Adding Radius checks to Nagios

I needed to monitor some of our Companies RADIUS servers. The Nagios server requires a RADIUS client to be setup, this can then interact with the check_radius plugin

Nagios Server = 172.17.17.201

RADIUS Server = 192.168.2.66

Adding Radius checks to Nagios == check_radius

First of all make sure the nagios plugins pack is installed, it will be found in

/usr/lib/nagios/plugins/check_radius

Install radiusclient

Next you need to install the radius client software –

radiusclient-0.3.2-0.2.el5.rf.i386.rpm

Install with

rpm -ivh radiusclient-0.3.2-0.2.el5.rf.i386.rpm

Now that’s installed you need to edit some of its config files –

/etc/radiusclient/radiusclient.conf

and

/etc/radiusclient/servers

radiusclient.conf

change the “authserver”

authserver 192.168.2.66

then run –

chown -R nagios:nagios /etc/radiusclient/radiusclient.conf

This makes sure nagios can excute the check_radius command as this file is included in the check_radius command

radiusclient/servers

Add in the server host or IP and the sercret key

#Server Name or Client/Server pair Key

#—————- —————

#portmaster.elemental.net hardlyasecret

#portmaster2.elemental.net donttellanyone

192.168.2.66 testing123

Then run the command below to setup ther permissions so nagios can read the servers file

chown -R nagios:nagios /etc/radiusclient/servers

Adding to Nagios

Add the command into commands.cfg

/usr/lib/nagios/plugins/check_radius -H 192.168.2.66 -F /etc/radiusclient/radiusclient.conf -u xonetest -p xonetest -P 1812

This is what I have in the config file

define command{

command_name check_radius

command_line /usr/lib/nagios/plugins/check_radius -H 192.168.2.66 -F /etc/radiusclient/radiusclient.conf -u xonetest -p xonetest -P 1812

}

Add to localhost.cfg

define service{

use local-service ; Name of service template to use

host_name xone

service_description RADIUS_DRWOTSON

check_command check_radius

notifications_enabled 1

}

Add the Nagios server to the clients file on the Radius Server

You need to add the nagios server to the radius servers client file so it knows to accept auth requests from that server, if not the requests will be ignored

nano /etc/raddb/clients

172.14.14.201 testing123

TEST!

[root@xone html]# tail -f /var/log/radius/radius.log

Tue Jan 19 19:51:59 2010 : Info: Ready to process requests.

Tue Jan 19 19:52:06 2010 : Auth: Login OK: [xonetest/xonetest] (from client 172.17.17.201 port 0)

NRPE Nagios Remote Linux

Adding a remote Linux machine

Use the NRPE daemon to execute Nagios plugins on the remote server and report back to the monitoring host server.

Create Nagios user account on remote server to be monitored:

# useradd nagios

# passwd nagios

Download and Install Nagios Plugins

[root@xone /]# yum install nagios.i386 nagios-plugins.i386 nagios-plugins-nrpe.i386 nagios-nrpe.i386

You need the openssl-devel package installed to compile plugins with ssl support. **

yum -y install openssl-devel

Edit the file xinetd

nano /etc/xinetd.d/nrpe

change “only_from” and add the IP of the Nagios server – Remember to change disable = no

# default: off

# description: NRPE (Nagios Remote Plugin Executor)

service nrpe

{

flags = REUSE

type = UNLISTED

port = 5666

socket_type = stream

wait = no

user = nagios

group = nagios

server = /usr/sbin/nrpe

server_args = -c /etc/nagios/nrpe.cfg –inetd

log_on_failure += USERID

disable = no

only_from = 127.0.0.1 192.168.2.65

}

Specify the Nagios server 192.168.2.65

Add the nrpe to services

nano /etc/services

nrpe 5666/tcp # NRPE

service xinetd restart

Run = netstat -at |grep nrpe – this shows the host is listening for the requests

[root@xone /]# netstat -at |grep nrpe

tcp 0 0 *:nrpe *:* LISTEN

Then run = /usr/lib/nagios/plugins/check_nrpe -H localhost

Should look like =

[root@xone /]# /usr/lib/nagios/plugins/check_nrpe -H localhost

NRPE v2.12

============================

Open Port 5666 on Firewall

============================

Now setup the Nagios server config for the remote host

Make sure the plugins are installed –

yum install nagios-plugins-nrpe.i386 nagios-nrpe.i386

then run /usr/lib/nagios/plugins/check_nrpe -H 192.168.2.66

If all is ok you should get the output = NRPE v2.12

[root@mampi /]# /usr/lib/nagios/plugins/check_nrpe -H 192.168.2.66

NRPE v2.12

Create NRPE Command Definition

nano /etc/nagios/objects/commands.cfg

Add the following:

###############################################################################

# NRPE CHECK COMMAND

#

# Command to use NRPE to check remote host systems

###############################################################################

define command{

command_name check_nrpe

command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$

}

Create Linux Object template

In order to be able to add the remote linux machine to Nagios we need to create an object template file adn add some object definitions.

Create new linux-box-remote object template file: linux-box-remote.cfg

/etc/nagios/objects/linux-box-remote.cfg

Here we add all the necessary’s – If there’s already a host then its not defined here, the example below is using xone host template defined else where, the is a host template that’s commented out “xeno-r”

define host{

name linux-box-remote ; Name of this template

use generic-host ; Inherit default values

check_period 24×7

check_interval 5

retry_interval 1

max_check_attempts 10

check_command check-host-alive

notification_period 24×7

notification_interval 30

notification_options d,r

contact_groups admins

register 0 ; DONT REGISTER THIS – ITS A TEMPLATE

}

#

#define host{

# use linux-box-remote ; Inherit default values from a template

# host_name xeno-r ; The name we’re giving to this server

# alias xeno-r ; A longer name for the server

# address 192.168.2.66 ; IP address of the server

# }

define service{

use generic-service

host_name xone

service_description CPU Load

check_command check_nrpe!check_load

}

define service{

use generic-service

host_name xone

service_description Current Users

check_command check_nrpe!check_users

}

define service{

use generic-service

host_name xone

service_description /dev/hda1 Free Space

check_command check_nrpe!check_hda1

}

define service{

use generic-service

host_name xone

service_description Total Processes

check_command check_nrpe!check_total_procs

}

define service{

use generic-service

host_name xone

service_description Zombie Processes

check_command check_nrpe!check_zombie_procs

}


Lastly add the new cfg created to the nagios config file so it knows to load it up –

nano /etc/nagios/nagios.cfg

# Definitions for monitoring the local (Linux) host

cfg_file=/etc/nagios/objects/linux-box-remote.cfg

cfg_file=/etc/nagios/objects/linux-box-remote-swift.cfg

How to monitor a remote process on a remote linux host parsing the commands using nrpe

Ok the commands are defined in the nrpe.cfg file on the remote machine

So

command[check_john]=/usr/lib/nagios/plugins/check_procs -c 1:30 -C john

Then on the Nagios server machine define the check

define service{

use generic-service

host_name swift

service_description Check John

check_command check_nrpe!check_john

}


nagios -v /etc/nagios/nagios.cfg

service nagios restart

Adding images to the Nagios

Adding images to the Nagios GUi

The images are kept in /usr/local/nagios/share/images/logos for my CentOS installation. If yours is different you can use something like “locate linux40.png”  

Once you have an image it needs to be defined in the templates config file

Just add the image file name i.e. = icon_image linux40.png

The variable is “icon_image”

####################### RED HAT IMAGE ##############################

define host {

name redhat-img

register 0

icon_image linux40.png

}

####################################################################

############################ ROUTER IMAGES #########################

define host {

name router-img

register 0

icon_image switch40.png

}

###################################################################

define host {

name win-img

register 0

icon_image win40.png

}

Once the image is defined in the templates file it needs to be called from the relevant host file.

Add the name to the host or service to get it to load =

define host{

use linux-server,host-pnp,redhat-img

————

define service{

use linux-server,disk-img