Fedora iTOps Tube

Monday, February 6, 2012

How To Monitor Remote Windows Machine Using Nagios on Linux

 

In the previous articles we discussed aboutNagios 3.0 Jumpstart guide and How to monitor remote Linux host using Nagios 3.0. In this article, l'll explain how to monitor remote windows machine and the various service running on the windows server using nagios monitoring server. Following three sections are covered in this article.

I. Overview
II. 4 steps to install nagios on remote windows host

1.    Install NSClient++ on the remote windows server

2.    Modify the NSClient++ Service

3.    Modify the NSC.ini

4.    Start the NSClient++ Service

III. 6 configuration steps on nagios monitoring server

1.    Verify check_nt command and windows-server template

2.    Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg

3.    Modify /usr/local/nagios/etc/objects/windows.cfg

4.    Define windows services that should be monitored.

5.    Enable Password Protection

6.    Verify Configuration and Restart Nagios.

I. Overview

.
Following three steps will happen on a very high level when Nagios (installed on the nagios-server) monitors a service (for e.g. disk space usage) on the remote Windows host.

1.    Nagios will execute check_nt command on nagios-server and request it to monitor disk usage on remote windows host.

2.    The check_nt on the nagios-server will contact the NSClient++ service on remote windows host and request it to execute the USEDDISKSPACE on the remote host.

3.    The results of the USEDDISKSPACE command will be returned back by NSClient++ daemon to the check_nt on nagios-server.


Following flow summarizes the above explanation:

Nagios Server (check_nt) —–> Remote host (NSClient++) —–> USEDDISKSPACE
Nagios Server (check_nt) <—– Remote host (NSClient++) <—– USEDDISKSPACE (returns disk space usage)

II. 4 steps to setup nagios on remote windows host

.

1. Install NSClient++ on the remote windows server

Download NSCP 0.3.1 (NSClient++-Win32-0.3.1.msi) from NSClient++ Project. NSClient++ is an open source windows service that allows performance metrics to be gathered by Nagios for windows services. Go through the following five NSClient++ installation steps to get the installation completed.

(1) NSClient++ Welcome Screen

(2) License Agreement Screen

(3) Select Installation option and location. Use the default option and click next.



(4) Ready to Install Screen.  Click on Install to get it started.

(5) Installation completed Screen.

2. Modify the NSClient++ Service

Go to Control Panel -> Administrative Tools -> Services. Double click on the "NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ service and select the check-box that says "Allow service to interact with desktop" as shown below.

3. Modify the NSC.ini

(1) Modify NSC.ini and uncomment *.dll: Edit the C:¥Program Files¥NSClient++¥NSC.ini file and uncomment everything under [modules] except RemoteConfiguration.dll and CheckWMI.dll

[modules]

;# NSCLIENT++ MODULES

;# A list with DLLs to load at startup.

;  You will need to enable some of these for NSClient++ to work.

; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

; *                                                               *

; * N O T I C E ! ! ! - Y O U   H A V E   T O   E D I T   T H I S *

; *                                                               *

; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

FileLogger.dll

CheckSystem.dll

CheckDisk.dll

NSClientListener.dll

NRPEListener.dll

SysTray.dll

CheckEventLog.dll

CheckHelpers.dll

;CheckWMI.dll

;

; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS!

;RemoteConfiguration.dll

; NSCA Agent is a new beta module use with care!

NSCAAgent.dll

; LUA script module used to write your own "check deamon" (sort of) early beta.

LUAScript.dll

; Script to check external scripts and/or internal aliases, early beta.

CheckExternalScripts.dll

; Check other hosts through NRPE extreme beta and probably a bit dangerous!

NRPEClient.dll


(2) Modify NSC.ini and uncomment allowed_hosts. Edit the C:¥Program Files¥NSClient++¥NSC.ini file and Uncomment allowed_host under settings and add the ip-address of the nagios-server.

;# ALLOWED HOST ADDRESSES

;  This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons.

;  If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password).

;  The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access

allowed_hosts=192.168.1.2/255.255.255.0

Note: allowed_host is located under [Settings], [NSClient] and [NRPE] section. Make sure to change allowed_host under [Settings] for this purpose.

(3) Modify NSC.ini and uncomment port. Edit the C:¥Program Files¥NSClient++¥NSC.ini file and uncomment the port# under [NSClient] section

;# NSCLIENT PORT NUMBER

;  This is the port the NSClientListener.dll will listen to.

port=12489


(4) Modify NSC.ini and specify password. You can also specify a password the nagios server needs to use to remotely access the NSClient++ agent.

[Settings]

;# OBFUSCATED PASSWORD

;  This is the same as the password option but here you can store the password in an obfuscated manner.

;  *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the

;  password. Its just a bit harder to do it at first glance.

;obfuscated_password=Jw0KAUUdXlAAUwASDAAB

;

;# PASSWORD

;  This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly.

password=My2Secure$Password

4. Start the NSClient++ Service

Start the NSClient++ service either from the Control Panel -> Administrative tools -> Services -> Select "NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ and click on start (or) Click on "Start -> All Programs -> NSClient++ -> Start NSClient++ (Win32) . Please note that this will start the NSClient++ as a windows service.

Later if you modify anything in the NSC.ini file, you should restart the "NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ from the windows service.

III. 6 configuration steps on nagios monitoring server

.

1. Verify check_nt command and windows-server template

Verify that the check_nt is enabled under /usr/local/nagios/etc/objects/commands.cfg

# 'check_nt' command definition

define command{

command_name    check_nt

command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$

}


Verify that the windows-server template is enabled under /usr/local/nagios/etc/objects/templates.cfg

# Windows host definition template - This is NOT a real host, just a template!

define host{

name                    windows-server  ; The name of this host template

use                     generic-host    ; Inherit default values from the generic-host template

check_period            24x7            ; By default, Windows servers are monitored round the clock

check_interval          5               ; Actively check the server every 5 minutes

retry_interval          1               ; Schedule host check retries at 1 minute intervals

max_check_attempts      10              ; Check each server 10 times (max)

check_command           check-host-alive        ; Default command to check if servers are "alive"

notification_period     24x7            ; Send notification out at any time - day or night

notification_interval   30              ; Resend notifications every 30 minutes

notification_options    d,r             ; Only send notifications for specific host states

contact_groups          admins          ; Notifications get sent to the admins by default

hostgroups              windows-servers ; Host groups that Windows servers should be a member of

register                0               ; DONT REGISTER THIS - ITS JUST A TEMPLATE

}

2. Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg

# Definitions for monitoring a Windows machine

cfg_file=/usr/local/nagios/etc/objects/windows.cfg

3. Modify /usr/local/nagios/etc/objects/windows.cfg

By default a sample host definition for a windows server is given under windows.cfg, modify this to reflect the appropriate windows server that needs to be monitored through nagios.

# Define a host for the Windows machine we'll be monitoring

# Change the host_name, alias, and address to fit your situation

 

define host{

use             windows-server              ; Inherit default values from a template

host_name   remote-windows-host      ; The name we're giving to this host

alias            Remote Windows Host     ; A longer name associated with the host

address       192.168.1.4                   ; IP address of the remote windows host

}

4. Define windows services that should be monitored.

Following are the default windows services that are already enabled in the sample windows.cfg. Make sure to update the host_name on these services to reflect the host_name defined in the above step.

define service{

use                     generic-service

host_name               remote-windows-host

service_description     NSClient++ Version

check_command           check_nt!CLIENTVERSION

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     Uptime

check_command           check_nt!UPTIME

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     CPU Load

check_command           check_nt!CPULOAD!-l 5,80,90

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     Memory Usage

check_command           check_nt!MEMUSE!-w 80 -c 90

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     C:¥ Drive Space

check_command           check_nt!USEDDISKSPACE!-l c -w 80 -c 90

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     W3SVC

check_command           check_nt!SERVICESTATE!-d SHOWALL -l W3SVC

}

define service{

use                     generic-service

host_name               remote-windows-host

service_description     Explorer

check_command           check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe

}

5. Enable Password Protection

If you specified a password in the NSC.ini file of the NSClient++ configuration file on the Windows machine, you'll need to modify the check_nt command definition to include the password. Modify the /usr/local/nagios/etc/commands.cfg file and add password as shown below.

define command{

command_name   check_nt

command_line   $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s My2Secure$Password -v $ARG1$ $ARG2$

}

6. Verify Configuration and Restart Nagios.

Verify the nagios configuration files as shown below.

[nagios-server]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

 

Total Warnings: 0

Total Errors:   0

 

Things look okay - No serious problems were detected during the pre-flight check


Restart nagios as shown below.

[nagios-server]# /etc/rc.d/init.d/nagios stop

Stopping nagios: .done.

 

[nagios-server]# /etc/rc.d/init.d/nagios start

Starting nagios: done.


Verify the status of the various services running on the remote windows host from the Nagios web UI (http://nagios-server/nagios) as shown below.

 

Howto Install MySQL on Linux

Most of the Linux distro comes with MySQL.  If you want use MySQL, my recommendation is that you download the latest version of MySQL and install it yourself. Later you can upgrade it to the latest version when it becomes available. In this article, I will explain how to install the latest free community edition of MySQL on Linux platform.

1. Download the latest stable relase of MySQL

Download mySQL from mysql.com .  Please download the community edition of MySQL for your appropriate Linux platform. I downloaded the "Red Hat Enterprise Linux 5 RPM (x86)". Make sure to download MySQL Server, Client and "Headers and libraries" from the download page.

  • MySQL-client-community-5.1.25-0.rhel5.i386.rpm
  • MySQL-server-community-5.1.25-0.rhel5.i386.rpm
  • MySQL-devel-community-5.1.25-0.rhel5.i386.rpm

2. Remove the existing default MySQL that came with the Linux distro

Do not perform this on an system where the MySQL database is getting used by some application.

[local-host]# rpm -qa | grep -i mysql
mysql-5.0.22-2.1.0.1
mysqlclient10-3.23.58-4.RHEL4.1

[local-host]# rpm -e mysql --nodeps
warning: /etc/my.cnf saved as /etc/my.cnf.rpmsave
[local-host]# rpm -e mysqlclient10

3. Install the downloaded MySQL package

Install the MySQL Server and Client packages as shown below.

[local-host]# rpm -ivh MySQL-server-community-5.1.25-0.rhel5.i386.rpm MySQL-client-community-5.1.25-0.rhel5.i386.rpm
Preparing...                ########################################### [100%]
1:MySQL-client-community ########################################### [ 50%]
2:MySQL-server-community ########################################### [100%]

This will also display the following output and start the MySQL daemon automatically.

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h medica2 password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.
See the manual for more instructions.
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available at http://www.mysql.com/
Support MySQL by buying support/licenses from http://shop.mysql.com/

Starting MySQL.[  OK  ]
Giving mysqld 2 seconds to start

Install the "Header and Libraries" that are part of the MySQL-devel packages.

[local-host]# rpm -ivh MySQL-devel-community-5.1.25-0.rhel5.i386.rpm
Preparing...                ########################################### [100%]
1:MySQL-devel-community  ########################################### [100%]

Note: When I was compiling PHP with MySQL option from source on the Linux system, it failed with the following error. Installing the MySQL-devel-community package fixed this problem in installing PHP from source.

configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!

4.  Perform post-install security activities on MySQL.

At a bare minimum you should set a password for the root user as shown below:

[local-user]# /usr/bin/mysqladmin -u root password 'My2Secure$Password'

The best option is to run the mysql_secure_installation script that will take care of all the typical security related items on the MySQL as shown below. On a high level this does the following items:

  • Change the root password
  • Remove the anonymous user
  • Disallow root login from remote machines
  • Remove the default sample test database
[local-host]# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!

5.  Verify the MySQL installation:

You can check the MySQL installed version by performing mysql -V as shown below:

[local-host]# mysql -V
mysql  Ver 14.14 Distrib 5.1.25-rc, for redhat-linux-gnu (i686) using readline 5.1

Connect to the MySQL database using the root user and make sure the connection is successfull.

[local-host]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.1.25-rc-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Follows the steps below to stop and start MySQL

[local-host]# service mysql status

MySQL running (12588)                                      [  OK  ]

[local-host]# service mysql stop

Shutting down MySQL.                                       [  OK  ]

[local-host]# service mysql start

Starting MySQL.                                            [  OK  ]

Howto resolve Algorithm negotiation failed issue on SSH

OpenSSH

 
While performing ssh from a local-host to a remote-host that are on different versions of ssh, it is possible that you may get "Algorithm negotiation failed" message.  In this post, I'll explain how to resolve this issue from the ssh client.

 
1. Unable to ssh to remote-host: In this example, when trying to perform ssh from local-host to remote-host, we get the "Algorithm negotiation failed" error message as shown below. Please note that the local-host is running ssh2 client.

[local-host]$ ssh -l jsmith remote-host

warning: Authentication failed.

Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).


[local-host]$ ssh -V

ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu

[local-host]$ ls -l /usr/local/bin/ssh

lrwxrwxrwx  1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2

 
2. Get more debug information about the error message from SSH. Pass -v parameter to the ssh client to view additional debug information, which will help to troubleshoot this problem further as shown below.

[local-host]$ ssh -v -l jsmith remote-host

debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3.

debug: SshConfig/sshconfig.c:637/ssh_config_set_param_verbose: Setting variable 'VerboseMode' to 'FALSE'.

debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 17 params from config file.

debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/home/jsmith/.ssh2/ssh2_config')

debug: Connecting to 192.168.101.107, port 22... (SOCKS not used)

debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)

debug: client supports 2 auth methods: 'publickey,password'

debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 192.168.1.2, local port = 59514

debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 192.168.1.3, remote port = 22

debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...

debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize: Initializing ReadLine...

debug: Remote version: SSH-2.0-OpenSSH_5.0

debug: OpenSSH: Major: 5 Minor: 0 Revision: 0

debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly.

debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for c_to_s_compr: client list: zlib vs. server list : none,zlib@openssh.com

debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com

debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `', lang c to s: `'

debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT received: Algorithm negotiation failed.

debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize: Uninitializing ReadLine...

warning: Authentication failed.

Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).

debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying SshCommon object.

debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.

Based on this debug information message shown in the debug message: "Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com", it is very clear that the client (local-host) is using the zlib compression and the server (remote-host) is not using zlib.

 
3. Resolve the problem by connecting to remote-host SSH without compression. Pass the -o "Compression no" to the ssh client to resolve the problem, as shown below.

[local-host]$ ssh -o "Compression no" -l jsmith remote-host

jsmith@remote-host's password:

Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2

[remote-host]$ ssh -V

OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007

Now that you are connected without any issues after passing the -o "Compression no"parameter to the ssh client, you can notice that the remote-host is using openSSH which is different than the ssh that was running on the local-host, which was the reason for the algorithm negotiation failed issue.