Multiple Nagios'

[bulawayobob]

Hi, we have been using Nagios core for a couple years now and monitor around 700 hosts and 8200 services.

We are looking at moving to Nagios XI in the next few months, I am about to start a trial of XI and see how it fits.

I have a question about a recent request put to me by management.

We operate a corporate LAN and a DMZ. Our existing Nagios server resides in the corporate LAN and does its checks against
all servers in both LAN and DMZ.

I have now been asked if its possible to have a second Nagios in the DMZ for the purpose of providing a vendor a means to
access the Nagios monitoring in the DMZ. The intention of this DMZ based server is to:
- restrict the vendor to viewing hosts and service within their concern
- not permit the vendor access to the corporate LAN

Due to our fw policies, the DMZ based Nagios cannot poll corp LAN based services and so the expectation is to somehow
channel any host and services state information relevant to the external vendor, to the DMZ based Nagios server.

How is this possible?

[tonyyarusso]

If you were willing to have a firewall rule that allowed the vendor access just to the Nagios box within the LAN, you could take care of the viewing limitations with built in functionality - see the document on Multi-Tenancy for this.

If you do need to have a second machine, there are a few ways of doing it. One is to use passive service checks to forward information up, which works, but is rather complicated to set up. You'll find an overview of some related topics on http://library.nagios.com/library/speci ... monitoring, although you'll want to really think about what you require and why your policies need to be that way before continuing.