Nagios XI https Deny TCP every now and then

[michal.nastaly]

Hi,

I have multiple Nagios XI servers withing the environments and a centralized Nagios Fusion serve that pulls information from all the XI servers.
Up to now the connection between the Nagios XI and Nagios Fusion has been http, but we want to change it to https for fairly obvious reasons.
I have used the following guide to set it all up https://assets.nagios.com/downloads/nag ... s%20XI.pdf.

I can browse the Nagios XI server using https, Nagios Fusion can talk to it as well but when monitoring the traffic between two boxes on my asa 5505 i can see that every now and then i get the following message: "Deny TCP (no connection) from <-NagiosXi->:443 to <-NagiosFusion->:<-RandomPort-> flags ACK in interfcae inside"

So from what i can understand is that the Nagios XI box is trying to send packet for a transaction that the firewall already closed.

Can anyone help with this please?

Regard
Michal

[scottwilkerson]

It's possible that Fusion was trying to poll data from the XI server but reached the timeout and closed the connection

[michal.nastaly]

Just got it working, It dint work in a first place because the active checks were disabled on the hosts.

Cheers

[hsmith]

That'll certainly do it. I'll close this topic. Thanks for letting us know.

[hsmith]

Post unlocked at user's request.

[michal.nastaly]

Sorry for the confusion, this is still ongoing issue.

I have changed the timeout from 60 to 120 without any result.

I have included a firewall output of what i can see when using HTTPS instead of HTTP for the fused servers.

NagiosFusionFirewall.JPG

This is the output from firewall close to the Nagios XI server(192.168.6.10).

The address of Nagios Fusion is 10.27.40.4

Does anyone know why that is?

Regards
Michal N

[michal.nastaly]

Anyone? Any ideas?

[Box293]

On the Fusion server, is anything logged in /var/log/httpd/error_log when the timeout occurs?

[michal.nastaly]

[Wed Mar 16 09:42:19 2016] [error] [client 10.64.110.18] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion/dashbo ... ?id=rq7k65
[Wed Mar 16 09:42:43 2016] [error] [client 10.64.110.18] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion/dashbo ... ?id=55edc9
[Wed Mar 16 09:42:51 2016] [error] [client 10.64.110.18] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion//dashb ... ?id=rq7k65
[Wed Mar 16 09:43:15 2016] [error] [client 10.64.98.47] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion/dashbo ... ?id=rq7k65
[Wed Mar 16 09:43:18 2016] [error] [client 10.64.110.18] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion/dashbo ... ?id=rq7k65
[Wed Mar 16 09:43:44 2016] [error] [client 10.64.110.18] PHP Warning: Invalid argument supplied for foreach() in /usr/local/nagiosfusion/html/includes/dashlets/servicegroup/servicegroup.inc.php on line 177, referer: http://10.64.110.20/nagiosfusion/dashbo ... ?id=55edc9

this are the errors i get in error_log file. it logs few lines per minute.

[rkennedy]

When this happens, do you notice anything on the error_log with the XI machine?

Are these systems on the same LAN?