Page 2 of 2
Re: Monitor DMZ server
Posted: Fri Oct 21, 2011 8:13 am
by tgfde
Yes, I am going to be using check_nt checks.
Thank you for your response.
Re: Monitor DMZ server
Posted: Thu Dec 08, 2011 11:09 am
by tgfde
Hi nscott,
The following ports were opened but receiving "could not fetch informnation from server". With this message, I'm guessing the agent can't send its results back to the Nagios server?
So we ran a capture and we found that the agent is trying to talk to the Nagios server via http, which we did not open. I though the agent and Nagios talks on port 5666 when Nagios initiates the check and the agent send its result back to port 5666 also.
Is the port 80 (agent is using to talk to Nagios) a configuration within the agent that needs to be changed if we want it to use port 5666?
Thanks.
Re: Monitor DMZ server
Posted: Thu Dec 08, 2011 2:26 pm
by lmiltchev
Closing port 80 shouldn't be a problem. All communication between the Nagios server and the client should go through port 5666. There may be another issue - different versions of NRPE on the monitoring server & client, ssl, use of various traffic management software, etc.
Are you running any http checks commands, such as "check-host-alive-http"?
Re: Monitor DMZ server
Posted: Thu Dec 08, 2011 2:53 pm
by tgfde
I use webinject with NRPE to check websites.
Below is a parameter on the agent:
;# NAGIOS SERVER PORT
; The port to the nagios server to submit results to.
;nsca_port=5667
If I uncomment this out, would it use this port instead of port 80 to send its result?
Thanks,
Frederick
Re: Monitor DMZ server
Posted: Thu Dec 08, 2011 3:58 pm
by lmiltchev
tgfde,
Before you make any changes in config files, can you post the actual check commands that you run on the Nagios server and on the client from the command line? It is not very clear what you are trying to accomplish.
Re: Monitor DMZ server
Posted: Fri Dec 09, 2011 10:07 am
by tgfde
./check_nt -H $HOSTADDRESS$ -s "$ARG1$" -p 12489 -v CPULOAD -l 5,85,95 $ARG4$ - Ran from Nagios server
could not fetch information from server
I'm trying to monitor an agent in a DMZ (different VLAN with a firewall in between).
I have the following ports openned.
12489 on DMZ servers – Corpmon6 outbound to DMZ
5666 on DMZ servers – Corpmon6 outbound to DMZ
5667 on corpmon6 – DMZ outbound to Corpmon6
With these ports opened, I receive the follwing error:
could not fetch information from server
Re: Monitor DMZ server
Posted: Fri Dec 09, 2011 10:25 am
by mguthrie
Can you check the nsclient.log file on the windows machine and see if the information is getting to the agent at all?
Re: Monitor DMZ server
Posted: Mon Dec 12, 2011 10:05 am
by tgfde
Got it resolved.
I checked the agent log and notice that it was complaining about unathorized access for the Nagios server's IP Address, therefore I just added the ip address to the ini file it started working.
Thanks for the help.