Nagios doesn't send services alert - nagios

I use Nagios Core 4.4.6. I want Nagios to send services email notifications.
I've used notify-host-by-email already and now want to use notify-service-by-email.
If I use 'Send custom service notification' it success. But auto-alerts doesn't work.
templates.cfg
define contact {
name generic-contact ; The name of this contact template
service_notification_period 24x7 ; service notifications can be sent anytime
host_notification_period 24x7 ; host notifications can be sent anytime
service_notification_options w,u,c,r,f,s ; send notifications for all service states,$
host_notification_options d,u,r,f,s ; send notifications for all host states, fl$
service_notification_commands notify-service-by-email ; send service notifications via email
host_notification_commands notify-host-by-email ; send host notifications via email
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A$
}
define host {
name generic-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 0 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program r$
retain_nonstatus_information 1 ; Retain non-status information across progr$
notification_period 24x7 ; Send host notifications at any time
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A$
}
define host {
name linux-server ; The name of this host template
use generic-host ; This template inherits other values from t$
check_period 24x7 ; By default, Linux hosts are checked round $
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute in$
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we on$
; Note that the notification_period variable$
; the value that is inherited from the gener$
notification_interval 120 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host $
contact_groups admins ; Notifications get sent to the admins by de$
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A$
}
define service {
name generic-service ; The 'name' of thi$
active_checks_enabled 1 ; Active service ch$
passive_checks_enabled 1 ; Passive service c$
parallelize_check 1 ; Active service ch$
obsess_over_service 1 ; We should obsess $
check_freshness 0 ; Default is to NOT$
notifications_enabled 1 ; Service notificat$
event_handler_enabled 1 ; Service event han$
flap_detection_enabled 1 ; Flap detection is$
process_perf_data 1 ; Process performan$
retain_status_information 1 ; Retain status inf$
retain_nonstatus_information 1 ; Retain non-status$
is_volatile 0 ; The service is no$
check_period 24x7 ; The service can b$
max_check_attempts 3 ; Re-check the serv$
check_interval 10 ; Check the service$
retry_interval 2 ; Re-check the serv$
contact_groups admins ; Notifications get$
notification_options w,u,c,r ; Send notification$
notification_interval 60 ; Re-notify about s$
notification_period 24x7 ; Notifications can$
register 0 ; DON'T REGISTER TH$
}
# Local service definition template
# This is NOT a real service, just a template!
define service {
name local-service ; The name of this $
use generic-service ; Inherit default v$
max_check_attempts 4 ; Re-check the serv$
check_interval 5 ; Check the service$
retry_interval 1 ; Re-check the serv$
register 0 ; DONT REGISTER THI$
}
test_server.cfg
define host {
use linux-server
host_name test_server
alias test_server
address 111.111.111.11 ; sample address
notification_interval 5
notification_period 24x7
}
define service {
use local-service ; Name of service template to use
host_name test_server
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
define service {
use local-service ; Name of service template to use
host_name test_server
service_description SSH
check_command check_ssh
notification_interval 5
}
define service {
use local-service ; Name of service template to use
host_name test_server
service_description HTTP
check_command check_http
notification_interval 5
}
contacts.cfg
define contact {
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact templa$
alias Nagios Admin ; Full name of user
email gmail#gmail.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ****$
}
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin
}
How can I force nagios to send notification about services alerts?

Related

Nagios doesn't Trigger Continuous Alerts

I have setup Nagios on one of my VM.
I receive the first alert when a service is Critical. But I do not receive the subsequent alert/email.
Host template config
define host {
name host-template
alias Default server template
check_command check_dummy!0!!!!!!!
max_check_attempts 10
check_interval 5
retry_interval 1
check_period 24x7
event_handler notify-host-by-email
event_handler_enabled 1
process_perf_data 1
contacts user1
notification_interval 10
notification_period 24x7
first_notification_delay 0
notification_options d,u,s,
notifications_enabled 1
_LTERM_LOAD_C 10
_LTERM_LOAD_W 5
_USED_MEM_C 30
_USED_MEM_W 20
_USED_SPACE_C 40
_USED_SPACE_W 30
register 0
}
Host config:
define host {
host_name aaaaa
use bbbbb
alias DEV
display_name DEV
address 11.111.111.111
_KEY xx
_SERVERPORT xx:8082
_SERVERPORTLFAT xx:443
_URL xx:8082
_USER test01
register 1
}
notification_interval is enabled but still i don't see any notifications.
I'm unsure if there is anything that is overriding it.

Because of this:
max_check_attempts 10
Nagios will try 10 more times before send you notification. Try to comment it and check again

freeradius + ldap + google-authenticator

I want to implement login to my vpn service with password + google_otp. freeradius as auth server and ldap as backend_database.
I have completed the following work:
enable pam Authentication Module in /etc/raddb/sites-enabled/default
add a line "DEFAULT Auth-Type := PAM" to /etc/raddb/users
enable ldap module and add ldap site to freeradis, I confirm that raidus use ldap database is working properly.
Overwrite the contents of /etc/pam.d/radiusd
auth requisite pam_google_authenticator.so secret=/tmp/.google_authenticator user=root forward_pass
auth required pam_unix.so use_first_pass
run test cmd:(testpa is my password,271082 is otp)
radtest perlingzhao testpa271082 localhost 1812 testing123
radius log:
(0) [pap] = noop
(0) } # authorize = updated
(0) Found Auth-Type = pam
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) pam: Using pamauth string "radiusd" for pam.conf lookup
(0) pam: ERROR: pam_authenticate failed: User not known to the underlying authentication module
(0) [pam] = reject
(0) } # authenticate = reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
log in /var/log/secure:
radiusd(pam_google_authenticator)[11728]: Accepted google_authenticator for perlingzhao
pam_unix(radiusd:auth): check pass; user unknown
pam_unix(radiusd:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost=
I know this is because there is no local user, user info is in ldap.
anyone can help me , tell me how to config can solve this problem, thanks.

I can suggest using a PHP script for OTP validation instead of PAM modules, it does not create real local users but only verifies the TOTP itself. PHP has LDAP functions as well.
authorize{
update control {
Auth-Type := `/usr/bin/php -f /etc/raddb/yourscript.php '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}'`
}
There is a commercial product that appears to fully meet your requirements.
P.S. I am affiliated with #1

Display all status messages of service in nagios xi

How shall I see all the status messages of a service in nagios xi. I send multiple status messages and the latest message is displayed in the dashboard UI. From where shall I retrieve all the previous messages?

You need define stalking_options directive in your services/hosts definition.
Example:
define service {
service_description Users count
host_name myhost1
use service_standard
check_command check_nrpe_custom!-H myhost1 -c check_user
stalking_options c,w,o,u
}
More info about stalking_options can be found here.

Is it possible to have two filter drivers in one binary on Windows?

I have a filter (light-weight filter, LWF) driver that captures the packets from all the adapters. The FilterClass is compression, the same with official ndislwf example. This setting will bind the filter above Native Wifi Filter.
However, this FilterClass can only capture Ethernet packets on wireless adapters. So I want it to be able to capture the raw 802.11 packets on wireless adapters. So I need to specify FilterClass as ms_medium_converter_128 in the INF. This setting will bind the filter below Native Wifi Filter.
So I need to have two drivers now. One is compression and another is ms_medium_converter_128. But I don't want to maintain two drivers's code and let my users install two drivers. Is there a way to mix two LWFs into one binary (and only needs one install)? Or is there a way to let one LWF be able to bind above and below Native Wifi Filter at the same time? Thanks!
Here's my whole INF with compression FilterClass:
;-------------------------------------------------------------------------
; NPF.INF -- Npcap NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2015, Insecure.Com LLC. All rights reserved.
;------------------------------------------------------------------------
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = %NPF_DriverName%.cat
Provider = %Insecure%
DriverVer=05/20/2016,15.54.30.752
[Manufacturer]
%Insecure%=Insecure,NTx86,NTia64,NTamd64
[Insecure.NTx86]
%NPF_Desc%=Install, INSECURE_NPF
[Insecure.NTia64]
%NPF_Desc%=Install, INSECURE_NPF
[Insecure.NTamd64]
%NPF_Desc%=Install, INSECURE_NPF
;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501340}"
Copyfiles = npf.copyfiles.sys
[SourceDisksNames]
1=%NPF_Desc%,"",,
[SourceDisksFiles]
npf.sys=1
[DestinationDirs]
DefaultDestDir=12
npf.copyfiles.sys=12
[npf.copyfiles.sys]
%NPF_DriverName%.sys,,,2
;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,,%NPF_DriverName%
HKR, Ndi,CoServices,0x00010000,%NPF_DriverName%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, compression
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
AddService=%NPF_DriverName%,,NPF_Service_Inst
[NPF_Service_Inst]
DisplayName = %NPF_Desc%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[Install.Remove.Services]
DelService=%NPF_DriverName%,0x200 ; SPSVCINST_STOPSERVICE
[Common.Params.reg]
[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
[Strings]
NPF_DriverName = "npf"
Insecure = "Nmap Project"
NPF_Desc = "Npcap Packet Driver (NPCAP)"
NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"

Avoiding repetition of service definition in Nagios Core

A service definition for a host looks like:
service{
name host_1_svc
....
check_command check_xyz!abc
}
A similar check needs to be performed on host2, except that the parameter to the check_command is lmn.
So I have to define:
service{
name host_2_svc
....
check_command check_xyz!lmn
}
What is the general convenient practice to avoid having to define the service over and over again with only a minor change?
Thanks,
Yash

You can define a custom host variable in each of the hosts:
define host{
use generic-host
host_name host1
address 10.0.0.1
_chk_value abc
}
define host{
use generic-host
host_name host2
address 10.0.0.2
_chk_value lmn
}
define service{
use generic-service
name host_chk_svc
host_name host1,host2
check_command check_abc!$_HOSTCHK_VALUE$
}
Note the underscore before the custom variable in the host definition (this defines it as custom), and then underscore at the beginning of the macro, but not in the middle of it ($_HOSTCUSTOM$ rather than $HOST_CUSTOM$).
http://nagios.sourceforge.net/docs/3_0/customobjectvars.html

Define a host group, then add that host to the group and you only need to define the service once.
the relationship between hosts and host groups and services and service groups can be hard to visualise, especially if you don't have a consistent naming scheme for the files in your nagios /etc folder.
Here are two charts i've found which help make sense of it:
a slideshow about vaious network monitoring options: http://www.semintelligent.com/talks/chuug/network-monitoring/#%2827%29
a short but helpful page about Nagios setup: http://www.the-tech-tutorial.com/?p=1433

Resources