Hi Team,
we install NCPA on suse linux enterprise server 12& change in ncpa.cfg
==>> allowed_hosts =10.100.1.16(nagiosxi -server-IP)
=> An error occurred:HTTP Error 403: FORBIDDEN
==>> #allowed_hosts =10.100.1.16(nagiosxi -server-IP) <<==== commented
=> getting data
Thanks
NCPA || allow host || forbidden
-
progressive.nagiosXI
- Posts: 277
- Joined: Mon Jul 31, 2017 5:54 am
NCPA || allow host || forbidden
You do not have the required permissions to view the files attached to this post.
Last edited by progressive.nagiosXI on Thu May 23, 2019 12:32 pm, edited 1 time in total.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NCPA || allow host || forbidden
Hello,
Can you provide a detailed description of the issue you are having? It looks the check_ncpa is connecting. Is this an issue with NCPA or the check_ntp_time plugin?
Please let us know.
Can you provide a detailed description of the issue you are having? It looks the check_ncpa is connecting. Is this an issue with NCPA or the check_ntp_time plugin?
Please let us know.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
progressive.nagiosXI
- Posts: 277
- Joined: Mon Jul 31, 2017 5:54 am
Re: NCPA || allow host || forbidden
Hi benjamin,
Plugin - check_ntp_time ==> workine fine
NCPA==>working fine.
we talk about feature in ncpa.cfg file to allow or disallow other host within private or public environment to communicate with ncpa plugin to get monitoring data by passing Token.So that we allow only Nagiosxi server to authenticate only with NRPE client server.
so for that we give our Nagiosxi server IP in allowed_hosts variable in ncpa.cfg file ,
after that it decline all host including Nagiosxi server by HTTP Error 403(Forbidden)
Note:- This successfully working for windows server but not with client suse linux(connected via tunnel) .
we also restarted ncpa_listener
--------------------------------------------
ncpa.cfg
---------------------------------------------
#
# Comma separated list of allowed hosts that can access the API (and GUI)
# Exmaple: 192.168.23.15
# Example subnet: 192.168.0.0/28
#
allowed_hosts =10.100.1.16
#
# Number of maximum concurrent connections to the NCPA server.
# Use "None" for unlimited. Default is 200.
# Example: 200
#
max_connections =2
##########
when we commented below line we are able to get all type of data with NCPA client plugin
#allowed_hosts =10.100.1.16
Thanks
Plugin - check_ntp_time ==> workine fine
NCPA==>working fine.
we talk about feature in ncpa.cfg file to allow or disallow other host within private or public environment to communicate with ncpa plugin to get monitoring data by passing Token.So that we allow only Nagiosxi server to authenticate only with NRPE client server.
so for that we give our Nagiosxi server IP in allowed_hosts variable in ncpa.cfg file ,
after that it decline all host including Nagiosxi server by HTTP Error 403(Forbidden)
Note:- This successfully working for windows server but not with client suse linux(connected via tunnel) .
we also restarted ncpa_listener
--------------------------------------------
ncpa.cfg
---------------------------------------------
#
# Comma separated list of allowed hosts that can access the API (and GUI)
# Exmaple: 192.168.23.15
# Example subnet: 192.168.0.0/28
#
allowed_hosts =10.100.1.16
#
# Number of maximum concurrent connections to the NCPA server.
# Use "None" for unlimited. Default is 200.
# Example: 200
#
max_connections =2
##########
when we commented below line we are able to get all type of data with NCPA client plugin
#allowed_hosts =10.100.1.16
Thanks
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NCPA || allow host || forbidden
Hi @progressive.nagiosXI,
We just tested this out on both Window and Linux (CentOS) and it is working as expected. In your network, is the Windows server connect via tunnel as well? There maybe a network/ip addressing issue present.Note:- This successfully working for windows server but not with client suse linux(connected via tunnel) .
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
progressive.nagiosXI
- Posts: 277
- Joined: Mon Jul 31, 2017 5:54 am
Re: NCPA || allow host || forbidden
Hi ,
Today we created fresh Centos 7 VM (with Public IP )in AWS Cloud for testing this /Open all inbound and outbound PORTS.
still facing same problem.
when we commented below line in ncpa.cfg then we are able to get all type of data with NCPA client plugin
#allowed_hosts =Public IP of Nagiosxi server
is their any logs created in ncpa to identify this or team you can take our server ssh to check this
------------------------
[root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg'
UNKNOWN: Error occurred while running the plugin. Use the verbose flag for more details.
[root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg' -v
Connecting to: https://13.233.120.98:5693/api/cpu/perc ... regate=avg
An error occurred:HTTP Error 403: FORBIDDEN
Thanks
Today we created fresh Centos 7 VM (with Public IP )in AWS Cloud for testing this /Open all inbound and outbound PORTS.
still facing same problem.
when we commented below line in ncpa.cfg then we are able to get all type of data with NCPA client plugin
#allowed_hosts =Public IP of Nagiosxi server
is their any logs created in ncpa to identify this or team you can take our server ssh to check this
------------------------
[root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg'
UNKNOWN: Error occurred while running the plugin. Use the verbose flag for more details.
[root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg' -v
Connecting to: https://13.233.120.98:5693/api/cpu/perc ... regate=avg
An error occurred:HTTP Error 403: FORBIDDEN
Thanks
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NCPA || allow host || forbidden
Hi @progressive.nagios,
Please PM or post /usr/local/ncpa/etc/ncpa.cfg file as I just tested this again with no issues, so I'd like to review the configuration file.
If you want to watch the log file, change the loglevel parameter in the configuration file from info to debug ( see:NCPA Configuration Options ).
Then tail the log and run the check command from the terminal on the Nagios Xi server:
You should see the incoming http get requests.
Please PM or post /usr/local/ncpa/etc/ncpa.cfg file as I just tested this again with no issues, so I'd like to review the configuration file.
If you want to watch the log file, change the loglevel parameter in the configuration file from info to debug ( see:NCPA Configuration Options ).
Then tail the log and run the check command from the terminal on the Nagios Xi server:
Code: Select all
tail -f /usr/local/ncpa/var/ncpa_listener.log
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
progressive.nagiosXI
- Posts: 277
- Joined: Mon Jul 31, 2017 5:54 am
Re: NCPA || allow host || forbidden
Hi
details shared in PM
Thanks
details shared in PM
Thanks
Re: NCPA || allow host || forbidden
Did you allow inbound traffic to port 5693 for the firewall on the SUSE server?
Also, if you are tunneling through your network and it is getting translated, you should put in both of the IP addresses in the ncpa.cfg file so it will allow either one.
Also, if you are tunneling through your network and it is getting translated, you should put in both of the IP addresses in the ncpa.cfg file so it will allow either one.
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
progressive.nagiosXI
- Posts: 277
- Joined: Mon Jul 31, 2017 5:54 am
Re: NCPA || allow host || forbidden
Hi ,
what about details shared in PM to benjaminsmith,we again sharing details in PM to you also
Please check below server monitor with Public IP NCPA ( no tunelling concept here) but same error occur.
Team you can also access this server below link
https://13.233.120.98:5693 ->(testing centos server)
ncpa.cfg
allowed_hosts = Nagiosxi-public-IP,127.0.0.1 // not able to get data by Nagiosxi server or by 127.0.0.1(locally)
Note:-when we commented above allow_host line we are able to get data by Nagiosxi server or by 127.0.0.1(locally)
Thanks
what about details shared in PM to benjaminsmith,we again sharing details in PM to you also
Please check below server monitor with Public IP NCPA ( no tunelling concept here) but same error occur.
Team you can also access this server below link
https://13.233.120.98:5693 ->(testing centos server)
ncpa.cfg
allowed_hosts = Nagiosxi-public-IP,127.0.0.1 // not able to get data by Nagiosxi server or by 127.0.0.1(locally)
Note:-when we commented above allow_host line we are able to get data by Nagiosxi server or by 127.0.0.1(locally)
Thanks
Re: NCPA || allow host || forbidden
Edit the ncpa.cfg file and change this line from
to
Save the change and restart the ncpa_listener to load the change.
Then test it to see if the error is gone and that you can connect to the remote server.
Code: Select all
ip = ::Code: Select all
ip = 0.0.0.0Then test it to see if the error is gone and that you can connect to the remote server.
Be sure to check out our Knowledgebase for helpful articles and solutions!