Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NRDP

https://support.nagios.com/forum/viewtopic.php?t=3825

Page 2 of 2

Re: NRDP

Posted: Tue Oct 25, 2011 11:33 am
by mguthrie
I'll do some code hunting on this and let you know what I find.

Re: NRDP

Posted: Tue Oct 25, 2011 11:53 am
by mguthrie

Code: Select all

PHP Warning:  fsockopen(): unable to connect to central.**:80 (Connection timed out) in /usr/local/nrdp/clients/send_nrdp.php on line 368
It looks like port 80 is hard-coded intoline 368:

Code: Select all

$fp = fsockopen($url_parts['host'], 80, $errno, $errstr, 30);
Just out of curiosity, what happens if you change that to 443?

If that works, we'll update it so that the port is an input variable.

Re: NRDP

Posted: Wed Oct 26, 2011 11:28 am
by SDohmen
The result is the same if i use port 443.

Also i asked my co-worker what the problem could be and he solved it. The problem lies with the amount of conf files from the httpd service.

To solve the problem i made 1 conf file containing the following:

Code: Select all

<VirtualHost *:80>
        ServerName central.*.nl
        #ServerAlias *.nl
        ServerAdmin webmaster@*.nl

        RewriteEngine On
        RedirectPermanent / https://central.*.nl/
</VirtualHost>

<VirtualHost *:443>
        ServerName central.*.nl
        #ServerAlias *.nl
        ServerAdmin webmaster@*.nl

        SSLEngine On
        SSLCertificateFile /etc/httpd/conf.d/*.cer
        SSLCACertificateFile /etc/httpd/conf.d/*.cer
        SSLCertificateKeyFile /etc/httpd/conf.d/*.key

        DocumentRoot /var/www/html
        <Directory /var/www/html/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

	<Directory "/usr/local/nagios/sbin">
	#  SSLRequireSSL
	   Options ExecCGI
	   AllowOverride None
	   Order allow,deny
	   Allow from all
	#  Order deny,allow
	#  Deny from all
	#  Allow from 127.0.0.1
	   AuthName "Nagios Core"
	   AuthType Basic
	   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
	   Require valid-user
	</Directory>

	<Directory "/usr/local/nagios/share">
	#  SSLRequireSSL
	   Options None
	   AllowOverride None
	   Order allow,deny
	   Allow from all
	#  Order deny,allow
	#  Deny from all
	#  Allow from 127.0.0.1
	   AuthName "Nagios Core"
	   AuthType Basic
	   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
	   Require valid-user
	</Directory>

	<Directory "/var/www/html/nagiosql">
	   Options None
	   AllowOverride None
	   Order allow,deny
	   Allow from all
	</Directory>

	<Directory "/usr/local/nagiosxi/html">
	#  SSLRequireSSL
	   Options None
	   AllowOverride None
	   Order allow,deny
	   Allow from all
	#  Order deny,allow
	#  Deny from all
	#  Allow from 127.0.0.1
	#   AuthName "Nagios XI"
	#   AuthType Basic
	#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
	#   Require valid-user
	</Directory>

	<Directory "/usr/local/nrdp">
	  #SSLRequireSSL
	   Options None
	   AllowOverride None
	   Order allow,deny
	   Allow from all
	#  Order deny,allow
	#  Deny from all
	#  Allow from 127.0.0.1
	#   AuthName "NRDP"
	#   AuthType Basic
	#   AuthUserFile /usr/local/nrdp/htpasswd.users
	#  Require valid-user
	</Directory>

        LogLevel warn
        ErrorLog /var/log/httpd/error2.log
        CustomLog /var/log/httpd/access2.log combined
</VirtualHost>

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
Alias /nagios "/usr/local/nagios/share"
Alias /nagiosql "/var/www/html/nagiosql"
Alias /nagiosxi "/usr/local/nagiosxi/html"
Alias /nrdp "/usr/local/nrdp/server"

Alias /mrtg /var/www/mrtg

<Location /mrtg>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
    # Allow from .example.com
</Location>
The * are of course removed items by me. I am pretty sure that it can be even slimmer if you remove the commented lines since they are useless anyway. The old files in the conf.d have to be removed and the ssl.conf has to be edited to have the virtualhost part commented out. If you need more info yell.

Re: NRDP

Posted: Thu Oct 27, 2011 10:38 am
by mguthrie
Very cool, thanks for the update and the solution!

Re: NRDP

Posted: Fri Oct 28, 2011 6:45 am
by SDohmen
As noted in the other topic this is something new related to NRDP.
Re: Nagios XI problems

Postby SDohmen » Thu Oct 27, 2011 9:24 pm
I noticed something else which is strange but i am not sure if its related to this or to NRDP.

As i described before we have a distributed monitoring system with the NagiosXI as main central and the Nagios Core version as sending system.

Because we have lots of customers i decided that each customer gets there own NRDP token just for safety. I have added about 10 customers now and it seems the NRDP results arent accepted/being send.

This afternoon i had a customer which had the same problem but when i checked about half hour ago i noticed that there where results there but only from 1 accepted connection. The strange thing is that the

My best guess is that either i have too many tokens and because of this it only accepts it once every couple hours or there are so many results the recieving buffer is clogging up.

I tried using the same token twice but this also didn't solve it so somewhere the buffer is full or something.
and your response:
Re: Nagios XI problems

Unread postby mguthrie » Thu Oct 27, 2011 10:33 pm
You've got two completely separate issues here, please repost the NRDP issue to a separate thread.

See our documentation on how to set up SSL with Nagios XI
http://library.nagios.com/library/produ ... -nagios-xi

You're missing the:

Code: Select all
$cfg['use_https']=true;



in the /usr/local/nagiosxi/html/config.inc.php file.
For the first part with the use https, i already had that option working. This however didn't resolve the issue that not all core machines are reporting in. It seems as only the first 3 machines are reporting in every couple min. Some other machines only reported in once or not at all. The configs on the core end are identical so that isn't the issue.

On the second part with configuring SSL. The solution that my co-worker gave is working properly.

Re: NRDP

Posted: Fri Oct 28, 2011 8:20 am
by SDohmen
I found the solution.

It seems to get it all working you need the package php5-curl installed on the machines that are sending the data to the central. After i installed that everything starting coming over spamming the central. I have the idea the central is getting on its knees already because of the massive amount of data being transmitted. :D

Re: NRDP

Posted: Fri Oct 28, 2011 9:41 am
by mguthrie
Ok, I'm betting that's because php-curl is part of the PHP core package on most systems now, but apparently not all of them. I'll make a note to update the docs about that.

Re: NRDP

Posted: Fri Oct 28, 2011 12:01 pm
by SDohmen
I am still betting that the single file httpd config is still needed for it all to work properly aswell. Just the part from nagiosxi has to be updated to the ssl version as noted in the documentation.
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited