PagePrincipale .
memos .
Nagios
Installer et configurer un serveur Nagios
Installation sur un serveur Debian Squeeze
Configuration initiale
sudo apt-get install build-essential vim sudo
sudo apt-get install libgd2-xpm-dev libssl-dev
/usr/sbin/useradd -m nagios
passwd nagios
/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -G nagcmd nagios
Installation du serveur à partir des sources
mkdir nagios
cd nagios/
wget http://downloads.sourceforge.net/sourceforge/nagios/nagios-3.4.4.tar.gz
tar xzf nagios-3.4.4.tar.gz
cd nagios-3.4.4
./configure --with-command-group=nagcmd
make all
Installation:
sudo make install
sudo make install-init
sudo make install-config
sudo make install-commandmode
Configurer l'adresse mail de l'administrateur:
vi /usr/local/nagios/etc/objects/contacts.cfg
installation fichiers de configuration apache pour Nagios:
sudo make install-webconf
Changer le mot de passe par défaut de l'utilisateur
nagiosadmin:
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
sudo chown www-data /usr/local/nagios/etc/htpasswd.users
sudo chmod o-r /usr/local/nagios/etc/htpasswd.users
sudo service apache2 reload
Installation des plugins à partir des sources (sur serveur et client linux):
cd nagios/
wget http://downloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.16.tar.gz
tar xzf nagios-plugins-1.4.16.tar.gz
cd nagios/nagios-plugins-1.4.16/
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
sudo make install
Post-installation de Nagios sur le serveur:
sudo update-rc.d nagios defaults
sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
sudo service nagios start
ps -edf | grep nagios
Configuration d'apache:
sudo vi /etc/apache2/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AddDefaultCharset UTF-8
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
SSLRequireSSL
AllowOverride None
- Order allow,deny
- Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AddDefaultCharset UTF-8
AuthUserFile /usr/local/nagios/etc/htpasswd.users
</Directory>
sudo vi /etc/apache2/sites-enabled/000-defaults
<VirtualHost *:443>
ServerAdmin daniel@supervis
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
- </Directory>
- <Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
- Order allow,deny
- allow from all
- </Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- </Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Activation SSL et création certificat:
sudo a2enmod ssl
sudo openssl req -x509 -nodes -days 7000 -newkey rsa:1024 -out /etc/apache2/server.crt -keyout /etc/apache2/server.key
cd /etc/apache2/
sudo chmod o-r server.*
sudo service apache2 reload
Vérifications:
exemples:
/usr/local/nagios/libexec/check_disk -w 10 -c 5 -p /dev/sda1
/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
NRPE
NRPE permet d'interroger des agents distants. Il faut installer NRPE côté serveur et côté client.
à faire sur Serveur et client:
cd nagios/
wget http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/nrpe-2.13.tar.gz
tar xvzf nrpe-2.13.tar.gz
cd nrpe-2.13/
./configure
make all
NRPE COTE SERVEUR:
sudo make install-plugin
NRPE COTE CLIENT LINUX:
Vérifier la présence de nrpe dans
/etc/services:
nrpe 5666/tcp # Nagios Remote Plugin Executor
sudo apt-get install make xinetd gcc libssl-dev
Installation des plugins Nagios:
sudo /usr/sbin/useradd -m nagios
sudo passwd nagios
cd nagios-plugins-1.4.16/
make
sudo make install
sudo chown nagios:nagios /usr/local/nagios
sudo chown -R nagios:nagios /usr/local/nagios/libexec/
Installation NRPE:
cd ../nrpe-2.13/
make
sudo make install-plugin
sudo make install-daemon
sudo make install-daemon-config
sudo make install-xinetd
editer le fichier
/etc/xinetd.d/nrpe:
sudo vi /etc/xinetd.d/nrpe
et modifier la ligne afin d'autoriser votre serveur à intéroger l'agent:
only_from = 127.0.0.1 110.215.16.25
redémarrage de xinetd:
sudo service xinetd restart
test en local (côté client):
/usr/local/nagios/libexec/check_nrpe -H localhost
ajout des services (côté client) - exemple de configuration:
sudo vi /usr/local/nagios/etc/nrpe.cfg
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_sda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda1
command[check_sdb1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sdb1
command[check_sdb6]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sdb6
sudo service xinetd restart
TEST COTE SERVEUR:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.24 -c check_load
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.24 -c check_sda1
Ajouter la commande check_nrpe (si pas déjà présent) dans
/usr/local/nagios/etc/command.cfg.
Pages utiles:
RechercheTexte,
TableauDeBordDeCeWiki
Flux RSS:
Wiki,
Commentaires