Passive service checks not being accepted by primary?

Cliff Riggs cliff at proteris.com
Mon Mar 29 23:18:13 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Thank you for the links to the (rather obvious I thought once it was 
pointed out to me...) search function of the archives! I apologize for 
cluttering the list with something so clear.

I am having a problem with a primary Nagios server accepting passive 
service checks from a remote Nagios server behind a firewall that is 
performing NAT. The remote server is sending checks OK, and using 
tcpdump I can see the checks being accepted by the primary server 
inbound on the interface. The Nagios process however, does not update 
with the results of the passive check.

I will try to provide the relevant information to describe the problem, 
please feel free to prompt me for more.

Both servers are running FreeBSD 5.2.1, Nagios 1.2, and NSCA 2.4. All 
services have been installed from the port collection.

NSCA is being run from inetd per the instructions in the README file in 
/usr/local/docs/nsca/README and the output from a "sockstat -4" shows 
inetd listening on port 5667/tcp.

At this point, NSCA is not using any form of encryption(=0). The 
"allowed_hosts=" is set to the Public NAT IP address of the remote 
nagios server. I have the host to be monitored defined in both the 
primary and remote hosts.cfg file as follows:

Primary:
# 'TEST Router' host definition
define host{
         use                     generic-host            ; Name of host 
template to use

         host_name               cisco-test
         alias                   TEST Router
         address                 <public IP>
         check_command           check-host-alive
         parents                 3660-router
         max_check_attempts      3
         notification_interval   60
         notification_period     24x7
         notification_options    d,u,r
         }

Remote:
# 'TEST Router' host definition
define host{
         use                     generic-host            ; Name of host 
template to use

         host_name               cisco-test
         alias                   TEST Router
         address		192.168.1.1
         check_command           check-host-alive
         parents                 3660-router
         max_check_attempts      3
         notification_interval   60
         notification_period     24x7
         notification_options    d,u,r
         }

The service is also defined on the primary as follows:

Primary:
# Service definition
define service{
         use                             generic-service         ; Name 
of service template to use

         host_name                       cisco-test
         service_description             PING
         active_checks_enabled                   0
         is_volatile                     0
         check_period                    24x7
         max_check_attempts              3
         normal_check_interval           3
         retry_check_interval            1
         contact_groups                  admins
         notification_interval           120
         notification_period             24x7
         notification_options            w,u,c,r
         check_command                   check_ping!100.0,20%!500.0,60%
         }

I have enabled debugging in the NSCA.cfg file, but I am not seeing any 
output either in the nagios.log file or normal syslog output.

To the best of my ability, I have followed the instructions from 
http://nagios.sourceforge.net/docs/1_0/distributed.html knowing that 
they were a revision or two off, but seemed to work well. My suspicion 
is that this passage is particularly relevant to my problem: "The 
central server must have service definitions for all services that are 
being monitored by all the distributed servers. Nagios will ignore 
passive check results if they do not correspond to a service that has 
been defined.", yet I lack the skill to see where I'm falling down.

Any help would be greatly appreciated. I can of course provide more 
configuration information if required. Thank you!

Cliff

- --
- --------------------------------------------
Clifford Riggs
CCIE #9314, CISSP
- --------------------------------------------
Proteris Group LLC
Information Security Consultants
Trust. Expertise. Results.
- --------------------------------------------
www.proteris.com
- --------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAaJKVJ3mHWY7troQRAuI2AJ4i9yTBCobUJIQ8/RXfZOijvc9/egCePECH
4O0IpGvGis/2pN4mbwGr/lQ=
=OKKl
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list