Passive service checks not being accepted by primary?
Cliff Riggs
cliff at proteris.com
Tue Mar 30 01:25:04 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thank you to Demetri and Marc for the troubleshooting tips.
I have the following configuration in my nagios.cfg file on the primary:
log_passive_service_checks=1
accept_passive_service_checks=1
I forgot to include it, but the 'generic-services' for services on the
primary looks like this:
# Generic service definition template
define service{
name generic-service
active_checks_enabled 1
passive_checks_enabled 1
parallelize_check 1
obsess_over_service 1
check_freshness 0
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
register 0
}
I don't recall making any changes to that section of the services file,
but I did check for the 'passive_checks_enabled' command during my
troubleshooting.
I did create a "check_dummy" command definition and apply it to my
primary host 'check_command' as Demetri suggested, but I did not yet
enable freshness checking as defined in the documentation. My
understanding of the documentation was that this was an add-on to make
sure you are regularly receiving updates from the remote server and not
essential to accepting passive service checks. I look forward to
configuring it when I get this working though!
The remote server does have the 'ocsp_command=submit_check_result'
configured in its .cfg file and as far as I can tell, as posted in my
original email, service checks are being correctly sent to the primary
monitoring server and received in the inbound interface. Speaking of
interfaces, I have also configured the NSCA.cfg file with the
'server_address=' of the IP address of the interface on the monitoring
server.
As for logging, I have syslog-ng configured and I can move messages
around pretty easily. I don't see any logs that look like they are
coming from NSCA, however, judging from the search button episode, I
doubt my ability to find obvious things :)
Thank you for your assistance and patience in this!
Cliff
- --
- --------------------------------------------
Clifford Riggs
CCIE #9314, CISSP
- --------------------------------------------
Proteris Group LLC
Information Security Consultants
Trust. Expertise. Results.
- --------------------------------------------
www.proteris.com
1.877.888.9063
- --------------------------------------------
On Mar 29, 2004, at 4:53 PM, Demetri Mouratis wrote:
> Start here:
>
> http://nagios.sourceforge.net/docs/1_0/distributed.html
>
> And follow the tips inline below.
>
> On Mon, 29 Mar 2004, Cliff Riggs wrote:
>
>> I am having a problem with a primary Nagios server accepting passive
>> service checks from a remote Nagios server behind a firewall that is
>> performing NAT. The remote server is sending checks OK, and using
>> tcpdump I can see the checks being accepted by the primary server
>> inbound on the interface. The Nagios process however, does not update
>> with the results of the passive check.
>
>> Primary:
>> # 'TEST Router' host definition
>> define host{
>> use generic-host ; Name of
>> host
>> template to use
>>
>> host_name cisco-test
>> alias TEST Router
>> address <public IP>
>> check_command check-host-alive
>> parents 3660-router
>> max_check_attempts 3
>> notification_interval 60
>> notification_period 24x7
>> notification_options d,u,r
>> }
>
> You want to change the host check_command on the primary to
> check_dummy.
> At least this was how I configured mine as there was no public IP for
> me
> to check from the Nagios segment of my network, through the firewall,
> to
> the remote hosts on a different segment.
>
>> Remote:
>> # 'TEST Router' host definition
>> define host{
>> use generic-host ; Name of
>> host
>> template to use
>>
>> host_name cisco-test
>> alias TEST Router
>> address 192.168.1.1
>> check_command check-host-alive
>> parents 3660-router
>> max_check_attempts 3
>> notification_interval 60
>> notification_period 24x7
>> notification_options d,u,r
>> }
>
> This is correct except you are not going to do any notifications from
> the
> remote nagios instance so you don't need any of the notification
> options.
>
>> The service is also defined on the primary as follows:
>>
>> Primary:
>> # Service definition
>> define service{
>> use generic-service ;
>> Name
>> of service template to use
>>
>> host_name cisco-test
>> service_description PING
>> active_checks_enabled 0
>> is_volatile 0
>> check_period 24x7
>> max_check_attempts 3
>> normal_check_interval 3
>> retry_check_interval 1
>> contact_groups admins
>> notification_interval 120
>> notification_period 24x7
>> notification_options w,u,c,r
>> check_command
>> check_ping!100.0,20%!500.0,60%
>> }
>>
>
> You want to change this service check_command on the primary to
> service-is-stale as defined in the distributed monitoring
> documentation.
> Make sure to enable accept_passive_service_checks=1.
>
> You then need to above the service definition to the *remote* host and
> use the check_command you have setup immediately above.
>
> Make sure to enable ocsp_command=submit_check_result on the remote
> nagios
> server.
>
> HTH.
> ---------------------------------------------------------------------
> Demetri Mouratis
> dmourati at linfactory.com
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAaLBQJ3mHWY7troQRAuPaAKCrYYohe6k0gTyDZHVp2jaHFw4rEwCfVEJM
6/0A7ZzcVnOX5p2qSYSb6q4=
=ZL4u
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list