Monitoring Ubuntu, Agent File

[A.Cormack]

It gets worse, I just installed the GUI on the server to make it easier for me to copy and paste etc. But thats messed it up and I can no longer log in.....

So looks like im going to have to do a fresh install and use this post a guide from the beginning to end. Hopefully what ever I've done wrong wont happen again.

Really sorry about this... Just wish we could get it working as im on a time limit.

---EDIT---

I'll keep a note of everything I did/typed/edited so I can paste it when done and hopefully you might be able to see where i've gone wrong.

[abrist]

Brilliant. Bash history to the rescue! No apologies necessary. It is my pleasure to help. Start fresh and make the decision on which method of install you are going to commit to using and stick to it. It will make support easier, and will make your life easier. For copying and pasting, may I suggest putty? It uses middle/right click for pasting, it is an ssh client so you can connect to your remote linux machine with it. It works in windows. If you have another linux box running X, you could just use xterm for the same ease of use. Just a thought.

[A.Cormack]

Thank you is necessary, a lot of people would have made a sarcastic comment and ignored me, so thank you.

I'll tell you a bit about what I'm doing might make everything easier to understand. So I'm a university student in Sheffield, United Kingdom and Nagios is part of my final year project before going to work for general electric (GE). My project is to evaluate the monitoring and alert capabilities of Nagios and the technical knowledge needed to use it for a group of small businesses in Sheffield who have limited technical experience. To do this I have set up a "sand box" network and will use Nagios to monitor the network while I stress test the devices in order to see if Nagios picks it up and how well it does it etc. My aim is to have a final recommendation on whether the local businesses should use Nagios to monitor their networks.

The sandbox network consists of routers, switches and windows servers (DHCP, Email etc). While setting Nagios to monitor these devices I have no problem and have found Nagios XI to be a dream to work with. But then I decided to make the test a bit more diverse and include a variation of devices, in this instance a Ubuntu server. Sadly, I have no experience with Linux so was going in blind (Hence the stupidity, I'm not that bad really lol).

So due to being a university student I have limited access to the network lab and have just been kicked out so I won't be able to commence the new set up till tomorrow. I'm not sure if you'll be about tomorrow due to it being Saturday and I only have access between 9am-5pm GMT. So I'll configure what I can and put what I've done then you can read it when ever if that's Ok?

I've used putty before and to be honest did not think of that, so I will aim to take that approach tomorrow.

My plan is to use the original "test" set up script that you put at the beginning of the thread, that way any error's/bug's I've come into I already have a resolution for. As you said my Nagios server should have been able to access the Ubuntu server by now. As I do each command I'll make a note of it and hopefully we can see what I've missed/done wrong.

Sorry for the long post and once again thanks for the help.

[A.Cormack]

Ok, so I've done it all but still no luck. Below is exactly what I did.

First of all I addressed the SSL problem you normally get when "./configure"

Code: Select all

sudo apt-get install libssl-dev
dpkg -L libssl-dev
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so

Then I started to follow your guide.

Code: Select all

cd /tmp
wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz 
tar vfxz nrpe-2.14.tar.gz

cd nrpe-2.14
sudo ./configure

sudo apt-get install make
sudo make

sudo useradd -U -M nagios

sudo make install

sudo mkdir /usr/local/nagios/etc
sudo cp sample-config/nrpe.cfg  /usr/local/nagios/etc

cd /tmp
wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.16/nagios-plugins-1.4.16.tar.gz 
tar vfxz nagios-plugins-1.14.16.tar.gz
cd nagios-plugins-1.14.16
sudo ./configure
sudo make
sudo make install

Then I proceeded to edit the nrpe.cfg file.

Code: Select all

cd /usr/local/nagios/etc
nano sudo nrpe.cfg

and I changed it to

Code: Select all

allowed_hosts=127.0.0.1,192.168.19.134
dont_blame_nrpe=1
debug=1

Then I did

Code: Select all

sudo apt-get install xinetd
sudo apt-get install nagios-nrpe-server

Then by doing this I realised I needed to edit the nrpe.cfg file again.

Code: Select all

cd /etc/nagios
sudo nano nrpe.cfg

allowed_hosts=127.0.0.1,192.168.19.134
dont_blame_nrpe=1
debug=1

Then I restarted NRPE as suggested

Code: Select all

cd /etc/init.d
sudo nrpe stop
sudo killall nrpe
sudo nrpe start
ps -aef |grep nrpe

I then went to my Nagios server and typed

Code: Select all

nmap 192.168.19.141 -p 5666
5666/nrpe closed nrpe

192.168.19.134 = Nagios Server
192.168.19.141 = Ubuntu Server

But Nagios said the port was closed, I then rebooted the Ubuntu server and repeated the port command and it now says its open.

The current status is Nagios saying

Code: Select all

Nagios Status: CHECK_NRPE: Error receiving data from daemon

My nrpe.cfg file from the "/etc/nagios" directory is below.

Code: Select all

nagiosadmin@ubuntu:/etc/nagios$ nano nrpe.cfg
  GNU nano 2.2.6                                                         File: nrpe.cfg

# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666



# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

#server_address=127.0.0.1



# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios



# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=127.0.0.1,192.168.19.134



# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1



# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password.  If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo



# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=1



# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.

command_timeout=60



# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.

connection_timeout=300
# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness

#allow_weak_random_seed=1



# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>



# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>



# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory.  Also note that you will have to modify the definitions below
# to match the argument format the plugins expect.  Remember, these are
# examples only!


# The following examples use hardcoded command arguments...

command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
# The following examples allow user-supplied arguments and can

# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'.  This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.

command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$

#
# local configuration:
#       if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg

#
# you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included
include_dir=/etc/nagios/nrpe.d/

-- EDIT --

Just an idea, is it because I've done most of the configuration via Sudo? rather than nagios? which means the server is unable to access whats needed?

Also I just looked at /var/log/syslog and the following log is there

Code: Select all

Connection from 192.168.19.134 port 64390
Host address is in allowed_hosts
andling the connection....
Errror: Could not complete SSL handshake. 1

[abrist]

Once again, you should only use one of the installation methods - my walkthrough is for installing nrpe from source, where the apt-get command installs nrpe from a package. We should still be able to get it working though. If you are using the package-based nrpe, and it installed with xinetd, then you have a different file to edit to allow access to the nrpe service:

edit /etc/xinetd.d/nrpe
Check to make sure the server and server_args directives are pointing to the right files. Next, you will have to add your nagios server to the "only_from" directive at the bottom of the file. Unlike the nrpe.cfg file, this directive is not comma separated , but space-delimited. It should look like:

Code: Select all

only_from = 127.0.0.1 x.x.x.x

Where x.x.x.x is the ip of the nagios server.

You can always try to do a basic version check of nrpe from the nagios server to test connectivity:

From the nagios server:

Code: Select all

cd /usr/local/nagios/libexec
./check_nrpe -H y.y.y.y

Where y.y.y.y is the ip of your remote host. You should see the nrpe version on the remote host reported.

[A.Cormack]

Ah sorry, I failed to understand that bit, I thought it was all part of the same process.

Regarding the xinetd.d, nrpe file. When originally going to the directory there was none. So I created the file using a template I found online (See below) and then restarted the xinetd serice. No luck

Code: Select all

{
 flags = REUSE
 socket_type = stream
 port = 5666
 wait = no
 user = nagios
 group = nagios
 server = /usr/local/nagios/bin/nrpe
 server_args = -c /usr/local/nagios/etc/nrpe.cfg –inetd
 log_on_failure += USERID
 disable = no
 only_from = 127.0.0.1 192.168.19.134
 }

When running the command on the Nagios server.

Code: Select all

./check_nrpe -H 192.168.19.141

I received the output

Code: Select all

NRPE v2.12

[abrist]

!!?!! That is a good sign, try running a check from the nagios server to the remote host. You will need to edit the right file though, as it looks like your xinetd config is now, once again referring to a different nrpe.cfg.

Code: Select all

server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg –inetd

/usr/local/nagios/etc/nrpe.cfg will be the file to edit. You should be able to restart nrpe now by restarting xinetd. Check this file for commands and run one of them from the nagios server.
On the nagios server:

Code: Select all

cd /usr/local/nagios/libexec
./check_nrpe -H x.x.x.x -c check_users

Where x.x.x.x is the remote host

[A.Cormack]

Ok so the following file already had the correct attributes so I edited nothing.

Code: Select all

/usr/local/nagios/etc/nrpe.cfg

allowed_hosts=127.0.0.1,192.168.19.134
dont_blame_nrpe=1
debug=1

I then restarted the services and no change.

Code: Select all

./check_nrpe -H 192.168.19.141 -c check_users

After running the following command on the Nagios server

Code: Select all

./check_nrpe -H 192.168.19.141 -c check_users

I got this output

Code: Select all

check_users: Warning threshold must be a positive integer
Usage:
check_users -w <users> -c <users> 

[abrist]

Alright, now we are getting somewhere. Looks like the check_users check has some improper formatting, either in nrpe.cfg, or in your nagios commands.cfg. Could you post the nrpe.cfg and corresponding check_users service command definition?

[scottwilkerson]

run the following from the Nagios server..

Code: Select all

./check_nrpe -H 192.168.19.141 -c check_users -w 3 -c 5