Passive Alerts With NSCA not working

npolovenko · Post by **npolovenko** » Wed Dec 27, 2017 3:35 pm

@cybergene, We might be able to get more information on this issue if you increase the loglevel verbosity:
In ncpa.cfg find the [passive] section and please chnage:

Code: Select all

loglevel = info

to

Code: Select all

loglevel = debug

Restart the service, give it 5 minutes and then check the var/log/ncpa_passive.log file.

Also, what version of python do you have installed on your ncpa client server?

cybergene · Post by **cybergene** » Thu Dec 28, 2017 7:37 am

See attached log file.

npolovenko · Post by **npolovenko** » Thu Dec 28, 2017 11:06 am

@cybergene, Seems like NRDP is working. Have you taken a look at /usr/local/nagios/var/nagios.log on the Nagios Server recently? If you still do not see new entries in the log file, or in your defined service checks, I'd test to see if the firewall causing problems. From your monitored server run the following:

Code: Select all

yum install telnet
telnet 54.165.9.118 80
and
54.165.9.118 443

Does this test says everything is ok, or do you see a message that connection was refused?

PS: when we get this to work don't forget to change the log level from debug back to info to avoid using too much of a disk space.

cybergene · Post by **cybergene** » Tue Jan 02, 2018 1:13 pm

Hi @ npolovenko

I'm getting:

Code: Select all

telnet: Unable to connect to remote host: Connection refused

on both ports.

I checked the inbound rules on Nagios Core in AWS, and I made it open for both ports and still.

npolovenko · Post by **npolovenko** » Wed Jan 03, 2018 1:26 pm

@cybergene, Can you post the full /usr/local/nagios/var/nagios.log file from the Nagios Server?

cybergene · Post by **cybergene** » Thu Jan 04, 2018 1:51 pm

Attached few logs files, let me know if you need more.

npolovenko · Post by **npolovenko** » Thu Jan 04, 2018 4:52 pm

@cybergene, Thank you for the log files. I've talked to my colleagues and was told that very often amazon aws server has it's own firewall restrictions. That means even though you enabled ports 80 and 443 on the VM, there could still be another layer of limitations. So if you can't:

Code: Select all

nmap 54.165.9.118 -p 80

or

Code: Select all

nmap 54.165.9.118 -p 443

Then I suggest contacting Amazon so they can direct you on how to open their firewall.

cybergene · Post by **cybergene** » Fri Jan 05, 2018 11:58 am

Hi @ npolovenko,

After some investigation heere are the results for Nmap.

nmap 54.165.9.118 -p 80

Code: Select all

Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-05 10:42 EST
Nmap scan report for NAGIOS (54.165.9.118)
Host is up (0.032s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

nmap 54.165.9.118 -p 443

Code: Select all

Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-05 10:42 EST
Nmap scan report for NAGIOS (54.165.9.118)
Host is up (0.032s latency).
PORT    STATE  SERVICE
443/tcp closed https

You might be right about the ports, although I have the SG rule open specifically for the remote server, it still shows 443 closed. I'm not sure if it is AWS or VmWare where the remote resides.

From what I undestand so far is that NCPA depends on port 80 and 443 to communicate with NRDP server? You didn't mention any other ports that they communicate over...

npolovenko · Post by **npolovenko** » Fri Jan 05, 2018 1:31 pm

@cybergene, Since you're using NCPA to send passive checks its only ports 80 and 443. If you used active checks the default port would've been 5693. But this shouldn't matter in our case.
Are you able to just open a web browser on the remote NCPA server and in the URL bar type in the nagios_ip/nrdp. Are you able to acess that page?

cybergene · Post by **cybergene** » Fri Jan 05, 2018 1:56 pm

Thanks for the clarification @npolovenko.

Yes, I can curl it and it seems to work curl http://54.165.9.118/nrdp/.

Code: Select all

<strong>Submit Nagios Command:</strong><br>
        <form action="" method="get">
        <input type="hidden" name="cmd" value="submitcmd">
        Token: <input type="text" name="token" value="" size="15"><br>
        Command: <input type="text" name="command" size="50" value="DISABLE_HOST_NOTIFICATIONS;somehost"><br>
        <input type="submit" name="btnSubmit" value="Submit Command">
        </form>

        <hr>

        <strong>Submit Check Data</strong><br>
        <form action="" method="post">
        <input type="hidden" name="cmd" value="submitcheck">
        Token: <input type="text" name="token" value="" size="15"><br>
        Check Data:<br>
<textarea cols="80" rows="15" name="XMLDATA">
<?xml version='1.0'?>
<checkresults>
        <checkresult type='host'>
                <hostname>somehost</hostname>
                <state>0</state>
                <output>Everything looks okay!|perfdata</output>
        </checkresult>
        <checkresult type='service'>
                <hostname>somehost</hostname>
                <servicename>someservice</servicename>
                <state>1</state>
                <output>WARNING: Danger Will Robinson!|perfdata</output>
        </checkresult>
</checkresults>
</textarea><br>
        <input type="submit" name="btnSubmit" value="Submit Check Data">
        </form>

Nagios Support Forum

Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working

Re: Passive Alerts With NSCA not working