IPtables check not returning data

[lce411]

Hi

I am new to the forum, as well as new to Nagios. I am trying to bring myself up to speed, but I can't seem to figure one thing out. I am having some problems getting iptables to return data to the Nagios server. I found a script posted to this exchange and created my own plugin, which looks like this:

Code: Select all

#!/bin/bash

IPT='sudo /sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'

STAT=0
OUTPUT=''
CHAINS=`$IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'`

for CHAIN in $CHAINS ; do
        if [ "$CHAIN" != 'FORWARD' ] && [ "$CHAIN" != 'OUTPUT' ] && [ `$EXPR substr $CHAIN 1 4` != "LOG_" ] ; then
                CNT=`expr $($IPT -L $CHAIN | $WC -l) '-' 1`
                if [ $CNT -eq 0 ] ; then
                        OUTPUT="<b>${OUTPUT}ERROR $CHAIN $CNT rules!</b><br>"
                        STAT=2
                else
                        OUTPUT="${OUTPUT}OK $CHAIN $CNT rules<br>"
                fi
        fi
done

echo $OUTPUT

exit $STAT

From there I added an entry to the nrpe.cfg file which looks like this: command[check_iptables]=/usr/lib64/nagios/plugins/check_iptables, When I run this command from the command-line, I get an appropriate response. When I check the Nagios GUI, the iptables command shows up as grenn/OK, but the status field says "CHECK_NRPE: No output returned from daemon".

Does anyone have any suggestions or insight into getting iptables to be monitored correctly?

[jsmurphy]

I reckon this is probably a permissions issue...

Log on to the remote server and su - nagios then run the script... I reckon it doesn't have permissions to execute one of the bins (I'm tipping iptables) do you have the nagios user in the sudoers file to allow it to sudo iptables without a password?

[lce411]

I reckon this is probably a permissions issue...

Log on to the remote server and su - nagios then run the script... I reckon it doesn't have permissions to execute one of the bins (I'm tipping iptables) do you have the nagios user in the sudoers file to allow it to sudo iptables without a password?

I have the following entry in my sudoers file: nagios ALL= NOPASSWD: /sbin/iptables

[agriffin]

Usually these problems are permission problems or NRPE problems. Do you have NRPE set up and working correctly with other plugins? Does your plugin work if it's run directly by Nagios rather than through NRPE?

[sebastiaopburnay]

Well, I'm risking confusing you instead of helping.

Bellow you can find a routine I've created to treat the output on a service_check I've developed in shell script

Code: Select all

#!/bin/bash

# ALERT and CRITICAL thresholds
WARNLEVEL=$1
CRITLEVEL=$2

# Standard Nagios/NRPE Return codes
#
UNKNOWN_STATE=3
CRITICAL_STATE=2
WARNING_STATE=1
OK_STATE=0

# initialization of return code
status=$OK_STATE

# Complete path for commands - Nagios can't establish the path for its own
BC=/usr/bin/bc
GREP=/bin/grep
AWK=/bin/awk
FREE=/usr/bin/free
TAIL=/usr/bin/tail
HEAD=/usr/bin/head

################
############# CODE CODE CODE
####


# The routine for determining and delivering output
if [ `echo "$Pt > $CRITLEVEL" |bc` -eq 1 ]
then echo "CRITICAL - Consumo Energia ${Pt}kW | 'Consumo_Energia [kW]'=${Pt}kW;${WARNLEVEL};${CRITLEVEL};9;14"
     exit ${CRITICAL_STATE}
elif [ `echo "$Pt > $WARNLEVEL" |bc` -eq 1 ]
then echo "WARNING - Consumo Energia ${Pt}kW | 'Consumo_Energia [kW]'=${Pt}kW;${WARNLEVEL};${CRITLEVEL};9;14"
     exit ${WARNING_STATE}
elif [ `echo "$Pt < $WARNLEVEL" |bc` -eq 1 ]
then echo "OK - Consumo Energia ${Pt}kW | 'Consumo_Energia [kW]'=${Pt}kW;${WARNLEVEL};${CRITLEVEL};9;14"
     exit ${OK_STATE}
else echo "Unable to determine Power Consumption."
     exit ${UNKNOWN_STATE}
fi
echo "Unable to determine Power Consumption."
exit ${UNKNOWN_STATE}

Well, I would advise you to use something like the one I'm using, chowning your script to Nagios and try again

Best regards,
sebastiaopburnay