passive checks being submitted now? If not then you need to watch your nsclient log to figure out why.

I just looked at the log files now for testing the passive setup using the nsclient.ini file I sent earlier and I got the following read out:

Code: Select all

2015-07-30 10:35:25: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 10:36:24: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:12:30: error:D:\source\nscp\modules\CheckSystem\CheckSystem.cpp:896: Failed to enumerate windows: 87: The parameter is incorrect.


2015-07-30 11:20:32: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:21:31: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:22:32: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:23:28: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:24:28: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:24:32: error:D:\source\nscp\include\check_nt/server/protocol.hpp:67: Rejected connection from: 192.168.1.246
2015-07-30 11:34:31: debug:D:\source\nscp\service\NSClient++.cpp:409: booting::loading plugins
2015-07-30 11:34:31: debug:D:\source\nscp\service\NSClient++.cpp:504: NSClient++ - 0.4.3.143 2015-04-29 Started!
2015-07-30 11:34:31: debug:D:\source\nscp\service\NSClient++.cpp:1356: Starting: DONE

So it looks like the Nagios server isn't liking the connection fro some reason even though it is listening on port 5667. Is there an added input I need to add to command.cfg to fix this?

[Jam1987]

Followed a troubleshooting guide on that error and added this to config:

Code: Select all

[/settings/default]

; ALLOWED HOSTS - A coma separated list of hosts which are allowed to connect. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = <ADD YOUR NAGIOS 1 IP HERE>,<ADD YOUR NAGIOS 2 IP HERE>,10.11.12.0/24

Then restarted the service and now no errors appear in the log:

Code: Select all

2015-07-30 12:00:07: debug:D:\source\nscp\service\NSClient++.cpp:541: Attempting to stop all plugins
2015-07-30 12:00:07: debug:D:\source\nscp\service\NSClient++.cpp:543: Stopping all plugins
2015-07-30 12:00:07: debug:D:\source\nscp\service\NSClient++.cpp:554: Stopping: COM helper
2015-07-30 12:00:07: debug:D:\source\nscp\service\NSClient++.cpp:573: Stopping: Settings instance
2015-07-30 12:00:08: debug:D:\source\nscp\service\NSClient++.cpp:409: booting::loading plugins
2015-07-30 12:00:08: debug:D:\source\nscp\service\NSClient++.cpp:504: NSClient++ - 0.4.3.143 2015-04-29 Started!
2015-07-30 12:00:08: debug:D:\source\nscp\service\NSClient++.cpp:1356: Starting: DONE

It looks like it started fine but are the :*** numbers listed there PIDs or ports that it's sending on? I have 5667 listed on the nsclient.ini and I'm running tcpdump on the server but no feed back as of yet.

[Jam1987]

Ok so to test the port capturing on 5667 I used the send_nsca command from my Ubuntu Desktop and pointed it to the local server IP and woop woop tcpdump recorded the transaction:

Code: Select all

root@storage:/usr/local/nagios/etc/objects# tcpdump port 5667
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:15:47.415525 IP Jerden-Vaio.42027 > storage.nsca: Flags [S], seq 3106634345, win 29200, options [mss 1460,sackOK,TS val 130990700 ecr 0,nop,wscale 7], length 0
12:15:47.415616 IP storage.nsca > Jerden-Vaio.42027: Flags [S.], seq 2489339415, ack 3106634346, win 28960, options [mss 1460,sackOK,TS val 20405410 ecr 130990700,nop,wscale 7], length 0
12:15:47.415904 IP Jerden-Vaio.42027 > storage.nsca: Flags [.], ack 1, win 229, options [nop,nop,TS val 130990700 ecr 20405410], length 0
12:15:47.416965 IP storage.nsca > Jerden-Vaio.42027: Flags [P.], seq 1:133, ack 1, win 227, options [nop,nop,TS val 20405410 ecr 130990700], length 132
12:15:47.417303 IP Jerden-Vaio.42027 > storage.nsca: Flags [.], ack 133, win 237, options [nop,nop,TS val 130990700 ecr 20405410], length 0
12:15:47.417776 IP Jerden-Vaio.42027 > storage.nsca: Flags [P.], seq 1:721, ack 133, win 237, options [nop,nop,TS val 130990701 ecr 20405410], length 720
12:15:47.417803 IP storage.nsca > Jerden-Vaio.42027: Flags [.], ack 721, win 238, options [nop,nop,TS val 20405411 ecr 130990701], length 0
12:15:47.417829 IP Jerden-Vaio.42027 > storage.nsca: Flags [F.], seq 721, ack 133, win 237, options [nop,nop,TS val 130990701 ecr 20405410], length 0
12:15:47.417991 IP storage.nsca > Jerden-Vaio.42027: Flags [F.], seq 133, ack 722, win 238, options [nop,nop,TS val 20405411 ecr 130990701], length 0
12:15:47.418144 IP Jerden-Vaio.42027 > storage.nsca: Flags [.], ack 134, win 237, options [nop,nop,TS val 130990701 ecr 20405411], length 0

So it looks like the NSClient on my Windows machine isn't sending the info to the server as nothing is being picked up by tcpdump. I'll have to delve into the nsclient.ini file again.

[tgriep]

I noticed that in youe NSClient log, you are running a newer version of the NSClient that has changed the format of the nsclient.ini so much that your example that you uploaded will not work.
I attached a copy that should work for you but you will need to edit the IP Addresses, passwords, etc.
Give it a try and see if that helps out.

[Jam1987]

I noticed that in youe NSClient log, you are running a newer version of the NSClient that has changed the format of the nsclient.ini so much that your example that you uploaded will not work.
I attached a copy that should work for you but you will need to edit the IP Addresses, passwords, etc.
Give it a try and see if that helps out.

Thank you so much! I will give it a go, the only other thing I have come across now is the NRPE plugin. It seems the NSCA calls rely on the NRPE plugin to decipher the proper checks. So I'm in the midst of installing nrpe-2.15 on the Nagios server. I kept getting an error while running ./configure about SSL libraries so if anyone else has that problem I tried to get around it by running:

Code: Select all

dpkg -L libssl-dev

after installing libssl-dev of course and it fed me a list of locations, then I used the following command:

Code: Select all

./configure --with-ssl=/usr/include/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu

and it compiled fine with no errors bar the following output which I hope isn't bad:

Code: Select all

checking for SSL libraries... SSL libraries found in /usr/lib/x86_64-linux-gnu

*** Generating DH Parameters for SSL/TLS ***
./configure: line 7553: /usr/include/openssl/../bin/openssl: No such file or directory
checking for Kerberos include files... could not find include files

.

I am a tad stuck now though, in one tutorial it tells me to run make all but all I get back is:

Code: Select all

make all
cd ./src/; make ; cd ..
make[1]: Entering directory `/home/futuresign/Downloads/nagios/nrpe-2.15/src'
gcc -g -O2 -I/usr/include/openssl -DHAVE_CONFIG_H -I ../include -I ./../include -o nrpe ./nrpe.c ./utils.c ./acl.c -L/usr/lib/x86_64-linux-gnu  -lssl -lcrypto -lnsl   
./nrpe.c: In function ‘main’:
./nrpe.c:269:5: warning: assignment makes pointer from integer without a cast [enabled by default]
   dh=get_dh512();
     ^
./nrpe.c:204:9: warning: ignoring return value of ‘getcwd’, declared with attribute warn_unused_result [-Wunused-result]
   getcwd(config_file,sizeof(config_file));
         ^
./nrpe.c:309:8: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
   chdir("/");
        ^
./nrpe.c:379:8: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
   chdir("/");
        ^
./nrpe.c: In function ‘my_system’:
./nrpe.c:1491:6: warning: ignoring return value of ‘pipe’, declared with attribute warn_unused_result [-Wunused-result]
  pipe(fd);
      ^
./nrpe.c:1544:9: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
    write(fd[1],buffer,strlen(buffer)+1);
         ^
./nrpe.c:1554:10: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
     write(fd[1],buffer,bytes_read);
          ^
./nrpe.c: In function ‘write_pid_file’:
./nrpe.c:1766:8: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
   write(fd,pbuf,strlen(pbuf));
        ^
/tmp/ccXLGRS0.o: In function `main':
/home/futuresign/Downloads/nagios/nrpe-2.15/src/./nrpe.c:269: undefined reference to `get_dh512'
collect2: error: ld returned 1 exit status
make[1]: *** [nrpe] Error 1
make[1]: Leaving directory `/home/futuresign/Downloads/nagios/nrpe-2.15/src'

*** Compile finished ***

If the NRPE daemon and client compiled without any errors, you
can continue with the installation or upgrade process.

Read the PDF documentation (NRPE.pdf) for information on the next
steps you should take to complete the installation or upgrade.

Which doesn't look to promising, have you guys come across that or should I try an earlier version of NRPE? I only ask because I'm unfamilure what to do after that and the tutorial im using says to:

Code: Select all

make install-plugin
make install-daemon
make install-daemon-config

which returns nothing but errors.

[Jam1987]

I noticed that in youe NSClient log, you are running a newer version of the NSClient that has changed the format of the nsclient.ini so much that your example that you uploaded will not work.
I attached a copy that should work for you but you will need to edit the IP Addresses, passwords, etc.
Give it a try and see if that helps out.

Oh my god! Your nsclient.ini works! TCPDump is reporting back connection attempts on port 5667. Oh happy days! Now to get Nagios to actually decipher the messages.

That is awesome thank you!

Also wanted to add with the NRPE configuration and the NSCA calling it. After adding the calls to the windows.cfg I get the following errors when trying to reboot Nagios. It may explain what I was saying before better with the calls.

Code: Select all

Checking objects...
Error: Service check command 'check_nrpe!alias_cpu' specified in service 'CPU Load' for host 'windowshost' not defined anywhere!
Error: Service check command 'check_nrpe!alias_disk' specified in service 'Free Space' for host 'windowshost' not defined anywhere!
	Checked 10 services.
	Checked 2 hosts.
	Checked 2 host groups.
	Checked 0 service groups.
	Checked 1 contacts.
	Checked 1 contact groups.
	Checked 25 commands.
	Checked 5 time periods.
	Checked 0 host escalations.
	Checked 0 service escalations.
Checking for circular paths...
	Checked 2 hosts
	Checked 0 service dependencies
	Checked 0 host dependencies
	Checked 5 timeperiods
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...

Total Warnings: 0
Total Errors:   2