Setting up NRPE daemon: Difference between revisions

From Alpine Linux
No edit summary
m (Use pkg template)
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Source code: http://nagios.org/
Install daemon:
 
  {{Cmd|apk add {{pkg|nrpe}} && rc-update add nrpe default}}
To install, add the edge testing repository, then run:
Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):
  apk add nrpe
server_address=10.14.8.3
Set up config file to bind to local IP, only allow needed hosts to connect (in our case, our redundant Nagios servers).
allowed_hosts=10.14.8.149,10.14.8.150
Add a definition for a check command, for example:
Add a definition for a check command to /etc/nrpe.cfg, for example:
  command[check_routes]=/usr/bin/check_routes.sh
  command[check_routes]=/usr/bin/check_routes.sh
Create the above script, and populate (code below needs a cleanup, but was done more as proof-of-concept):
Create the above script, and populate:
  ##!/bin/ash
  #!/bin/sh
  ##
  #
  ## Script to check whether routes to branches are being received properly
  numroutes_ok=80
 
numroutes_warn=15
  NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1`
  NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1`
  if [[ $NUMROUTES > 80 ]];
  if [ -z "$NUMROUTES" ]; then
then echo "OK: $NUMROUTES routes in routing table" && exit 0;
    echo "WARNING: No routing information received"
  elif [[ $NUMROUTES < 80 ]] && [[ $NUMROUTES > 15 ]];
    exit 1
then echo "WARNING: $NUMROUTES routes in routing table" && exit 1;
  elif [ $NUMROUTES -ge $numroutes_ok ]; then
  elif [[ $NUMROUTES = "" ]];
    echo "OK: $NUMROUTES routes in routing table"
then echo "WARNING: No routing information received" && exit 1;
    exit 0
  else echo "CRITICAL: $NUMROUTES routes in routing table" && exit 2;
  elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
  else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
  fi
  fi
Restart NRPE.
Restart NRPE.
Allow port 5666 through Shorewall (in /etc/shorewall/rules) through to monitoring hosts.
Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in ''/etc/shorewall/rules'') through to monitoring hosts.
On the monitoring host, run the following command to test:
On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:
root#/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes
{{Cmd|/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes}}
You should get output like:
You should get output like:
  OK: 173 routes in routing table
  OK: 173 routes in routing table


If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors.  Most likely error(s) has to do with permissions of what you are trying to execute.  Remember that scripts are executed as nagios user, not root, so keep the "fancy tricks" to a minimum.
If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors.  Most likely error(s) has to do with permissions of what you are trying to execute.
 
<br />
Example of monitoring opennhrp connection: <br />
  #!/bin/sh
# $1 is hostname to check
if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1
fi
# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null
HOSTOUTPUT="`host $1`"  
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`"
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`"
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`"
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"
echo $TUNNELSTATUS
 
[[Category:Monitoring]]
[[Category:Networking]]

Latest revision as of 05:42, 13 August 2023

Install daemon:

apk add nrpe && rc-update add nrpe default

Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):

server_address=10.14.8.3
allowed_hosts=10.14.8.149,10.14.8.150

Add a definition for a check command to /etc/nrpe.cfg, for example:

command[check_routes]=/usr/bin/check_routes.sh

Create the above script, and populate:

#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15

NUMROUTES=`ip route | grep -n  | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
    echo "WARNING: No routing information received"
    exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
    echo "OK: $NUMROUTES routes in routing table"
    exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
fi

Restart NRPE. Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:

/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes

You should get output like:

OK: 173 routes in routing table

If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors. Most likely error(s) has to do with permissions of what you are trying to execute.


Example of monitoring opennhrp connection:

#!/bin/sh 
# $1 is hostname to check

if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1 
fi

# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null 

HOSTOUTPUT="`host $1`" 
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" 
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" 
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" 
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"

echo $TUNNELSTATUS