Back to the main page

Start with Nagios on Solaris10

What is Nagios and why I need it?

It is software for monitoring systems (hosts) and services. It can monitor network services (SMTP, HTTP, NNTP, PING, etc) and host resources (disk/RAM usage, CPU load, etc)

What are requirements?

Of course you need C compiler and TCP/IP configured. 

And yes, you want to use CGI (included in Nagios) for handling dynamic web pages. So you need Apache web server. 

In Apache root directory there is cgi-bin subdirectory (web servers knows that files here has to be executed). Files in cgi-bin can be executable ones or say Perl script.
 
Also you need Boutell's  gd  graphic library (this dynamically creates images, like JPEG ones and is used for creating charts and graphic).

How to monitor remote devices, tell me very shortly (for now)

Monitoring remote Unix machine:  

1. One way (I don't use) is using SSH to execute plug-in on remote machine. This results in high load on Nagios server
2. Using NRPE addon (run this on remote machine, it will run Nagios plug-in and send results back to Nagios server)

Monitoring routers and switches: you can simply ping them or if they support SNMP use check_snmp plug-in. 

What are Public and Private services

Public services are accessible from network and can be monitored without special requirements. They are HTTP, FTP, SSH, POP3, IMAP and others. 

Private services are CPU load, RAM or disk usage and to access them you need agent on remote machine (I already mentioned NRPE and SNMP).

Basically NRPE will use Nagios plug-in (installed on remote host) to collect information about private service. Check great source of plug-ins on  Monitoring Exchange 

About Configuration files

The most important are:

1. Main config file - read by Nagios daemon and CGIs. 
2. Resource File(s) - defines macros, like $USER1$ is defining location of plug-ins. 
3. Object definition files - define hosts, services, hostgroups, contacts, contactgroups, commands, notifications, etc. In Main config file they are defined with "cfg_file". Also define their directories with "cfg_dir".
4. CGI config file - define operation of CGIs and has reference to Main config file. 

Installation

Probably the easiest way to install Nagios (and Nagios plug-in and NRPE) is using pkg-get command. 

Run pkg-get -i nagios (I am taking files from blastwave.org and they offer version 2.10 which is old one but okay for writing this document) and this will install all dependencies: 
CSWapache, CSWcommon, CSWcommon, CSWfreetype, CSWgd, CSWjpeg, CSWiconv, CSWiconv, CSWiconv, CSWlibtool, CSWlibtool, CSWlibtool, CSWmodperl, CSWosslrt, CSWosslrt, CSWperl, CSWperl, CSWpng, CSWpng and CSWzlib

The good thing here is that Nagios is integrated in SMF. 
See how installation should finish (I already had installed NRPE and Nagios plug-in).
## Executing postinstall script.
Configuring service in SMF
nagios is using Service Management Facility.  The FMRI is:
  svc:/application/cswnagios:default
## Not starting nagios - configuration file not found
The Nagios system has been installed but you must update the files in
/opt/csw/nagios/etc/ to reflect your monitoring setup.

Additionally you must make Nagios accessible from your Apache webserver.
The file /opt/csw/apache/conf/httpd-nagios.conf lists the exact configuration
directives required.
Add those lines into your httpd.conf and restart your Apache server.

Installation of < CSWnagios > was successful.
Nagios/NREP integration in SMF Manifest (defines services properties) Method (defined how service restarted interacts with service)
nagios /opt/csw/var/svc/manifest/application/nagios.xml /opt/csw/lib/svc/method/svc-nagios
nrpe /opt/csw/var/svc/manifest/network/nrpe.xml /opt/csw/lib/svc/method/svc-nrpe
For example: see nagios (actually cswnagios) services properties:
# /opt/csw/var/svc/manifest/application> svccfg
svc:> select cswnagios
svc:/application/cswnagios> listprop
general                          framework
general/single_instance          boolean  true
filesystem                       dependency
filesystem/entities              fmri     svc:/system/filesystem/local
filesystem/grouping              astring  require_all
filesystem/restart_on            astring  none
filesystem/type                  astring  service
config-file                      dependency
config-file/entities             fmri     file://localhost/opt/csw/nagios/etc/nagios.cfg
config-file/grouping             astring  require_any
config-file/restart_on           astring  refresh
config-file/type                 astring  path
... show other dependencies ....
start                            method
start/exec                       astring  "/opt/csw/lib/svc/method/svc-nagios start"
start/timeout_seconds            count    30
start/type                       astring  method
... show other methods ...
svc:/application/cswnagios> exit

Nagios Plugins

These are compiled executables or scripts (Perl, shell) that can be run from CLI to check status of host/service. 
Actually they return the code which Nagios use to examine host/service state. 
This means that Nagios has no idea what are Plugins monitoring. 

Basically, you can see how to use plugin with (example):
/opt/csw/libexec/nagios-plugins> ./check_oracle --help

If you want to write own Plugins this table will help you:
Plugin return code Service state Host state
0 OK Up
1 Warning Up or Down/Unreachable (if use_aggresive_host_checking is enabled - takes more time but result is more reliable)
2 Critical Down/Unreachable (define parent/child relationship so Nagios can determine which one of these two)
3 Unknows Down/Unreachable
Blastwave.org offers collection of plugins as package CSWnagiosp (version 1.4). After installation they are located in directory /opt/csw/libexec/nagios-plugins/

Apache adjustment

As "End of Nagios installation" message suggests, Nagios has to be accessible from Apache. 

Do this by adding lines from file /opt/csw/nagios/etc/httpd-nagios.conf to the end of the file /opt/csw/apache/conf/httpd.conf
Restart Apache: 
/etc/init.d> ./cswapache restart
Note: Apache is run by user/group = webservd/webservd. Nagios default page is using HTML frames and in case you want to add your company name/image or something similar go to directory /opt/csw/nagios/share/ and see files like [index|main|side].html

And finally Nagios Configuration

Check the directory /opt/csw/nagios/etc/ for sample files. 

Start with coping sample file to ones you want to edit and use for your system. 
So you will now work with files: cgi.cfg, commands.cfg, localhost.cfg, nagios.cfg and resource.cfg (they are commented well, so read the comments). 

Before you enable Nagios service, edit mentioned files. 
You will do detailed configuration later, for now you just want to check user/group for running Nagios (in nagios.cfg) and set yourself as contact person (in localhost.cfg). 
Default configuration will monitor only local machine. 

Check that there is no any error in configuration files. 
/opt/csw/nagios/bin> ./nagios -v ../etc/nagios.cfg
...... some lines .....
Total Warnings: 0 (you can ignore warnings and start/reset Nagios)
Total Errors:   0 (if you have any, better correct them)
Things look okay - No serious problems were detected during the pre-flight check
Enable Nagios: # svcadm -v enable -r cswnagios You can monitor log file to quickly see errors if they happens and to troubleshoot them easily. # tail -f application-cswnagios:default.log Note: after changing config files, always verify changes with nagios -v configuration-file (as above), and then run "svcadm v restart cswnagios".
Check Nagios statistics with:
/opt/csw/nagios/bin> ./nagiostats

Nagios Stats 2.10
Copyright (c) 2003-2007 Ethan Galstad (www.nagios.org)
Last Modified: 10-21-2007
License: GPL

CURRENT STATUS DATA
----------------------------------------------------
Status File:                          /opt/csw/nagios/var/status.dat
Status File Age:                      0d 0h 0m 13s
Status File Version:                  2.10

Program Running Time:                 0d 0h 30m 58s
Nagios PID:                           9660
Used/High/Total Command Buffers:      0 / 0 / 4096
Used/High/Total Check Result Buffers: 0 / 1 / 4096

Total Services:                       5
- some data -

Total Hosts:                          1
- some data - 

I don't want everyone to see my Nagios - only Mona Lisa

Okay, let's do quick Basic authentication (somewhere else I can talk more about other Apache authentications). 
 
Create password file and add first user. 
/opt/csw/apache/bin> ./htpasswd -c /opt/csw/apache/password/apache-password monalisa
New password:  this password will travel in clear text over network 
Re-type new password:  type password again 
Adding password for user monalisa
-c = create file When adding additional used do not use -c since it will overwrite existing file Set ownership and permissions (only root can write and group that run Apache can read)
/opt/csw/apache/password> ls
-rw-r-----   1 root     webservd      21 Aug 17 15:25 apache-password
Note: in this file password is stored in encrypted form (example: monalisa:cqwsnwCuEAG0k) but travels over network as clear text. You "Basic authentication" Nagios directives in /opt/csw/apache/conf/httpd.conf are (red ones)
    <Directory "/opt/csw/nagios/sbin/">
	AllowOverride AuthConfig
        Options ExecCGI
        Order allow,deny
        Allow from all
        AuthType Basic
        # realm (AuthName) associated with cashed username/passwd
        AuthName "LOGIN TO COMPANY'S NAGIOS 2.1"
        AuthUserFile /opt/csw/apache/password/apache-password
        Require valid-user
    </Directory>
Verify Apache configuration /opt/csw/apache/bin> ./apachectl configtest Reset Apache: # /etc/init.d/cswapache restart or /opt/csw/apache/bin> ./apachectl restart Postscript You also need to add user (monalisa in this case) to be authorized user for accessing different pages controlled by CGI. Check this: /opt/csw/nagios/etc> grep monalisa cgi.cfg authorized_for_system_information=monalisa authorized_for_configuration_information=monalisa authorized_for_system_commands=monalisa authorized_for_all_services=monalisa authorized_for_all_hosts=monalisa authorized_for_all_service_commands=monalisa authorized_for_all_host_commands=monalisa
Back to the main page