Setting up NRPE daemon: Difference between revisions
(added example of opennhrp monitoring) |
m (Use pkg template) |
||
| (6 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
Install daemon: | Install daemon: | ||
apk add nrpe | {{Cmd|apk add {{pkg|nrpe}} && rc-update add nrpe default}} | ||
Set up config file to bind to local IP, only allow needed hosts to connect. | Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg): | ||
server_address=10.14.8.3 | |||
allowed_hosts=10.14.8.149,10.14.8.150 | |||
Add a definition for a check command to /etc/nrpe.cfg, for example: | Add a definition for a check command to /etc/nrpe.cfg, for example: | ||
command[check_routes]=/usr/bin/check_routes.sh | command[check_routes]=/usr/bin/check_routes.sh | ||
Create the above script, and populate: | Create the above script, and populate: | ||
#!/bin/sh | |||
# | # | ||
numroutes_ok=80 | |||
numroutes_warn=15 | |||
NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1` | NUMROUTES=`ip route | grep -n '' | awk -F ':' '{print $1}' | tail -n 1` | ||
if [ | if [ -z "$NUMROUTES" ]; then | ||
echo "WARNING: No routing information received" | |||
elif | exit 1 | ||
elif [ $NUMROUTES -ge $numroutes_ok ]; then | |||
elif | echo "OK: $NUMROUTES routes in routing table" | ||
exit 0 | |||
else echo "CRITICAL: $NUMROUTES routes in routing table" | elif [ $NUMROUTES -ge $numroutes_warn ]; then | ||
echo "WARNING: $NUMROUTES routes in routing table" | |||
exit 1 | |||
else | |||
echo "CRITICAL: $NUMROUTES routes in routing table" | |||
exit 2 | |||
fi | fi | ||
Restart NRPE. | Restart NRPE. | ||
Allow port 5666 through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. | Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in ''/etc/shorewall/rules'') through to monitoring hosts. | ||
On the monitoring host, run the following command to test: | On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor: | ||
{{Cmd|/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes}} | |||
You should get output like: | You should get output like: | ||
OK: 173 routes in routing table | OK: 173 routes in routing table | ||
| Line 27: | Line 38: | ||
<br /> | <br /> | ||
Example of monitoring opennhrp connection: <br /> | Example of monitoring opennhrp connection: <br /> | ||
#!/bin/ | #!/bin/sh | ||
# $1 is hostname to check | # $1 is hostname to check | ||
if [ | if [ -z "$1" ]; then | ||
echo "Hostname must be specified as argument" | |||
exit 1 | |||
fi | fi | ||
# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough | |||
ping -c 1 -w 5 $1 > /dev/null | ping -c 1 -w 5 $1 > /dev/null | ||
HOSTOUTPUT="`host $1`" | HOSTOUTPUT="`host $1`" | ||
# The final awk will grep for a /16 network range | |||
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" | HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" | ||
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" | ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" | ||
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" | NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" | ||
# This assumes that up/down is last entry on line which it was in testing | |||
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`" | TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`" | ||
echo $TUNNELSTATUS | echo $TUNNELSTATUS | ||
[[Category:Monitoring]] | |||
[[Category:Networking]] | |||
Latest revision as of 05:42, 13 August 2023
Install daemon:
apk add nrpe && rc-update add nrpe default
Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):
server_address=10.14.8.3 allowed_hosts=10.14.8.149,10.14.8.150
Add a definition for a check command to /etc/nrpe.cfg, for example:
command[check_routes]=/usr/bin/check_routes.sh
Create the above script, and populate:
#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15
NUMROUTES=`ip route | grep -n | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
echo "WARNING: No routing information received"
exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
echo "OK: $NUMROUTES routes in routing table"
exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
echo "WARNING: $NUMROUTES routes in routing table"
exit 1
else
echo "CRITICAL: $NUMROUTES routes in routing table"
exit 2
fi
Restart NRPE. Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:
/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes
You should get output like:
OK: 173 routes in routing table
If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors. Most likely error(s) has to do with permissions of what you are trying to execute.
Example of monitoring opennhrp connection:
#!/bin/sh
# $1 is hostname to check
if [ -z "$1" ]; then
echo "Hostname must be specified as argument"
exit 1
fi
# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null
HOSTOUTPUT="`host $1`"
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`"
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`"
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`"
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"
echo $TUNNELSTATUS