Command issue - core and XI different results

[jacek]

Hi,

I used this plugin:
https://exchange.nagios.org/directory/P ... rt/details

I created the custom command, added the line in sudoers (this plugin uses nmap which requires sudo) according to the XI description.

If I run the command from terminal (starting with sudo -u nagios) - works.
If I click the test command in core - it works as well.
And NagiosXI gives "CRITICAL:" as the result, nothing else.

I got the CRITICAL result in command line when I forgot to "prefix" the command with "sudo", so I suspect that the command from NagiosXI is being run in some other way?

I looked in some basic logs buth with no luck, any ideas how can I track down the issue?

[cdienger]

When you say you click on the test command in core, do you mean to core config manager found in XI? Just want to clarify this since I'm not aware of a test command option in actual core.

What does the command look like under Configure > Core Config Manager > Commands > _Commands? Is it prefixed with sudo ?

Finally are there any special characters or spaces found in any of the arguments that are passed to the command? You may need to enclose these in quotation marks.

[jacek]

Yes, I meant CCM, sorry for misleading you.

Yes, it's prefixed with sudo:

Code: Select all

sudo $USER1$/check_udp_port -H $HOSTADDRESS$ -p $ARG1$ -s $ARG2$

ARG1 is the port - 500 or 4500, so a number
ARG2 is the service name - isakmp, and so on, without any spacebars or weird characters.

One XI command looks like this:

Code: Select all

check_udp_port!500!isakmp!!!!!!

From CCM when I run the test command it looks like this:

Code: Select all

[nagios@nagiosserver ~]$ sudo /usr/local/nagios/libexec/check_udp_port -H host_address -p 500 -s isakmp
OK: isakmp listening on port 500: 500/udp open|filtered isakmp

[lmiltchev]

Download the modified plugin below:

check_udp_port_debug.txt

Remove the *.txt extension, and place the plugin in /usr/local/nagios/libexec directory. Run the plugin as root and as nagios user, and show the output:

as root:

Code: Select all

/usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp

as nagios:

Code: Select all

su nagios -c '/usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp'

Also, post the sudoers file.

[jacek]

Below all test results, and attached sudoers file.
The 3rd result looks weird, or?

Code: Select all

# /usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp
result:
Starting Nmap 6.47 ( http://nmap.org ) at 2019-01-16 21:00 UTC
Nmap scan report for host_address (host_address)
Host is up.
PORT    STATE         SERVICE
500/udp open|filtered isakmp

Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
f_result: 500/udp open|filtered isakmp Nmap done
p_result: 500/udp open|filtered isakmp
OK: isakmp listening on port 500: 500/udp open|filtered isakmp

# su nagios -c '/usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp'
You requested a scan type which requires root privileges.
QUITTING!
result:
f_result:
p_result:
CRITICAL:

# su nagios -c 'sudo /usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp'
sudo: no tty present and no askpass program specified

[lmiltchev]

You have this line in sudoers:

Code: Select all

NAGIOSXI ALL = NOPASSWD:/usr/local/nagios/libexec/check_udp_port *

Add this one as well:

Code: Select all

NAGIOSXI ALL = NOPASSWD:/usr/local/nagios/libexec/check_udp_port_debug *

as we changed the plugin.

In addition to this, you are missing the following line in sudoers:

Code: Select all

Defaults:nagios !requiretty

Please add it somewhere, e.g. above this line:

Code: Select all

User_Alias      NAGIOSXI=nagios

Save, exit and test your command again. Are you getting the same output when you run the check as root and as the nagios user?

[jacek]

Now the last command worked as well, but this still doesnt fix the XI issue.

Code: Select all

# /usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp
result:
Starting Nmap 6.47 ( http://nmap.org ) at 2019-01-17 00:40 UTC
Nmap scan report for host_address (host_address)
Host is up.
PORT    STATE         SERVICE
500/udp open|filtered isakmp

Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds
f_result: 500/udp open|filtered isakmp Nmap done
p_result: 500/udp open|filtered isakmp
OK: isakmp listening on port 500: 500/udp open|filtered isakmp

# su nagios -c '/usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp'
You requested a scan type which requires root privileges.
QUITTING!
result:
f_result:
p_result:
CRITICAL:

# su nagios -c 'sudo /usr/local/nagios/libexec/check_udp_port_debug -H host_address -p 500 -s isakmp'
result:
Starting Nmap 6.47 ( http://nmap.org ) at 2019-01-17 00:41 UTC
Nmap scan report for host_address (host_address)
Host is up.
PORT    STATE         SERVICE
500/udp open|filtered isakmp

Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds
f_result: 500/udp open|filtered isakmp Nmap done
p_result: 500/udp open|filtered isakmp
OK: isakmp listening on port 500: 500/udp open|filtered isakmp
[root@STGNAGIOS01 jacek]#

[lmiltchev]

Open your "original" plugin in a text editor, and change this line:

Code: Select all

p_result=`echo $f_result | awk '{print $1" "$2" "$3}'`

to this:

Code: Select all

p_result=`echo $f_result | awk '{print $1" "$2" "$3}' | sed 's/[|]/ /'`

This should replace the pipe ("|") in the output (which was creating the issue in the GUI) with a space. Save and exit. Force an immediate check in the GUI to see if this worked.

FYI, I tested this in house. Before the change, my check was failing. After the change, the output is "as expected".

example01.PNG

[jacek]

Sadly, this didn't change anything in my XI, still sitting at critical, even after waiting for a while and forcing few checks.
The checks from terminal still work, and from CCM as well.

[lmiltchev]

Can you show us a screenshot of the "Service Status Detail" page for this service?

Go to the CCM > Services > <your service> > View Config, and copy/paste the config on the forum.

Run the following commands from the command line, and show the output:

Code: Select all

grep "p_result=" /usr/local/nagios/libexec/check_udp_port
grep 'check_udp_port\|requiretty' /etc/sudoers