monitoring remote networks

Kevin Keane subscription at kkeane.com
Wed Mar 18 14:11:17 CET 2009


Mark Weaver wrote:
> How do I use this same Nagios server to monitor remote client networks 
> using the NSClient?
>   
As others have already pointed out, fundamentally, it doesn't matter 
whether the client is on the same network segment, or behind a router.

However, in reality, when you are talking about a "remote" network, most 
of the time you are actually talking about a network that has one or 
more firewalls in front of them. Very often, you have a firewall from 
your local network to the Internet, and a second firewall from the 
Internet to the remote network. And firewalls indeed will interfere with 
with Nagios. Severely.

There are several options for dealing with that:
- Establish a VPN between the local and the remote network. Obviously, 
you can only do that when the two networks completely trust each other. 
Also, if you have several remote networks connecting that way, you may 
inadvertently open security holes between two remote networks.
- Establish an SSH tunnel that just forwards the NRPE requests from the 
local to the remote client. Requires that the remote client trusts you 
enough to establish an SSH connection. Also requires that you have a way 
to monitor the tunnel, and reestablish it if it goes down.
- Open the appropriate ports on the firewalls to allow NRPE traffic 
through. You don't want to do that - monitoring information can be quite 
sensitive, and you don't want it traveling over the Internet in plain text.

There may be more ways to deal with the firewall problem.

The way I solved it is by writing a wrapper around NSClient++ that uses 
NSCA (i.e., passive checks) instead of NRPE, and then wraps the NSCA 
packages in HTTPS. It's primarily for my own in-house use (which is why 
the documentation leaves to be desired), but it is an open source 
project on SourceForge; look for the project name tntmonitoring.

-- 
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About

Office: 866-642-7116
http://www.4nettech.com

This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.


------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list