How to find all NRDS clients reporting to the Nagios Server

yosh · Post by **yosh** » Thu Jul 19, 2018 9:03 pm

Background:

I have setup quite a few NRDS client machines. They all work well and everything was fine.
Recently someone has cloned one of those machines including its NRDP configs. I dont have any information regarding who has cloned the machine, whats its Domain name or IP, where it is running.

Now the problem is:
This new (cloned) machine is reporting to the Nagios Server with its origins host name and I can see those data in under the reconfigured Objects.

Eg:

Original server called "ABC" and reported to Nagios as "ABC"
The cloned server, lest say its "XYZ" also report as "ABC" to the Nagios NRDS server

I would like to know how can I find which host is actually reporting these data ?
Is there any way that I can find out its IP details ?

scottwilkerson · Post by **scottwilkerson** » Fri Jul 20, 2018 12:18 pm

The best I can think of is to look at the apache logs

Code: Select all

tail -f /var/log/httpd/access_log|grep nrdp|grep submitcheck|grep YOUR_HOST

The you should see the IP of the machines sending the results

yosh · Post by **yosh** » Sun Jul 22, 2018 8:28 pm

Thanks @scottwilkerson.

But there's no any matching records for "submitcheck" string in access.log

scottwilkerson · Post by **scottwilkerson** » Mon Jul 23, 2018 7:20 am

Then you may have to brint the tail commnad all the way back to this as they are being submitted as posts

Code: Select all

tail -f /var/log/httpd/access_log|grep nrdp

And then you would need to time when the command comes in (likely 5 minutes from the last time one was received)

yosh · Post by **yosh** » Mon Jul 23, 2018 8:26 pm

Thanks @scottwilkerson

I tried it as well. There I get only the public IPs of the incoming nrdp requests as my hosts are located overseas and reporting to the Nagios server hosted in a could. (Not a LAN environment)

I reckon it would be a nice to have feature to include the host details inside NRDP messages. Then we can find out which host & from where they are reporting in.

Thanks again for your kind help @scottwilkerson.

scottwilkerson · Post by **scottwilkerson** » Tue Jul 24, 2018 7:07 am

yosh wrote:I reckon it would be a nice to have feature to include the host details inside NRDP messages. Then we can find out which host & from where they are reporting in.

Ya, it does include the host that you specify when you run setup, but this doesn't help if someone copies a machine that already has the cron setup.

yosh · Post by **yosh** » Tue Jul 24, 2018 7:21 pm

You are right @scottwilkerson.

That is the absolute case that Im struggling with at the moment. If these messages can report the host IP then at least we can have an idea of in which site this host might be located in.

Since there's no any other way to find out this host info I hope we can close this thread now.

Thanks for your great help @scottwilkerson.

scottwilkerson · Post by **scottwilkerson** » Wed Jul 25, 2018 9:02 am

yosh wrote:You are right @scottwilkerson.

That is the absolute case that Im struggling with at the moment. If these messages can report the host IP then at least we can have an idea of in which site this host might be located in.

Since there's no any other way to find out this host info I hope we can close this thread now.

Thanks for your great help @scottwilkerson.

Closing

Nagios Support Forum

How to find all NRDS clients reporting to the Nagios Server

How to find all NRDS clients reporting to the Nagios Server

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser

Re: How to find all NRDS clients reporting to the Nagios Ser