|Version 8 (modified by mickem, 4 years ago) (diff)|
- check_nrpe (NRPE Server)
- check_nrpe (NRPE Client)
- check_nt (NSClient Server)
- check_nt (NSClient Client)?
- NSCA (NSCA Server)
- NSCA (NSCA Client)
- NRDP (NRDP Client)
- check_mk (CheckMK Server)
- check_mk (CheckMK Client)
- graphite (Graphite Client)
- SMTP (SMTP Client)
- syslog (Syslog Client)
Using NSClient++ from nagios with NSCA
NSCA (Nagios Service Check Acceptor) is a server which runs on the Nagios server and accepts passive checks results from various servers.
Passive in this context means that Nagios is not the initiator of the actual check commands above. Instead the client (when it is configure to do so) will submit the results to Nagios (thus it will initiate the data transfer). If you compare the above image with the one used with NRPE you will notice that the arrow points from the client to Nagios whereas the NRPE one points from Nagios to your client.
1. Overview of NSCA
As I stated before NSCA is "sort of the reverse" of NRPE and the diagram above illustrates the process by which Nagios receives the check results.
- NSClient++ decides it is time to send the results
- NSClient++ gathers all results
- NSClient++ connect to NSCA (server) and sends all results
- NSClient++ goes back to sleap
So in essence NSCA is (again) merely a transport mechanism to send the result of a check command over the network. But the big change is that this time it is NSClient++ who decides when it is time to do so.
2. NSClient++ configuration
Since NSCA is a server we shall start by configuring NSClient++ as thats were most things will happen. Also since this is an "advanced" guide it is assumed you have read at least the NRPE guide and are familiar with the basic working of both Nagios and NSClient++.
The first thing you do is to make sure you have all the proper modules loaded. The basic ones we will need for basic checks in addition to the NSCAAgent. One important thing to notice is that once the NSCAAgent is loaded it will start (attempting) to submit passive check results. This means that if it not properly configured it will result in a lot of error messages.
So lets start with the following modules:
|CheckSystem.dll||Handles many system checks||CheckCPU, CheckMEM etc|
|CheckDisk.dll||Handles Disk related checks||CheckDisk|
|CheckExternalScripts.dll||Handles aliases (which is what we will use) and external scripts.||N/A|
|FileLogger.dll||Logs errors to a file so you can see what is going on||N/A|
|NSCAAgent.dll||Submits passive checks results to NSCA (server) on Nagios||N/A|
The resulting modules section in NSC.ini will look like so:
[modules] CheckSystem.dll CheckDisk.dll CheckExternalScripts.dll FileLogger.dll NSCAAgent.dll
2.2 NSCA Configuration
Then we move on to configure NSCA which is not that hard a quick overview of the basic settings you need to edit:
- Perhaps the most important option. It controls the interval which NSClient++ will use when it runs the checks in essence this is the amount of time between a check will be submitted to Nagios (via NSCA). Since there is only one of these it will not be possible to have individual intervals for various checks instead all checks will be submitted using this interval.
- The encryption algorithm to use. It is often a good idea to set this to 0 (None) when you try this out as it will reduce the number things which might be broken. If you have the incorrect one it will be hard to know what is wrong. For production I would recommend using 14 (AES) at is it a fairly strong algorithm.
- The password is the "secret" you share with NSCA it has to be the same on both ends (or again like with encryption) nothing will work.
- This is the IP address of the NSCA server (often the same as the Nagios server). This will not default to the allowed_hosts directive so you HAVE to specify this option.
The resulting configuration will look something like this:
;# CHECK INTERVALL (in seconds) ; How often we should run the checks and submit the results. interval=5m ; ;# ENCRYPTION METHOD ; This option determines the method by which the send_nsca client will encrypt the packets it sends ; to the nsca daemon. The encryption method you choose will be a balance between security and ; performance, as strong encryption methods consume more processor resources. ; You should evaluate your security needs when choosing an encryption method. ; ; Note: The encryption method you specify here must match the decryption method the nsca daemon uses ; (as specified in the nsca.cfg file)!! ; Values: ; 0 = None (Do NOT use this option) ; 1 = Simple XOR (No security, just obfuscation, but very fast) ; 2 = DES ; 3 = 3DES (Triple DES) ; 4 = CAST-128 ; 6 = xTEA ; 8 = BLOWFISH ; 9 = TWOFISH ; 11 = RC2 ; 14 = RIJNDAEL-128 (AES) ; 20 = SERPENT encryption_method=0 ; ;# ENCRYPTION PASSWORD ; This is the password/passphrase that should be used to encrypt the sent packets. password=secret-password ; ;# NAGIOS SERVER ADDRESS ; The address to the nagios server to submit results to. nsca_host=192.168.0.1
2.3 NSCA Commands
Now we (hopefully) have configure NSCA which will work splendidly but untill we add some checks it wont actually do anything. Checks for NSCA is added under the NSCA Commands section. The syntax of this section is <service definition>=<check command>.
- service definition
- The service definition is the name of the service IN Nagios.
- check command
- The check command is the command to run inside NSClient++
... TODO ...
using from the command line
... TODO ...
... TODO ...
... TODO ...
- nagios-active-nrpe.png (25.5 KB) - added by mickem 4 years ago.
- nsca-overview.png (27.5 KB) - added by mickem 4 years ago.
- nagios-passive-nsca-001.png (26.9 KB) - added by mickem 4 years ago.
- nagios-passive-nsca-002.png (27.1 KB) - added by mickem 4 years ago.
- nagios-passive-nsca-003.png (27.5 KB) - added by mickem 4 years ago.
- nsca-nsclient-internals.png (41.8 KB) - added by mickem 7 months ago.
Download all attachments as: .zip