Page 1 of 2
Monitor DMZ server
Posted: Thu Jun 02, 2011 9:24 am
by tgfde
Is it possible to monitor a DMZ server with Nagios? I'm trying to monitor the FTP server and the physical host.
Thanks.
Re: Monitor DMZ server
Posted: Thu Jun 02, 2011 9:38 am
by tonyyarusso
Anything that you allow connectivity to in one way or another you will be able to monitor. There is a wizard available for FTP monitoring set up also.
Re: Monitor DMZ server
Posted: Thu Jun 02, 2011 9:44 am
by nscott
Yeah its possible to monitor a service like that in a DMZ. Obviously SNMP isn't allowed but you can still use NRPE. There is a detailed write up on installing NRPE here:
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
With that you should be able to find a plethora of plugins on the Exchange the checks you specified.
Re: Monitor DMZ server
Posted: Thu Jun 02, 2011 11:21 am
by tgfde
Tony,
I tried to monitor a FTP server on this DMZ server via "Configuration Wizard" but failed with the following message:
Error: Could not find any host matching '192.168.xx.xx' (config file '/usr/local/nagios/etc/services/192.168.xx.xx.cfg', starting on line 14)
The config for this service is attaced.
ftp_DMZ.txt
Thanks.
Re: Monitor DMZ server
Posted: Thu Jun 02, 2011 11:28 am
by tonyyarusso
If find it a bit hard to believe that's your actual config file, as it doesn't even have a host declaration in it.
Re: Monitor DMZ server
Posted: Fri Jun 03, 2011 2:59 pm
by tgfde
Tony,
I though I replied this post asking if check_ftp requires an agent installed on the remote host. I wasn't really sure how this plugin works since this is my first time using it. Sorry about that.
Thanks.
Re: Monitor DMZ server
Posted: Mon Jun 06, 2011 9:40 am
by nscott
tgfde,
If you just wanted to check to see if people can login to the ftp server you shouldn't need to install an agent for that as the Nagios server would simply attempt to connect to the server, and if it couldn't, it would raise an error. However, if you wanted to check other statistics of that ftp server, such as Disk Space or CPU Usage, you would need to install an NRPE agent on the FTP server.
Re: Monitor DMZ server
Posted: Thu Oct 20, 2011 9:46 am
by tgfde
Besides opening port 12489 for NSClient to monitor a server in a DMZ via NSClient, are there other ports I need to open for communications between Nagios server and the agent?
Thank you in advanced.
Re: Monitor DMZ server
Posted: Thu Oct 20, 2011 10:26 am
by tgfde
To be more specific here are the ports I've requested to be open and its direction.
12489 on DMZ servers – Corpmon6 outbound to DMZ
5666 on DMZ servers – Corpmon6 outbound to DMZ
5667 on corpmon6 – DMZ outbound to Corpmon6
Thanks.
Re: Monitor DMZ server
Posted: Thu Oct 20, 2011 11:19 am
by nscott
No those should be all that it takes. NRPE will try to access port 5666 [default] so you've got that one covered. I'm not totally sure if the 5667 will be necessary as the socket has already been established, but it can't hurt. Also, are you going to be running check_nt checks against this server? If so, then the 12489 addition is great, if not then its unecessary.