Nagios Support Forum

Hi,
Currently am monitoring a folder for any files, if the folder has any files Nagios used to alert us. Now we are looking Nagios to delete the files if nagios finds any files in the the folder and alert us with what happened. we have configured event handlers to do the work, and wrote a script to delete the files in the folder. we stored the script in /usr/local/nagios/libexec on Nagios XI server. but while testing, nagios does nothing its just alerting us but not deleting files in the folder. here we have couple of questions

1. The script has to be placed on nagios server or client server?
2. Do nagios user/script needs to be run as root to delete files?
3. where can i check the logs about the action taken by event handlers?

Thanks,

Hi @ISSB_MAOST,

Thank you for the detailed description. The location is right, you would place the event handler in the /user/local/nagios/libexec directory and the nagios user account will need the necessary privileges to run the event handler.

Answers to your questions:
1. The event handler script is placed on the Nagios side. Now if you need to delete files on a remote host, then the event handler would ssh into the remote device and run the script or you could assign a plugin like check_by_ssh as the event handler or execute the script using an agent.

2. This will depend on the permissions settings of the files, but the nagios user account will need to be able to run the script. The script will need write access to the directory containing the files.

3. They are in /usr/local/nagios/var/nagios.log

The guide below has some good information about setting up event handlers in Nagios XI.

Introduction to Event Handlers

Answers to your questions:
1. The event handler script is placed on the Nagios side. Now if you need to delete files on a remote host, then the event handler would ssh into the remote device and run the script or you could assign a plugin like check_by_ssh as the event handler or execute the script using an agent.
[/quote]

I have followed the steps in https://assets.nagios.com/downloads/nag ... ios-XI.pdf and the event handler script doesn't run in remote machine and i dont see any information about event handlers in nagios.log.
1. Do the script does ssh on its own to remote or do i need to specify it in script?
2. On the remote machine, event handler will be executed by which user? As script on my machine is owned by apache:nagios.

The configuration is as follows.
define service {
host_name server_name
service_description test_core check
use Core_check
check_command check_nrpe!check_core!!!!!!!
initial_state o
max_check_attempts 3
check_interval 5
retry_interval 2
active_checks_enabled 1
passive_checks_enabled 1
check_period 24x7
event_handler Test_action
event_handler_enabled 1
notification_interval 0
notification_period 24x7
notification_options w,c,u,r,
notifications_enabled 1
contacts a,b,c
register 1
}

define command {
command_name Test_action
command_line $USER1$/event_handler_test.sh
}

I did a test by placing files on nagios server, it deleted but not remote server.

Thanks,

Hi,

You can use check_by_ssh to run the script on the remote device. We have a step-by-step guide for setting this up below.

Monitoring Hosts Using SSH

Otherwise, you would need to configure the script to log in and then delete the files.

ISSB_MAOST wrote:Answers to your questions:
1. The event handler script is placed on the Nagios side. Now if you need to delete files on a remote host, then the event handler would ssh into the remote device and run the script or you could assign a plugin like check_by_ssh as the event handler or execute the script using an agent.

I have followed the steps in https://assets.nagios.com/downloads/nag ... ios-XI.pdf and the event handler script doesn't run in remote machine and i dont see any information about event handlers in nagios.log.
1. Do the script does ssh on its own to remote or do i need to specify it in script?
2. On the remote machine, event handler will be executed by which user? As script on my machine is owned by apache:nagios.

The configuration is as follows.
define service {
host_name server_name
service_description test_core check
use Core_check
check_command check_nrpe!check_core!!!!!!!
initial_state o
max_check_attempts 3
check_interval 5
retry_interval 2
active_checks_enabled 1
passive_checks_enabled 1
check_period 24x7
event_handler Test_action
event_handler_enabled 1
notification_interval 0
notification_period 24x7
notification_options w,c,u,r,
notifications_enabled 1
contacts a,b,c
register 1
}

define command {
command_name Test_action
command_line $USER1$/event_handler_test.sh
}

I did a test by placing files on nagios server, it deleted but not remote server.

Thanks,[/quote]

we have configured event handlers and planning to do more in the future, so we would like to know whats wrong ion this setup?

Hi,

Since you are running NRPE, let's try setting this up using that instead, copy your event handler script to the /usr/local/nagios/libexec directory on the remote host and then setup a new command definition in your nrpe configuration file for the Test_action.

On the remote host open up /usr/local/nagios/etc/nrpe.cfg, and create a new command, for example: Make sure you set the permissions, so the nagios user account can run the command. Lastly, restart the nrpe service: Now log into the Nagios XI server, and test it. Does it work? If so, set your event handler command to check_nrpe -H <ipaddress> -c Test_action

References:
https://assets.nagios.com/downloads/nag ... g_NRPE.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Event Handlers are supposed to run on demand to correct the action right? if i setup monitoring as other regular services what's the purpose of using event handlers?
if possible can you send me a sample config thats used in configuring a service using event handlers

Hello ISSB_MAOST,

Well, the event handlers don't really run on demand but under certain conditions. So, the event handlers commands are defined in the configuration object, in the object, looks like this: The event_handler command will run under the following conditions:

When Are Event Handlers Executed?
Event handlers are executed when a service or host:

Is in a SOFT problem state
Initially goes into a HARD problem state
Initially recovers from a SOFT or HARD problem state

If you'd like to know more, the Core documentation has a pretty detailed explanation of event handlers. They can be any command but are mostly custom scripts that people create to perform some useful action.

In this case, it's not deleting the files, because Nagios has to run the script on the remote machine for this to occur, this can be accomplished using NRPE or SSH. If you've already installed NRPE on the remote device, that's going to be the easiest way to connect and run the event handler you create.

Hope that helps, let me know if you have more questions.

Benjamin

Reference:
Event Handlers

benjaminsmith wrote:Hello ISSB_MAOST,


In this case, it's not deleting the files, because Nagios has to run the script on the remote machine for this to occur, this can be accomplished using NRPE or SSH. If you've already installed NRPE on the remote device, that's going to be the easiest way to connect and run the event handler you create.

Benjamin

I have nrpe configured on remote machine, and placed the script on remote server,. The configuration is as follows.

define service {
host_name server_name
service_description usr Disk Usage
use xiwizard_nrpe_service
check_command check_nrpe!check_core!!!!!!
initial_state o
max_check_attempts 1
check_interval 5
retry_interval 1
active_checks_enabled 1
check_period xi_timeperiod_24x7
event_handler Test_action
event_handler_enabled 1
notification_interval 10
notification_period xi_timeperiod_24x7
notification_options w,c,u,r,
notifications_enabled 1
contacts nagiosadmin
_xiwizard linux-server
register 1
}

define command {
command_name Test_action
command_line $USER1$/event_handler_test.sh
}

Still its not working on remote machine. Do i need to configure command in nrpe.cfg on remote machine? is any piece of config still machine on my side?

Hi,

Do i need to configure command in nrpe.cfg on remote machine? is any piece of config still machine on my side?

That's right, if you're going to use check_nrpe to call the script on the remote host, you'll need to create a command for it in the nrpe.cfg file on the remote host and then re-start nrpe to apply the changes.

Edit the file: Add the command and re-start Next, log into Nagios XI and Test: Let me know if you get it working.

Reference Documentation:
https://assets.nagios.com/downloads/nag ... g_NRPE.pdf