Passive service checks not being accepted by primary?

Cliff Riggs cliff at proteris.com
Tue Mar 30 01:25:04 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thank you to Demetri and Marc for the troubleshooting tips.

I have the following configuration in my nagios.cfg file on the primary:

log_passive_service_checks=1
accept_passive_service_checks=1

I forgot to include it, but the 'generic-services' for services on the 
primary looks like this:

# Generic service definition template
define service{
         name                            generic-service
         active_checks_enabled           1
         passive_checks_enabled          1
         parallelize_check               1
         obsess_over_service             1
         check_freshness                 0
         notifications_enabled           1
         event_handler_enabled           1
         flap_detection_enabled          1
         process_perf_data               1
         retain_status_information       1
         retain_nonstatus_information    1
         register                        0
         }

I don't recall making any changes to that section of the services file, 
but I did check for the 'passive_checks_enabled' command during my 
troubleshooting.

I did create a "check_dummy" command definition and apply it to my 
primary host 'check_command' as Demetri suggested, but I did not yet 
enable freshness checking as defined in the documentation. My 
understanding of the documentation was that this was an add-on to make 
sure you are regularly receiving updates from the remote server and not 
essential to accepting passive service checks. I look forward to 
configuring it when I get this working though!

The remote server does have the 'ocsp_command=submit_check_result' 
configured in its .cfg file and as far as I can tell, as posted in my 
original email, service checks are being correctly sent to the primary 
monitoring server and received in the inbound interface. Speaking of 
interfaces, I have also configured the NSCA.cfg file with the 
'server_address=' of the IP address of the interface on the monitoring 
server.

As for logging, I have syslog-ng configured and I can move messages 
around pretty easily. I don't see any logs that look like they are 
coming from NSCA, however, judging from the search button episode, I 
doubt my ability to find obvious things :)

Thank you for your assistance and patience in this!

Cliff

- --
- --------------------------------------------
Clifford Riggs
CCIE #9314, CISSP
- --------------------------------------------
Proteris Group LLC
Information Security Consultants
Trust. Expertise. Results.
- --------------------------------------------
www.proteris.com
1.877.888.9063
- --------------------------------------------

On Mar 29, 2004, at 4:53 PM, Demetri Mouratis wrote:

> Start here:
>
> http://nagios.sourceforge.net/docs/1_0/distributed.html
>
> And follow the tips inline below.
>
> On Mon, 29 Mar 2004, Cliff Riggs wrote:
>
>> I am having a problem with a primary Nagios server accepting passive
>> service checks from a remote Nagios server behind a firewall that is
>> performing NAT. The remote server is sending checks OK, and using
>> tcpdump I can see the checks being accepted by the primary server
>> inbound on the interface. The Nagios process however, does not update
>> with the results of the passive check.
>
>> Primary:
>> # 'TEST Router' host definition
>> define host{
>>          use                     generic-host            ; Name of 
>> host
>> template to use
>>
>>          host_name               cisco-test
>>          alias                   TEST Router
>>          address                 <public IP>
>>          check_command           check-host-alive
>>          parents                 3660-router
>>          max_check_attempts      3
>>          notification_interval   60
>>          notification_period     24x7
>>          notification_options    d,u,r
>>          }
>
> You want to change the host check_command on the primary to 
> check_dummy.
> At least this was how I configured mine as there was no public IP for 
> me
> to check from the Nagios segment of my network, through the firewall, 
> to
> the remote hosts on a different segment.
>
>> Remote:
>> # 'TEST Router' host definition
>> define host{
>>          use                     generic-host            ; Name of 
>> host
>> template to use
>>
>>          host_name               cisco-test
>>          alias                   TEST Router
>>          address		192.168.1.1
>>          check_command           check-host-alive
>>          parents                 3660-router
>>          max_check_attempts      3
>>          notification_interval   60
>>          notification_period     24x7
>>          notification_options    d,u,r
>>          }
>
> This is correct except you are not going to do any notifications from 
> the
> remote nagios instance so you don't need any of the notification 
> options.
>
>> The service is also defined on the primary as follows:
>>
>> Primary:
>> # Service definition
>> define service{
>>          use                             generic-service         ; 
>> Name
>> of service template to use
>>
>>          host_name                       cisco-test
>>          service_description             PING
>>          active_checks_enabled                   0
>>          is_volatile                     0
>>          check_period                    24x7
>>          max_check_attempts              3
>>          normal_check_interval           3
>>          retry_check_interval            1
>>          contact_groups                  admins
>>          notification_interval           120
>>          notification_period             24x7
>>          notification_options            w,u,c,r
>>          check_command                   
>> check_ping!100.0,20%!500.0,60%
>>          }
>>
>
> You want to change this service check_command on the primary to
> service-is-stale as defined in the distributed monitoring 
> documentation.
> Make sure to enable accept_passive_service_checks=1.
>
> You then need to above the service definition to the *remote* host and
> use the check_command you have setup immediately above.
>
> Make sure to enable ocsp_command=submit_check_result on the remote 
> nagios
> server.
>
> HTH.
> ---------------------------------------------------------------------
> Demetri Mouratis
> dmourati at linfactory.com
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAaLBQJ3mHWY7troQRAuPaAKCrYYohe6k0gTyDZHVp2jaHFw4rEwCfVEJM
6/0A7ZzcVnOX5p2qSYSb6q4=
=ZL4u
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list