Installing NRPE: Difference between revisions
(Created page with 'To install and configure NRPE on a FreeBSD server I first install the NRPE port: <pre> sudo portmaster /usr/ports/net-mgmt/nrpe2 </pre> I always use SSL for NRPE even on LAN, so…') |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
To install and configure NRPE on a FreeBSD server I first install the NRPE port: | [[category:nagios]] | ||
== Nagios configuration == | |||
To configure Nagios to use NRPE to gather information from remote hosts, first a command definition is needed in <code>/usr/local/etc/nagios/objects/commands.cfg</code>: | |||
<pre> | |||
# 'check_nrpe2' command definition /tyk | |||
define command{ | |||
command_name check_nrpe2 | |||
command_line $USER1$/check_nrpe2 -H $HOSTADDRESS$ -c $ARG1$ | |||
} | |||
</pre> | |||
== NRPE installation == | |||
To install and configure NRPE on a FreeBSD server to monitor it with Nagios, I first install the NRPE port: | |||
<pre> | <pre> | ||
sudo portmaster /usr/ports/net-mgmt/nrpe2 | sudo portmaster /usr/ports/net-mgmt/nrpe2 | ||
</pre> | </pre> | ||
I always use SSL for NRPE even on LAN, so I check the SSL option and continue. If I am installing NRPE in a jail I remember to check "Compilation within jail(8)" in the options for /usr/ports/net-mgmt/nagios-plugins which will be installed as a dependency of /usr/ports/net-mgmt/nrpe2. | I always use SSL for NRPE even on LAN, so I check the SSL option and continue. If I am installing NRPE in a jail I remember to check "Compilation within jail(8)" in the options for <code>/usr/ports/net-mgmt/nagios-plugins</code> which will be installed as a dependency of <code>/usr/ports/net-mgmt/nrpe2</code>. | ||
== NRPE Configuration == | |||
After the installation is complete I copy the sample config and edit it: | After the installation is complete I copy the sample config and edit it: | ||
<pre> | <pre> | ||
Line 25: | Line 38: | ||
or something like that. I normally have screen running with at least 4-5 tabs open and I don't want Nagios to throw a warning whenever I log on to the machine :) | or something like that. I normally have screen running with at least 4-5 tabs open and I don't want Nagios to throw a warning whenever I log on to the machine :) | ||
I also like monitor the installed ports on a FreeBSD server for security vulnerabilities, there is a [[ | If I am installing NRPE in a jail with only a root partition there is no reason to monitor <code>/usr</code> <code>/var</code> and <code>/tmp</code> as well - so in a jail I delete the following lines from <code>/usr/local/etc/nrpe.cfg</code>: | ||
<pre> | |||
command[check_var]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var | |||
command[check_tmp]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /tmp | |||
command[check_usr]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /usr | |||
</pre> | |||
I also like monitor the installed ports on a FreeBSD server for security vulnerabilities, there is a [[Check_ports_-_NRPE_portaudit_check|seperate article]] on how to enable that. There is a bunch of other things that NRPE can do aside from the default things in the sample config that the port installs - the ones I have documented are all in the [[:category:Nagios|Nagios category]]. | |||
I then enable NRPE in rc.conf: | I then enable NRPE in rc.conf: |
Latest revision as of 21:28, 17 January 2010
Nagios configuration
To configure Nagios to use NRPE to gather information from remote hosts, first a command definition is needed in /usr/local/etc/nagios/objects/commands.cfg
:
# 'check_nrpe2' command definition /tyk define command{ command_name check_nrpe2 command_line $USER1$/check_nrpe2 -H $HOSTADDRESS$ -c $ARG1$ }
NRPE installation
To install and configure NRPE on a FreeBSD server to monitor it with Nagios, I first install the NRPE port:
sudo portmaster /usr/ports/net-mgmt/nrpe2
I always use SSL for NRPE even on LAN, so I check the SSL option and continue. If I am installing NRPE in a jail I remember to check "Compilation within jail(8)" in the options for /usr/ports/net-mgmt/nagios-plugins
which will be installed as a dependency of /usr/ports/net-mgmt/nrpe2
.
NRPE Configuration
After the installation is complete I copy the sample config and edit it:
sudo cp /usr/local/etc/nrpe.cfg-sample /usr/local/etc/nrpe.cfg sudo ee /usr/local/etc/nrpe.cfg
The only options I change are allowed_hosts and I also change the line:
command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
into:
command[check_users]=/usr/local/libexec/nagios/check_users -w 10 -c 20
or something like that. I normally have screen running with at least 4-5 tabs open and I don't want Nagios to throw a warning whenever I log on to the machine :)
If I am installing NRPE in a jail with only a root partition there is no reason to monitor /usr
/var
and /tmp
as well - so in a jail I delete the following lines from /usr/local/etc/nrpe.cfg
:
command[check_var]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var command[check_tmp]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /tmp command[check_usr]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /usr
I also like monitor the installed ports on a FreeBSD server for security vulnerabilities, there is a seperate article on how to enable that. There is a bunch of other things that NRPE can do aside from the default things in the sample config that the port installs - the ones I have documented are all in the Nagios category.
I then enable NRPE in rc.conf:
sudo ee /etc/rc.conf nrpe2_enable="YES"
..and start NRPE:
sudo /usr/local/etc/rc.d/nrpe2 start
If I need to open up a firewall to allow the Nagios server to reach NRPE on this server, I allow incoming traffic to TCP port 5666 from the Nagios server to reach the machine running NRPE.
I then go add the machine to the Nagios server configs with the relevant hostgroups and/or services, restart Nagios, and go check the web interface and wait to see if everything is green, and if not, I probably need to adjust anything else in nrpe.cfg on the machine being monitored (or maybe there is actually a problem I need to go fix).