Installer et configurer un serveur Nagios

Référence: http://nagios.sourceforge.net/docs/nagios-3.pdf
et en français: http://fr.scribd.com/doc/124635110/fr-FR-nagios-3-x-beta-8

Installation sur un serveur Debian Squeeze

Configuration initiale

sudo apt-get install build-essential vim sudo sudo apt-get install libgd2-xpm-dev libssl-dev

/usr/sbin/useradd -m nagios passwd nagios /usr/sbin/groupadd nagios /usr/sbin/usermod -G nagios nagios /usr/sbin/groupadd nagcmd /usr/sbin/usermod -G nagcmd nagios

Installation du serveur à partir des sources

mkdir nagios cd nagios/ wget http://downloads.sourceforge.net/sourceforge/nagios/nagios-3.4.4.tar.gz tar xzf nagios-3.4.4.tar.gz cd nagios-3.4.4 ./configure --with-command-group=nagcmd make all

Installation:

sudo make install sudo make install-init sudo make install-config sudo make install-commandmode

Configurer l'adresse mail de l'administrateur:
vi /usr/local/nagios/etc/objects/contacts.cfg

installation fichiers de configuration apache pour Nagios:

sudo make install-webconf

Changer le mot de passe par défaut de l'utilisateur nagiosadmin:
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin sudo chown www-data /usr/local/nagios/etc/htpasswd.users sudo chmod o-r /usr/local/nagios/etc/htpasswd.users sudo service apache2 reload

Installation des plugins à partir des sources (sur serveur et client linux):

cd nagios/ wget http://downloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.16.tar.gz tar xzf nagios-plugins-1.4.16.tar.gz cd nagios/nagios-plugins-1.4.16/ ./configure --with-nagios-user=nagios --with-nagios-group=nagios make sudo make install

Post-installation de Nagios sur le serveur:

sudo update-rc.d nagios defaults sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg sudo service nagios start ps -edf | grep nagios

Configuration d'apache:

sudo vi /etc/apache2/conf.d/nagios.conf

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" <Directory "/usr/local/nagios/sbin"> SSLRequireSSL Options ExecCGI AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AddDefaultCharset UTF-8 AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory> Alias /nagios "/usr/local/nagios/share" <Directory "/usr/local/nagios/share"> SSLRequireSSL

Options None

AllowOverride None

Order allow,deny
Allow from all

# Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AddDefaultCharset UTF-8 AuthUserFile /usr/local/nagios/etc/htpasswd.users

Require valid-user

</Directory>

sudo vi /etc/apache2/sites-enabled/000-defaults

<VirtualHost *:443> ServerAdmin daniel@supervis DocumentRoot /var/www

<Directory />

Options FollowSymLinks AllowOverride None

</Directory>
<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews AllowOverride None

Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.

SSLEngine on SSLCertificateFile /etc/apache2/server.crt SSLCertificateKeyFile /etc/apache2/server.key LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

Activation SSL et création certificat:

sudo a2enmod ssl sudo openssl req -x509 -nodes -days 7000 -newkey rsa:1024 -out /etc/apache2/server.crt -keyout /etc/apache2/server.key cd /etc/apache2/ sudo chmod o-r server.* sudo service apache2 reload

Vérifications:

exemples:
/usr/local/nagios/libexec/check_disk -w 10 -c 5 -p /dev/sda1 /usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20

NRPE

NRPE permet d'interroger des agents distants. Il faut installer NRPE côté serveur et côté client.

à faire sur Serveur et client:

cd nagios/ wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/nrpe-2.13.tar.gz tar xvzf nrpe-2.13.tar.gz cd nrpe-2.13/ ./configure make all

NRPE COTE SERVEUR:

sudo make install-plugin

NRPE COTE CLIENT LINUX:

Vérifier la présence de nrpe dans /etc/services:
nrpe 5666/tcp # Nagios Remote Plugin Executor

sudo apt-get install make xinetd gcc libssl-dev

Installation des plugins Nagios:
sudo /usr/sbin/useradd -m nagios sudo passwd nagios cd nagios-plugins-1.4.16/ make sudo make install sudo chown nagios:nagios /usr/local/nagios sudo chown -R nagios:nagios /usr/local/nagios/libexec/

Installation NRPE:
cd ../nrpe-2.13/ make sudo make install-plugin sudo make install-daemon sudo make install-daemon-config sudo make install-xinetd

editer le fichier /etc/xinetd.d/nrpe:
sudo vi /etc/xinetd.d/nrpe

et modifier la ligne afin d'autoriser votre serveur à intéroger l'agent:
only_from = 127.0.0.1 110.215.16.25

redémarrage de xinetd:
sudo service xinetd restart

test en local (côté client):
/usr/local/nagios/libexec/check_nrpe -H localhost

ajout des services (côté client) - exemple de configuration:
sudo vi /usr/local/nagios/etc/nrpe.cfg command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10 command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20 command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200 command[check_sda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda1 command[check_sdb1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sdb1 command[check_sdb6]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sdb6

sudo service xinetd restart

TEST COTE SERVEUR:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.24 -c check_load
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.24 -c check_sda1

Ajouter la commande check_nrpe (si pas déjà présent) dans /usr/local/nagios/etc/command.cfg.

Pages utiles: RechercheTexte, TableauDeBordDeCeWiki
Flux RSS: Wiki, Commentaires

MonWiki

Nagios