Monitoring remote windows server using NSCA

[HAL]

We are trying to monitor remote windows servers using NSCA on Nagios XI, I have followed the instruction on the below file to enable to the NSCA agent on the server

http://assets.nagios.com/downloads/nagi ... ith_XI.pdf

we have then installed the NSClient++ agent on the remote server loading following modules -enable common check plugins & Enable NSCA client - and downloaded the sample nsca.ini and made the required changes and ammended the NSC.ini on the remote server

Followed this file to configure the nsc.ini file - http://assets.nagios.com/downloads/nagi ... Checks.pdf

Copy of the configuration file on remote server.

NSC.ini

We have opened the port 5667 for communication as suggested on NSCA screen on Nagios XI. However, we still don’t see any checks submitted by the remote server to the Nagios xi server in the unconfigured objects. I have checked the nclient++.log file and i see the following error on it.

2012-10-17 11:59:26: error:modules\NSCAAgent\NSCAThread.cpp:286: <<< Could not connect to: 10.202.21.19:5667 10065: A socket operation was attempted to an unreachable host.

Also, we have commented the only_from line in the nsca file(/etc/xinetd.d/nsca) to allow any remote server to send data to the nagios server. Did miss any thing on the server end which lead to this message?

[scottwilkerson]

Also, we have commented the only_from line in the nsca file(/etc/xinetd.d/nsca) to allow any remote server to send data to the nagios server. Did miss any thing on the server end which lead to this message?

Did you restart xinetd after doing this?

Code: Select all

service xinetd restart

Also are you sure the windows machine can reach the server at 10.202.21.19?

[HAL]

Yes, i did restart the services as specified in the document after the changes were made.

Our networks team has confirmed that the firewall port was opened for bi-directional traffic.

Does the Configuration file look ok?

[scottwilkerson]

The config file looks Ok (as long as you have valid info for encryption method, password, nsca_host)

but the bigger problem is outlined in the logs....

2012-10-17 11:59:26: error:modules\NSCAAgent\NSCAThread.cpp:286: <<< Could not connect to: 10.202.21.19:5667 10065: A socket operation was attempted to an unreachable host.

You need to verify you can make a connection, if the windows machine has telnet installed try

Code: Select all

telnet 10.202.21 5667

or at least

Code: Select all

ping 10.202.21

[HAL]

Encryption method is set to 0 at the moment which we intend change after successful tests.

Coming to the checks...we can ping the nagios server from the remote host but cant telnet, it fails with a message saying "Could not open connection to the host, on port :5667 Connect failed"

[scottwilkerson]

I would run this on the Nagios XI server

Code: Select all

netstat -alnp|grep 5667

if you see

Code: Select all

[list]tcp        0      0 0.0.0.0:5667                0.0.0.0:*                   LISTEN      2061/xinetd[/list]

I would check back with your network team and note the response you got when you performed the telnet command

[HAL]

This is the output i get when i run the above command.

tcp 0 0 :::5667 :::* LISTEN 7773/xinetd

I have checked with my network team and we see the traffic from the remote server crossing the firewall to nagios xi server. we have now checked the nagios server itself and believe its the nsca service which hasn't started as it should be enabling the traffic pass through the port 5667. Also, Do we need to change the permissions or change the owner of any file?

Also, Are Passive checks enabled on nagios by default or do we need to enable it?

[scottwilkerson]

You need to select the decryption method and password at Admin -> Inbound Transfers

Also, you should have "Enable Listener For Unconfigured Objects" checked in
Admin -> Performance Settings -> Subsystem Tab

I believe it is listening fine that is what the netstat I had you run checked..

Can you run this to verify we have the correct setting in iptables on the nagios server

Code: Select all

iptables -L

[HAL]

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[scottwilkerson]

You need to add a rule to your IPtables to allow traffic to port 5667