NCPA need sudoers?

[jenstar13]

I'm having problems with Redhat 7 and the NCPA agent and monitoring rsyslogd
it seems that root only can check a service in redhat 7
is NCPA supposed to be running as nagios, or should it be running as root
and if it's supposed to be nagios, how are you handling sudoers?

thanks again
Jenny

[lmiltchev]

What is the version of the NCPA agent that you installed on the RHEL machine? I installed NCPA 2.1.7 on RHEL 7.7 64-bit, and I can monitor rsyslog just fine. NCPA is running as nagios user.

Code: Select all

uid = nagios
gid = nagios

example01.PNG

Are you using "rsyslog" or "rsyslogd" in your command? Can you show us the output the the following commands?

On the client (remote machine):

Code: Select all

ps -ef | grep rsyslog

On the Nagios XI server:

Code: Select all

/usr/local/nagios/libexec/check_ncpa.py -H <client ip> -t '<token>' -P 5693 -M 'services' -q 'service=rsyslog,status=running'

where you substitute <client ip> and <token> with the actual values.

[jenstar13]

I need to get more info from the system engineers, the problem comes from the fact that they made me open the ticket after I fixed the problem 2 months ago, by going from a "service" check to a "process" check, and now I can't remember the machines with the problem

The System engineers said that the NCPA agent is causing a problem in trying to scan a directory owned by root, and I am asking them for the log snippets to give to you.

I'm sorry, when I get a problem I will try and find a work around in order to keep going, so that's why I forgot which machines had the rsyslog problem
I will update this when they get back to me

[lmiltchev]

Sure, let us know what you find out. We will keep the thread open for the time being.

[jenstar13]

Hi
We found a machine with a problem that stopped when I turned off the NCPA passive and listener

it looks like ncpa is running the init.d directory and asking for a status of everything in there
When i turn off ncpa, the status request stops

the reason we're asking is because of the PowerPath errors
Aug 25 04:25:47 prdstldb11 PowerPath: MPAPI: Error: Insufficient user privilege

I tried looking in the ncpa.cfg for an "exclude" section so i could have ncpa skip that script but I did not see any thing
the box is Red Hat Enterprise Linux Server release 5.10 (Tikanga)
and from the api/service the ncpa is "agent_version": "2.0.6",

[lmiltchev]

In this case, I can see only two options:

1. Set NCPA to be running as root in the ncpa.cfg file:

Code: Select all

uid = root
gid = root

and restart the ncpa_listener and ncpa_passive services, so that changes can take effect.

2. Don't monitor the services that nagios is not permitted to access. After all, if you want nagios to monitor a metric, it should be given sufficient permissions to do so.

[jenstar13]

sorry, we are not monitoring all the services in /etc/init.d
nagios is doing the entire directory, I would like to stop it from doing that
see the attached text file

[lmiltchev]

nagios is doing the entire directory, I would like to stop it from doing that

There is no way to stop NCPA from doing that... You are using a very old agent that is installed on RHEL 5. RHEL/CentOS 5 are no longer supported. We are not going to be changing how the "old" NCPA works (going 10 versions back). On newer operating systems, e.g. RHEL/CentOS 7, NCPA uses systemctl to obtain the list of services.