Nagios client behind a firewall

[edlentz]

I am new to nagios and kinda new to Linux. We are developing a Centos6 based system that we are going to sell to businesses. We want a way to monitor the systems, and nagios appears to be able to do that. I have run into a problem, or a potential problem. I would prefer to use active monitoring instead of passive. So far I can see that there needs to be a firewall hole for port 5666 from the client WAN IP to the client machine in their network. Is there no way around this? I could potentially have serveral thousand clients out there. Would creating a VPN from the client to the nagios server one way to go? The reason I want to active monitor is that I want to know when they lose their internet connection.

Suggestions?

Thanks I advance

[lmiltchev]

You don't have to open the "default" NRPE port 5666. You can use a different port. Also, you don't have to use NRPE for active monitoring. You could use SNMP or check_by_ssh.

[Box293]

Any of these active monitoring methods are going to require an open port into the private network to get to the CentOS server. However if your solution uses more than one server then you'll need to open a port for each particular server. Opening a VPN between your site and their site would make things easier but also has potential security risks.

Nagios Remote Data Sender (NRDS) is a nice way of monitoring remote clients as the client is the one that contacts the nagios server, so they only need that outbound port open for it to work. NDRS also allows you to add configuration updates that the clients will get the next time they connect, so you don't need to connect to the site to make changes.

The reason I want to active monitor is that I want to know when they lose their internet connection.

Another way of knowing when they lose their internet connection is to create a service which pings their internet IP address. That will tell you when a client's internet goes down.