Monitoring service status
-
No problem! I hope it'll do the trick for you :)
-
i've done all the configurations on pfsense side
now i'm on my Nagios Server and i don't know how to add this checks on my status monitor
here's my 'pfsense22.cg" file
# A simple configuration file for monitoring the local host # This can serve as an example for configuring other servers; # Custom services specific to this host are added here, but services # defined in nagios2-common_services.cfg may also apply. # define host{ use generic-host ; Name of host template to use host_name pfsense22 alias virtualprana address 10.0.0.22 } # Define a service to check the disk space of the root partition # on the local machine. Warning if < 20% free, critical if # < 10% free space on partition. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Disk Space check_command check_all_disks!20%!10% } # Define a service to check the number of currently logged in # users on the local machine. Warning if > 20 users, critical # if > 50 users. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Current Users check_command check_users!20!50 } # Define a service to check the number of currently running procs # on the local machine. Warning if > 250 processes, critical if # > 400 processes. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Total Processes check_command check_procs!250!400 } # Define a service to check the load on the local machine. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Current Load check_command check_load!5.0!4.0!3.0!10.0!6.0!4.0 } define service{ use generic-service host_name pfsense22 service_description Current Load check_command check_nrpe } # Define a service to check squid status -
You can add the following to your file according you have setup a command named "check_squid_svc" in the NRPE package.
define service {
use generic-service
host_name pfsense22
service_description Squid service
check_command check_nrpe!check_squid_svc
} -
thanks!
it shows me an UNKNOWN state
details:
Current Status: UNKNOWN (for 0d 0h 25m 45s) Status Information: (No output returned from plugin) NRPE Plugin for Nagios Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required \nUsage: check_nrpe -H <host>[ -b <bindaddr>] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command></command>] [-a <arglist...>] \nOptions: -h = Print this short help. -l = Print licensing information. -n = Do no use SSL -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL <host>= The address of the host running the NRPE daemon <bindaddr>= bind to local address -4 = user ipv4 only -6 = user ipv6 only [port] = The port on which the daemon is running (default=5666) [timeout] = Number of seconds before connection times out (default=10) [command] = The name of the command that the remote daemon should run [arglist] = Optional arguments that should be passed to the command. Multiple arguments should be separated by a space. If provided, this must be the last option supplied on the command line. \nNote: This plugin requires that you have the NRPE daemon running on the remote host. You must also have configured the daemon to associate a specific plugin command with the [command] option you are specifying here. Upon receipt of the [command] argument, the NRPE daemon will run the appropriate plugin command and send the plugin output and return code back to *this* plugin. This allows you to execute plugins on remote hosts and 'fake' the results to make Nagios think the plugin is being run locally. \n Performance Data: Current Attempt: 4/4 (HARD state) Last Check Time: 2015-06-18 12:50:08 Check Type: ACTIVE Check Latency / Duration: 0.085 / 0.005 seconds Next Scheduled Check: 2015-06-18 12:55:08 Last State Change: 2015-06-18 12:27:08 Last Notification: 2015-06-18 12:30:13 (notification 1) Is This Service Flapping? NO (5.72% state change) In Scheduled Downtime? NO Last Update: 2015-06-18 12:52:53 ( 0d 0h 0m 0s ago) Active Checks: ENABLED Passive Checks: ENABLED Obsessing: ENABLED Notifications: ENABLED Event Handler: ENABLED Flap Detection: ENABLED</bindaddr></host></arglist...></timeout></port></bindaddr></host> -
NOW IS WORKING
TY V M
I'll nat some ports from some clients now.
Thanks for all, again
-
Ok glad it works for you :)
-
Hi,
I'm trying to use your script on my pfsense 2.2.6.
In shell, it's working.
in nrpe, my remote server give me : Could not read output.
Another check on the pfsense using nrpe (check_load, …) are working as fine.Any suggestions to fix this issue ?
Thanks,
Yannick -
No sorry I've had the same problem when I have upgraded my pfSense and I haven't found a way to resolve this issue. :(
-
a short test with a bash script works as fine.
so it seems that the nagios account use by nrpe don't have rights to execute the php interpreter (/usr/local/bin/php). -
I agree it seems to be a security constraint somewhere but I don't know Freebsd and I haven't found why…
If you try to launch
su -m nagios -c "/usr/pbi/nrpe-amd64/libexec/nagios/check_pfsvc squid"
it will work.But if you launch it throught the nrpe daemon it won't work.
If edit the file to write dumb content (echo 'ok'; exit(0);) it will work.From my tests it's the call to '/usr/local/sbin/pfSsh.php' that is blocked.
I've tried to launch /usr/local/sbin/pfSsh.php via a shell script configured as a nrpe command and it returns the error code 127 (http://tldp.org/LDP/abs/html/exitcodes.html ?).
I don't know how to debug further...
-
Yes, I have rewrite the script in shell and I have an error about "/usr/local/sbin/pfSsh.php not found".
so the user nagios has no sufficent right to invoke this command. -
If you call your script
sudo -m nagios -c "/path/to/your/script"
I think it will work so it's more like if the nrpe service has not access to this file (may be it is jailed or there something else). -
I think nagios account is jailed.