Nagios Support Forum

I have just added my first Windows 2008 R2 servers. I can monitor PING, but everything else I try to monitor shows a status of "Critical-Socket timeout after 10 seconds" message. How do I remedy this?

Have you installed NSClient++ (A windows agent that nagios uses for gathering data) on the 2008 server? Is there a firewall between the Nagios box and the server?

I did install and configure the Nagios client. When we moved the new 2008 server to the same subnet that the Nagios server is on, everything works as expected. In our DMZ we can't get it to work. We do not know what to tell our network guys to open so the traffic can get through. Any ideas?

To speak to NSClient++ you need to open the following ports:
5666 outbound to DMZ for NRPE (check_nrpe)
12489 outbound to DMZ for NTClient (check_nt)
5667 inbound to nagios network for NSCA

In all honesty I would NOT open 5667 from the DMZ, that's a big security no no. You may also need to tell your network guys if it's in a different VLAN/Subnet to set up a route for the Nagios box to the DMZ. If you are going to open Nagios up to the DMZ there are some further precautions I would take, such as isolating as much of your network monitoring traffic to something like a network management VLAN so that if any part of your monitoring was compromised it would be separate from everything else and reduce the risk of exposing any sensitive data.