RHEL 8 Nagios XI 5.8.7 Fresh install
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
PM sent with the latest profile.
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Hello @hbouma
Let's optimize the php-fpm service, edit this file:
Change this specific part (around line 46):
Add this:
So it looks like this:
Then edit this file:
Set:
Then restart apache/php-fpm:
Let us know how things look,
Perry
Let's optimize the php-fpm service, edit this file:
Code: Select all
/etc/httpd/conf.d/php.confCode: Select all
<IfModule !mod_php5.c>
<IfModule !mod_php7.c>
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
</IfModule>
Code: Select all
Timeout 600
RequestReadTimeout header=600,minrate=50
RequestReadTimeout body=600,minrate=50
<Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
ProxySet timeout=600
</Proxy>Code: Select all
<IfModule !mod_php5.c>
<IfModule !mod_php7.c>
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
Timeout 600
RequestReadTimeout header=600,minrate=50
RequestReadTimeout body=600,minrate=50
<Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
ProxySet timeout=600
</Proxy>
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
</IfModule>Code: Select all
/etc/php-fpm.d/www.confCode: Select all
pm.max_requests = 50Code: Select all
systemctl restart httpd php-fpmPerry
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
I made the changes requested, but I found a few more things that don't seem to be setup properly.
The following commands have no command lines:
check_xi_check_postgres
check_xi_check_postgres_query
check_xi_service_rrdtraf
The host group "windows-servers" didn't seem to get created properly.
I am not sure what else may not have been installed properly, but I am wondering how I can go through and verify that everything installed properly? Or is there a way to force a full reinstall of Nagios XI?
The following commands have no command lines:
check_xi_check_postgres
check_xi_check_postgres_query
check_xi_service_rrdtraf
The host group "windows-servers" didn't seem to get created properly.
I am not sure what else may not have been installed properly, but I am wondering how I can go through and verify that everything installed properly? Or is there a way to force a full reinstall of Nagios XI?
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Hello @hbouma
I see that this was a fresh install, were the checks keyed in or did you bring those over? If you brought it over please let us know what method used.
Let's have you reindex
Verify that the host and services look good and verify that there are no errors in core by:
Let us know how things are looking,
Perry
I see that this was a fresh install, were the checks keyed in or did you bring those over? If you brought it over please let us know what method used.
Let's have you reindex
- Reindex the Core Configuration Manager (CCM) configs [list]
- rm -rf /usr/local/nagios/etc/import/*
- 1: Head over to the Nagios XI web console
==> Core Configuration Manager (CCM)
==> Config File Management
==> [Delete Files]
==> [Write Files]
==> [Verify Files] - 2: Core Configuration Manager (CCM)
==> Under Quick Tools
==> "Apply Configuration" - 3: Restart nagios.service by terminal command: systemctl restart nagios [list]
Code: Select all
systemctl restart nagios
Verify that the host and services look good and verify that there are no errors in core by:
Code: Select all
/usr/local/nagios/bin/nagios -vvv /usr/local/nagios/etc/nagios.cfg
Code: Select all
less /usr/local/nagios/var/nagios.log | grep -Ei 'warning: service|warning return' | awk -F "] " '{print $2}' | sort -u
Let us know how things are looking,
Perry
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
We have not yet brought anything over. We had performed the following work:
Install Nagios XI
Offload the DB to a separate server: https://assets.nagios.com/downloads/nag ... Server.pdf
Change default passwords: https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Setup SSL communication: https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Then we started working through some of the checks recommended in the Best Practices guide https://library.nagios.com/library/prod ... practices/
When we tried applying some of the checks from the best practices, we noticed that some commands had no command line defined and opened the post.
We deleted the files in the import folder, deleted the config files, wrote the config files, verified the config files and restarted nagios.
The only errors I see in the logs are that some checks do not have a default contact, which we are aware of and will fix after we verify everything is working.
The only errors I see in the logs are that some checks do not have a default contact, which we are aware of and will fix after we verify everything is working.
We do still see issues were some of the checks do not have any defined command lines after making these changes, which makes us worry about what else may be broken that we just don't see.
Install Nagios XI
Offload the DB to a separate server: https://assets.nagios.com/downloads/nag ... Server.pdf
Change default passwords: https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Setup SSL communication: https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Then we started working through some of the checks recommended in the Best Practices guide https://library.nagios.com/library/prod ... practices/
When we tried applying some of the checks from the best practices, we noticed that some commands had no command line defined and opened the post.
We deleted the files in the import folder, deleted the config files, wrote the config files, verified the config files and restarted nagios.
Code: Select all
/usr/local/nagios/bin/nagios -vvv /usr/local/nagios/etc/nagios.cfgCode: Select all
less /usr/local/nagios/var/nagios.log | grep -Ei 'warning: service|warning return' | awk -F "] " '{print $2}' | sort -uWe do still see issues were some of the checks do not have any defined command lines after making these changes, which makes us worry about what else may be broken that we just don't see.
You do not have the required permissions to view the files attached to this post.
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Make sure that you do this on the offloaded DB:
It may be related.
Do you have the full install.log so we can see everything that occurred?
Code: Select all
https://support.nagios.com/kb/article/nagios-xi-strict_trans_tables-780.htmlDo you have the full install.log so we can see everything that occurred?
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Interesting, I have never seen that before. I have implemented the changes.ssax wrote:Make sure that you do this on the offloaded DB:
It may be related.Code: Select all
https://support.nagios.com/kb/article/nagios-xi-strict_trans_tables-780.html
I will PM you the install.log and upgrade.log files from where I did the install, and tried forcing an upgrade to make the settings populate (didn't work).
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Those commands don't have any command_line on mine either (fresh install), but they are also disabled so they shouldn't impact anything.
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
At the top of the offloaded DB doc on page 2 that STRICT_TRANS_TABLES change is linked:
https://assets.nagios.com/downloads/nag ... Server.pdfNagios XI requires the STRICT_TRANS_TABLES to be disabled. Please see the Nagios XI -
STRICT_TRANS_TABLES article for more information.
Re: RHEL 8 Nagios XI 5.8.7 Fresh install
Hello @hbouma
Talking with @ssax we were looking at the nagios log errors with code 4 and see that that represents; "EXIT_NOPERMISSION The user has insufficient privileges".
Want to have you take a look at your '/etc/sudoers' and make sure that these lines are appended:
If we continue to see permissions issues then we suspect that there is some "security-related hardening" going on.
Thanks,
Perry
Talking with @ssax we were looking at the nagios log errors with code 4 and see that that represents; "EXIT_NOPERMISSION The user has insufficient privileges".
Want to have you take a look at your '/etc/sudoers' and make sure that these lines are appended:
Code: Select all
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
Thanks,
Perry