Setting up NRPE daemon: Difference between revisions

From Alpine Linux
m (clarified a few parts)
(Category:Networking)
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Install daemon:
Install daemon:
  apk add nrpe && rc-update add nrpe default
  {{Cmd|apk add nrpe && rc-update add nrpe default}}
Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):
Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):
  server_address=10.14.8.3
  server_address=10.14.8.3
Line 7: Line 7:
  command[check_routes]=/usr/bin/check_routes.sh
  command[check_routes]=/usr/bin/check_routes.sh
Create the above script, and populate:
Create the above script, and populate:
  ##!/bin/bash
  #!/bin/sh
  ##
  #
numroutes_ok=80
numroutes_warn=15
  NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1`
  NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1`
  if [[ $NUMROUTES > 80 ]];
  if [ -z "$NUMROUTES" ]; then
then echo "OK: $NUMROUTES routes in routing table" && exit 0;
    echo "WARNING: No routing information received"
  elif [[ $NUMROUTES < 80 ]] && [[ $NUMROUTES > 15 ]];
    exit 1
then echo "WARNING: $NUMROUTES routes in routing table" && exit 1;
  elif [ $NUMROUTES -ge $numroutes_ok ]; then
  elif [[ $NUMROUTES = "" ]];
    echo "OK: $NUMROUTES routes in routing table"
then echo "WARNING: No routing information received" && exit 1;
    exit 0
  else echo "CRITICAL: $NUMROUTES routes in routing table" && exit 2;
  elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
  else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
  fi
  fi
Restart NRPE.
Restart NRPE.
Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts.
Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in ''/etc/shorewall/rules'') through to monitoring hosts.
On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:
On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:
/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes
{{Cmd|/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes}}
You should get output like:
You should get output like:
  OK: 173 routes in routing table
  OK: 173 routes in routing table
Line 29: Line 38:
<br />
<br />
Example of monitoring opennhrp connection: <br />
Example of monitoring opennhrp connection: <br />
  #!/bin/bash
  #!/bin/sh
  # $1 is hostname to check
  # $1 is hostname to check
   
   
  if [[ `echo $1` == "" ]];  
  if [ -z "$1" ]; then
then echo "Hostname must be specified as argument" && exit 1;
    echo "Hostname must be specified as argument"
    exit 1  
  fi
  fi
   
   
# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
  ping -c 1 -w 5 $1 > /dev/null  
  ping -c 1 -w 5 $1 > /dev/null  
   
   
  HOSTOUTPUT="`host $1`"  
  HOSTOUTPUT="`host $1`"  
# The final awk will grep for a /16 network range
  HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`"  
  HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`"  
  ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`"  
  ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`"  
  NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`"  
  NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`"  
# This assumes that up/down is last entry on line which it was in testing
  TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"
  TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"
   
   
  echo $TUNNELSTATUS
  echo $TUNNELSTATUS
[[Category:Monitoring]]
[[Category:Networking]]

Revision as of 19:51, 23 March 2012

Install daemon:

apk add nrpe && rc-update add nrpe default

Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):

server_address=10.14.8.3
allowed_hosts=10.14.8.149,10.14.8.150

Add a definition for a check command to /etc/nrpe.cfg, for example:

command[check_routes]=/usr/bin/check_routes.sh

Create the above script, and populate:

#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15

NUMROUTES=`ip route | grep -n  | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
    echo "WARNING: No routing information received"
    exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
    echo "OK: $NUMROUTES routes in routing table"
    exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
fi

Restart NRPE. Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:

/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes

You should get output like:

OK: 173 routes in routing table

If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors. Most likely error(s) has to do with permissions of what you are trying to execute.


Example of monitoring opennhrp connection:

#!/bin/sh 
# $1 is hostname to check

if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1 
fi

# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null 

HOSTOUTPUT="`host $1`" 
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" 
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" 
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" 
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"

echo $TUNNELSTATUS