====== Introduction ======
This document explain how to configure nagios on FreeBSD
===== Pre-requires =====
* The mysql database was installed and is running
* The apache24 http server was installed and is running.
* The following modules need to be activated
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
LoadModule filter_module libexec/apache24/mod_filter.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
LoadModule headers_module libexec/apache24/mod_headers.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
LoadModule dir_module libexec/apache24/mod_dir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule php7_module libexec/apache24/libphp7.so
====== Nagios installation and first configuration ======
Nagios permit to supervise devices
===== Installation of the packages =====
We will install the main package and some additionnal extensions
pkg install nagios4
pkg install nagios-snmp-plugins
pkg install nagios-snmp-plugins-extras
We receive the following information of the package :
Enable Nagios in /etc/rc.conf with the following line:
nagios_enable="YES"
Configuration templates are available in /usr/local/etc/nagios as
*.cfg-sample files. Copy them to *.cfg files where required and
edit to suit your needs.
If you don't already have a web server running, you will need to
install and configure one to finish off your Nagios installation.
When used with Apache, the following should be sufficient to publish
the web component of Nagios (modify the allow list to suit):
Require ip 127.0.0.1
php_flag engine on
php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
Options ExecCGI
ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/ /usr/local/www/nagios/
So we can go to the configuration
==== Nagios configurations for activation ====
system activation
sysrc nagios_enable=”YES”
apache24 modification : add the following line in /usr/local/etc/apache24/httpd.conf
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/etc/nagios/htpasswd.users
Require valid-user
#php_flag engine on
php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Add in the following section the commands :
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/ /usr/local/www/nagios/
restart the apache24 service
service apache24 restart
==== nagios internal configuration ====
create the sample file
cd /usr/local/etc/nagios/
cp cgi.cfg-sample cgi.cfg
cp nagios.cfg-sample nagios.cfg
cp resource.cfg-sample resource.cfg
cd /usr/local/etc/nagios/objects/
cp commands.cfg-sample commands.cfg
cp contacts.cfg-sample contacts.cfg
cp localhost.cfg-sample localhost.cfg
cp printer.cfg-sample printer.cfg
cp switch.cfg-sample switch.cfg
cp templates.cfg-sample templates.cfg
cp timeperiods.cfg-sample timeperiods.cfg
==== check nagios configuration ====
Check if the nagios configuration is well
nagios -v /usr/local/etc/nagios/nagios.cfg
==== create the nagiosadmin password user ====
Tape the following command to create the .htpasswd file
cd /usr/local/etc/nagios/
htpasswd -c htpasswd.users nagiosadmin
Tape the password.
After, you have to change the rights on the htpasswd.users file
chgrp www /usr/local/etc/nagios/htpasswd.users
==== Optional : use another user name ====
if you use another user name, replace the name « nagiosadmin » in the following file /usr/local/etc/nagios/cgi.cfg
===== Start the nagios service =====
service nagios start
you can know connect you on the webui
http:///nagios
====== Nagios configuration ======
===== Generic parameters =====
==== The time period ====
Adapt the timeperiod as needed. We well use the timeperiod workhours adapted.
vi /usr/local/etc/nagios/objects/timeperiods.cfg
###############################################################################
# TIMEPERIOD DEFINITIONS
###############################################################################
define timeperiod {
name 14x7
timeperiod_name 14x7
alias 14 Hours A Day, 7 Days A Week
sunday 09:00-23:00
monday 09:00-23:00
tuesday 09:00-23:00
wednesday 09:00-23:00
thursday 09:00-23:00
friday 09:00-23:00
saturday 09:00-23:00
}
define timeperiod {
name 24x7
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}
define timeperiod {
name workhours
timeperiod_name workhours
alias Normal Work Hours
monday 09:00-17:00
tuesday 09:00-17:00
wednesday 09:00-17:00
thursday 09:00-17:00
friday 09:00-17:00
}
define timeperiod {
name none
timeperiod_name none
alias No Time Is A Good Time
}
==== The contacts ====
Define here people supposed to receive the notifications
###############################################################################
# CONTACTS
###############################################################################
define contact {
contact_name fcostard ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Fabien Costard ; Full name of user
email fabien.costard@limis.fr ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
###############################################################################
# CONTACT GROUPS
###############################################################################
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members fcostard
}
==== The templates ====
the template join the contacts, the timeperiod and the notification to apply on a service and on an host
We will let them by default :
###############################################################################
# CONTACT TEMPLATES
###############################################################################
define contact {
name generic-contact ; The name of this contact template
service_notification_period 14x7 ; service notifications can be sent anytime
host_notification_period 14x7 ; host notifications can be sent anytime
service_notification_options w,u,c,r,f,s ; send notifications for all service states, flapping events, and scheduled downtime events
host_notification_options d,u,r,f,s ; send notifications for all host states, flapping events, and scheduled downtime events
service_notification_commands notify-service-by-email ; send service notifications via email
host_notification_commands notify-host-by-email ; send host notifications via email
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL CONTACT, JUST A TEMPLATE!
}
###############################################################################
# HOST TEMPLATES
###############################################################################
define host {
name generic-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
notification_period 14x7 ; Send host notifications at any time
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
define host {
name global-server
use generic-host
check_period 24x7
check_interval 5
retry_interval 1
max_check_attempts 10
check_command check-host-alive
notification_period 14x7
notification_interval 240
notification_options d,u,r
contact_groups admins
register 0
}
define host {
name global-printer ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 14x7 ; By default, FreeBSD hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each FreeBSD host 10 times (max)
check_command check-host-alive ; Default command to check FreeBSD hosts
notification_period workhours ; FreeBSD admins hate to be woken up, so we only notify during the day
notification_interval 240 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
define host {
name global-switch ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, switches are monitored round the clock
check_interval 5 ; Switches are checked every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each switch 10 times (max)
check_command check-host-alive ; Default command to check if routers are "alive"
notification_period 14x7 ; Send notifications at any time
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DON'T REGISTER THIS - ITS JUST A TEMPLATE
}
###############################################################################
# SERVICE TEMPLATES
###############################################################################
define service {
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period workhours ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 240 ; Re-notify about service problems every hour
notification_period 14x7 ; Notifications can be sent out at any time
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
==== The commands ====
This part will define commands could be used on services and hosts
################################################################################
# SAMPLE NOTIFICATION COMMANDS
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
# SAMPLE HOST CHECK COMMANDS
################################################################################
define command {
command_name check-host-alive
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
}
################################################################################
# SAMPLE SERVICE CHECK COMMANDS
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
define command {
command_name check_ftp
command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_hpjd
command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_snmp_load
command_line $USER1$/check_snmp_load -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_snmp_int
command_line $USER1$/check_snmp_int.pl -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_http
command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_ssh
command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
}
define command {
command_name check_dhcp
command_line $USER1$/check_dhcp $ARG1$
}
define command {
command_name check_ping_v4
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 -4
}
define command {
command_name check_ping_v6
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 -6
}
define command {
command_name check_pop
command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_imap
command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_smtp
command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
}
define command {
command_name check_tcp
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
}
define command {
command_name check_udp
command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
}
define command {
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
}
define command {
command_name check_nrpe3
command_line $USER1$/check_nrpe3 -H $HOSTADDRESS$ $ARG1$
}
################################################################################
# SAMPLE PERFORMANCE DATA COMMANDS
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/spool/nagios/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/spool/nagios/service-perfdata.out
}
===== Generic device configurations =====
==== The generic devices ====
In the file /usr/local/etc/nagios/objects/.cfg, adapt the example to your equipments
=== Hostgroup definition ===
###############################################################################
# HOST GROUP DEFINITIONS
###############################################################################
define hostgroup {
hostgroup_name ; The name of the hostgroup
alias ; Long name of the group
}
=== Host definition ===
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
define host {
use global-switch ; Inherit default values from a template
host_name ; The name we're giving to this switch
alias ; A longer name associated with the switch
address ; IP address of the switch
hostgroups switches ; Host groups this switch is associated with
parents
icon_image your_image.png
vrml_image your_image.png
statusmap_image your_image.png
gd2_image your_image.gd2
}
=== Service definition ===
###############################################################################
# SERVICE DEFINITIONS
###############################################################################
### ###
define service {
use generic-service ; Inherit values from a template
host_name ; The name of the host the service is associated with
service_description ; The service description
check_command ; The command used to monitor the service
check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
...
exemple of services for an host
define service {
use generic-service ; Inherit values from a template
host_name ; The name of the host the service is associated with
service_description A- Ping - v6 ; The service description
check_command check_ping_v6!200.0,20%!600.0,60% ; The command used to monitor the service
check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
define service {
use generic-service ; Inherit values from a template
host_name
service_description B- Uptime
check_command check_snmp!-C -P 2c -o .1.3.6.1.2.1.1.3.0
}
define service {
use generic-service ; Inherit values from a template
host_name
service_description C- Port 01 Link Status
check_command check_snmp_int!-C -n gigabitethernet1$
}
==== Nagios parameters ====
In the file /usr/local/etc/nagios/nagios.cfg, you have to add the following line
Definitions for monitoring a
cfg_file=/usr/local/etc/nagios/objects/.cfg
After that, restart the service
service nagios restart