The Monitoring Setup Part 2: Setting Up Remote Sensors/Satellites in Centreon

E

ehansen

Guest
Introduction

In my last article, The Monitoring Setup Part 1: Installing Centreon, Nagios & NDOUtils, we installed Centreon, Nagios & NDOUtils on a server to monitor and trend local events. However, its very rare to have just one device on the network. That is why this article will cover installing Nagios on a remote system and having Centreon monitor it.

The only major difference is that we won't be installing Centreon, or any of it's services, onto the remote system. Though, another helpful part is that we won't be installing NDO2DB as well, which means we don't need all the additional services. So if you want to just monitor a database server, you won't need to install Apache, PHP, etc... as well.

What You Need To Know (Have)

This guide assumes you followed part 1 (linked above). You will also need to have SSH instead on both the Centreon (client) server and the remote server (daemon/server). While we're not concerned with the IP of the central/Centreon server, you need the IP of the remote machine. This tutorial assumes the IP is 10.1.5.4. If it is something else, replace "10.1.5.4" with the actual IP.

What You Will Learn (Have)

The ability to monitor remote systems. Keep in mind that while this guide only focuses on Linux servers, you can also monitor network devices such as switches, routers, firewalls, Windows servers, etc...

Installing Nagios On Remote System

This process is the same as in part 1:

First, we need to download the tarball:


Code:
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.4.1.tar.gz

We switch to the /usr/local/src directory just to make future jobs easier if we need to recompile or something. Trust me, this can happen.

Next, we need to untar and go into the new directory:


Code:
tar -zxf nagios-3.4.1.tar.gz
cd nagios-3.4.1

Now we need to create the Nagios user on the system (this can be done at any point before compiling Nagios, I just do it now because):


Code:
useradd -m nagios
passwd nagios
groupadd nagcmd
usermod -a -G nagcmd www-data

Why do we create a password for user "nagios" when it's generally advised to lock it down? Centreon requires being able to execute commands as user nagios in order to restart the service, edit configuration files, etc... We don't want to run into any permissions issues with our web server (since Centreon is run by the web server user, right?), so we need to grant the web server access to nagios files by group as well.

Here's the compiling of Nagios. Before running the make commands, make sure that the output of ./configure is correct. Also, if you change your "--prefix=", troubleshooting might be a bit on the painful side:


Code:
./configure --prefix=/usr/local/nagios --with-command-group=nagcmd --enable-nanosleep --enable-event-broker
make all
make install
make install-init
make install-commandmode
make install-config

This installs the Nagios information into /usr/local/nagios with event broker enabled (so we can use NDOUtils to store data collection into MySQL). install-init creates the init.d script, install-commandmode configures the nagios.cmd file for proper use so using 'external command' in Centreon doesn't cause issues. If you're curious on the nanosleep switch, it's basically saying use Nagios' version of sleep to reduce any conflicts.

At this point, Nagios should be installed, so we must now install NDOUtils.

Installing NDOUtils

While we will still be installing NDOUtils, we only want the broker module this time (ndomod.o), not ndo2db. This also means we don't have to worry about installing another service as well.


Code:
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/ndoutils-1.4b9.tar.gz
tar -zxf ndoutils-1.4b9.tar.gz
cd ndoutils-1.4b9

There is a 1.5 branch out there, but I haven't tested this with it yet.

After this, we need to compile NDOUtils:


Code:
./configure --prefix=/usr/local/nagios/ --disable-mysql --disable-pgsql
make

There is no "make install" so we have to manually do some installation ourselves:


Code:
cp ./src/ndomod-3x.o /usr/local/nagios/bin/ndomod.o
cp ./config/ndomod.cfg-sample /usr/local/nagios/etc/ndomod.cfg
chmod 774 /usr/local/nagios/bin/ndo*
chown nagios:nagios /usr/local/nagios/bin/ndo*

I've ran into issues with this at times (you may not though), so to ensure the configuration files can be read & wrote to by Centreon:

Code:
chown nagios:nagios /usr/local/nagios/etc/ndo*

Installing SSH Keys

At this point the steps won't be similar to the first part.

In order for Centreon to send updated config files to Nagios it uses SSH (scp, more specifically). It also uses SSH to send restart commands and the like as well. In order to keep the connection secure, however, Centreon needs SSH authentication/keys. So what we are going to do, to make this easier in the end, is generate keys as the nagios user:

Code:
su - nagios
Then we will generate the SSH key:

Code:
ssh-keygen

This will prompt you where to save the key files, and a passphrase to use. If you're only going to monitor one remote server this shouldn't be an issue to use defaults for the file. If you plan on monitoring more than one remote server, I'd suggest a specific naming scheme. I've decided, for my systems, to go by /home/nagios/.ssh/nagios_<ip of machine>, since IPs are typically unique.

Once this is done, we're going to do something to make this easier on you (i.e.: to support scalability). Create a .ssh/config file:

Code:
vi ~/.ssh/config
Inside there, add these lines:


Code:
Host <Server Alias>
    IdentityFile /home/nagios/.ssh/nagios_<ip>
 
Host <IP address>
    IdentityFile /home/nagios/.ssh/nagios_<ip>

We create two Host entries in our SSH config to ensure that Centreon connects using the appropriate IdentityFile. Sometimes the CentCore service, which pushes out updates and such, will try to connect via IP, other times it'll try by the alias.

For those who aren't familiar with the config file and such, it's basically a lookup file for SSH when you issue a request to connect to a remote server, with the additional benefit of aliasing. So, for example if you just want to type "ssh home", and have it connect to machine remote.example.com on port 42, you can have this in your config file:


Code:
Host home
    HostName remote.example.com
    IdentityFile /home/nagios/.ssh/remote_key
    Port 42

The IdentityFile specifies an SSH key (absolute path, not relative) to use to authenticate. Please note though that you don't specify the public key (nagios_<ip>.pub), but the private key (nagios_<ip>).

One last thing: we need to create a password for the remote Nagios user. So on the remote server, as root (or as the nagios user if your system lets you), change its password:

passwd nagios (if you're root)
passwd (if you're nagios)
This will only be for copying over the SSH key, using this command:

Code:
ssh-copy-id -i /home/nagios/.ssh/nagios_<ip>.pub nagios@<ip>

So, lets say the IP of the remote server is 10.1.5.4, the command would look like this:

Code:
ssh-copy-id -i /home/nagios/.ssh/nagios_10.1.5.4.pub [email protected]

You'll get prompted for the key's passphrase (if you entered one, which I suggest you have done). After this, you'll get asked to try and log in (ssh [email protected]) and you should not be prompted for a password anymore. If you still are, the most common cause I've run into is that permissions are not set up properly.

Installing Nagios Plugins

Notice how we didn't install the Nagios Plugins package this time? That's because we're gonna save ourselves the time of compiling and installing. What we're gonna do is copy them over the network:

scp /usr/local/nagios/libexec/* nagios@<ip>:/usr/local/nagios/libexec/
This shaves off about 10 minutes of waiting, so enjoy the break. We're almost finished! Now we just need to finish up the Centreon part.

Configuration Centreon For Nagios

Once you're logged into to Centreon, you need to go to the following menu:

Configuration -> Centreon -> Pollers -> Add (right above the list)

Poller Name - The unique name you want to give the satellite
IP Address: The IP of the remote server
Localhost: Only set to "yes" if the poller is on the same machine as Centreon
Default poller: Is the poller the main poller of the system? (typically I set this to "no")
SSH port: only change if the remote SSH server is listening on a non-standard port
Engine: Centreon does support Nagios, Shrinken & Icinga, with the latter 2 based off of Nagios
Next 4 fields: Paths on the remote server where the scripts & binaries are located
Centreon Broker is left alone as we are using NDOUtils instead
Status: Always be "enabled"

Next we want to create a nagios.cfg file for the new server, so we go to:

Configuration -> Nagios -> nagios.cfg -> Add
centreonnagioscfgcreate.png

Configuration Name: Unique name (used only for Centreon purposes)
Linked Nagios Server: Choose the poller you just created
Everything else should be fine by default.

Create the Nagios Host

To not show any ACLs I have set up, I won't be taking a screenshot of this, but it's pretty straightforward. To add a host:

Configuration -> Hosts -> Add

Host Name: A unique name in Nagios to reference the server
Alias: A more user-friendly version given to the host (i.e.: description)
IP Address: The IP (or FQDN) of the host. I personally always use the IP
Host Templates: It's typically safe to chosoe "generic-host", but you can also do "Servers-Linux" if you wish. The point of this is for the next option
Create Services...: If you don't have a service (or host) assigned to a Nagios instance (nagios.cfg), then you can't test Nagios. This auto-creates some services for the host
The rest are pretty much fine by default, or you can fine-tune some of the options as well.

Testing Nagios Connectivity

Here we are going to test Centreon's connection to the remote Nagios server.

Configuration -> Nagios -> Generate

Nagios Server: choose the poller we created for the new server
Under "Actions", make sure the first two checkboxes are the only ones checked (as shown in screenshot) first. This will create the necessary configuration files

Click on "Export", and if all goes well then you should see this under the "Console" section that pops up:

Preparing environment...OK
Generating files... OK
If you see that, then check the bottom two boxes as well ("Move Export Files" & "Restart Nagios"), and you should see that it Centreon has successfully sent the new cfg files over to the remote Nagios server and started the service. To test that Nagios is running at any time, just go back to:

Configuration -> Centreon -> Pollers

It will tell you if Nagios is running, it's pid (process ID), what version of Nagios and some other miscellaneous information.

Conclusion

Centreon and Nagios can be a very robust system for monitoring and trend watching. I'm going to continue this series next time with how to set up ACL, as it is not exactly straight forward.

About the Author

Eric Hansen is the owner and a security consultant for Security For Us. He has been involved with Linux for a little over a decade and has dabbed in a little bit of everything that comes with the operating system. With a background in various programming languages and a strong desire to learn more, he constantly stays active in providing code, patches and new programs or scripts to aide in the administration of Linux servers.

Interesting Links

Nagios & NDOUtils - http://www.nagios.org
Centreon - http://www.centreon.com
Security For Us - https://www.securityfor.us
 

Members online


Latest posts

Top