monitor hosts behind firewalls
Jorge Pañeda
jlpaneda at scio.com.mx
Thu Feb 9 20:36:16 CET 2012
Hi,
Ok, I understand your issue. I had the same issue but I fixed.
My infrastructure is as follow:
Nagios Box (external to our local network) --> Internet --> Firewall (Our Gateway) --> Internal Network
In our Internal Network we have many servers being monitored by nagios using passive checks with nsclient++, nrpe and nsca. Some of these servers have two network cards, one with a Public IP and the other with an internal IP. One of these servers with Public IP is a Linux Box. In this Linux Box I installed and configured nrpe and used the check_ping command to ping my internal servers to know if they are alive and then this status is sent to Nagios Box.
In other words, request checks are made from the Nagios Box to the Linux Box and then Linux Box executes the command and checks the internal servers and returns the result to Nagios Box.
To accomplish this I used the links I mentioned below.
Attached you will find some examples of my configurations. Nrpe.cfg file is in Linux Box and Server1.cfg is in Nagios Box.
Also I attached a quick paint drawing trying to give you a better visualization of my infrastructure and configuration.
Other thing I think you can try is to create a script or batch file and use nsclient++ in internal servers to execute it an return a result and sent it to Nagios box through passive checks.
Hope this can help you or at least give you a clue of how can you accomplish what you need. If you have any doubt or I can help in any other way please let me know.
Regards,
Jorge L. Pañeda
Systems Administrator
Scio Consulting | IT & Infrastructure Dept.
Las Cañadas 501 Int. 230 Col. Tres Marías
Morelia, Mich., México Tel. (443) 310-96-01 y (443) 310-96-02 ext. 402
U.S. Phone: 408 404 3897 Ext. 402
www.sciodev.com
-----Original Message-----
From: doug [mailto:goldcup at ix.netcom.com]
Sent: miércoles, 08 de febrero de 2012 06:20 p.m.
To: Nagios Users List
Subject: Re: [Nagios-users] monitor hosts behind firewalls
Thanks Jorge, I am currently monitoring with nrpe, and nsclient without any issues. I just want to cut out the 'active' host checks for the servers behind the firewalls, as all I'm doing with the host alive check is pinging the FW and not the actually host.
-----Original Message-----
From: Jorge Pañeda <jlpaneda at scio.com.mx>
Reply-To: Nagios Users List <nagios-users at lists.sourceforge.net>
To: mail at catsnest.co.uk, 'Nagios Users List'
<nagios-users at lists.sourceforge.net>
Subject: Re: [Nagios-users] monitor hosts behind firewalls
Date: Tue, 7 Feb 2012 10:31:50 -0600
Hi,
You should use check_nrpe for linux boxes and nsca for you windows boxes with nsclient++ . I have configured both in my environment and I’m able to monitor remote host (Windows & Linux) behind firewalls. You can use these guides to accomplish your purposes.
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
http://nagios.sourceforge.net/download/contrib/documentation/misc/NSCA_Setup.pdf
I also recommend you to read these links to understand better how nsca, nrpe and nsclient++ work together. And also the built in checks you can perform with them:
http://www.nsclient.org/nscp/wiki/doc/usage/nagios/nsca
http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe
Hope this help you,
Regards,
Jorge L. Pañeda
Description: Description: scio
Systems Administrator
Scio Consulting | IT & Infrastructure Dept.
Las Cañadas 501 Int. 230 Col. Tres Marías
Morelia, Mich., México Tel. (443) 310-96-01 y (443) 310-96-02 ext. 402
U.S. Phone: 408 404 3897 Ext. 402
www.sciodev.com
From: mail at catsnest.co.uk [mailto:mail at catsnest.co.uk]
Sent: lunes, 06 de febrero de 2012 01:46 p.m.
To: Nagios Users List
Subject: Re: [Nagios-users] monitor hosts behind firewalls
On Mon, Feb 6, 2012 at 5:54 PM, doug <goldcup at ix.netcom.com> wrote:
In templates I see the initial check_command pointing to 'check-host-alive'. If I comment that out for the boxes behind the FW how will nagios react? Or must I replace it with as you suggest a 'dummy check'?
All my monitoring is off-site. I monitor my clients firewalls, servers, workstations, and some routers if they have static ip. I only need 'check-host-alive' for the routers and firewalls, nothing else.
From:
http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host
"check_command: ...If you leave this argument blank, the host will not be actively checked...."
you normally have to fiddle a little with submitting a passive check to make it go green
you might as well use the nrpe check as your hosts check_command in stead of disableing it
it will help with service dependancys so if you loose nrpe assess to your hosts only the host will alert instead each of its services...
Can you give me an example of a dummy check?
#!/bin/bash
echo "dummy OK"
return 0 ;
--
Ritchie
Thanks
-----Original Message-----
From: mail at catsnest.co.uk
Reply-To: mail at catsnest.co.uk, Nagios Users List
<nagios-users at lists.sourceforge.net>
To: Nagios Users List <nagios-users at lists.sourceforge.net>
Subject: Re: [Nagios-users] monitor hosts behind firewalls
Date: Mon, 6 Feb 2012 10:39:26 +0000
On Mon, Feb 6, 2012 at 2:57 AM, doug <goldcup at ix.netcom.com>
wrote:
Hi Everyone,
I currently monitor various hosts behind firewalls,
windows
servers,
linux, and some workstations. I have them all setup as
active
hosts that
nagios pings to indicate they are up. Since they are all
behind
firewalls all I'm doing for host status is in fact just
pinging
the
firewall. I'm a little confused about using passive
checks and
not sure
if this is the right way to go about doing what I want. I
monitor the
firewall and know that is up, and for all those hosts
behind I'm
just
pinging the fw, no need to do that. I use nrpe or
nsclient to
monitor
the services and really that's all I need. Can someone
point me
in the
right direction so I can stop the active host status
pings for
all hosts
behind the firewalls.
If you dont want to open up ping on the firewalls you could
ether have a
dummy hosts check (a check that just returns 0) or have nrpe as
the
hosts check (eg a check that just checks if nrpe is responding,
again an
nrpe check that just returns 0 )
client nrpe command like this
command[check_nrpe_alive]=/patch/script/that/returns.0.sh
Nagios command:
define command{
command_name check_nrpe_alive
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -C
check_nrpe_alive
}
define host{
name behind_firewall
use generic-host
hostgroups +behind_firewall
register 0
}
then a use clause in your host config of behind_firewall
Ritchie
--
<-- http://23.me.uk/2 -->
<--Time flies like an arrow; fruit flies like a banana. -->
Thanks
Doug
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for
Microsoft
developers
is just $99.99! Visual Studio, SharePoint, SQL - plus
HTML5,
CSS3, MVC3,
Metro Style Apps, more. Free future releases when you
subscribe
now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v)
and OS
when reporting any issue.
::: Messages without supporting info will risk being sent
to /dev/null
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft
developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe
now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Nagios-users
mailing list Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users :::
Please include Nagios version, plugin version (-v) and OS when
reporting any issue. ::: Messages without supporting info will
risk being sent to /dev/null
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft
developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe
now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS
when reporting any issue.
::: Messages without supporting info will risk being sent
to /dev/null
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Nagios-users mailing list Nagios-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ping_Internal_Servers.7z
Type: application/octet-stream
Size: 37204 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120209/556449ba/attachment.obj>
-------------- next part --------------
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list