Monitoring systems behind a firewall.
Sloane, Robert Raymond
sloane at ku.edu
Fri Jun 25 20:36:55 CEST 2004
Hi All,
I am just getting started with Nagios 1.2, and I need to monitor some
systems that are behind a firewall. There is no network access to these
systems from the Nagios system, so I have to use passive checks to
determine the remote system status. I created the host entry as
follows:
define host {
name generic-host ; The name of this host
template notifications_enabled 1 ; Host notifications are
enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
across program restarts
retain_nonstatus_information 1 ; Retain non-status information
across program restarts
register 0 ; DONT REGISTER THIS DEFINITION
- ITS NOT A REAL HOST, JUST A TEMPLATE!
}
define host {
use generic-host
host_name firewall1
alias test firewall system
address 192.168.1.1
#check_command check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}
and set up the service as:
define service {
name generic-service ; The 'name' of this
service template, referenced in other service definitions
active_checks_enabled 1 ; Active service checks are
enabled
passive_checks_enabled 1 ; Passive service checks are
enabled/accepted
parallelize_check 1 ; Active service checks should
be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this
service (if necessary)
check_freshness 0 ; Default is to NOT check
service 'freshness'
notifications_enabled 1 ; Service notifications are
enabled
event_handler_enabled 1 ; Service event handler is
enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
across program restarts
retain_nonstatus_information 1 ; Retain non-status information
across program restarts
register 0 ; DONT REGISTER THIS DEFINITION
- ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
define service {
use generic-service
host_name firewall1
service_description TESTNSCA
active_checks_enabled 0
passive_checks_enabled 1
check_freshness 1
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups linux-admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_dummy!0
}
The check_dummy command simply returns its argument. Note that active
checks are disabled and that passive checks are enabled, and the
freshness check is turned on. I expected this configuration to require
that the remote system send a status every so often
(freshness_check_interval=600) or be marked as down. It turns out that
the system always appears to be up. If I send a passive service check
saying the system is down, it gets marked as down for one check period
and then comes back up again. As a test, I put "/bin/echo running
>/tmp/checkout" in for the check command, and it appears that the
check_command is running, even though active_checks_enabled is set to 0.
What do I need to do to configure this system so that it only uses the
passive checks? I have nsca working and reporting the system status,
but I don't get any problems reported if nsca fails to report the
status.
--
Bob Sloane, University of Kansas Computer Center, Lawrence, KS, 66045
Email:sloane at ku.edu http://www.ku.edu/home/sloane Phone:(785)864-0444
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list