Setting up ssl https On Nagios XI Server August 19, 2016 HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet.
Tutorial that explains how to install the Nagios tool to monitor everything that happens on your CentOS 7 computer. What is Nagios?Nagios is an open source application through which we will have the opportunity to take centralized monitoring of the equipment and the network at our expense in a simple way.Thanks to Nagios we will receive alerts and notifications about all the events that occur within the operating system and the remote management of the equipment is developed in a single environment, which facilitates its control. Step 1: Install Libraries for NagiosThe first step is to install a series of libraries that will be fundamental for the optimal development of Nagios in CentOS 7, for this we will execute the following line. We accept the download and own installation of the packages. Sudo yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel xinetd unzip Step 2: Create User & Group for NagiosThis user is fundamental for the execution of the Nagios process, in this case, we will create the user Nagios and the group nagcmd, for this we will use the following lines in their order.
ConfigurationOn a successful install, NCPA will start working right out of the box. However, to tailor it to your needs, you will want to edit the configuration. You can set up NCPA security and web GUI settings, along with configuring passive check settings.This is meant to be a reference for all the configuration options available. Some configuration options are required, while others are just optional. We recommend keeping the configuration options that are defined by default, and tweaking them to your desired configuration. Doing it this way ensures that all non-default options will be defined.After editing the configuration, you must to apply the new configuration. /usr/local/ncpa/etc/As of NCPA 2, there is also an ncpa.cfg.d folder which includes all.cfg files inside of it into the main nagios.cfg when parsing the configuration.
Another change to the way configuration works in NCPA 2 is that changing the passive check configuration requires a restart of the NCPA Passive service. By default NCPA 2 will have an ncpa.cfg.d/example.cfg file in the config directory on all operating systems. On windows, you are able to select whether or not you are going to enable NRDP during the install - including setting up your basic default checks - placed in nrdp.cfg.d/nrdp.cfg. listenerThis section is for the NCPA Listener service. It controls the web GUI, external authentication, the external API location, graphing integration, and active check settings. The NCPA Listener also runs an HTTP server to handle the API requests for both the API, GUI, and graphing sections.
For this reason, this section is the only one that will require an address and a port to listen on.OptionDefaultDescriptionip0.0.0.0This determines what IP the service will listen on. By default, it uses the value 0.0.0.0, which means it will listen on all interfaces and all hostname references. Change this if you would like the service to listen on a specific IP or hostname.port5693This specifies the TCP port the service will bind to.uidnagiosDetermines which user the service will run as. Linux and Mac OS X only.gidnagiosDetermines which group the service will run as. Linux and Mac OS X only.sslversionTLSv12Set the SSL protocol version to allow for connecting to the HTTPS server. Options: adhoc or pidfilevar/run/ncpalistener.pidThe name and location of where to place the NCPA Listener PID file.
Linux and Mac OS X only.loglevelinfoThe level of message that will be logged to the log file. Valid log levels are info, error, warning, and debug.logfilevar/log/ncpalistener.logThe named file location where the log file for the NCPA Listener will be stored.logmaxmb5The max size allowed for a log file in MB.
When the log becomes larger than this size, the log will be rolled over and a new log will be started.logbackups5The max number of log rollovers that will be kept.adminguiaccess1This setting controls the Admin section. Setting this to 0 will cause the Admin panel to not be accessible from the GUI.adminpasswordNoneIf the admin panel is available by having adminguiaccess = 1, this option is used for adding extra authentication. Leaving this as None will cause it to automatically allow access to the admin section once authenticated into the GUI. If it's set to any other value, it will require that password when trying to access the Admin section.
This password is also used as a way to authenticate GUI access if adminauthonly = 1.adminauthonly0Setting this variable to 1 will force NCPA to require admin authentication on GUI login/access. This is useful if you don't want anyone to log into the GUI using the API token defined by communitystring in the section below. This requires you to have a password set for adminpassword too, since it will never allow authentication when adminpassword = None.delaystart0The amount to seconds to wait before starting the NCPA Listener service. passiveThis section is for the NCPA Passive service. Here you can specify the location of log files, the handlers you'd like to use ( NRDP only currently) and other related settings needed by the service.OptionDefaultDescriptionhandlersNoneHandlers are what tell the NCPA Passive service what to do while running. There is currently only one handler available: NRDP.
The NRDP handler handles sending passive check results to the NRDP server you choose. This is a comma separated list.
Example of this setting is handlers = nrdp. Options: None oruidnagiosDetermines which user the service will run as. Linux and Mac OS X only.gidnagiosDetermines which group the service will run as. Linux and Mac OS X only.sleep300The time in seconds which the service will wait until running again. Upon waking up, the service will check to see if it has anything to do. If it has nothing to do it will sleep again for the specified time.pidfilevar/run/ncpapassive.pidThe named file location where the PID file for the NCPA passive service will be stored and maintained.
Linux and Mac OS X only.loglevelinfoThe level of message that will be deemed important enough to be logged to the log file. Valid log levels are info, error, warning, and debug.logfilevar/log/ncpapassive.logThe named file location where the log file for the NCPA passive service will be stored.logmaxmb5The max size allowed for a log file in megabytes. When the log becomes larger than this, the log will be rolled over and a new log will be started.logbackups5The max number of log rollovers that will be kept.delaystart0The amount to seconds to wait before starting the NCPA Passive service.
Typically passive checks are ran right away when the service is restarted so if you would like to force the NCPA Passive service to wait before running the checks, set this value. nrdpThe value nrdp must be present in the handlers option for the NCPA Passive service to run the checks and send the results to the specified NRDP server. While this section is optional, you must set all configuration options in order for the service to send the passive checks to NRDP.OptionDefaultDescriptionparentThe Nagios server's NRDP URL to which the passive check results should be sent. The reason for the option name of parent is because you can use NCPA as an for those who have restrictive firewall configurations.tokenThe token to use to send check results to the NRDP server URL specified in parent.
This token is created on the NRDP server side.hostnameNCPAThis is the value that will be used for the%HOSTNAME% macro in the configuration section. plugin directivesThis section is where you can specify both the plugin directory and special command line arguments that should passed to a given file type when it is executed by NCPA.OptionDefaultDescriptionpluginpathplugins/The path to the directory containing any third party plugins that you would like to be able to run. Note that the forward slash at the beginning is left off. This makes it a relative path to the location of the NCPA directory.
You can use a full directory path also. Requires nagios:nagios (or whatever your uid:gid is set to) permissions on the plugin location. The user must also be able to execute the plugins.plugintimeout60The plugin execution timeout on the NCPA side.
For both active and passive checks. There is also a timeout specified in checkncpa.py.Plugin ExtensionsPart of the plugin directives, we define file type extensions of valid plugins. The option is the name of the extension while the value denotes how NCPA will try to run the plugin from the command line. There are two special macros, $pluginname and $pluginargs, that will be replaced with the filename and all arguments passed. The default values for this section are shown below.sh = /bin/sh $pluginname $pluginargs.ps1 = powershell -ExecutionPolicy Bypass -File $pluginname $pluginargs.vbs = cscript $pluginname $pluginargs //NoLogo.py = python $pluginname $pluginargs. passive checksThis section, in NCPA 2, is typically in a separate file located in the etc/ncpa.cfg.d directory.
You can view the example.cfg configuration to see how you can create these files. For information on the specifics of setting up passive checks, see the section on creating. Check DefinitionsShown below is the basis for how to define a check. Typically hostname is set to%HOSTNAME%. Check interval is optional, and you can define a check without the last. The servicename of HOST is special, and refers to the host check - so the results of that check will appear as the specified host's check results. = -warning -critical Examples%HOSTNAME% HOST = /system/agentversion%HOSTNAME% CPU Usage = /cpu/percent -warning 60 -critical 80 -aggregate avg%HOSTNAME% Memory Usage = /memory/virtual -warning 80 -critical 90 -units G.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |