Nagios (http://www.nagios.org) does full remote monitoring by ssh'ing into the foreign server and running the nagios plugin on that server. So for it to work SSH has to work (without interaction) and the plugins (only) need to be installed on the remote server. This monitoring does not require any special privileges (i.e. It doesn't need to run as root).
On the remote (to be monitored) server (assumes a user name of nagmon):
useradd -d /export/home/nagmon -m nagmon *create our local monitoring service account
passwd nagmon *the password you set is unimportant, we won’t ever use the password to login you just need to set one to enable the account
mkdir /export/home/nagmon/.ssh
chown nagmon /export/home/nagmon/.ssh
On the nagios (monitor) server:
ssh-keygen -t rsa -b 4096 *generate an rsa key pair and save to /etc/ssh/nagmon_rsa, when prompted for a passphrase just hit enter
cat /etc/ssh/nagmon_rsa.pub *this is the public host key file that will be used to authenticate ssh, copy all the text in the file
On the remote (to be monitored) server:
vi /export/home/nagmon/.ssh/authorized_keys *paste the text from the previous command into the file, then save and exit the file
chown nagmon /export/home/nagmon/.ssh/authorized_keys *make sure our service account can read the key file
chmod 600 /export/home/nagmon/.ssh/authorized_keys *ssh will reject the connection if the proper permissions are not set on the file
mkdir /usr/lib/nagios/plugins *install/copy the nagios plugins to this directory, usually by copying from the nagios server. Make sure the plugins are compiled for the system/processor you are using.
chmod 755 /usr/lib/nagios/plugins/*
*Example Nagios Config (monitoring a remote disk):
Add to the file that contains your command configurations:
define command{name check_remote_diskcommand_name check_remote_diskcommand_line /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -2 -C '/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -p $ARG1$' -l nagmon -i /etc/ssh/nagmon_rsa}Add to the file that contains your service configurations
define service{use local-service *this is a template, yours will probably be named differentlyhost_nameservice_description usr partitioncheck_command check_remote_disk!/usr!25%!10%}That's it! You can run any of the local check nagios plugins via the tunnel and return the results to nagios.
I'm not sure if it would work from Suse to Solaris, but "ssh-copy-id" command would save the hassle of copying and pasting public key.
ReplyDeleteYou might also want to look into check_by_ssh in passive mode if you have more than one local check on your Solaris machine. That way you'd only need to establish one SSH connection, run multiple checks and collect results in the form that's ready for passive check submission.
thanks for the feedback, i'll test your suggestions and incorporate them if i can.
ReplyDeleteHi Michael,
ReplyDeletethis is a nice tutorial,
ill try it out.
do you know if you can only install the nagios plugins to a server without the whole software? will they work?
I've never tried that...
@yonitg:
ReplyDeleteYes, you can. They'll work if they're compiled for the architecture you're running them on, otherwise YMMV depending on the plugin. By the way, almost anything that returns one of four codes that Nagios expects could be considered a plugin.