Table des matières

Introduction

This document explain how to configure nagios on FreeBSD

Pre-requires

LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
LoadModule filter_module libexec/apache24/mod_filter.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
LoadModule headers_module libexec/apache24/mod_headers.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
LoadModule dir_module libexec/apache24/mod_dir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule php7_module libexec/apache24/libphp7.so

Nagios installation and first configuration

Nagios permit to supervise devices

Installation of the packages

We will install the main package and some additionnal extensions

pkg install nagios4
pkg install nagios-snmp-plugins
pkg install nagios-snmp-plugins-extras

We receive the following information of the package :

Enable Nagios in /etc/rc.conf with the following line:

   nagios_enable="YES"

 Configuration templates are available in /usr/local/etc/nagios as
 *.cfg-sample files.  Copy them to *.cfg files where required and
 edit to suit your needs.

 If you don't already have a web server running, you will need to
 install and configure one to finish off your Nagios installation.
 When used with Apache, the following should be sufficient to publish
 the web component of Nagios (modify the allow list to suit):

   <Directory /usr/local/www/nagios>
     Require ip 127.0.0.1
     php_flag engine on
     php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
   </Directory>

   <Directory /usr/local/www/nagios/cgi-bin>
     Options ExecCGI
   </Directory>

   ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
   Alias /nagios/ /usr/local/www/nagios/

So we can go to the configuration

Nagios configurations for activation

system activation

sysrc nagios_enable=”YES”

apache24 modification : add the following line in /usr/local/etc/apache24/httpd.conf

<Directory /usr/local/www/nagios>
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all
        AuthName "Nagios Access"
        AuthType Basic
        AuthUserFile /usr/local/etc/nagios/htpasswd.users
        Require valid-user
        #php_flag engine on
        php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
</Directory>

<Directory /usr/local/www/nagios/cgi-bin>
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
</Directory>

Add in the following section the commands :

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
    ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
    Alias /nagios/ /usr/local/www/nagios/
</IfModule>

restart the apache24 service

service apache24 restart

nagios internal configuration

create the sample file 
cd /usr/local/etc/nagios/
cp cgi.cfg-sample cgi.cfg
cp nagios.cfg-sample nagios.cfg
cp resource.cfg-sample resource.cfg
cd /usr/local/etc/nagios/objects/
cp commands.cfg-sample commands.cfg
cp contacts.cfg-sample contacts.cfg
cp localhost.cfg-sample localhost.cfg
cp printer.cfg-sample printer.cfg
cp switch.cfg-sample switch.cfg
cp templates.cfg-sample templates.cfg
cp timeperiods.cfg-sample timeperiods.cfg

check nagios configuration

Check if the nagios configuration is well

nagios -v  /usr/local/etc/nagios/nagios.cfg

create the nagiosadmin password user

Tape the following command to create the .htpasswd file

cd /usr/local/etc/nagios/
htpasswd -c htpasswd.users nagiosadmin

Tape the password. After, you have to change the rights on the htpasswd.users file

chgrp www /usr/local/etc/nagios/htpasswd.users

Optional : use another user name

if you use another user name, replace the name « nagiosadmin » in the following file /usr/local/etc/nagios/cgi.cfg

Start the nagios service

service nagios start

you can know connect you on the webui

http://<address>/nagios

Nagios configuration

Generic parameters

The time period

Adapt the timeperiod as needed. We well use the timeperiod workhours adapted.

vi /usr/local/etc/nagios/objects/timeperiods.cfg
###############################################################################
# TIMEPERIOD DEFINITIONS
###############################################################################
define timeperiod {
    name                    14x7
    timeperiod_name         14x7
    alias                   14 Hours A Day, 7 Days A Week
    sunday                  09:00-23:00
    monday                  09:00-23:00
    tuesday                 09:00-23:00
    wednesday               09:00-23:00
    thursday                09:00-23:00
    friday                  09:00-23:00
    saturday                09:00-23:00
}

define timeperiod {
    name                    24x7
    timeperiod_name         24x7
    alias                   24 Hours A Day, 7 Days A Week
    sunday                  00:00-24:00
    monday                  00:00-24:00
    tuesday                 00:00-24:00
    wednesday               00:00-24:00
    thursday                00:00-24:00
    friday                  00:00-24:00
    saturday                00:00-24:00
}

define timeperiod {
    name                    workhours
    timeperiod_name         workhours
    alias                   Normal Work Hours
    monday                  09:00-17:00
    tuesday                 09:00-17:00
    wednesday               09:00-17:00
    thursday                09:00-17:00
    friday                  09:00-17:00
}

define timeperiod {
    name                    none
    timeperiod_name         none
    alias                   No Time Is A Good Time
}

The contacts

Define here people supposed to receive the notifications

###############################################################################
# CONTACTS
###############################################################################
define contact {

    contact_name            fcostard             ; Short name of user
    use                     generic-contact         ; Inherit default values from generic-contact template (defined above)
    alias                   Fabien Costard            ; Full name of user
    email                   fabien.costard@limis.fr ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}

###############################################################################
# CONTACT GROUPS
###############################################################################
define contactgroup {

    contactgroup_name       admins
    alias                   Nagios Administrators
    members                 fcostard
}

The templates

the template join the contacts, the timeperiod and the notification to apply on a service and on an host

We will let them by default :

###############################################################################
# CONTACT TEMPLATES
###############################################################################
define contact {
    name                            generic-contact         ; The name of this contact template
    service_notification_period     14x7                    ; service notifications can be sent anytime
    host_notification_period        14x7                    ; host notifications can be sent anytime
    service_notification_options    w,u,c,r,f,s             ; send notifications for all service states, flapping events, and scheduled downtime events
    host_notification_options       d,u,r,f,s               ; send notifications for all host states, flapping events, and scheduled downtime events
    service_notification_commands   notify-service-by-email ; send service notifications via email
    host_notification_commands      notify-host-by-email    ; send host notifications via email
    register                        0                       ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL CONTACT, JUST A TEMPLATE!
}

###############################################################################
# HOST TEMPLATES
###############################################################################
define host {
    name                            generic-host            ; The name of this host template
    notifications_enabled           1                       ; Host notifications are enabled
    event_handler_enabled           1                       ; Host event handler is enabled
    flap_detection_enabled          1                       ; Flap detection is enabled
    process_perf_data               1                       ; Process performance data
    retain_status_information       1                       ; Retain status information across program restarts
    retain_nonstatus_information    1                       ; Retain non-status information across program restarts
    notification_period             14x7                    ; Send host notifications at any time
    register                        0                       ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
define host {
    name                            global-server
    use                             generic-host
    check_period                    24x7
    check_interval                  5
    retry_interval                  1
    max_check_attempts              10
    check_command                   check-host-alive
    notification_period             14x7
    notification_interval           240
    notification_options            d,u,r
    contact_groups                  admins
    register                        0     
}

define host {
    name                            global-printer          ; The name of this host template
    use                             generic-host            ; This template inherits other values from the generic-host template
    check_period                    14x7                    ; By default, FreeBSD hosts are checked round the clock
    check_interval                  5                       ; Actively check the host every 5 minutes
    retry_interval                  1                       ; Schedule host check retries at 1 minute intervals
    max_check_attempts              10                      ; Check each FreeBSD host 10 times (max)
    check_command                   check-host-alive        ; Default command to check FreeBSD hosts
    notification_period             workhours               ; FreeBSD admins hate to be woken up, so we only notify during the day
    notification_interval           240                     ; Resend notifications every 2 hours
    notification_options            d,u,r                   ; Only send notifications for specific host states
    contact_groups                  admins                  ; Notifications get sent to the admins by default
    register                        0                       ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}

define host {
    name                            global-switch          ; The name of this host template
    use                             generic-host            ; Inherit default values from the generic-host template
    check_period                    24x7                    ; By default, switches are monitored round the clock
    check_interval                  5                       ; Switches are checked every 5 minutes
    retry_interval                  1                       ; Schedule host check retries at 1 minute intervals
    max_check_attempts              10                      ; Check each switch 10 times (max)
    check_command                   check-host-alive        ; Default command to check if routers are "alive"
    notification_period             14x7                    ; Send notifications at any time
    notification_interval           30                      ; Resend notifications every 30 minutes
    notification_options            d,r                     ; Only send notifications for specific host states
    contact_groups                  admins                  ; Notifications get sent to the admins by default
    register                        0                       ; DON'T REGISTER THIS - ITS JUST A TEMPLATE
}

###############################################################################
# SERVICE TEMPLATES
###############################################################################
define service {
    name                            generic-service         ; The 'name' of this service template
    active_checks_enabled           1                       ; Active service checks are enabled
    passive_checks_enabled          1                       ; Passive service checks are enabled/accepted
    parallelize_check               1                       ; Active service checks should be parallelized (disabling this can lead to major performance problems)
    obsess_over_service             1                       ; We should obsess over this service (if necessary)
    check_freshness                 0                       ; Default is to NOT check service 'freshness'
    notifications_enabled           1                       ; Service notifications are enabled
    event_handler_enabled           1                       ; Service event handler is enabled
    flap_detection_enabled          1                       ; Flap detection is enabled
    process_perf_data               1                       ; Process performance data
    retain_status_information       1                       ; Retain status information across program restarts
    retain_nonstatus_information    1                       ; Retain non-status information across program restarts
    is_volatile                     0                       ; The service is not volatile
    check_period                    workhours                    ; The service can be checked at any time of the day
    max_check_attempts              3                       ; Re-check the service up to 3 times in order to determine its final (hard) state
    check_interval                  10                      ; Check the service every 10 minutes under normal conditions
    retry_interval                  2                       ; Re-check the service every two minutes until a hard state can be determined
    contact_groups                  admins                  ; Notifications get sent out to everyone in the 'admins' group
    notification_options            w,u,c,r                 ; Send notifications about warning, unknown, critical, and recovery events
    notification_interval           240                      ; Re-notify about service problems every hour
    notification_period             14x7                    ; Notifications can be sent out at any time
    register                        0                       ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}

The commands

This part will define commands could be used on services and hosts

################################################################################
# SAMPLE NOTIFICATION COMMANDS
################################################################################
define command {
    command_name    notify-host-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}

define command {
    command_name    notify-service-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}

################################################################################
# SAMPLE HOST CHECK COMMANDS
################################################################################
define command {
    command_name    check-host-alive
    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
}

################################################################################
# SAMPLE SERVICE CHECK COMMANDS
################################################################################
define command {
    command_name    check_local_disk
    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}

define command {
    command_name    check_local_load
    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
}

define command {
    command_name    check_local_procs
    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}

define command {
    command_name    check_local_users
    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
}

define command {
    command_name    check_local_swap
    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
}

define command {
    command_name    check_local_mrtgtraf
    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}

define command {
    command_name    check_ftp
    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_hpjd
    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_snmp_load
    command_line    $USER1$/check_snmp_load -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_snmp_int
    command_line    $USER1$/check_snmp_int.pl -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_http
    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_ssh
    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
}

define command {
    command_name    check_dhcp
    command_line    $USER1$/check_dhcp $ARG1$
}

define command {
    command_name    check_ping_v4
    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 -4
}

define command {
    command_name    check_ping_v6
    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 -6
}

define command {
    command_name    check_pop
    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_imap
    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_smtp
    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
}

define command {
    command_name    check_tcp
    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
}

define command {
    command_name    check_udp
    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
}

define command {
    command_name    check_nt
    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
}

define command {
    command_name    check_nrpe3
    command_line    $USER1$/check_nrpe3 -H $HOSTADDRESS$ $ARG1$
}

################################################################################
# SAMPLE PERFORMANCE DATA COMMANDS
################################################################################
define command {
    command_name    process-host-perfdata
    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/spool/nagios/host-perfdata.out
}

define command {
    command_name    process-service-perfdata
    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/spool/nagios/service-perfdata.out
}

Generic device configurations

The generic devices

In the file /usr/local/etc/nagios/objects/<generic_device>.cfg, adapt the example to your equipments

Hostgroup definition

###############################################################################
# HOST GROUP DEFINITIONS
###############################################################################
define hostgroup {

	hostgroup_name		<host group name>			; The name of the hostgroup
	alias			<long host group name>	; Long name of the group
}

Host definition

###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
define host {
    use                     global-switch                      ; Inherit default values from a template
    host_name               <host name>                     ; The name we're giving to this switch
    alias                   <description>              ; A longer name associated with the switch
    address                 <ip address>                   ; IP address of the switch
    hostgroups              switches                            ; Host groups this switch is associated with
    parents		    <host group name>
    icon_image		    your_image.png			
    vrml_image		    your_image.png			
    statusmap_image	    your_image.png			
    gd2_image 		    your_image.gd2			
}

Service definition

###############################################################################
# SERVICE DEFINITIONS
###############################################################################

### <HOST NAME> ###
define service {
    use                     generic-service                     ; Inherit values from a template
    host_name               <host name>                     ; The name of the host the service is associated with
    service_description     <Description of the service>                              ; The service description
    check_command           <nagios command><arguments>      ; The command used to monitor the service
    check_interval          5                                   ; Check the service every 5 minutes under normal conditions
    retry_interval          1                                   ; Re-check the service every minute until its final/hard state is determined
}

… exemple of services for an host

define service {
    use                     generic-service                     ; Inherit values from a template
    host_name               <host name>                     ; The name of the host the service is associated with
    service_description     A- Ping - v6                              ; The service description
    check_command           check_ping_v6!200.0,20%!600.0,60%      ; The command used to monitor the service
    check_interval          5                                   ; Check the service every 5 minutes under normal conditions
    retry_interval          1                                   ; Re-check the service every minute until its final/hard state is determined
}

define service {
    use                     generic-service                     ; Inherit values from a template
    host_name               <host name>
    service_description     B- Uptime
    check_command           check_snmp!-C <Community> -P 2c -o .1.3.6.1.2.1.1.3.0
}
define service {
    use                     generic-service                     ; Inherit values from a template
    host_name               <host name>
    service_description     C- Port 01 Link Status
    check_command           check_snmp_int!-C <Community> -n gigabitethernet1$
}

Nagios parameters

In the file /usr/local/etc/nagios/nagios.cfg, you have to add the following line

Definitions for monitoring a <generic device description>
cfg_file=/usr/local/etc/nagios/objects/<generic_device>.cfg

After that, restart the service

service nagios restart