[root@lisl-ngos-01-pv ~]# cat /usr/local/nagios/etc/nsca.cfg
####################################################
# Sample NSCA Daemon Config File
# Written by: Ethan Galstad ([email protected])
#
# Last Modified: 04-03-2006
####################################################
# PID FILE
# The name of the file in which the NSCA daemon should write it's process ID
# number. The file is only written if the NSCA daemon is started by the root
# user as a single- or multi-process daemon.
pid_file=/var/run/nsca.pid
# PORT NUMBER
# Port number we should wait for connections on.
# This must be a non-priveledged port (i.e. > 1024).
server_port=5667
# SERVER ADDRESS
# Address that NSCA has to bind to in case there are
# more as one interface and we do not want NSCA to bind
# (thus listen) on all interfaces.
#server_address=192.168.1.1
# NSCA USER
# This determines the effective user that the NSCA daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd
nsca_user=nagios
# NSCA GROUP
# This determines the effective group that the NSCA daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd
nsca_group=nagios
# NSCA CHROOT
# If specified, determines a directory into which the nsca daemon
# will perform a chroot(2) operation before dropping its privileges.
# for the security conscious this can add a layer of protection in
# the event that the nagios daemon is compromised.
#
# NOTE: if you specify this option, the command file will be opened
# relative to this directory.
#nsca_chroot=/var/run/nagios/rw
# DEBUGGING OPTION
# This option determines whether or not debugging
# messages are logged to the syslog facility.
# Values: 0 = debugging off, 1 = debugging on
debug=0
# COMMAND FILE
# This is the location of the Nagios command file that the daemon
# should write all service check results that it receives.
command_file=/usr/local/nagios/var/rw/nagios.cmd
# ALTERNATE DUMP FILE
# This is used to specify an alternate file the daemon should
# write service check results to in the event the command file
# does not exist. It is important to note that the command file
# is implemented as a named pipe and only exists when Nagios is
# running. You may want to modify the startup script for Nagios
# to dump the contents of this file into the command file after
# it starts Nagios. Or you may simply choose to ignore any
# check results received while Nagios was not running...
alternate_dump_file=/usr/local/nagios/var/rw/nsca.dump
# AGGREGATED WRITES OPTION
# This option determines whether or not the nsca daemon will
# aggregate writes to the external command file for client
# connections that contain multiple check results. If you
# are queueing service check results on remote hosts and
# sending them to the nsca daemon in bulk, you will probably
# want to enable bulk writes, as this will be a bit more
# efficient.
# Values: 0 = do not aggregate writes, 1 = aggregate writes
aggregate_writes=0
# APPEND TO FILE OPTION
# This option determines whether or not the nsca daemon will
# will open the external command file for writing or appending.
# This option should almost *always* be set to 0!
# Values: 0 = open file for writing, 1 = open file for appending
append_to_file=0
# MAX PACKET AGE OPTION
# This option is used by the nsca daemon to determine when client
# data is too old to be valid. Keeping this value as small as
# possible is recommended, as it helps prevent the possibility of
# "replay" attacks. This value needs to be at least as long as
# the time it takes your clients to send their data to the server.
# Values are in seconds. The max packet age cannot exceed 15
# minutes (900 seconds). If this variable is set to zero (0), no
# packets will be rejected based on their age.
max_packet_age=70
# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets. Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!
password=N@g10$
# DECRYPTION METHOD
# This option determines the method by which the nsca daemon will
# decrypt the packets it receives from the clients. The decryption
# method you choose will be a balance between security and performance,
# as strong encryption methods consume more processor resources.
# You should evaluate your security needs when choosing a decryption
# method.
#
# Note: The decryption method you specify here must match the
# encryption method the nsca clients use (as specified in
# the send_nsca.cfg file)!!
# Values:
#
# 0 = None (Do NOT use this option)
# 1 = Simple XOR (No security, just obfuscation, but very fast)
#
# 2 = DES
# 3 = 3DES (Triple DES)
# 4 = CAST-128
# 5 = CAST-256
# 6 = xTEA
# 7 = 3WAY
# 8 = BLOWFISH
# 9 = TWOFISH
# 10 = LOKI97
# 11 = RC2
# 12 = ARCFOUR
#
# 14 = RIJNDAEL-128
# 15 = RIJNDAEL-192
# 16 = RIJNDAEL-256
#
# 19 = WAKE
# 20 = SERPENT
#
# 22 = ENIGMA (Unix crypt)
# 23 = GOST
# 24 = SAFER64
# 25 = SAFER128
# 26 = SAFER+
#
decryption_method=1
Dec 9 10:20:57 lisl-ngos-01-pv nagios: SERVICE ALERT: lisdbqy02p on lisprod04g;GoldenGate Processes;WARNING;HARD;1;Warning - No Passive check results recieved in an hour. Please follow instructions in guide.
Dec 9 10:20:58 lisl-ngos-01-pv nagios: HOST ALERT: SOCC-ROTR-MPLS;UP;HARD;1;OK - 10.93.255.1: rta 24.708ms, lost 0%
Dec 9 10:20:59 lisl-ngos-01-pv nagios: HOST ALERT: ARAN-SGDC-01-PV;UP;HARD;1;OK - ARAN-SGDC-01-PV.snapon.com: rta 126.079ms, lost 0%
Dec 9 10:20:59 lisl-ngos-01-pv nagios: HOST ALERT: KING-FRWL;UP;HARD;1;OK - 10.160.250.1: rta 104.487ms, lost 0%
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20350 from=::ffff:10.245.64.33
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20350]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20358 from=::ffff:10.245.64.45
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20358]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20360 from=::ffff:10.245.64.49
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20361 from=::ffff:10.245.64.3
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20360]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20361]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20362 from=::ffff:10.245.64.21
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20362]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20413 from=::ffff:10.245.64.16
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20413]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20512 from=::ffff:10.245.64.37
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20512]: Handling the connection...
Dec 9 10:21:03 lisl-ngos-01-pv xinetd[4608]: START: nsca pid=20516 from=::ffff:10.245.64.38
Dec 9 10:21:03 lisl-ngos-01-pv nsca[20516]: Handling the connection...
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20350]: Time difference in packet: 0 seconds for host lishadb13p on lisprod02g
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20350]: SERVICE CHECK -> Host Name: 'lishadb13p on lisprod02g', Service Description: 'GoldenGate Processes', Return Code: '0', Output: 'GoldenGate process OK on pwmsdb13'
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20350]: Attempting to write to nagios command pipe
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20350]: End of connection...
Dec 9 10:21:04 lisl-ngos-01-pv xinetd[4608]: EXIT: nsca status=0 pid=20350 duration=1(sec)
Dec 9 10:21:04 lisl-ngos-01-pv nagios: SERVICE ALERT: lishadb13p on lisprod02g;GoldenGate Processes;OK;HARD;1;GoldenGate process OK on pwmsdb13
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20358]: Time difference in packet: 0 seconds for host lisdbms13p on lisprod04g
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20358]: SERVICE CHECK -> Host Name: 'lisdbms13p on lisprod04g', Service Description: 'GoldenGate Processes', Return Code: '0', Output: 'GoldenGate process OK on pseodb01'
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20358]: Attempting to write to nagios command pipe
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20358]: End of connection...
Dec 9 10:21:04 lisl-ngos-01-pv nagios: SERVICE ALERT: lisdbms13p on lisprod04g;GoldenGate Processes;OK;HARD;1;GoldenGate process OK on pseodb01
Dec 9 10:21:04 lisl-ngos-01-pv xinetd[4608]: EXIT: nsca status=0 pid=20358 duration=1(sec)
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20360]: Time difference in packet: 0 seconds for host lisdbqy13p on lisprod04g
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20360]: SERVICE CHECK -> Host Name: 'lisdbqy13p on lisprod04g', Service Description: 'GoldenGate Processes', Return Code: '0', Output: 'GoldenGate process OK on pwmsgg13'
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20360]: Attempting to write to nagios command pipe
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20360]: End of connection...
Dec 9 10:21:04 lisl-ngos-01-pv nagios: SERVICE ALERT: lisdbqy13p on lisprod04g;GoldenGate Processes;OK;HARD;1;GoldenGate process OK on pwmsgg13
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20361]: Time difference in packet: 0 seconds for host lisdbms14p on lisprod04g
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20361]: SERVICE CHECK -> Host Name: 'lisdbms14p on lisprod04g', Service Description: 'GoldenGate Processes', Return Code: '0', Output: 'GoldenGate process OK on pseogg01'
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20361]: Attempting to write to nagios command pipe
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20361]: End of connection...
Dec 9 10:21:04 lisl-ngos-01-pv xinetd[4608]: EXIT: nsca status=0 pid=20360 duration=1(sec)
Dec 9 10:21:04 lisl-ngos-01-pv nagios: SERVICE ALERT: lisdbms14p on lisprod04g;GoldenGate Processes;OK;HARD;1;GoldenGate process OK on pseogg01
Dec 9 10:21:04 lisl-ngos-01-pv xinetd[4608]: EXIT: nsca status=0 pid=20361 duration=1(sec)
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20362]: Time difference in packet: 0 seconds for host lisaerp01p on lisprod02g
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20362]: SERVICE CHECK -> Host Name: 'lisaerp01p on lisprod02g', Service Description: 'GoldenGate Processes', Return Code: '0', Output: 'GoldenGate process OK on perpdb01'
Dec 9 10:21:04 lisl-ngos-01-pv nsca[20362]: Attempting to write to nagios command pipe
And when I run that other command it just gives the PID and says it's running.
Do you have another information you can give on the data being sent from nsca? I can try to replicate it exactly here, but I would need detailed info from that end to do so.
Otherwise we're probably going to need to move this to a remote. Having the nsca data first would be good either way.
There is most likely a binary on those systems called send_nsca. This is most likely called directly or indirectly by cron or some other long running daemon to send the data in 15 minute intervals. It's probably being passed in some data, that's what I'd like to get.
These are all the commands that my Unix admin sent from the host: First one was run as Oracle user, second one root user, and third was the Nagios user.
lisdbms13p$ echo "NSCA IS WORKING" | /opt/csw/libexec/nagios-plugins/send_nsca -H 10.245.128.172 -p 5667 -d ";" -c /vendor/nagios/etc/opt/csw/send_nsca.cfg
0 data packet(s) sent to host successfully.
</vendor/nagios>
Not sure what to make of that. I also tried turning freshness checking off completely to try and rule that out and I'm still having the same issue, just without my freshness script coming into play. The output of the check is "OK: No data received" until randomly it changes to "OK: [expected output]" for a bout a minute or less before going back to "OK: No data received".
