{"id":585,"date":"2016-10-27T10:30:01","date_gmt":"2016-10-27T07:30:01","guid":{"rendered":"http:\/\/helia.ee\/koolitus\/?page_id=585"},"modified":"2016-10-27T16:31:33","modified_gmt":"2016-10-27T13:31:33","slug":"nagios3-install-and-configuration-and-configuration-check","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=585","title":{"rendered":"Nagios3 &#8211; Install and Configuration and Configuration Check"},"content":{"rendered":"<pre>Nagios Installation and Configuration\r\n\r\nNotes:\r\n------\r\n* Commands preceded with \"$\" imply that you should execute the command as\r\n  a general user - not as root.\r\n* Commands preceded with \"#\" imply that you should be working as root.\r\n* Commands with more specific command lines (e.g. \"RTR-GW&gt;\" or \"mysql&gt;\") \r\n  imply that you are executing commands on remote equipment, or within \r\n  another program.\r\n\r\nExercises\r\n---------\r\n\r\nExercises Part I\r\n----------------\r\n\r\n0. Log in to your PC or open a terminal window as the sysadm user.\r\n\r\n1. You may need to install Nagios version 3. You would do this as root or as the sysadmin\r\n   user and use the \"sudo\" command. As sysadm:\r\n\r\n   $ sudo apt-get install nagios3\r\n\r\n   Unless you already have an MTA installed, nagios3 will install\r\n   postfix as a dependency. Select \"Internet Site\" option. (If you had wanted\r\n   to use a different MTA likely you'd install it before nagios3)\r\n\r\n   You will be prompted for nagiosadmin password. Give it the normal\r\n   workshop password.\r\n\r\n   To get the documentation in \/usr\/share\/doc\/nagios3-doc\/html\/ (which\r\n   can also be read via the nagios web interface), do:\r\n\r\n    $ sudo apt-get install nagios3-doc\r\n\r\n   Now lets install the Apaceh web server so that you'll be running some additional\r\n   services for us to monitor.\r\n\r\n    $ sudo apt-get install apache2\r\n\r\n\r\n2. Look at the file which contains the password. It's hashed (encrypted)\r\n\r\n    $ cat \/etc\/nagios3\/htpasswd.users\r\n\r\n\r\n3. You should already have a working Nagios!\r\n\r\n    - Open a browser, and go to\r\n\r\n    http:\/\/pcN.ws.nsrc.org\/nagios3\/\r\n\r\n\tCheck with the instructor or your neighbor if you are in doubt.\r\n\r\n    - At the login prompt, login as:\r\n\r\n        user: nagiosadmin\r\n        pass: \r\n\r\n    Browse to the \"Host Detail\" page to see what's already configured.\r\n\r\n\r\n4. Let's look at the configuration layout... But, first, let's become the root\r\n   user on your machine:\r\n\r\n    $ sudo bash\r\n\r\n    # cd \/etc\/nagios3\r\n    # ls -l \r\n\r\n    -rw-r--r-- 1 root root    1882 2008-12-18 13:42 apache2.conf\r\n    -rw-r--r-- 1 root root   10524 2008-12-18 13:44 cgi.cfg\r\n    -rw-r--r-- 1 root root    2429 2008-12-18 13:44 commands.cfg\r\n    drwxr-xr-x 2 root root    4096 2009-02-14 12:33 conf.d\r\n    -rw-r--r-- 1 root root      26 2009-02-14 12:36 htpasswd.users\r\n    -rw-r--r-- 1 root root   42539 2008-12-18 13:44 nagios.cfg\r\n    -rw-r----- 1 root nagios  1293 2008-12-18 13:42 resource.cfg\r\n    drwxr-xr-x 2 root root    4096 2009-02-14 12:32 stylesheets\r\n\r\n    # cd conf.d\r\n    # ls -l    \r\n\r\n    -rw-r--r-- 1 root root 1695 2008-12-18 13:42 contacts_nagios2.cfg\r\n    -rw-r--r-- 1 root root  418 2008-12-18 13:42 extinfo_nagios2.cfg\r\n    -rw-r--r-- 1 root root 1152 2008-12-18 13:42 generic-host_nagios2.cfg\r\n    -rw-r--r-- 1 root root 1803 2008-12-18 13:42 generic-service_nagios2.cfg\r\n    -rw-r--r-- 1 root root  210 2009-02-14 12:33 host-gateway_nagios3.cfg\r\n    -rw-r--r-- 1 root root  976 2008-12-18 13:42 hostgroups_nagios2.cfg\r\n    -rw-r--r-- 1 root root 2167 2008-12-18 13:42 localhost_nagios2.cfg\r\n    -rw-r--r-- 1 root root 1005 2008-12-18 13:42 services_nagios2.cfg\r\n    -rw-r--r-- 1 root root 1609 2008-12-18 13:42 timeperiods_nagios2.cfg\r\n\r\n    Notice that the package installs files with \"nagios2\" in their name.\r\n    This is because they are the same files as were used for the Nagios\r\n    version 2 Debian package. However there was a change made to the\r\n    host-gateway configuration file, so this has a new name.\r\n\r\n\r\n5. You have a config which is already monitoring your own system\r\n(localhost_nagios2.cfg) and your upstream default gateway\r\n(host-gateway_nagios3.cfg).\r\n\r\nHave a look at the config file for the default gateway: it's very simple.\r\n(Note: tab completion is useful here. Type cat host-g then hit tab; the\r\nfilename will be filled in for you)\r\n\r\n    # cat host-gateway_nagios3.cfg\r\n\r\n    # a host definition for the gateway of the default route\r\n    define host {\r\n            host_name   gateway\r\n            alias       Default Gateway\r\n            address     10.10.0.254\r\n            use         generic-host\r\n            }\r\n\r\n\r\n\r\nPART II\r\nConfiguring Equipment\r\n-----------------------------------------------------------------------------\r\n\r\n0. Order of configuration\r\n\r\nConceptually we will build our configuration files from the \"nearest\" device\r\nthen the further away ones.\r\n\r\nBy going in this order you will have defined the devices that act as parents\r\nfor other devices.\r\n\r\nThe classroom GW router is already defined (10.10.0.254).\r\n\r\n1. First we need to tell Nagios to monitor the gateway for the router instances,\r\n   which is 10.10.254.254 or gw-254.ws.nsrc.org.\r\n\r\n   # cd \/etc\/nagios3\/conf.d\/\r\n\r\nCreate the routers gateway like this:\r\n\r\n   # editor routers.cfg\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   gw-254\r\n    alias       Routers Gateway\r\n    address     10.10.254.254\r\n    parents     gateway\r\n}\r\n\r\nExit and save this file.\r\n\r\n*NOTE* - \"gateway\" is the same machine as gw.ws.nsrc.org. Nagios has simply given\r\nthis machine the name \"gateway\". While it's nice to have the host_name mactch the \r\nname in DNS it is not strictly necessary. This will be our only exception.\r\n\r\n\r\n2. the final parent we have in our network is our backbone switch. Create\r\n   a file called switches.cfg and add an entry for this item:\r\n\r\n   # editor switches.cfg\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   sw\r\n    alias       Backbone Switch\r\n    address     10.10.0.253\r\n    parents     gateway\r\n}\r\n\r\nAt this point Nagios is configured to monitor whether our core hosts (the parents) \r\nare up on our classroom network. Your next steps are to add in the individual hosts\r\nsuch as the classroom virtual PC images (pc1 to pc26), the Wireless Access Points\r\n(ap1 and ap2), the virtual router images (r1 through r26) and the classroom noc\r\nhost.\r\n\r\nBe sure you add in a proper \"parents\" entry for each host.\r\n\r\nTo understand the parent relationship in our network review the logical \r\nnetwork diagram located here:\r\n\r\n\thttp:\/\/nocws.nsrc.org\/wiki\/wiki\/NetworkDiagram\r\n\r\nNote the Nagios parent bullet points:\r\n\r\nNagios Parent Relationships \r\n\r\nParents are \"gw\", \"sw\" and \"gw-254\". The parent relations are:\r\n\r\n    * gw is the parent of sw and gw-254\r\n    * gw-254 is the parent of r1 through r26\r\n    * sw is the parent of s0, s1, s2, ap1, ap2, noc and pc1 through pc26 \r\n\r\n\r\n\r\nSTEPS 2a - 2c SHOULD BE REPEATED WHENEVER YOU UPDATE THE CONFIGURATION!\r\n    \r\n\r\n2a. Verify that your configuration files are OK:\r\n\r\n    # nagios3 -v \/etc\/nagios3\/nagios.cfg \r\n\r\n    ... You should get :\r\nWarning: Host 'bb-sw' has no services associated with it!\r\nWarning: Host 'bb-gw' has no services associated with it!\r\n...\r\nTotal Warnings: 2\r\nTotal Errors:   0\r\n\r\nThings look okay - No serious problems were detected during the check.\r\nNagios is saying that it's unusual to monitor a device just for its\r\nexistence on the network, without also monitoring some service.\r\n\r\n\r\n2b. Reload\/Restart Nagios\r\n\r\n    # \/etc\/init.d\/nagios3 restart\r\n\r\nNot always 100% reliable to use the \"restart\" option due to a bug in the Nagios init script.\r\nTo be sure you may want to get used to doing:\r\n\r\n    # \/etc\/init.d\/nagios3 stop\r\n    # \/etc\/init.d\/nagios3 start\r\n\r\n\r\n2c. Go to the web interface (http:\/\/pcN.ws.nsrc.org\/nagios3) and check that the hosts \r\n   you just added are now visible in the interface. Click on the \"Host Detail\" item\r\n   on the left of the Nagios screen to see this. You may see it in \"PENDING\"\r\n   status until the check is carried out.\r\n\r\n\r\nHINT: You will be doing this a lot. If you do it all on one line, like this,\r\nthen you can hit cursor-up and rerun all in one go:\r\n\r\n    nagios3 -v \/etc\/nagios3\/nagios.cfg &amp;&amp; \/etc\/init.d\/nagios3 restart\r\n\r\nThe '&amp;&amp;' ensures that the restart only happens if the config is valid.\r\n\r\n\r\n3. Create entries for ther routers and PCs in the classroom\r\n\r\nNow that we have our routers and switches defined it is quite easy to create\r\nentries for all our PCs.  Think about the parent relationships:\r\n\r\nRemember, if you do not understand the parent relationship refer back to the\r\nclassroom network diagram here:\r\n\r\n\thttp:\/\/noc.ws.nsrc.org\/wiki\/wiki\/NetworkDiagram\r\n\r\nBelow are three sample entries. One for the NOC, one for pc1 and one for\r\npc26.  You should be able to use this example to create entries for all\r\nclassroom PCs plus the NOC.\r\n\r\nWe could put these entries in to separate files, but as our network is small\r\nwe'll use a single file called pcs.cfg.\r\n\r\nNOTE! You do not add in an entry for your own PC or router. This has already\r\nbeen defined in the file \/etc\/nagios3\/conf.d\/localhost_nagios2.cfg.  This\r\ndefinition is what defines the Nagios network viewpoint. So, when you come to\r\nthe spot where you might add an entry for your PC you should skip this and go\r\non to the next PC in the list.\r\n\r\n\t# editor pcs.cfg\r\n\t\r\n# Our classroom NOC\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   noc\r\n    alias       Workshop NOC machine\r\n    address     10.10.0.250\r\n    parents     sw\r\n}\r\n\r\n# PCs\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   pc1\r\n    alias       pc1\r\n    address     10.10.0.1\r\n    parents     sw\r\n}\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   pc26\r\n    alias       pc26\r\n    address     10.10.0.26\r\n    parents     sw\r\n}\r\n\r\nTake the three entries above and now expand this to create the remaining\r\nentries for all active PCs. That is, fill in for PCs 2 through 25 (rememember to \r\nskip your PC).\r\n\r\n\r\nExit and save the file pcs.cfg\r\n\r\nAs before, repeat steps 2a-2c to verify your configuration, correct any\r\nerrors, and activate it.\r\n\r\n\r\n\r\n4. Now configure Nagios to start monitoring the multiple router instances\r\n   we have available. These are from 10.10.254.1 through 10.10.254.26.\r\n\r\nLet's create the first router in our file called routers.cfg. Add this line\r\nto the bottom of the file:\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   r1\r\n    alias       router 1\r\n    address     10.10.254.1\r\n    parents     gw-254\r\n}\r\n\r\nNow create the remaining routers 2-26. Or, just create a few if you don't\r\nwant to spend too long on this particular part of the exercise. But, remember\r\nwhich router instances you have defined!\r\n\r\nSecond router:\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   r2\r\n    alias       router 2\r\n    address     10.10.254.2\r\n    parents     gw-254\r\n}\r\n\r\nRepeat this until router number 26:\r\n\r\ndefine host {\r\n    use         generic-host\r\n    host_name   r26\r\n    alias       router 26\r\n    address     10.10.254.26\r\n    parents     gw-254\r\n}\r\n\r\nSave the file.\r\n\r\n\r\n5. Look at your Nagios instance on the web. Note that \"Status Map\" gives\r\nyou a graphical view of the parent-child relationships you have defined.\r\n\r\n\r\nPART III\r\nConfigure Service check for the classroom NOC\r\n-----------------------------------------------------------------------------\r\n\r\n0. Configuring\r\n\r\nNow that we have our hardware configured we can start telling Nagios what services to monitor\r\non the configured hardware, how to group the hardware in interesting ways, how to group\r\nservices, etc.\r\n\r\n1. Associate a service check for our classroom NOC\r\n\r\n    # joe hostgroups_nagios2.cfg\r\n\r\n    - Find the hostgroup named \"ssh-servers\". In the members section of the defintion \r\n      change the line:\r\n\r\nmembers\t\t\tlocalhost\r\n\r\n    to\r\n\r\nmembers\t\t\tlocalhost,noc\r\n\r\nExit and save the file. \r\n\r\nVerify that your changes are OK:\r\n\r\n\t# nagios3 -v \/etc\/nagios3\/nagios.cfg\r\n\t\r\nRestart Nagios to see the new service assocation with your host:\r\n\r\n\t# \/etc\/init.d\/nagios3 restart\r\n\r\nClick on the \"Service Detail\" link in the Nagios web interface to see your new entry.\r\n\r\n\r\nPART IV\r\nDefining Services for all PCs\r\n-----------------------------------------------------------------------------\r\n\r\n0. For services, the default normal_check_interval is 5 (minutes) in\r\n   generic-service_nagios2.cfg. You may wish to change this to 1 to speed up\r\n   how quickly service issues are detected, at least in the workshop.\r\n\r\n1. Determine what services to define for what devices\r\n\r\n   - This is core to how you use Nagios and network monitoring tools in \r\n     general. So far we are simply using ping to verify that physical hosts\r\n     are up on our network and we have started monitoring a single service on\r\n     a single host (your PC). The next step is to decide what services you wish\r\n     to monitor for each host in the classroom.\r\n\r\n   - In this particular class we have:\r\n\r\n     routers:  running ssh and snmp \r\n     switches: running telnet and possibly ssh as well as snmp\r\n     pcs:      All PCs are running ssh and http and should be running snmp\r\n               The NOC is currently running an snmp daemon\r\n              \r\n     So, let's configure Nagios to check for these services for these \r\n     devices.\r\n\r\n2.) Verify that SSH is running on the routers and workshop PCs images\r\n\r\n   - In the file services_nagios2.cfg there is already an entry for the SSH \r\n     service check, so you do not need to create this step. Instead, you \r\n     simply need to re-define the \"ssh-servers\" entry in the file\r\n     \/etc\/nagios3\/conf.d\/hostgroups_nagios2.cfg. The initial entry in the file\r\n     looked like:\r\n\r\n# A list of your ssh-accessible servers\r\ndefine hostgroup {\r\n        hostgroup_name  ssh-servers\r\n                alias           SSH servers\r\n                members         localhost,noc\r\n        }\r\n\r\n     What do you think you should change? Correct, the \"members\" line. You should\r\n     add in entries for all the classroom pcs, routers and  the switches that run ssh. \r\n     With this information and the network diagram you should be able complete this entry.\r\n     \r\n     The entry will look something like this:\r\n\r\ndefine hostgroup {\r\n        hostgroup_name  ssh-servers\r\n                alias           SSH servers\r\n                members         localhost,pc1,pc2,pc3,pc4....,noc,ap1,ap2,r1,r2,r3....\r\n        }\r\n\r\n  \t Note: leave in \"localhost\" - This is your PC and represents Nagios' network point of\r\n  \t view. So, for instance, if you are on \"pc3\" you would not include \"pc3\" in the list\r\n  \t of all the classroom pcs as it is represented by the \"localhost\" entry.\r\n  \t \r\n  \t The \"members\" entry will be a long line and will likely wrap on the screen.\r\n\r\n         Remember to include all your PCs and all your routers that you have defined. Do no\r\n         include any entries if they are not already defined in pcs.cfg, switches.cfg or\r\n         routers.cfg.\r\n\r\n    - Once you are done, run the pre-flight check:\r\n\r\n    # nagios3 -v \/etc\/nagios3\/nagios.cfg\r\n\r\n    If everything looks good, then restart Nagios \r\n\r\n    # \/etc\/init.d\/nagios3 stop\r\n    # \/etc\/init.d\/nagios3 start\r\n\r\n    and view your changes in the Nagios web interface.\r\n\r\n3.) Check that http is running on all the classroom PCs. \r\n\r\n    - This is almost identical to the previous exercise. Just make the change to the\r\n      HTTP service adding in each PC (no routers or switches). Remember, you don't need\r\n      to add your machine as it is already defined as \"localhost\".      \r\n\r\n4.)  OPTIONAL EXTRA: as opposed to just checking that a web server is\r\n     running on the classroom PCs, you could also check that the nagios3\r\n     service is available, by requesting the \/nagios3\/ path. This means\r\n     passing extra options to the check_http plugin.\r\n\r\n     For a description of the available options, type this:\r\n\r\n      # \/usr\/lib\/nagios\/plugins\/check_http\r\n      # \/usr\/lib\/nagios\/plugins\/check_http --help\r\n\r\n     and of course you can browse the online nagios documentation or google\r\n     for information on check_http. You can even run the plugin by hand to\r\n     perform a one-shot service check:\r\n\r\n     # \/usr\/lib\/nagios\/plugins\/check_http -H localhost -u \/nagios3\/\r\n\r\n     So the goal is to configure nagios to call check_http in this way.\r\n\r\ndefine command{\r\n        command_name    check_http_arg\r\n        command_line    \/usr\/lib\/nagios\/plugins\/check_http -H '$HOSTADDRESS$' $ARG1$\r\n        }\r\n\r\ndefine service {\r\n        hostgroup_name                  nagios-servers\r\n        service_description             NAGIOS\r\n        check_command                   check_http_arg!-u \/nagios3\/\r\n        use                             generic-service\r\n}\r\n\r\n     and of course you'll need to create a hostgroup called nagios-servers to\r\n     link to this service check.\r\n\r\n     Once you have done this, check that Nagios warns you about failing\r\n     authentication (because it's trying to fetch the page without providing\r\n     the username\/password). There's an extra parameter you can pass to\r\n     check_http_arg to provide that info, see if you can find it.\r\n\r\n      WARNING: in the tradition of \"Debian Knows Best\", their definition of the\r\n      check_http command in \/etc\/nagios-plugins\/config\/http.cfg\r\n      is *not* the same as that recommended in the nagios3 documentation.\r\n      It is missing $ARG1$, so any parameters to pass to check_http are\r\n      ignored. So you might think you are monitoring \/nagios3\/ but actually\r\n      you are monitoring root!\r\n\r\n     This is why we had to make a new command definition \"check_http_arg\".\r\n     You could make a more specific one like \"check_nagios\", or you could\r\n     modify the Ubuntu check_http definition to fit the standard usage.\r\n\r\n\r\n\r\nPART V\r\nCreate More Host Groups\r\n-----------------------------------------------------------------------------\r\n\r\n0. In the web view, look at the pages \"Hostgroup Overview\", \"Hostgroup\r\n   Summary\", \"Hostgroup Grid\". This gives a convenient way to group together\r\n   hosts which are related (e.g. in the same site, serving the same purpose).\r\n\r\n1. Update \/etc\/nagios3\/conf.d\/hostgroups_nagios2.cfg\r\n\r\n    - For the following exercises it will be very useful if we have created\r\n      or update the following hostgroups:\r\n\r\n      debian-servers\r\n      routers\r\n      switches\r\n \r\n      If you edit the file \/etc\/nagios3\/conf.d\/hostgroups_nagios2.cfg you\r\n      will see an entry for debian-servers that just contains localhost. \r\n      Update this entry to include all the classroom PCs, including the\r\n      noc (this assumes that you created a \"noc\" entry in your pcs.cfg\r\n      file). Remember to skip your PC entry as it is represented by the\r\n      localhost entry.\r\n\r\n    # editor \/etc\/nagios3\/conf.d\/hostgroups_nagios2.cfg\r\n\r\n     Update the entry that says:\r\n\r\n\r\n# A list of your Debian GNU\/Linux servers\r\ndefine hostgroup {\r\n        hostgroup_name  debian-servers\r\n                alias           Debian GNU\/Linux Servers\r\n                members         localhost\r\n        }\r\n      \r\n      So that the \"members\" parameter contains something like this. Use your\r\n      classroom network diagram to confirm the exact number of machines and names\r\n      in your workshop.\r\n\r\n                members         localhost,pc1,pc2,pc3,pc4,pc5,pc6,pc7,pc8,pc9\r\n                                pc10,pc11,pc12,pc13,pc14,pc15,pc16,pc17,pc18,\r\n                                pc19,pc20,pc21,pc22,pc23,pc24,pc25,pc26\r\n\r\n        Be sure that the line wraps and is not on two separate lines. Otherwise\r\n        you will get an error when you go to restart Nagios. Remember that\r\n        your own PC is \"localhost\".\r\n\r\n      - Once you have done this, add in two more host groups, one for routers and \r\n        one for switches. Call these entries \"routers\" and \"switches\".\r\n\r\n      - When you are done be sure to verify your work and restart Nagios.\r\n  \r\n2. Go back to the web interface and look at your new hostgroups\r\n\r\n\r\nPART VI\r\nExtended Host Information (\"making your graphs pretty\")\r\n-----------------------------------------------------------------------------\r\n\r\n1. Update extinfo_nagios2.cfg \r\n\r\n    - If you would like to use appropriate icons for your defined hosts in\r\n      Nagios this is where you do this. We have the three types of devices:\r\n\r\n      Cisco routers\r\n      Cisco switches\r\n      Ubuntu servers\r\n\r\n      There is a fairly large repository of icon images available for you to\r\n      use located here:\r\n\r\n      \/usr\/share\/nagios\/htdocs\/images\/logos\/\r\n\r\n      these were installed by default as dependent packages of the nagios3\r\n      package in Ubuntu. In some cases you can find model-specific icons for\r\n      your hardware, but to make things simpler we will use the following \r\n      icons for our hardware:\r\n\r\n      \/usr\/share\/nagios\/htodcs\/images\/logos\/base\/debian.*\r\n      \/usr\/share\/nagios\/htdocs\/images\/logos\/cook\/router.*\r\n      \/usr\/share\/nagios\/htdocs\/images\/logos\/cook\/switch.*\r\n\r\n    - The next step is to edit the file \/etc\/nagios3\/conf.d\/extinfo_nagios2.cfg\r\n      and tell nagios what image you would like to use to represent your devices.\r\n\r\n    # editor \/etc\/nagios3\/conf.d\/extinfo_nagios2.cfg\r\n\r\n      Here is what an entry for your routers looks like (there is already an entry\r\n      for debian-servers that will work as is). Note that the router model (3600) \r\n      is not all that important. The image used represents a router in general.\r\n\r\ndefine hostextinfo {\r\n        hostgroup_name   routers \r\n        icon_image       cook\/router.png\r\n        icon_image_alt   Cisco Routers (3600) \r\n        vrml_image       router.png \r\n        statusmap_image  cook\/router.gd2\r\n}\r\n\r\n      Now add an entry for your switches. Once you are done check your\r\n      work and restart Nagios. Take a look at the Status Map in the web interface.\r\n      It should be much nicer, with real icons instead of question marks.\r\n\r\n\r\nPART VII\r\nCreate Service Groups\r\n-----------------------------------------------------------------------------\r\n\r\n1. Create service groups for ssh and http for each set of pcs.\r\n\r\n   - The idea here is to create three service groups. Each service group will\r\n     be for a quarter of the classroom. We want to see these PCs grouped together\r\n     and include status of their ssh and http services. To do this edit\r\n     and create the file:\r\n\r\n   # editor \/etc\/nagios3\/conf.d\/servicegroups.cfg\r\n\r\n     Here is a sample of the service group for group 1:\r\n\r\ndefine servicegroup {\r\n\tservicegroup_name\tgroup1-servers\r\n\talias\t\t\tgroup 1 servers\r\n\tmembers\t\t\tpc1,SSH,pc1,HTTP,pc2,SSH,pc2,HTTP,pc3,SSH,pc3,HTTP,pc4,SSH,pc4\r\n        }\r\n\r\n\t- Note that the members line should wrap and not be on two lines.\r\n\t\r\n\t- Note that \"SSH\" and \"HTTP\" need to be uppercase as this is how the service_description is\r\n\t  written in the file \/etc\/nagios3\/conf.d\/services_nagios2.cfg\r\n\t  \r\n\t- You should create an entry for other groups of servers too\r\n\r\n    - Save your changes, verify your work and restart Nagios. Now if you click on\r\n      the Servicegroup menu items in the Nagios web interface you should see\r\n      this information grouped together. \r\n\r\n\r\n\r\nPART VIII\r\nConfigure Guest Access to the Nagios Web Interface\r\n-----------------------------------------------------------------------------\r\n\r\n1. Edit \/etc\/nagios3\/cgi.cfg to give read-only guest user access to the Nagios \r\n   web interface.\r\n\r\n    - By default Nagios is configured to give full r\/w access via the Nagios\r\n      web interface to the user nagiosadmin. You can change the name of this\r\n      user, add other users, change how you authenticate users, what users\r\n      have access to what resources and more via the cgi.cfg file.\r\n\r\n    - First, lets create a \"guest\" user and password in the htpasswd.users\r\n      file.\r\n      \r\n    # htpasswd \/etc\/nagios3\/htpasswd.users guest\r\n\r\n      You can use any password you want (or none). A password of \"guest\" is \r\n      not a bad choice.\r\n\r\n    - Next, edit the file \/etc\/nagios3\/cgi.cfg and look for what type of access\r\n      has been given to the nagiosadmin user. By default you will see the following \r\n      directives (note, there are comments between each directive):\r\n\r\n      authorized_for_system_information=nagiosadmin\r\n      authorized_for_configuration_information=nagiosadmin\r\n      authorized_for_system_commands=nagiosadmin\r\n      authorized_for_all_services=nagiosadmin\r\n      authorized_for_all_hosts=nagiosadmin\r\n      authorized_for_all_service_commands=nagiosadmin\r\n      authorized_for_all_host_commands=nagiosadmin\r\n\r\n      Now let's tell Nagios to allow the \"guest\" user some access to \r\n      information via the web interface. You can choose whatever you would\r\n      like, but what is pretty typical is this:\r\n\r\n      authorized_for_system_information=nagiosadmin,guest\r\n      authorized_for_configuration_information=nagiosadmin,guest\r\n      authorized_for_system_commands=nagiosadmin\r\n      authorized_for_all_services=nagiosadmin,guest\r\n      authorized_for_all_hosts=nagiosadmin,guest\r\n      authorized_for_all_service_commands=nagiosadmin\r\n      authorized_for_all_host_commands=nagiosadmin\r\n\r\n    - Once you make the changes, save the file cgi.cfg, verify your \r\n      work and restart Nagios. \r\n\r\n    - To see if you can log in as the \"guest\" user you may need to clear \r\n      the cookies in your web browser. You will not notice any difference\r\n      in the web interface. The difference is that a number of items that\r\n      are available via the web interface (forcing a service\/host check, \r\n      scheduling checks, comments, etc.) will not work for the guest \r\n      user.\r\n\r\n\r\nOPTIONAL\r\n--------\r\n\r\n* Check that SNMP is running on the classroom NOC\r\n\r\n    - First you will need to add in the appropriate service check for SNMP in the file\r\n      \/etc\/nagios3\/conf.d\/services_nagios2.cfg. This is where Nagios is impressive. There\r\n      are hundreds, if not thousands, of service checks available via the various Nagios\r\n      sites on the web. You can see what plugins are installed by Ubuntu in the nagios3\r\n      package that we've installed by looking in the following directory:\r\n\r\n    # ls \/usr\/lib\/nagios\/plugins\r\n\r\n      As you'll see there is already a check_snmp plugin available to us. If you are \r\n      interested in the options the plugin takes you can execute the plugin from the\r\n      command line by typing:\r\n\r\n    # \/usr\/lib\/nagios\/plugins\/check_snmp\r\n    # \/usr\/lib\/nagios\/plugins\/check_snmp --help \r\n\r\n      to see what options are available, etc. You can use the check_snmp plugin and\r\n      Nagios to create very complex or specific system checks.\r\n\r\n    - Now to see all the various service\/host checks that have been created using the\r\n      check_snmp plugin you can look in \/etc\/nagios-plugins\/config\/snmp.cfg. You will\r\n      see that there are a lot of preconfigured checks using snmp, including:\r\n\r\n      snmp_load\r\n      snmp_cpustats\r\n      snmp_procname\r\n      snmp_disk\r\n      snmp_mem\r\n      snmp_swap\r\n      snmp_procs\r\n      snmp_users\r\n      snmp_mem2\r\n      snmp_swap2\r\n      snmp_mem3\r\n      snmp_swap3\r\n      snmp_disk2\r\n      snmp_tcpopen\r\n      snmp_tcpstats\r\n      snmp_bgpstate\r\n      check_netapp_uptime\r\n      check_netapp_cupuload\r\n      check_netapp_numdisks\r\n      check_compaq_thermalCondition\r\n      \r\n      And, even better, you can create additional service checks quite easily.\r\n      For the case of verifying that snmpd (the SNMP service on Linux) is running we\r\n      need to ask SNMP a question. If we don't get an answer, then Nagios can assume\r\n      that the SNMP service is down on that host. When you use service checks such as\r\n      check_http, check_ssh and check_telnet this is what they are doing as well.\r\n\r\n    - In our case, let's create a new service check and call it \"check_system\". This\r\n      service check will connect with the specified host, use the private community \r\n      string we have defined in class and ask a question of snmp on that ask - in this\r\n      case we'll ask about the System Description, or the OID \"sysDescr.0\" -\r\n\r\n    - To do this start by editing the file \/etc\/nagios-plugins\/config\/snmp.cfg:\r\n\r\n    # joe \/etc\/nagios-plugins\/config\/snmp.cfg\r\n\r\n      At the top (or the bottom, your choice) add the following entry to the file:\r\n\r\n# 'check_system' command definition\r\ndefine command{\r\n       command_name    check_system\r\n       command_line    \/usr\/lib\/nagios\/plugins\/check_snmp -H '$HOSTADDRESS$' -C\r\n'$ARG1$' -o sysDescr.0\r\n        }\r\n      \r\n      You may wish to copy and paste this vs. trying to type this out.\r\n\r\n\t  Note that \"command_line\" is a single line. If you copy and paste in joe the line\r\n\t  may not wrap properly and you may have to manually add the part:\r\n\t  \r\n\t  \t\t'$ARG1$' -o sysDescr.0\r\n\t  \t\t\r\n\t  to the end of the line.\r\n\r\n    - Now you need to edit the file \/etc\/nagios3\/conf.d\/services_nagios2.cfg and add\r\n      in this service check. We'll run this check against all our servers in the \r\n      classroom, or the hostgroup \"debian-servers\"\r\n\r\n    - Edit the file \/etc\/nagios3\/conf.d\/services_nagios2.cfg\r\n\r\n    # joe \/etc\/nagios3\/conf.d\/services_nagios2.cfg\r\n\r\n      At the bottom of the file add the following definition:\r\n\r\n# check that snmp is up on all servers\r\ndefine service {\r\n        hostgroup_name                  snmp-servers\r\n        service_description             SNMP\r\n        check_command                   check_system!xxxxxx\r\n        use                             generic-service\r\n        notification_interval           0 ; set &gt; 0 if you want to be renotified\r\n}\r\n\r\n      The \"xxxxxx\" is the community string previously (or to be) defined in class.\r\n     \r\n      Note that we have included our private community string here vs. hard-coding\r\n      it in the snmp.cfg file earlier. You must change the \"xxxxx\" to be the snmp\r\n      community string given in class or this check will not work.\r\n      \r\n    - Now we must create the \"snmp-servers\" group in our hostgroups_nagios2.cfg file. \r\n      Edit the file \/etc\/nagios3\/conf.d\/hostgroups_nagios2.cfg and go to the end of the\r\n      file. Add in the following hostgroup definition:\r\n      \r\n# A list of snmp-enabled devices on which we wish to run the snmp service check\r\ndefine hostgroup {\r\n\t   hostgroup_name\tsnmp-servers\r\n\t           alias\tsnmp servers\r\n\t           members\tnoc\r\n\t  }\r\n\t  \r\n\t- Note that for \"members\" you could, also, add in the switches and routers for\r\n\t  group 1 and 2. But, the particular item (MIB) we are checking for \"sysDescr.0\"\r\n\t  may not be available on the switches and\/or routers, so the check would then fail.\r\n\r\n    - Now verify that your changes are correct and restart Nagios.\r\n\r\n    - If you click on the Service Detail menu choice in web interface you should see\r\n      the SNMP check appear for the noc host.\r\n      \r\n    - After we do the SNMP presentation and exercises in class, then you could come\r\n      back to this exercise and add in all the classroom PCs to the members list in the\r\n      hostgroups_nagios2.cfg file, snmp-servers hostgroup definition. Remember to list\r\n      your PC as \"localhost\".\r\n\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Nagios Installation and Configuration Notes: &#8212;&#8212; * Commands preceded with &#8220;$&#8221; imply that you should execute the command as a general user &#8211; not as root. * Commands preceded with &#8220;#&#8221; imply that you should be working as root. * Commands with more specific command lines (e.g. &#8220;RTR-GW&gt;&#8221; or &#8220;mysql&gt;&#8221;) imply that you are executing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":581,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-585","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=585"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/585\/revisions"}],"predecessor-version":[{"id":586,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/585\/revisions\/586"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/581"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}