monitor hosts behind firewalls

Jorge Pañeda jlpaneda at scio.com.mx
Tue Feb 7 17:31:50 CET 2012 

Hi, 
 
You should use check_nrpe for linux boxes and nsca for you windows boxes with nsclient++ . I have configured both in my environment and I’m able to monitor remote host  (Windows & Linux) behind firewalls. You can use these guides to accomplish your purposes. 
 
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
http://nagios.sourceforge.net/download/contrib/documentation/misc/NSCA_Setup.pdf
 
I also recommend you to read these links to understand better how nsca, nrpe and nsclient++ work together. And also the built in checks you can perform with them:
http://www.nsclient.org/nscp/wiki/doc/usage/nagios/nsca
http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe
 
Hope this help you, 
 
Regards,
 
Jorge L. Pañeda
 

 
Systems Administrator
Scio Consulting | IT & Infrastructure Dept.
Las Cañadas 501 Int. 230 Col. Tres Marías 
Morelia, Mich., México Tel. (443) 310-96-01 y (443) 310-96-02 ext. 402
U.S. Phone: 408 404 3897 Ext. 402
www.sciodev.com
 
From: mail at catsnest.co.uk [mailto:mail at catsnest.co.uk] 
Sent: lunes, 06 de febrero de 2012 01:46 p.m.
To: Nagios Users List
Subject: Re: [Nagios-users] monitor hosts behind firewalls
 
 
On Mon, Feb 6, 2012 at 5:54 PM, doug <goldcup at ix.netcom.com> wrote:
In templates I see the initial check_command pointing to
'check-host-alive'. If I comment that out for the boxes behind the FW
how will nagios react? Or must I replace it with as you suggest a 'dummy
check'?

All my monitoring is off-site. I monitor my clients firewalls, servers,
workstations, and some routers if they have static ip. I only need
'check-host-alive' for the routers and firewalls, nothing else.

From:
http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host

"check_command: ...If you leave this argument blank, the host will not be actively checked...."

you normally have to fiddle a little with submitting a passive check to make it go green 


you might as well use the nrpe check as your hosts check_command in stead of disableing it

it will help with service dependancys so if you loose nrpe assess to your hosts only the host will alert instead each of its services...



Can you give me an example of a dummy check?
#!/bin/bash
echo "dummy OK" 
return 0 ;  







--
Ritchie
Thanks

-----Original Message-----
From: mail at catsnest.co.uk
Reply-To: mail at catsnest.co.uk, Nagios Users List
<nagios-users at lists.sourceforge.net>
To: Nagios Users List <nagios-users at lists.sourceforge.net>
Subject: Re: [Nagios-users] monitor hosts behind firewalls
Date: Mon, 6 Feb 2012 10:39:26 +0000



On Mon, Feb 6, 2012 at 2:57 AM, doug <goldcup at ix.netcom.com> wrote:
       Hi Everyone,

       I currently monitor various hosts behind firewalls, windows
       servers,
       linux, and some workstations. I have them all setup as active
       hosts that
       nagios pings to indicate they are up. Since they are all behind
       firewalls all I'm doing for host status is in fact just pinging
       the
       firewall. I'm a little confused about using passive checks and
       not sure
       if this is the right way to go about doing what I want. I
       monitor the
       firewall and know that is up, and for all those hosts behind I'm
       just
       pinging the fw, no need to do that. I use nrpe or nsclient to
       monitor
       the services and really that's all I need. Can someone point me
       in the
       right direction so I can stop the active host status pings for
       all hosts
       behind the firewalls.



If you dont want to open up ping on the firewalls you could ether have a
dummy hosts check (a check that just returns 0) or have nrpe as the
hosts check (eg a check that just checks if nrpe is responding, again an
nrpe check that just returns 0 )


client nrpe command like this
command[check_nrpe_alive]=/patch/script/that/returns.0.sh


Nagios command:

define command{
       command_name    check_nrpe_alive
       command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -C
check_nrpe_alive
       }

define host{
       name            behind_firewall
       use             generic-host
       hostgroups      +behind_firewall
       register        0
}

then a use clause in your host config of behind_firewall

Ritchie
--
<-- http://23.me.uk/2 -->
<--Time flies like an arrow; fruit flies like a banana.  -->



       Thanks
       Doug


       ------------------------------------------------------------------------------
       Try before you buy = See our experts in action!
       The most comprehensive online learning library for Microsoft
       developers
       is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
       CSS3, MVC3,
       Metro Style Apps, more. Free future releases when you subscribe
       now!
       http://p.sf.net/sfu/learndevnow-dev2
       _______________________________________________
       Nagios-users mailing list
       Nagios-users at lists.sourceforge.net
       https://lists.sourceforge.net/lists/listinfo/nagios-users
       ::: Please include Nagios version, plugin version (-v) and OS
       when reporting any issue.
       ::: Messages without supporting info will risk being sent
       to /dev/null

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Nagios-users mailing list Nagios-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null


------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120207/91e732db/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3466 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120207/91e732db/attachment.jpg>
-------------- next part --------------
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list