monitoring remote networks

[Mark Weaver]

Kevin Keane wrote:
> Mark Weaver wrote:
>   
>> How do I use this same Nagios server to monitor remote client networks 
>> using the NSClient?
>>   
>>     
> As others have already pointed out, fundamentally, it doesn't matter 
> whether the client is on the same network segment, or behind a router.
>
> However, in reality, when you are talking about a "remote" network, most 
> of the time you are actually talking about a network that has one or 
> more firewalls in front of them. Very often, you have a firewall from 
> your local network to the Internet, and a second firewall from the 
> Internet to the remote network. And firewalls indeed will interfere with 
> with Nagios. Severely.
>
> There are several options for dealing with that:
> - Establish a VPN between the local and the remote network. Obviously, 
> you can only do that when the two networks completely trust each other. 
> Also, if you have several remote networks connecting that way, you may 
> inadvertently open security holes between two remote networks.
> - Establish an SSH tunnel that just forwards the NRPE requests from the 
> local to the remote client. Requires that the remote client trusts you 
> enough to establish an SSH connection. Also requires that you have a way 
> to monitor the tunnel, and reestablish it if it goes down.
> - Open the appropriate ports on the firewalls to allow NRPE traffic 
> through. You don't want to do that - monitoring information can be quite 
> sensitive, and you don't want it traveling over the Internet in plain text.
>
> There may be more ways to deal with the firewall problem.
>
> The way I solved it is by writing a wrapper around NSClient++ that uses 
> NSCA (i.e., passive checks) instead of NRPE, and then wraps the NSCA 
> packages in HTTPS. It's primarily for my own in-house use (which is why 
> the documentation leaves to be desired), but it is an open source 
> project on SourceForge; look for the project name tntmonitoring.
>
>   
Thank you Keven... this sounds like a good direction to take. How do I 
address the need to do active checks on machines on the remote network 
behind their firewall, or is there more configuration that can be done 
to the NSClient than I'm currently aware of?

Mark

------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null