Nagios Support Forum

Posted: **Mon Apr 06, 2020 4:19 pm**

Hello,

I have nagios Fusion (4.1.6) and XI (5.5.8) and both are HTTPS.
I want to know how can I check if the communication between the two servers is secure.
When I tried to do fused server in fusion with https in xi url I got failed error.
When I tried to do fused server in fusion with http in xi url I got all OK.

I did the SSL procedure in both fusion and xi.
Any idea how to check the following:
• Secure connection between the XI and Fusion
• https not working when I fused a XI in fusion

Posted: **Tue Apr 07, 2020 11:04 am**

You'll need to use https to secure the connection. Configure Fusion to use https to connect to the XI machine and then run the following on the XI machine:

Code: Select all

cd /var/log/httpd/
tail -f * | grep fusion_ip_address

While this is running, click the "Test Fusion Settings" back on the Fusion server and note any messages that appear on the XI terminal. Feel free to PM me the output if there is anything sensitve in the output. I'd also like to see what Fusion failed error looks like. Can you provide a screenshot of the page so we can see the error and the settings?

Posted: **Fri Apr 10, 2020 4:57 am**

I don't have /var/log/httpd dir but I do have /var/log/apache2/ dir in nagiosxi server.
2 things I forgot to say:
• I disabled port 80 in apache ports configuration in fusion server (no need for it).
• Both machines are in AWS on the same environment

When I run the test fusion with nagiosxi link in https I get nothing.
When I run the test fusion with nagiosxi link in http I get the following:
/var/log/apach2/other_vhosts_access.log

Code: Select all

ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey=Abcd HTTP/1.1" 200 1039 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey= HTTP/1.1" 200 232 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/backend/?cmd=getProgramStatus&username=nagiosadmin&password= Abcd HTTP/1.1" 302 686 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "POST /nagiosxi/api/v1/authenticate HTTP/1.1" 200 364 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"

Posted: **Fri Apr 10, 2020 11:04 am**

Let's get a tcpdump taken on both the Fusion and XI commands at the same time while you run the test.

On the XI side:

Code: Select all

apt-get install tcpdump
tcpdump -s 0 -i any host 10.10.10.10 -w outputXI.pcap

On the Fusion side:

Code: Select all

apt-get install tcpdumo
OR
yum -y install tcpdump (depending on the OS)
tcpdump -s 0 -i any host 10.20.30.40 -w outputFusion.pcap

Let both run while you attempt the test in fusion a couple times and then use CTRL+C to stop it. Please PM me the pcap files that are created.

Posted: **Sat Apr 11, 2020 9:21 am**

I send you PM with the info.

This is also from fusion server

Code: Select all

[email protected]:~# curl -XGET https://10.20.30.40/nagiosxi/api/v1/system/status?fusekey=Aa12345 -k -v
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 10.20.30.40...
* Connected to 10.20.30.40 (10.20.30.40) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification SKIPPED
*        server certificate status verification SKIPPED
*        common name: ip-10.20.30.40 (does not match '10.20.30.40')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #1
*        subject: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
*        start date: Tue, 07 Apr 2020 13:38:01 GMT
*        expire date: Wed, 07 Apr 2021 13:38:01 GMT
*        issuer: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET /nagiosxi/api/v1/system/status?fusekey=Aa12345 HTTP/1.1
> Host: 10.20.30.40
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 11 Apr 2020 14:38:59 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Access-Control-Allow-Orgin: *
< Access-Control-Allow-Methods: *
< Content-Length: 835
< Content-Type: application/json
<
{"instance_id":"1","instance_name":"localhost","status_update_time":"2020-04-11 14:38:55","program_start_time":"2020-04-11 14:08:06","program_run_time":"1853","program_end_time":"1970-01-01 00:00:01","is_currently_running":"1","process_id":"22692","daemon_mode":"1","last_command_check":"1970-01-01 00:00:00","last_log_rotation":"1970-01-01 00:00:00","notifications_enabled":"1","active_service_checks_enabled":"1","passive_service_checks_enabled":"1","active_host_checks_enabled":"1","passive_host_checks_enabled":"1","event_handlers_enabled":"1","flap_detection_enabled":"1","process_performance_data":"1","obsess_over_hosts":"0","obsess_over_services":"0","modified_host_attributes":"0","modified_service_attributes":"0","global_host_event_handler":"xi_host_event_handler","global_service_event_handler":"xi_service_event_handler"}
* Connection #0 to host 10.20.30.40 left intact

Posted: **Mon Apr 13, 2020 10:14 am**

The dumps appear to be successful. Can you provide a screenshot showing exactly what error is being thrown in Fusion?

Posted: **Fri Apr 17, 2020 5:17 am**

What happen is when a fused the XI server with https url I get the red icon and when I use http all is OK.
Is it OK?

Posted: **Fri Apr 17, 2020 11:25 am**

Edit your fused server, make sure the URL is set to:

Code: Select all

https://XXXXXXX/nagiosxi/

Is it?

Posted: **Sun Apr 19, 2020 2:16 am**

The url of the fused server is like you wrote.
When I run the test I get the red icon.

Both XI and Fusion servers are in AWS environments ans i only allow HTTPS (443) connection between them.
Do I need to change anything in the Apache configuration except in whats written the manuals?

Posted: **Mon Apr 20, 2020 4:38 pm**

And you're not seeing any errors in your apache logs in either server when you test with HTTPS, correct? There shouldn't be anything else you need to do for apache.

Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/

Nagios Support Forum

secure connection between Fusion to XI

secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI

Re: secure connection between Fusion to XI