= Nagios Installation on FreeBSD 8.0 =
Install Nagios and its plugins:
{{{
sudo pkg_add -r nagios nagios-plugins
}}}
Enable Apache and Nagios by adding the following lines to `/etc/rc.conf`, if not already present:
{{{
apache22_enable="YES"
nagios_enable="YES"
}}}
Start Apache:
{{{
sudo /usr/local/etc/rc.d/apache22 start
}}}
Check that you can browse to [http://localhost].
Create `/usr/local/etc/apache22/Includes/nagios.conf` with the following lines:
{{{
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Allow from 196.200.219.0/24
Options ExecCGI
ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/ /usr/local/www/nagios/
}}}
Reload Apache configuration:
{{{
sudo /usr/local/etc/rc.d/apache22 reload
}}}
Check that you can browse to [http://localhost/nagios/] and that it shows "Version 3.0.6".
Copy the Nagios configuration samples:
{{{
bash
cd /usr/local/etc/nagios
for i in *-sample; do
sudo cp $i `basename $i -sample`
done
}}}
Edit `cgi.cfg` and uncomment the following line:
{{{
#default_user_name=guest
}}}
Change the following lines, adding the word ",guest" at the end of each:
{{{
authorized_for_system_information=nagiosadmin,guest
authorized_for_configuration_information=nagiosadmin,guest
authorized_for_all_services=nagiosadmin,guest
authorized_for_all_hosts=nagiosadmin,guest
}}}
Edit `nagios.cfg` and comment out any lines starting with `cfg_file`, including the following if you have them:
{{{
cfg_file=/usr/local/etc/nagios/objects/commands.cfg
cfg_file=/usr/local/etc/nagios/objects/contacts.cfg
cfg_file=/usr/local/etc/nagios/objects/timeperiods.cfg
cfg_file=/usr/local/etc/nagios/objects/templates.cfg
cfg_file=/usr/local/etc/nagios/objects/localhost.cfg
}}}
Add the following line, just below:
{{{
cfg_dir=/usr/local/etc/nagios/objects
}}}
Create `/usr/local/etc/nagios/objects/hosts.cfg` with the following minimal configuration, replacing the XX in pcXX with your own computer's name:
{{{
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
define contact {
contact_name admin
alias Nagios Admin
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
}
define host {
host_name pcXX
alias Workshop PC XX
address pcXX.sse.ws.afnog.org
max_check_attempts 10
contacts admin
}
define command {
command_name check_ping
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 100,20% -c 500,80% -p 5
}
define service {
host_name pcXX
service_description ping
check_command check_ping
max_check_attempts 10
check_interval 5
contacts admin
}
}}}
Start Nagios:
{{{
sudo /usr/local/etc/rc.d/nagios start
}}}
In the Nagios web interface, click on the [http://localhost/nagios/cgi-bin/status.cgi?host=all Service Detail] menu item, and check that you can see your host and service:
[[Image(status-pc01-ping.png)]]
Now add another host and service for your neighbour:
{{{
define host {
host_name pcYY
alias Workshop PC YY
address pcYY.sse.ws.afnog.org
max_check_attempts 10
contacts admin
}
define service {
host_name pcYY
service_description ping
check_command check_ping
max_check_attempts 10
check_interval 5
contacts admin
}
}}}
Tell Nagios to reload its configuration again:
{{{
sudo /usr/local/etc/rc.d/nagios reload
}}}
And check that you can see both hosts and services on the Nagios [http://localhost/nagios/cgi-bin/status.cgi?host=all Service Detail] page:
[[Image(status-pc02-ping.png)]]
Click on the second `ping` service (the one in ''PENDING'' state), then ''Re-schedule the next check of this service'' and ''Commit''. You should see the following error message:
Sorry, but you are not authorized to commit the specified command. Read the section of the documentation that deals with authentication and authorization in the CGIs for more information.
Now we need to add password protection to our Apache configuration, to ensure that only authorized users can submit commands to Nagios. Edit `/usr/local/etc/apache22/Includes/nagios.conf` and add the following section:
{{{
AuthType Basic
AuthName "Nagios"
AuthUserFile /usr/local/etc/apache22/htpasswd
Require valid-user
}}}
And then add the `nagiosadmin` user to `/usr/local/etc/apache22/htpasswd`:
{{{
sudo htpasswd /usr/local/etc/apache22/htpasswd nagiosadmin
}}}
And tell Apache to reload its configuration:
{{{
sudo /usr/local/etc/rc.d/apache22 reload
}}}
Then go to ''Service Detail -> ping -> Re-schedule the next check of this service'' again. This time you should be asked for a user name and password. The user name is `nagiosadmin` and the password is the same one you just entered in the `htpasswd` command. Now click on the '''Commit''' button again, and you should see this message instead:
Your command request was successfully submitted to Nagios for processing. Note: It may take a while before the command is actually processed.
If you click on the '''Done''' link, it will take you back to the ''Service Status'' page. You can right-click and choose '''Reload''' until the '''Last Check Time:''' changes to just a few seconds ago, which means that the command has been processed and the service has been checked again.
Now we're going to add a check for a service that you configured earlier: the recursive DNS resolver on your computer and your neighbour's. First we check that the Nagios DNS plugin command works and the service is up:
{{{
[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H 196.200.223.1 -l www.tiscali.co.uk -T A
DNS OK - 0.462 seconds response time (www.tiscali.co.uk. 300 IN A 212.74.99.30)|time=0.461677s;;;0.000000
[inst@noc ~]$ sudo /etc/rc.d/named stop
Password:
Stopping named.
Waiting for PIDS: 21414.
[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H localhost -l www.tiscali.co.uk -T A
CRITICAL - Plugin timed out while executing system call
[inst@noc ~]$ sudo /etc/rc.d/named start
Starting named.
[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H localhost -l www.tiscali.co.uk -T A
DNS OK - 1.224 seconds response time (www.tiscali.co.uk. 300 IN A 212.74.99.30)|time=1.224043s;;;0.000000
[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H 10.1.2.3 -l www.tiscali.co.uk -T A
CRITICAL - Plugin timed out while executing system call
}}}
Then add the check command and service definitions to `/usr/local/etc/nagios/objects/hosts.cfg`:
{{{
define command {
command_name check_dns
command_line $USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ -T A
}
define service {
host_name pcXX
service_description DNS resolver
check_command check_dns!www.tiscali.co.uk
max_check_attempts 10
check_interval 5
contacts admin
}
}}}
Tell Nagios to reload its configuration again:
{{{
sudo /usr/local/etc/rc.d/nagios reload
}}}
And check that you can see the new DNS service:
[[Image(status-pc01-dns-pending.png)]]
Force it to be checked now by rescheduling the next check, and check that it goes green.
Now we're going to add ping checks for all the PCs in the classroom. To make this easier, we'll write a script to generate the 47 host definitions for us. Create the file `generate-hosts.sh` with the following contents:
{{{
#!/usr/local/bin/bash
for ((i=1; i<=47; i++))
do
hostname=`printf "pc%02d" $i`
cat <