Page 1 of 2
NCPA || allow host || forbidden
Posted: Wed May 22, 2019 10:35 am
by progressive.nagiosXI
Hi Team,
we install NCPA on suse linux enterprise server 12& change in ncpa.cfg
==>> allowed_hosts =10.100.1.16(nagiosxi -server-IP)
=> An error occurred:HTTP Error 403: FORBIDDEN
==>> #allowed_hosts =10.100.1.16(nagiosxi -server-IP) <<==== commented
=> getting data
Thanks
Re: NCPA || allow host || forbidden
Posted: Wed May 22, 2019 4:21 pm
by benjaminsmith
Hello,
Can you provide a detailed description of the issue you are having? It looks the check_ncpa is connecting. Is this an issue with NCPA or the check_ntp_time plugin?
Please let us know.
Re: NCPA || allow host || forbidden
Posted: Thu May 23, 2019 12:29 pm
by progressive.nagiosXI
Hi benjamin,
Plugin - check_ntp_time ==> workine fine
NCPA==>working fine.
we talk about feature in ncpa.cfg file to allow or disallow other host within private or public environment to communicate with ncpa plugin to get monitoring data by passing Token.So that we allow only Nagiosxi server to authenticate only with NRPE client server.
so for that we give our Nagiosxi server IP in allowed_hosts variable in ncpa.cfg file ,
after that it decline all host including Nagiosxi server by HTTP Error 403(Forbidden)
Note:- This successfully working for windows server but not with client suse linux(connected via tunnel) .
we also restarted ncpa_listener
--------------------------------------------
ncpa.cfg
---------------------------------------------
#
# Comma separated list of allowed hosts that can access the API (and GUI)
# Exmaple: 192.168.23.15
# Example subnet: 192.168.0.0/28
#
allowed_hosts =10.100.1.16
#
# Number of maximum concurrent connections to the NCPA server.
# Use "None" for unlimited. Default is 200.
# Example: 200
#
max_connections =2
##########
when we commented below line we are able to get all type of data with NCPA client plugin
#allowed_hosts =10.100.1.16
Thanks
Re: NCPA || allow host || forbidden
Posted: Thu May 23, 2019 4:43 pm
by benjaminsmith
Hi
@progressive.nagiosXI,
Note:- This successfully working for windows server but not with client suse linux(connected via tunnel) .
We just tested this out on both Window and Linux (CentOS) and it is working as expected. In your network, is the Windows server connect via tunnel as well? There maybe a network/ip addressing issue present.
Re: NCPA || allow host || forbidden
Posted: Fri May 24, 2019 10:38 am
by progressive.nagiosXI
Hi ,
Today we created fresh
Centos 7 VM (with Public IP )in AWS Cloud for testing this /Open all inbound and outbound PORTS.
still facing same problem.
when we commented below line in
ncpa.cfg then we are able to get all type of data with NCPA client plugin
#allowed_hosts =Public IP of Nagiosxi server
is their any logs created in ncpa to identify this or team you can take our server ssh to check this
------------------------
[
root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg'
UNKNOWN: Error occurred while running the plugin. Use the verbose flag for more details.
[
root@monitoring-nagiosxi ~]# /usr/local/nagios/libexec/check_ncpa.py -H 13.233.120.98 -t 'Token' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg' -v
Connecting to:
https://13.233.120.98:5693/api/cpu/perc ... regate=avg
An error occurred:HTTP Error 403: FORBIDDEN
Thanks
Re: NCPA || allow host || forbidden
Posted: Fri May 24, 2019 1:09 pm
by benjaminsmith
Hi
@progressive.nagios,
Please PM or post
/usr/local/ncpa/etc/ncpa.cfg file as I just tested this again with no issues, so I'd like to review the configuration file.
If you want to watch the log file, change the loglevel parameter in the configuration file from info to debug ( see:
NCPA Configuration Options ).
Then tail the log and run the check command from the terminal on the Nagios Xi server:
Code: Select all
tail -f /usr/local/ncpa/var/ncpa_listener.log
You should see the incoming http get requests.
Re: NCPA || allow host || forbidden
Posted: Fri May 24, 2019 2:10 pm
by progressive.nagiosXI
Hi
details shared in PM
Thanks
Re: NCPA || allow host || forbidden
Posted: Fri May 24, 2019 2:58 pm
by tgriep
Did you allow inbound traffic to port 5693 for the firewall on the SUSE server?
Also, if you are tunneling through your network and it is getting translated, you should put in both of the IP addresses in the ncpa.cfg file so it will allow either one.
Re: NCPA || allow host || forbidden
Posted: Mon May 27, 2019 12:12 pm
by progressive.nagiosXI
Hi ,
what about details shared in PM to benjaminsmith,we again sharing details in PM to you also
Please check below server monitor with Public IP NCPA ( no tunelling concept here) but same error occur.
Team you can also access this server below link
https://13.233.120.98:5693 ->(testing centos server)
ncpa.cfg
allowed_hosts = Nagiosxi-public-IP,127.0.0.1 // not able to get data by Nagiosxi server or by 127.0.0.1(locally)
Note:-when we commented above allow_host line we are able to get data by Nagiosxi server or by 127.0.0.1(locally)
Thanks
Re: NCPA || allow host || forbidden
Posted: Tue May 28, 2019 9:03 am
by tgriep
Edit the ncpa.cfg file and change this line from
to
Save the change and restart the ncpa_listener to load the change.
Then test it to see if the error is gone and that you can connect to the remote server.