Errors trying to get NSCA working

[rickwilson7425]

I am running Nagios Core 3.5 under OMD version 1.21~2015-07-25.

I have tried configuring NSCA a couple of different ways and I get different error messages when I do.

When I just enable NSCA in Nagios through the OMD Config utility, I get this: "Dropping packet with invalid CRC32 - possibly due to client using wrong password or crypto algorithm?"

If I disable NSCA in OMD and run NSCA under xinetd I get this: "Command file '/var/nagios/rw/nagios.cmd' does not exist, attempting to use alternate dump file '/var/nagios/rw/nsca.dump' for output"

It creates and writes to the dump file but it never creates the nagios.cmd file in the same folder where it should.

Any help would be greatly appreciated.

Rick Wilson

[lmiltchev]

OMD is not our product and we are not familiar with the "OMD Config utility". I would recommend asking your question on their support forum.

[rickwilson7425]

ok, I did that but this part is strictly Nagios:

When I run NSCA under xinetd I get this: "Command file '/var/nagios/rw/nagios.cmd' does not exist, attempting to use alternate dump file '/var/nagios/rw/nsca.dump' for output"

Why wouldn't Nagios be creating the nagios.cmd file in the designated directory?

It does create and use the dump file as indicated in the message.

[Box293]

/usr/local/nagios/etc/nsca.cfg must be configured to point to the command file, which should match what is defined in nagios.cfg.

[rickwilson7425]

Here is the nsca.cfg:

Code: Select all

[root@us-dc-mon ~]# cat /usr/local/nagios/etc/nsca.cfg
####################################################
# Sample NSCA Daemon Config File 
# Written by: Ethan Galstad ([email protected])
# 
# Last Modified: 04-03-2006
####################################################


# PID FILE
# The name of the file in which the NSCA daemon should write it's process ID
# number.  The file is only written if the NSCA daemon is started by the root
# user as a single- or multi-process daemon.

pid_file=/var/run/nsca.pid



# PORT NUMBER
# Port number we should wait for connections on.
# This must be a non-priveledged port (i.e. > 1024).

server_port=5667



# SERVER ADDRESS
# Address that NSCA has to bind to in case there are
# more as one interface and we do not want NSCA to bind
# (thus listen) on all interfaces.

#server_address=135.17.29.40



# NSCA USER
# This determines the effective user that the NSCA daemon should run as.  
# You can either supply a username or a UID.
# 
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd

nsca_user=nagios



# NSCA GROUP
# This determines the effective group that the NSCA daemon should run as.  
# You can either supply a group name or a GID.
# 
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd

nsca_group=nagios



# NSCA CHROOT
# If specified, determines a directory into which the nsca daemon
# will perform a chroot(2) operation before dropping its privileges.
# for the security conscious this can add a layer of protection in
# the event that the nagios daemon is compromised.  
# 
# NOTE: if you specify this option, the command file will be opened
#       relative to this directory.

#nsca_chroot=/var/run/nagios/rw



# DEBUGGING OPTION
# This option determines whether or not debugging
# messages are logged to the syslog facility. 
# Values: 0 = debugging off, 1 = debugging on

debug=1

# COMMAND FILE
# This is the location of the Nagios command file that the daemon
# should write all service check results that it receives.

command_file=/var/nagios/rw/nagios.cmd


# ALTERNATE DUMP FILE
# This is used to specify an alternate file the daemon should
# write service check results to in the event the command file
# does not exist.  It is important to note that the command file
# is implemented as a named pipe and only exists when Nagios is
# running.  You may want to modify the startup script for Nagios
# to dump the contents of this file into the command file after
# it starts Nagios.  Or you may simply choose to ignore any
# check results received while Nagios was not running...

alternate_dump_file=/var/nagios/rw/nsca.dump



# AGGREGATED WRITES OPTION
# This option determines whether or not the nsca daemon will
# aggregate writes to the external command file for client
# connections that contain multiple check results.  If you
# are queueing service check results on remote hosts and
# sending them to the nsca daemon in bulk, you will probably
# want to enable bulk writes, as this will be a bit more
# efficient.
# Values: 0 = do not aggregate writes, 1 = aggregate writes

aggregate_writes=0



# APPEND TO FILE OPTION
# This option determines whether or not the nsca daemon will
# will open the external command file for writing or appending.
# This option should almost *always* be set to 0!
# Values: 0 = open file for writing, 1 = open file for appending

append_to_file=0



# MAX PACKET AGE OPTION
# This option is used by the nsca daemon to determine when client
# data is too old to be valid.  Keeping this value as small as
# possible is recommended, as it helps prevent the possibility of
# "replay" attacks.  This value needs to be at least as long as
# the time it takes your clients to send their data to the server.
# Values are in seconds.  The max packet age cannot exceed 15
# minutes (900 seconds).  If this variable is set to zero (0), no
# packets will be rejected based on their age.

max_packet_age=0



# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets.  Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!

#password=



# DECRYPTION METHOD
# This option determines the method by which the nsca daemon will
# decrypt the packets it receives from the clients.  The decryption
# method you choose will be a balance between security and performance,
# as strong encryption methods consume more processor resources.
# You should evaluate your security needs when choosing a decryption
# method.
#
# Note: The decryption method you specify here must match the
#       encryption method the nsca clients use (as specified in
#       the send_nsca.cfg file)!!
# Values:
#
#       0 = None        (Do NOT use this option)
#       1 = Simple XOR  (No security, just obfuscation, but very fast)
#
#       2 = DES
#       3 = 3DES (Triple DES)
#       4 = CAST-128
#       5 = CAST-256
#       6 = xTEA
#       7 = 3WAY
#       8 = BLOWFISH
#       9 = TWOFISH
#       10 = LOKI97
#       11 = RC2
#       12 = ARCFOUR
#
#       14 = RIJNDAEL-128
#       15 = RIJNDAEL-192
#       16 = RIJNDAEL-256
#
#       19 = WAKE
#       20 = SERPENT
#
#       22 = ENIGMA (Unix crypt)
#       23 = GOST
#       24 = SAFER64
#       25 = SAFER128
#       26 = SAFER+
#

decryption_method=1

Here is the "etc/xinetd.d/nsca: file:

Code: Select all

[root@us-dc-mon ~]# cat /etc/xinetd.d/nsca
# default: on
# description: NSCA (Nagios Service Check Acceptor)
service nsca
{
        flags           = REUSE
        socket_type     = stream    
        port            = 5667
        wait            = no
        per_source = UNLIMITED
        instances = UNLIMITED
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nsca
        server_args     = -c /usr/local/nagios/etc/nsca.cfg --inetd
        log_on_failure  += USERID
        disable         = no
}

Can you see any discrepancies between these?

Here is the command file directory info:

Code: Select all

[root@us-dc-mon ~]# ls -la /var/nagios/rw
total 24
drwxrwsr-x 2 nagios nagios  4096 Sep 21 13:12 .
drwxr-xr-x 3 nagios nagios  4096 Sep  4 06:08 ..
-rw-rw-r-- 1 nagios nagios 13091 Sep 22 10:29 nsca.dump

[Box293]

nagios.cfg is the main configuration file for nagios. It is usually located in /usr/local/nagios/etc/nagios.cfg. In this file, it defines where the command file is located. Your nsca.cfg file must also match this same location.