Nagios
Installation
Nagios Core is part of various distributions already.
Packages
apt-get install nagios nagios-plugins nagios-nrpe-plugin nagios-images nagios3-doc # Debian, Ubuntu yum install nagios nagios-plugins # Fedora
For SNMP plugins, libnet-snmp-perl and snmp might be needed too. The snmp-mibs-downloader package (from non-free) will be needed to download the information base MIB.
Source
Nagios switched[1] to git for its nagioscore development:
git clone git://git.code.sf.net/p/nagios/nagioscore nagioscore-git git clone git://git.code.sf.net/p/nagios/nrpe nagios-nrpe-git
Install prerequisites:
sudo yum install gd-devel libpng-devel libjpeg-turbo-devel gperf openssl-devel # Fedora sudo apt-get install libgd2-noxpm-dev libpng12-dev libjpeg8-dev gperf libssl-dev # Debian, Ubuntu
Create Nagios user
sudo groupadd nagios sudo useradd -g nagios -s /bin/false -d /opt/nagios -m nagios
Build:
cd nagioscore-git ./configure --prefix=/opt/nagios make all sudo make install sudo make install-commandmode sudo make install-config sudo make install-exfoliation sudo install -m 755 -o root -g root daemon-init /opt/nagios/bin/nagios-init.sh
Build NRPE:
sudo yum install tcp_wrappers-devel # TCP wrapper support sudo apt-get install libwrap0-dev cd ../nagios-nrpe-git ./configure --prefix=/opt/nagios-nrpe --enable-ssl make all sudo make install
Post-Installation
For the CGI scripts to work, we will need a password file. For digest authentication:
$ htdigest -c /etc/nagios3/htdigest.user "Nagios Access" nagiosadmin Changing password for user nagiosadmin in realm Nagios New password: Re-type new password:
For basic authentication:
$ htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin New password: Re-type new password: Adding password for user nagiosadmin
Note: the user configured here has to be the same user configured in cgi.cfg
:
use_authentication=1 authorized_for_system_information=nagiosadmin authorized_for_configuration_information=nagiosadmin authorized_for_system_commands=nagiosadmin authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin
Webserver
apache2
A very basic configuration snippet for Apache:
Alias /nagios/stylesheets /etc/nagios3/stylesheets Alias /nagios /usr/share/nagios3/htdocs ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3 ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3 <DirectoryMatch (/usr/share/nagios3|/usr/lib/cgi-bin/nagios3)> Options Indexes FollowSymLinks DirectoryIndex index.html index.php AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Nagios Access" AuthType Digest AuthUserFile /etc/nagios3/htdigest.user require valid-user # SetEnv TZ "Europe/Berlin" </DirectoryMatch>
lighttpd
Based on a recipe to set up Nagios with lighttpd, here's a quick howto, covering the most important steps.
$ cat conf-enabled/90-nagios.conf server.modules += ( "mod_auth", "mod_cgi", "mod_setenv" ) # As per https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModCGI $HTTP["url"] =~ "^/cgi-bin/" { cgi.assign = ( "" => "" ) } # We may have to fiddle around with those a bit, depending on # where or how Nagios has been installed. alias.url += ( "/cgi-bin" => "/usr/lib/cgi-bin/", "/nagios/stylesheets" => "/etc/nagios3/stylesheets", "/nagios" => "/usr/share/nagios3/htdocs", ) # Don't run Nagios CGIs through perl $HTTP["url"] =~ "^/cgi-bin/nagios3" { cgi.assign = ( "" => "" ) } # Nagios uses the webserver's authentication mechanism to authenticate against itself. # Use "use_authentication=1" in cgi.cfg! $HTTP["url"] =~ "^/nagios|^/cgi-bin/nagios3|^/pnp4nagios" { auth.backend = "htdigest" auth.backend.htdigest.userfile = "/etc/nagios3/htdigest.user" auth.require = ( "" => ( "method" => "digest", "realm" => "Nagios", "require" => "user=nagios" ) ) # Apache would provide REMOTE_USER to the CGI - Lighttpd has to emulate this via setenv setenv.add-environment = ( "REMOTE_USER" => "user" ) }
- We have to add
setenv.add-environment
here, otherwise the username from mod_auth is not being passed to Nagios.
Also,- Is this really true?setenv.add-environment
has to be at the very end of the configuration (check withlighttpd -p
), otherwise it'll get overwritten again.
- We may have to adjust
url_html_path
in/etc/nagios3/cgi.cfg
(e.g./nagios
)
- Also, check if the webserver has write access to the command file:
$ grep nagios.cmd /etc/nagios3/nagios.cfg command_file=/var/lib/nagios3/rw/nagios.cmd $ chown nagios:www-data /var/lib/nagios3/rw/nagios.cmd $ chmod g+s /var/lib/nagios3/rw/ # When /var/lib/nagios3/rw/ is owned by "www-data", # nagios.cmd will be owned by the same after Nagios restarts
nginx
Create a symlink in our document root:
ln -s /usr/share/nagios3/htdocs /var/www/nagios
For the CGI scripts to work, we will need fcgiwrap:
apt-get install fcgiwrap cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/conf.d/fcgiwrap.server
Then fcgiwrap
should run and create /var/run/fcgiwrap.socket
where Nginx can connect to.
A configuration snippet for a Debian Nagios installation follows. Notice how we have to create aliases for stylesheets
and the logos
from nconf.
# Needed for fcgiwrap include /etc/nginx/conf.d/fcgiwrap.server; location /nagios { alias /usr/share/nagios3/htdocs; auth_basic "Nagios Access"; auth_basic_user_file /etc/nagios3/htpasswd.users; } location /nagios/stylesheets { alias /etc/nagios3/stylesheets; } location /nagios/images/logos/base { alias /etc/nagios3/logos/base; } location /cgi-bin/nagios3 { root /usr/lib; auth_basic "Nagios Access"; auth_basic_user_file /etc/nagios3/htpasswd.users; fastcgi_param AUTH_USER $remote_user; fastcgi_param REMOTE_USER $remote_user; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap.socket; }
Note: url_html_path
should be set to /nagios
for this example to work.
Configuration
To enable external commands:
We also have to pay attention to the command_file
. In Debian, this is configured in nagios.cfg
:
command_file=/var/lib/nagios3/rw/nagios.cmd
However the webserver may have trouble sending commands to it:
Error: Could not stat() command file '/var/lib/nagios3/rw/nagios.cmd'! The external command file may be missing, Nagios may not be running, and/or Nagios may not be checking external commands. An error occurred while attempting to commit your command for processing.
Let's have a closer look:
$ ls -l /var/lib/nagios3/rw/nagios.cmd prw-rw---- 1 nagios nagios 0 Mar 31 02:10 /var/lib/nagios3/rw/nagios.cmd
The webserver (running as "www-data"
) has no write-access to the command file. chmod and chown could help, but the Debian way of things would be:
$ dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw $ dpkg-statoverride --update --add nagios nagios 0751 /var/lib/nagios3 $ service nagios3 restart Restarting nagios3 monitoring daemon: nagios3 Waiting for nagios3 daemon to die.. $ ls -l /var/lib/nagios3/rw/nagios.cmd prw-rw---- 1 nagios www-data 0 Mar 31 02:14 /var/lib/nagios3/rw/nagios.cmd