I am using Nagios with Check_MK addon at a small ISP company I work for. I am a sole Nagios admin, but we have a few users who use the Nagios / Check_MK system (with Check_MK as the web frontend).
As most devices we use are MikroTik routers with proprietary OS within which I cannot install the check_mk agent (have to use SNMP), I am using Check_MK with generate_hostconf = False - I have to manually define WiFi interface checks (like signal strength check) anyways, so all host configuration is done in Nagios files.
All users who use the system are listed in cgi.cfg with authorized_for_all_services=user1,user2 and authorized_for_all_hosts=user1,user2 etc.
As I was not satisfied with the current configuration (there is not enough serverity-based differentiation among different hosts and service types - i.e. we want not only backbone / not-monitored host differentiation, but something more fine-grained like backbone / distribution layer 1 / distribution layer 2 / not-monitored client-side), I started to change the configuration to somewhat hackish setup with multiple contacts per real user, with different timeperiods assigned, so that e.g. 'distribution-layer 2' hosts don't wake people at 3 a.m. Perhaps this is not the proper way to do the thing.
Anyways, here is the problem - I created new contacts and contact groups and some rules for inventory - for services it works fine, it seems, but apparently hosts are not visible in Check_MK web interface (but they are visible in our Nagios website). Most likely it is so due to the fact I am logged in as the 'old' user, who is not a part of the new contact group, but still who is supposed to see all hosts (as defined in cgi.cfg). Can I do something to make hosts visible in Check_MK GUI with that setup and not only in Nagios web interface?
I had to use check_mk --flush hostname and re-inventory with check_mk -II hostname even after changing the settings back to the previous state to make the hosts appear again.
I haven't tried to add new contacts to .htaccess, as I don't really want to create multiple contacts with login permissions. Does Check_mk simply ignore the authorized_for_all_hosts / services directive defined in cgi.cfg in this case?
I can see that Check_MK itself is able to communicate with those hosts not show in GUI - I can do check_mk -II hostname or check_mk -N hostname. Appropriate entries are present in etc/check_mk.d/check_mk_objects.cfg and nagios/var/retention.dat; hostnames are listed with check_mk --list-tag TAG etc. so most likely it is a problem with GUI user permissions only.
I know I could use notification_period directives for hosts and custom SNMP services within Nagios configuration files and extra_service_conf['notification_period'] in main.mk, but I am actually using that for some exceptional cases and wasn't sure about the precedence rules.
Anyways, it is Ubuntu Server 12.04 LTS x86_64, Nagios Core 3.4.1, Check_MK 1.2.0p3.
Apparently it is enough to use default_user_role = "admin" in multisite.mk. Perhaps not the safest thing, but it gets the job done in this setup.
Related
I need to check a group of servers (Unix, Linux) to know what kind of services, software (also version) are running there (check it once for a while and store it in database).
The idea is to have always fresh info about whole environment - its constantly changing. Perhaps you can suggest some solution that is already there?
Currently i am thinking about using Nagios or Cacti + plugins but I am not sure if this solution will be optimal.
Nagios is a very powerful monitoring solution (the best for me) : Open source, Compatible with both linux & windows, reporting & notifications via emails/SMS, Nice interface, Many many plugins...etc I've already worked with & I was very satisfied.
Check Nico Largo's Forum for Install. If you are not familiar to linux command search for FAN : Fully Automated Nagios which is a .iso where nagios is already in.
If you have any trouble during install or configuration post your questions there : https://serverfault.com/
Given that you want to poll for information on the system that can change dynamically, I would look at Check_MK.
It originally started as a plugin for Nagios that would poll a server for running services and generate the necessary configs for monitoring anything it discovered. Since then, it has evolved into a complete monitoring solution that provides its own complete ui (still based on nagios core), so you are safe in running this if you are familiar with nagios already.
See the website: http://mathias-kettner.com/checkmk_monitoring_system.html
You may need to select that you wish to view the "English" perspective of the site on first visit.
I have nagios installed in a server and it's monitoring different remote hosts using different plugins. But I am not able to view the process of each system in a graph format. Is it possible to use cacti for the same purpose? I just installed cacti on the same machine. But not sure how to install plugins and monitor different servers. Also just wanted to know can I use cacti as the frontend tool for Nagios? How cacti works
Can someone help me on this please.
Thanks
I'm not sure on how Cacti interacts with Nagios, but I do have the pnp4nagios plugin/extension installed and configured for one of my Nagios Instances which gives me a great overview in graphs for the services I monitor. (not all of them, but only those who are variable and are usefull to see in a graph) It's a really nice tool and not so hard to setup. I compiled it from source and it's install.php gives you great feedback on what to do next in the installation procedure. One thing they didn't mention was that you had to enable Includes in your Nagios instance's apache2 config file. (this is necessary if you want to use the SSI include in the Nagios CGI files. This SSI file contains jQuery Javascript definitions that will enable the popUp png graphs when you mouseover a graph in Nagios)
It also uses rrdtool (Round Robin Database files) which uses fixed size storage.
(could be beneficial if you have little space on your harddrive)
For nagios there is nagiosgraph, it generates graph for each services define in nagios, you just have to add config for nagiosgraph.
as for cacti, there is plugin called NPC, it is generate new tab on cacti which contains services define in nagios.
I am implementing Nagios for a customer.
The customer has the following request;
We have a PC (PC-1) and a server (Server-1). The PC only has ping monitoring in Nagios, the server has Ping monitoring but also a service check (check if Citrix is up).
We would like PC-1 to go to a warning state when the Citrix service on Server-1 is in a down state. The reason we want that is for reporting purposes.
I am aware of service to service dependancy, but I am wondering if this service to host dependancy would work and how :).
Any help is welcome!
Thanks!
Yes, it can be done. See the docs on dependencies.
You don't explicitly make a service dependent on another host. Rather, you must make it dependent on a service on that host. Since services are also implicitly dependent on their hosts, this results in the behavior you want.
You can use your ping service check for this purpose, which is the only time you'd actually need a check_ping (or check_icmp) service check.
If you read the section on actual host dependencies, you'll see that the parent/child relationship is suggested, instead.
I'm setting up an Apache 2.2 webserver for multiple users (having the "developers" profile).
They need to execute PHP scripts/applications (both home-made and acquired) and run
I tried using *mod_userdir* but the problem is that Apache (thus the scripts) runs under "www-data" (I'm using GNU/Debian OS).
So I looked at suPHP but it doesn't support *php_admin_value* Apache directives.
I also saw apache2-mpm-itk mentioned but it uses virtual hosts, which itself requires DNS.
I think I could see some workaround to that if I was to install a DNS server on the webserver managing a subdomain via delegation (eg. my webserver's FQDN is "testsrv.mycompany.tld" and users's virtual host's FQDN would be "user1.testsrv.mycompany.tld", "user2.testsrv.mycompany.tld"). But it might a bit "too much" no?
You could use virtual hosts along with mod_auth_basic so user1 would have a password protected site at www.user1.example.com.
If by 'php_admin_value' you are refering to the .htaccess files, then yes they are not supported by suPHP but I believe there is a way around that.
Finally, I am setting up my server locally (for testing) so I just updated my /etc/hosts/ file. That might be a good place for you to start.
I've written a web applciation for a client in which authentication/authorization is done by spring security based on the 'internal' database. Now, the client has asked to switch to using their Active Directory instead. I'm a green as can be where LDAP is concerned but looking at the sample code and such it doesn't seem too difficult.
I do have a more general question concerning LDAP. As I gather this is a network protocol for which several implementations are available (among those Active Directory). Now, installing AD on my PC doesn't realy appeal to me (if it is even possible?). However, if all implementations follow the LDAP protocol I would assume that I could simply install Apache Directory on my PC, write the 'code' and then deploy this on a environment with Active Directory and (apart from some config changes) this should work.
Can any one confirm/deny this?
Thanks,
Stijn
It would be lovely if the LDAP standard was implemented the same on all major platforms, but while true in general, there are sufficient differences that you should plan on working against the target LDAP server instance in development.
For Active Directory you could run a Domain Controller in a VM on your workstation (since you cannot install AD on a workstation). You could install ADAM which is a standalone'ish AD like service. But even that is not a 100% match.
Usually the core issues are related to authentication but the generic functionality for querying with filters and so on are the same cross backend server.