2nd nrdp/nagios server not able to change web page status

[nagmoto]

I googled and look at your knowlege db article regarding nrdp keyword and struggle for some time hope you give me a pointer where I did wrong on 2nd nrdp server's setup.

I have two nagios server(nagios01 and nagios03) each running on centos 7.4.
nagios01 is primary active and nagios03 secondary active but with notification disabled.
nagios01 is running nagios 4.1.1 rpm I packaged while nagios03 is running rpm package directly from Fedora repository.
The configuration paths in nagios.cfg is different between 4.1.1 and 4.3.2.

nagios01 have nrdp 1.4.0 configured correctly and passing send_nrdp.sh check and it is receiving forwarded status/alert from another nagios 3 server(nagios05) running on ubuntu 16.04.

My problem:

I like to have nagios03 receive nagios05's forwarded alert/status correctly. But my problem is that I can run send_nrdp.sh to send a test message with 2(red) status, meaning login from client to nrdp server is ok. but the nagios03 web page won't turn red like nagios01 does.

following command was able to trigger a red alert on nagios01 but not nagios03

Code: Select all

[me@nagios03 ~]$ /usr/local/bin/send_nrdp.sh -u https://nagios03.test.com/nrdp -t nagios_secure_token -H esxi05r.test.com  -S 2 -s check_dummy  -U nrdp:password+1234
Sent 1 checks to https://nagios03.test.com/nrdp
[me@nagios03 ~]$

nagios01 and nagios03's nrdp config information

nagios01:/usr/local/nrdp/server/config.inc.php config information

Code: Select all

[me@nagios01 ]$ egrep -v "^#|^$|^//|^?>|\);|^\?>|^\>"  /usr/local/nrdp/server/config.inc.php
<?php
$cfg['authorized_tokens'] = array(
    "mysecrettoken",  // <-- not a good token
    "nagios_secure_token",   

$cfg["require_https"] = false;
$cfg["require_basic_auth"] = false;
$cfg["valid_basic_auth_users"] = array(
    "nrdpuser"

$cfg["nagios_command_group"] = "nagios";
$cfg["command_file"] = "/var/nagios/rw/nagios.cmd";
$cfg["check_results_dir"] = "/var/nagios/spool/checkresults";
$cfg["disable_external_commands"] = false;
$cfg["allow_old_results"] = false;
$cfg["tmp_dir"]="/var/nagios/tmp";
$cfg['product_name'] = 'nrdp';
$cfg['product_version'] = '1.4.0'
[me@nagios01 ]$

nagios01: important directories paths permission

Code: Select all

[me@va32lnagios01 ~]$ sudo ls -ld /var/nagios/rw/nagios.cmd;sudo ls -ld /var/nagios/rw;sudo ls -ld /var/nagios
prw-rw---- 1 nagios nagios 0 Dec  2 18:25 /var/nagios/rw/nagios.cmd
drwxr-xr-x 2 nagios apache 4096 Dec  2 13:05 /var/nagios/rw
drwxr-xr-x 6 nagios nagios 4096 Dec  2 22:32 /var/nagios
[me@lnagios01 ~]$
[me@nagios01 ~]$ ls -ld /var/nagios/tmp
drwxrwxr-x 2 root nagios 4096 Jul 11 10:22 /var/nagios/tmp
[me@nagios01 ~]$ ls -ld /var/nagios/spool/checkresults
drwxrwxr-x 2 nagios nagios 4096 Dec  2 22:41 /var/nagios/spool/checkresults
[me@nagios01 ~]$ ls -ld /var/nagios/spool
drwxr-xr-x 3 nagios nagios 4096 May 25  2016 /var/nagios/spool
[me@nagios01 ~]$ ls -ld /var/nagios
drwxr-xr-x 6 nagios nagios 4096 Dec  2 22:41 /var/nagios
[me@nagios01 ~]$

nagios03:/usr/local/nrdp/server/config.inc.php config information

Code: Select all

[me@nagios03 ~]$ egrep -v "^#|^$|^//|^?>|\);|^\?>|^\>"  /usr/local/nrdp/server/config.inc.php
<?php
$cfg['authorized_tokens'] = array(
    //"mysecrettoken",  // <-- not a good token
    "nagios_secure_token",  
$cfg["require_https"] = false;
$cfg["require_basic_auth"] = false;
$cfg["valid_basic_auth_users"] = array(
    "nrdpuser"

$cfg["nagios_command_group"] = "nagios";
$cfg["command_file"] = "/var/spool/nagios/cmd/nagios.cmd";
$cfg["check_results_dir"] = "/var/nagios/spool/checkresults";
$cfg["disable_external_commands"] = false;
$cfg["allow_old_results"] = false;
$cfg["tmp_dir"]="/var/nagios/tmp";
$cfg['product_name'] = 'nrdp';
$cfg['product_version'] = '1.4.0'
[me@nagios03 ~]$

nagios03: important directories paths permission

Code: Select all

[me@nagios03 ~]$ sudo ls -ld /var/spool/nagios/cmd/nagios.cmd
prw-rw---- 1 nagios nagios 0 Dec  2 20:01 /var/spool/nagios/cmd/nagios.cmd
[me@nagios03 ~]$ sudo ls -ld /var/spool/nagios/cmd
drwxr-xr-x 2 nagios nagios 4096 Dec  2 20:01 /var/spool/nagios/cmd
[me@nagios03 ~]$ sudo ls -ld /var/spool/nagios
drwxr-xr-x 4 nagios nagios 4096 Dec  2 22:21 /var/spool/nagios
[me@nagios03 ~]$ sudo ls -ld /var/spool
drwxr-xr-x. 11 root root 4096 Nov  5  2016 /var/spool
[me@nagios03 ~]$

[me@nagios03 ~]$  ls -ld /var/nagios/tmp;ls -ld /var/nagios/spool/checkresults;ls -ld /var/nagios/spool;ls -ld /var/nagios
drwxrwxr-x 2 root nagios 4096 Jul 10 11:38 /var/nagios/tmp
drwxrwxr-x 2 nagios nagios 2154496 Dec  2 22:44 /var/nagios/spool/checkresults
drwxr-xr-x 3 root root 4096 Dec  2 09:18 /var/nagios/spool
drwxr-xr-x 4 nagios nagios 4096 Dec  2 20:01 /var/nagios
[me@nagios03 ~]$

Q1: Is there a log/debug message on nrdp/nagios server side I can see nrdp server side activity ?

[kyang]

/usr/local/bin/send_nrdp.sh -u https://nagios03.test.com/nrdp -t nagios_secure_token -H esxi05r.test.com -S 2 -s check_dummy -U nrdp:password+1234

I don't see an option for -U? Is that something you added?

Code: Select all

Usage: send_nrdp.sh -u URL -t token [options]

Usage: send_nrdp.sh -h display help


This script is used to send NRPD data to a Nagios server

Required:
    -u,    URL of NRDP server.  Usually http://<IP_ADDRESS>/nrdp/
    -t,    Shared token.  Must be the same token set in NRDP Server

Options:
    Single Check:
        -H    host name
        -s    service name
        -S    State
        -o     output

    STDIN:
        [-d    delimiter] (default -d "\t")

If the NRDP check sent 1 test check, it should be logged in --> /var/log/messages

Here's my example when I use send_nrdp.sh

Code: Select all

/usr/local/nrdp/clients/send_nrdp.sh -u http://192.168.4.125/nrdp/ -t WXsWrqTQjl65 -H localhost -S 2 -s check_http123
Sent 1 checks to http://192.168.4.125/nrdp/

In var/log/messages, I see this.

Code: Select all

Dec  4 09:53:58 localhost nagios: Error: Got host checkresult for 'somehost', but no such host can be found

Let us know if you are able to see the check in the logs.

[nagmoto]

Hi Kyang

Thanks for working on my case.

>I don't see an option for -U? Is that something you added?
Yes.
I added -U since my nagios server has access limitation with ldap server and local group/user from htpasswd.users and htgroup.users two files.
nrdp user is local user reside in both ht files.

Code: Select all

[me@nagios03 nagios]$ grep nrdp ht*
htgroup.users:localgroup: winadm nagiosadmin nrdp
htpasswd.users:nrdp:$apr1$xxxxxyji1
[me@nagios03 nagios]$

localgroup is defined in /etc/httpd/conf.d/nagios.conf also

Code: Select all

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"

<Directory "/usr/lib64/nagios/cgi-bin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
         <IfModule mod_auth_basic.c>
         AuthBasicProvider file ldap
         </IfModule>
         AuthUserFile /etc/nagios/htpasswd.users
         AuthGroupFile /etc/nagios/htgroup.users
         AuthType Basic
         AuthLDAPURL ldaps://ds.test.com:636/xxxx,dc=test,dc=com?xxxguid?sub?(objectClass=*)
         AuthName "Passoword Authentication using LDAPS(ds.test.com)"
         Require group localgroup admin ....xxxx
      </RequireAll>
   </IfVersion>

</Directory>

Alias /nagios "/usr/share/nagios/html"

<Directory "/usr/share/nagios/html">
#  SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
         <IfModule mod_auth_basic.c>
         AuthBasicProvider file ldap
         </IfModule>
         AuthUserFile /etc/nagios/htpasswd.users
         AuthGroupFile /etc/nagios/htgroup.users
         AuthType Basic
         AuthLDAPURL ldaps://ds.test.com:636/ou=xxxdc=test,dc=com?xxxguid?sub?(objectClass=*)
         AuthName "Passoword Authentication using LDAPS(ds.test.com)"
<snipped>                                                                

I am interested to make my nagios03 using supported nrdp server/client version.
Following quick tests using stock version of send_ndrp.sh and my customized one to work with my nagios servers.
I don't see the nrdp traffic log in /var/adm/messages at all.

Code: Select all

[me@nagios03 clients]$ ./send_nrdp.sh -u https://nagios03/nrdp -t nagios_secure_token -H localhost -S 2 -s check_http123 -U nrdp:pass+1234
./send_nrdp.sh: illegal option -- U
ERROR: could not connect to NRDP server at https://ilclnagios03/nrdp
[me@nagios03 clients]$ ./send_nrdp.sh -u https://nagios03/nrdp -t nagios_secure_token -H localhost -S 2 -s check_http123
ERROR: could not connect to NRDP server at https://nagios03/nrdp

[me@nagios03 clients]$ /usr/local/bin/send_nrdp.sh -u https://nagios03/nrdp -t nagios_secure_token -H localhost -S 2 -s check_http123 -U nrdp:pass+1234
Sent 1 checks to https://nagios03/nrdp
[me@inagios03 clients]$

following is the diff for sen_nrdp.sh and my customized one.

Code: Select all

[me@nagios03 clients]$ diff -ru   ./send_nrdp.sh   /usr/local/bin/send_nrdp.sh
--- ./send_nrdp.sh      2017-12-04 11:19:38.177067090 -0500
+++ /usr/local/bin/send_nrdp.sh 2017-07-11 11:50:52.684952937 -0400
@@ -1,23 +1,16 @@
 #!/bin/bash
 #
-# check_nrdp.sh
-#
-# Copyright (c) 2010-2017 - Nagios Enterprises, LLC.
+# Copyright (c) 2010-2012 Nagios Enterprises, LLC.
 # Written by: Scott Wilkerson (nagios@nagios.org)
 #
-# 2017-09-25 Troy Lea aka BOX293
-#  - Fixed script not working with arguments when run as a cron job
-#    or if being used as a nagios command like obsessive compulsive.
-#     ... "if [ ! -t 0 ]" was the reason why.
-
+###########################

 PROGNAME=$(basename $0)
-RELEASE="Revision 0.6"
+RELEASE="Revision 0.3"

 print_release() {
     echo "$RELEASE"
 }
-
 print_usage() {
     echo ""
     echo "$PROGNAME $RELEASE - Send NRPD script for Nagios"
@@ -42,7 +35,9 @@
         echo "        -H    host name"
         echo "        -s    service name"
         echo "        -S    State"
-        echo "        -o     output"
+        echo "        -o    output"
+        echo "        -i    ignore certificate"
+        echo "        -U    user and password for protected nrdp web page"
         echo ""
         echo "    STDIN:"
         echo "        [-d    delimiter] (default -d \"\\t\")"
@@ -85,28 +80,26 @@
         echo "        will create temp files here if the server could not be reached."
         echo "        On additional calls with the same -D path, if a connection to"
         echo "        the server is successful, all temp files will be sent."
+        echo "./send_nrdp.sh -u https://nagios.test.com/nrdp  -t nagios_secret_token -H hostame -S 0 -s check_dummy2 -i -U account:password"
+        echo "./send_nrdp.sh -u https://nagios.test.com/nrdp  -t nagios_secret_token -H hostame -S 3 -s check_dummy2 -i -U account:password"
         exit 0
 }

 send_data() {
-    pdata="token=$token&cmd=submitcheck"
-    if [ ! "x$curl" == "x" ];then
-
-        if [ $file ]; then
-            fdata="--data-urlencode XMLDATA@$file"
-            rslt=`curl -f --silent --insecure -d "$pdata" $fdata "$url/"`
-        else
-            pdata="$pdata&XMLDATA=$1"
-            rslt=`curl -f --silent --insecure -d "$pdata" "$url/"`
-        fi
-
+    pdata="token=$token&cmd=submitcheck&XMLDATA=$1"
+    if [ $curl ];then
+        if [ $ignore_cert==true ]; then
+            ignore_cert="-k"
+        fi
+        if [ $ignore_cert==true ]; then
+            ignore_user_password="$ignore_cert --user $user_passwd"
+        fi
+        rslt=`curl $ignore_user_password -f --silent -d "$pdata" "$url/"`
         ret=$?
     else
-        pdata="$pdata&XMLDATA=$1"
         rslt=`wget -q -O - --post-data="$pdata" "$url/"`
         ret=$?
     fi
-
     status=`echo $rslt | sed -n 's|.*<status>\(.*\)</status>.*|\1|p'`
     message=`echo $rslt | sed -n 's|.*<message>\(.*\)</message>.*|\1|p'`
     if [ $ret != 0 ];then
@@ -141,7 +134,6 @@
     if [ $2 ] && [ "$status" == "0" ];then
         rm -f "$2"
     fi
-
     # If we weren't successful error
     if [ $ret != 0 ];then
         echo "exited with error "$ret
@@ -151,7 +143,7 @@

 # Parse parameters

-while getopts "u:t:H:s:S:o:f:d:c:D:hv" option
+while getopts "u:t:H:s:S:o:f:U:d:c:D:hvi" option
 do
   case $option in
     u) url=$OPTARG ;;
@@ -161,6 +153,8 @@
     S) State=$OPTARG ;;
     o) output=$OPTARG ;;
     f) file=$OPTARG ;;
+    i) ignore_cert=true ;;
+    U) user_passwd=$OPTARG ;;
     d) delim=$OPTARG ;;
     c) checktype=$OPTARG ;;
     D) directory=$OPTARG ;;
@@ -179,27 +173,27 @@

 if [ "x$url" == "x" -o "x$token" == "x" ]
 then
-  echo "Usage: send_nrdp -u url -t token"
+  echo "Usage: $0 -u url -t token"
+  echo "$0 -u https://nagios.test.com/nrdp  -t secret_token -H hostame -S 0 -s check_dummy2 -i -U account:password"
+  echo "$0 -u https://nagios.test.com/nrdp  -t secret_token -H hostame -S 3 -s check_dummy2 -i -U account:password"
+  echo "Reference: https://github.com/NagiosEnterprises/nrdp"
   exit 1
 fi
 # detecting curl
-if [[ `which curl` =~ "/curl" ]]
+if which curl > /dev/null;
  then curl=1;
 fi
 # detecting wget if we don't have curl
-if [[ `which wget` =~ "/wget" ]]
-then
-    wget=1;
+if [ ! $curl ] && [ which wget > /dev/null ];
+  then wget=1;
 fi

 if [[ ! $curl && ! $wget ]];
 then
-  echo "Either curl or wget are required to run $PROGNAME"
+  echo "Either curl or wget are required to run this script"
   exit 1
 fi
-
 checkcount=0
-
 if [ $host ]; then
     xml=""
     # we are not getting piped results
@@ -208,23 +202,20 @@
         exit 2
     fi
     if [ "$service" != "" ]; then
-        xml="$xml<checkresult type='service' checktype='$checktype'><servicename>$service</servicename>"
+        xml=$xml"<checkresult type='service' checktype='"$checktype"'>"
+        xml=$xml"<servicename>"$service"</servicename>"
     else
-        xml="$xml<checkresult type='host' checktype='$checktype'>"
+        xml=$xml"<checkresult type='host' checktype='"$checktype"'>"
     fi
-
-    # urlencode XML special chars
-    output=${output//&/%26}
-    output=${output//</%3C}
-    output=${output//>/%3E}
-
-    xml="$xml<hostname>$host</hostname><state>$State</state><output><![CDATA["$output"]]></output></checkresult>"
+    xml=$xml"<hostname>"$host"</hostname>"
+    xml=$xml"<state>"$State"</state>"
+    xml=$xml"<output>"$output"</output>"
+    xml=$xml"</checkresult>"
     checkcount=1
 fi
-
- # If only url and token have been provided then it is assumed that data is being piped
+# Detect STDIN
 ########################
-if [[ ! $host && ! $State && ! $file && ! $directory ]]; then
+if [ ! -t 0 ]; then
     xml=""
     # we know we are being piped results
     IFS=$delim
@@ -236,44 +227,45 @@
                 echo "ERROR: STDIN must be either 3 or 4 fields long, I found "${#arr[@]}
             else
                 if [ ${#arr[@]} == 4 ]; then
-                    xml="$xml<checkresult type='service' checktype='$checktype'>
-                    <servicename>${arr[1]}</servicename>
-                    <hostname>${arr[0]}</hostname>
-                    <state>${arr[2]}</state>
-                    <output>${arr[3]}</output>"
+                    xml=$xml"<checkresult type='service' checktype='"$checktype"'>"
+                    xml=$xml"<servicename>"${arr[1]}"</servicename>"
+                    xml=$xml"<hostname>"${arr[0]}"</hostname>"
+                    xml=$xml"<state>"${arr[2]}"</state>"
+                    xml=$xml"<output>"${arr[3]}"</output>"
                 else
-                    xml="$xml<checkresult type='host' checktype='$checktype'>
-                    <hostname>${arr[0]}</hostname>
-                    <state>${arr[1]}</state>
-                    <output>${arr[2]}</output>"
+                    xml=$xml"<checkresult type='host' checktype='"$checktype"'>"
+                    xml=$xml"<hostname>"${arr[0]}"</hostname>"
+                    xml=$xml"<state>"${arr[1]}"</state>"
+                    xml=$xml"<output>"${arr[2]}"</output>"
                 fi

-                xml="$xml</checkresult>"
+                xml=$xml"</checkresult>"
                 checkcount=$[checkcount+1]
             fi
         fi
     done
     IFS=" "
 fi
-
-if [ $file ]; then
+if [ $host ] || [ ! -t 0 ] ;then
+    xml="<?xml version='1.0'?><checkresults>"$xml"</checkresults>"
+    send_data "$xml"
+    echo "Sent $checkcount checks to $url"
+fi
+if [ $file ];then
     xml=`cat $file`
     send_data "$xml"
 fi
-
-if [ $directory ]; then
+if [ $directory ];then
     #echo "Processing directory..."
     for f in `ls $directory`
     do
       #echo "Processing $f file..."
       # take action on each file. $f store current file name
       xml=`cat $directory/$f`
+      #echo $xml
       send_data "$xml" "$directory/$f"
     done
+
 fi

-if [ "x$file" == "x" ] && [ "x$directory" == "x" ]; then
-    xml="<?xml version='1.0'?><checkresults>$xml</checkresults>"
-    send_data "$xml"
-    echo "Sent $checkcount checks to $url"
-fi
+
[me@nagios03 clients]$

Masking out my private information from logs above is taking much time for me, can we have private communication to resolve my issue ?

[kyang]

You certainly could send us a ticket for email support.

Please email customersupport@nagios.com with this link to the ticket.

https://support.nagios.com/kb/article/c ... r-769.html