Nageventlog Monitoring Agent

[ranjitw]

Hi ,

I have done the configuration of the event log monitoring as per the below document :

https://assets.nagios.com/downloads/nag ... entLog.pdf

But After adding the server to event log monitoring I am getting "OK: No data received yet." under the status information . I have attached the screenshot for the same.

Can anyone please help me on how to get an alarm generated for eventlog monitoring ? One example would be very helpful.

[lmiltchev]

How often the passive check results are sent to the Nagios XI server? Open the "Nagios EvenLog Service Control Manager" and show us a screenshot. When you try to generate a "test event", do you see it in the "Unconfigured Objects"?

[ranjitw]

Hi ,

I have attached the screenshot of the Nagios EvenLog Service Control Manager.

I am not getting anything like unconfigured objects when I click "generate test event".

[lmiltchev]

Can you click on the "NSCA Daemons" under the "EvenLog Service Control Manager", and show us a screenshot? Is the Windows server IP (sending machine) added to the "/etc/xinetd.d/nsca"? What is the output of the following commands, run on the Nagios XI server?

Code: Select all

ip addr
grep only_from /etc/xinetd.d/nsca
iptables -nL
grep decryption_method /usr/local/nagios/etc/nsca.cfg

[ranjitw]

Hi ,

Nageventlog server IP details are already present in the grep only_from /etc/xinetd.d/nsca file.

grep decryption_method /usr/local/nagios/etc/nsca.cfg
decryption_method=1

Attached is the screenshot with details for NSCA Daemons due to confidentiality issues I have not shared the IP address.

I am able to perform a telnet to the Nageventlog server from the Nagios server .

[lmiltchev]

I am able to perform a telnet to the Nageventlog server from the Nagios server .

Can you also telnet to the Nagios server from the Nageventlog server? Port 5667 needs to be open - you haven't showed us the iptables rules, so I am not sure if the port is indeed open. Do you have another firewall (besides iptables) in between?
Do passwords match (on the Nageventlog server under the "NSCA Server Settings" and the "/usr/local/nagios/etc/nsca.cfg" on the Nagios server)?

[ranjitw]

Hi ,

When I performed a telnet from Nageventlog server to Nagios XI server on port 5667 its failing with error connection failed.

Connecting To Nagios XI IP...Could not open connection to the host, on port 5667: Connect failed

iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2 2
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8 0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4 43
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-ho st-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-ho st-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

On the Nagios XI server I checked if the port is listening for which I got below message does this mean its listening ?

netstat -anp | grep 5667
tcp 0 0 :::5667 :::* LISTEN 12871/xinetd

I have not given a password in the Nageventlog server "NSCA Server Settings" is it mandatory ?

In the Nagios XI server in /usr/local/nagios/etc/nsca.cfg I could see a blank for password .

# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets. Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!

password=

[lmiltchev]

I can see only ports 22, 80, and 443 open in your firewall rules. I need to open 5667 as well...

I have not given a password in the Nageventlog server "NSCA Server Settings" is it mandatory ?

If you are using encryption, you will need to set up a password.

[ranjitw]

HI,

I have enabled the connectivity from Nageventlog server to NAgios XI server and I am able to perform telnet from Nagevenglog server to Nagios XI server on port 5667.

Below is the output of iptables -nL from Nagios XI server :

ptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5667
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Even after performing the change I am unable to view the events in the Nagios XI server . I have generated alarm using the "Generate Test Event " option which is present in the "Nagios Eventlog service control manager " I could see the alarm in the event viewer of the server but could not see the same in Nagios XI console.

Please help me in resolving this issue.

[rkennedy]

Now that the port is open, do you have any unconfigured objects appearing?

Here's a bit more information about them - https://assets.nagios.com/downloads/nag ... ith_XI.pdf