Book Image

Nagios Core Administration Cookbook

By : Tom Ryder
Book Image

Nagios Core Administration Cookbook

By: Tom Ryder

Overview of this book

Network monitoring requires significantly more than just pinging hosts. This cookbook will help you to comprehensively test your networks' major functions on a regular basis."Nagios Core Administration Cookbook" will show you how to use Nagios Core as a monitoring framework that understands the layers and subtleties of the network for intelligent monitoring and notification behaviour. Nagios Core Administration Guide introduces the reader to methods of extending Nagios Core into a network monitoring solution. The book begins by covering the basic structure of hosts, services, and contacts and then goes on to discuss advanced usage of checks and notifications, and configuring intelligent behaviour with network paths and dependencies. The cookbook emphasizes using Nagios Core as an extensible monitoring framework. By the end of the book, you will learn that Nagios Core is capable of doing much more than pinging a host or to check if websites respond.

Related Content you might be interested in

Current Title:

Small book image
Nagios Core Administration Cookbook
Tom Ryder
Jan, 2013 | 366 pages
No titles found
Table of Contents (18 chapters)
Nagios Core Administration Cookbook
Nagios Core Administration Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Understanding Hosts, Services, and Contacts
Understanding Hosts, Services, and Contacts
Introduction
Creating a new network host
Creating a new HTTP service
Creating a new e-mail contact
Verifying configuration
Creating a new hostgroup
Creating a new servicegroup
Creating a new contactgroup
Creating a new time period
Running a service on all hosts in a group
2
Working with Commands and Plugins
Working with Commands and Plugins
Introduction
Finding a plugin
Installing a plugin
Removing a plugin
Creating a new command
Customizing an existing command
Using an alternative check command for hosts
Writing a new plugin from scratch
3
Working with Checks and States
Working with Checks and States
Introduction
Specifying how frequently to check a host or service
Changing thresholds for PING RTT and packet loss
Changing thresholds for disk usage
Scheduling downtime for a host or service
Managing brief outages with flapping
Adjusting flapping percentage thresholds for a service
4
Configuring Notifications
Configuring Notifications
Introduction
Configuring notification periods
Configuring notification for groups
Specifying which states to be notified about
Tolerating a certain number of failed checks
Automating contact rotation
Defining an escalation for repeated notifications
Defining a custom notification method
5
Monitoring Methods
Monitoring Methods
Introduction
Monitoring PING for any host
Monitoring SSH for any host
Checking an alternative SSH port
Monitoring mail services
Monitoring web services
Checking that a website returns a given string
Monitoring database services
Monitoring the output of an SNMP query
Monitoring a RAID or other hardware device
Creating an SNMP OID to monitor
6
Enabling Remote Execution
Enabling Remote Execution
Introduction
Monitoring local services on a remote machine with NRPE
Setting the listening address for NRPE
Setting allowed client hosts for NRPE
Creating new NRPE command definitions securely
Giving limited sudo privileges to NRPE
Using check_by_ssh with key authentication instead of NRPE
7
Using the Web Interface
Using the Web Interface
Introduction
Using the Tactical Overview
Viewing and interpreting availability reports
Viewing and interpreting trends
Viewing and interpreting notification history
Adding comments on hosts or services in the web interface
Viewing configuration in the web interface
Scheduling checks from the web interface
Acknowledging a problem via the web interface
8
Managing Network Layout
Managing Network Layout
Introduction
Creating a network host hierarchy
Using the network map
Choosing icons for hosts
Establishing a host dependency
Establishing a service dependency
Monitoring individual nodes in a cluster
Using the network map as an overlay
9
Managing Configuration
Managing Configuration
Introduction
Grouping configuration files in directories
Keeping configuration under version control
Configuring host roles using groups
Building groups using regular expressions
Using inheritance to simplify configuration
Defining macros in a resource file
Dynamically building host definitions
10
Security and Performance
Security and Performance
Introduction
Requiring authentication for the web interface
Using authenticated contacts
Writing debugging information to a Nagios log file
Monitoring Nagios performance with Nagiostats
Improving startup times with pre-cached object files
Setting up a redundant monitoring host
11
Automating and Extending Nagios Core
Automating and Extending Nagios Core
Introduction
Allowing and submitting passive checks
Submitting passive checks from a remote host with NSCA
Submitting passive checks in response to SNMP traps
Setting up an event handler script
Tracking host and service states with Nagiosgraph
Reading status into a MySQL database with NDOUtils
Writing customized Nagios Core reports
Getting extra visualizations with NagVis
Index
Index

Giving limited sudo privileges to NRPE

In this recipe, we'll learn how to deal with the difficulty of execution permissions for NRPE. The majority of the standard Nagios plugins don't require special privileges to run, although this depends on how stringent your system's security restrictions are. However, some of the plugins require being run as root, or perhaps as a user other than nrpe. This is sometimes the case with plugins that need to make requests of system-level resources, such as checking the integrity of RAID arrays.

There are four general approaches to fixing this:

  • Bad: One method is to change the plugins to setuid, meaning that they will always be run as the user who owns them, no matter who executes them. The problem with this is that setting this bit allows anyone to run the program as root, not just nrpe, a very common vector for exploits.

  • Worse: Another method is to run nrpe as root, or as the appropriate user. This is done by changing the nrpe_user and nrpe_group properties...

Previous Section
End of Section 7
Next Section