monitor hosts behind firewalls

Jorge Pañeda jlpaneda at scio.com.mx
Thu Feb 9 20:36:16 CET 2012


Hi, 

Ok, I understand your issue. I had the same issue but I fixed.

My infrastructure is as follow: 

Nagios Box (external to our local network) --> Internet --> Firewall (Our Gateway) --> Internal Network 

In our Internal Network we have many servers being monitored by nagios using passive checks with nsclient++, nrpe and nsca. Some of these servers have two network cards, one with a Public IP and the other with an internal IP. One of these servers with Public IP is a Linux Box. In this Linux Box I installed and configured nrpe and used the check_ping command to ping my internal servers to know if they are alive and then this status is sent to Nagios Box. 

In other words, request checks are made from the Nagios Box to the Linux Box and then Linux Box executes the command and checks the internal servers and returns the result to Nagios Box.

To accomplish this I used the links I mentioned below. 

Attached you will find some examples of my configurations. Nrpe.cfg file is in Linux Box and Server1.cfg is in Nagios Box. 
Also I attached a quick paint drawing trying to give you a better visualization of my infrastructure and configuration. 

Other thing I think you can try is to create a script or batch file and use nsclient++ in internal servers to execute it an return a result and sent it to Nagios box through passive checks. 

Hope this can help you or at least give you a clue of how can you accomplish what you need. If you have any doubt or I can help in any other way please let me know. 

Regards, 


Jorge L. Pañeda



Systems Administrator
Scio Consulting | IT & Infrastructure Dept.
Las Cañadas 501 Int. 230 Col. Tres Marías 
Morelia, Mich., México Tel. (443) 310-96-01 y (443) 310-96-02 ext. 402
U.S. Phone: 408 404 3897 Ext. 402
www.sciodev.com


-----Original Message-----
From: doug [mailto:goldcup at ix.netcom.com] 
Sent: miércoles, 08 de febrero de 2012 06:20 p.m.
To: Nagios Users List
Subject: Re: [Nagios-users] monitor hosts behind firewalls

Thanks Jorge, I am currently monitoring with nrpe, and nsclient without any issues. I just want to cut out the 'active' host checks for the servers behind the firewalls, as all I'm doing with the host alive check is pinging the FW and not the actually host.



-----Original Message-----
From: Jorge Pañeda <jlpaneda at scio.com.mx>
Reply-To: Nagios Users List <nagios-users at lists.sourceforge.net>
To: mail at catsnest.co.uk, 'Nagios Users List'
<nagios-users at lists.sourceforge.net>
Subject: Re: [Nagios-users] monitor hosts behind firewalls
Date: Tue, 7 Feb 2012 10:31:50 -0600

Hi, 

 

You should use check_nrpe for linux boxes and nsca for you windows boxes with nsclient++ . I have configured both in my environment and I’m able to monitor remote host  (Windows & Linux) behind firewalls. You can use these guides to accomplish your purposes. 

 

http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf

http://nagios.sourceforge.net/download/contrib/documentation/misc/NSCA_Setup.pdf

 

I also recommend you to read these links to understand better how nsca, nrpe and nsclient++ work together. And also the built in checks you can perform with them:

http://www.nsclient.org/nscp/wiki/doc/usage/nagios/nsca

http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe

 

Hope this help you, 

 

Regards,

 

Jorge L. Pañeda

 

Description: Description: scio

 

Systems Administrator

Scio Consulting | IT & Infrastructure Dept.

Las Cañadas 501 Int. 230 Col. Tres Marías 

Morelia, Mich., México Tel. (443) 310-96-01 y (443) 310-96-02 ext. 402

U.S. Phone: 408 404 3897 Ext. 402

www.sciodev.com

 

From: mail at catsnest.co.uk [mailto:mail at catsnest.co.uk]
Sent: lunes, 06 de febrero de 2012 01:46 p.m.
To: Nagios Users List
Subject: Re: [Nagios-users] monitor hosts behind firewalls

 

 

On Mon, Feb 6, 2012 at 5:54 PM, doug <goldcup at ix.netcom.com> wrote:

In templates I see the initial check_command pointing to 'check-host-alive'. If I comment that out for the boxes behind the FW how will nagios react? Or must I replace it with as you suggest a 'dummy check'?

All my monitoring is off-site. I monitor my clients firewalls, servers, workstations, and some routers if they have static ip. I only need 'check-host-alive' for the routers and firewalls, nothing else.


From:
http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host

"check_command: ...If you leave this argument blank, the host will not be actively checked...."

you normally have to fiddle a little with submitting a passive check to make it go green 


you might as well use the nrpe check as your hosts check_command in stead of disableing it

it will help with service dependancys so if you loose nrpe assess to your hosts only the host will alert instead each of its services...





        Can you give me an example of a dummy check?
        
#!/bin/bash
echo "dummy OK" 
return 0 ;  







--
Ritchie


        Thanks
        
        
        -----Original Message-----
        From: mail at catsnest.co.uk
        Reply-To: mail at catsnest.co.uk, Nagios Users List
        <nagios-users at lists.sourceforge.net>
        To: Nagios Users List <nagios-users at lists.sourceforge.net>
        Subject: Re: [Nagios-users] monitor hosts behind firewalls
        Date: Mon, 6 Feb 2012 10:39:26 +0000
        
        
        
        On Mon, Feb 6, 2012 at 2:57 AM, doug <goldcup at ix.netcom.com>
        wrote:
               Hi Everyone,
        
               I currently monitor various hosts behind firewalls,
        windows
               servers,
               linux, and some workstations. I have them all setup as
        active
               hosts that
               nagios pings to indicate they are up. Since they are all
        behind
               firewalls all I'm doing for host status is in fact just
        pinging
               the
               firewall. I'm a little confused about using passive
        checks and
               not sure
               if this is the right way to go about doing what I want. I
               monitor the
               firewall and know that is up, and for all those hosts
        behind I'm
               just
               pinging the fw, no need to do that. I use nrpe or
        nsclient to
               monitor
               the services and really that's all I need. Can someone
        point me
               in the
               right direction so I can stop the active host status
        pings for
               all hosts
               behind the firewalls.
        
        
        
        If you dont want to open up ping on the firewalls you could
        ether have a
        dummy hosts check (a check that just returns 0) or have nrpe as
        the
        hosts check (eg a check that just checks if nrpe is responding,
        again an
        nrpe check that just returns 0 )
        
        
        client nrpe command like this
        command[check_nrpe_alive]=/patch/script/that/returns.0.sh
        
        
        Nagios command:
        
        define command{
               command_name    check_nrpe_alive
               command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -C
        check_nrpe_alive
               }
        
        define host{
               name            behind_firewall
               use             generic-host
               hostgroups      +behind_firewall
               register        0
        }
        
        then a use clause in your host config of behind_firewall
        
        Ritchie
        --
        <-- http://23.me.uk/2 -->
        <--Time flies like an arrow; fruit flies like a banana.  -->
        
        
        
               Thanks
               Doug
        
        
        
         ------------------------------------------------------------------------------
               Try before you buy = See our experts in action!
               The most comprehensive online learning library for
        Microsoft
               developers
               is just $99.99! Visual Studio, SharePoint, SQL - plus
        HTML5,
               CSS3, MVC3,
               Metro Style Apps, more. Free future releases when you
        subscribe
               now!
               http://p.sf.net/sfu/learndevnow-dev2
               _______________________________________________
               Nagios-users mailing list
               Nagios-users at lists.sourceforge.net
               https://lists.sourceforge.net/lists/listinfo/nagios-users
               ::: Please include Nagios version, plugin version (-v)
        and OS
               when reporting any issue.
               ::: Messages without supporting info will risk being sent
               to /dev/null
        
        ------------------------------------------------------------------------------
        Try before you buy = See our experts in action!
        The most comprehensive online learning library for Microsoft
        developers
        is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
        CSS3, MVC3,
        Metro Style Apps, more. Free future releases when you subscribe
        now!
        http://p.sf.net/sfu/learndevnow-dev2
        _______________________________________________ Nagios-users
        mailing list Nagios-users at lists.sourceforge.net
        https://lists.sourceforge.net/lists/listinfo/nagios-users :::
        Please include Nagios version, plugin version (-v) and OS when
        reporting any issue. ::: Messages without supporting info will
        risk being sent to /dev/null
        
        
        ------------------------------------------------------------------------------
        Try before you buy = See our experts in action!
        The most comprehensive online learning library for Microsoft
        developers
        is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
        CSS3, MVC3,
        Metro Style Apps, more. Free future releases when you subscribe
        now!
        http://p.sf.net/sfu/learndevnow-dev2
        _______________________________________________
        Nagios-users mailing list
        Nagios-users at lists.sourceforge.net
        https://lists.sourceforge.net/lists/listinfo/nagios-users
        ::: Please include Nagios version, plugin version (-v) and OS
        when reporting any issue.
        ::: Messages without supporting info will risk being sent
        to /dev/null
        
        
 


------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Nagios-users mailing list Nagios-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null


------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ping_Internal_Servers.7z
Type: application/octet-stream
Size: 37204 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120209/556449ba/attachment.obj>
-------------- next part --------------
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list