OpenWrt Forum Archive

Topic: Howto install Nagios on Kamikaze

The content of this topic has been archived on 17 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
gspiliot
2 Sep 2009, 19:31

Hello all,

Once I got my MMC mod working with the latest Kamikaze 8.09(.1) I was hoping to find a way to run Nagios for two reasons:
- The WRT is at the edge of my network thus it has the highest probability to send successfully an e-mail alert even if all the monitored machines are down.
- The latest Kamikaze build is rock stable and I expect the same from most of the available packages.

I have searched through the forum but I finally proceeded by my own. Here are some instructions on how to install, run and maintain a full Nagios installation (thought not all the functions work as expected). It is recommended to attempt this on a machine that has plenty of storage space otherwise you need to create and install a really trimmed down version of Kamikaze.

First we need to install nagios and nagios-plugins with the following command:

opkg install nagios nagios-plugins

This will also install microperl in case you want to create some new plugins based on perl. Unfortunately nagios doesn't come with three very important files:
- /etc/init.d/nagios. Use the following:

#!/bin/sh /etc/rc.common
START=50

BIN=nagios
DEFAULT=/etc/default/$BIN
LOG_D=/var/log/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.lock

start() {
        [ -f $DEFAULT ] && . $DEFAULT
        mkdir -p $LOG_D
        mkdir -p $RUN_D
        $BIN $OPTIONS
}

stop() {
        [ -f $PID_F ] && kill $(cat $PID_F)
}

you also need to create /etc/default/nagios with the following line:

OPTIONS="-d /etc/nagios/nagios.cfg"

This will instruct nagios to start in daemon mode with the specified configuration file.

- check_ping (which segfaults, at least on broadcom-2.4). You can compile check_fping which works ok or use the following equivalent script putting it in /usr/libexec/nagios/check_ping.sh :

#! /bin/ash

S=`ping -W 1 -c 1 -q $1`
RESULT=$?

R=`echo $S | awk '{ printf("%s\t%s\n",$18,$24); }'`

if [ $RESULT -eq 0 ]; then
  echo "PING OK: $R"
  exit 0;
else
  echo "PING NOT OK: $R"
  exit 2;
fi

- check_nrpe (which should have been included in the nagios-plugins or nrpe but it is not). You can get one if you compile the nrpe package and copy check_nrpe from build_dir to /usr/libexec/nagios on WRT.

I have found that the default httpd server installed with luci is very limited, so, in order to run the nagios cgi's I have taken the lightttpd route. This web server is very fast, capable and has very small requirements:

opkg install lighttpd lighttpd-mod-auth lighttpd-mod-cgi

I have opted to use the non-SSL service but you can easily adjust the following configuration file to use SSL. Now you have to modify the /etc/lighttpd.conf file as follows:

server.modules = (
        "mod_auth",
        "mod_cgi"
)
server.network-backend = "write"
server.document-root = "/usr/share"
server.errorlog = "/var/log/lighttpd/error.log"
index-file.names = ( "index.html", "default.html", "index.htm", "default.htm" )
mimetype.assign = (
        ".pdf"   => "application/pdf",
        ".class" => "application/octet-stream",
        ".pac"   => "application/x-ns-proxy-autoconfig",
        ".swf"   => "application/x-shockwave-flash",
        ".wav"   => "audio/x-wav",
        ".gif"   => "image/gif",
        ".jpg"   => "image/jpeg",
        ".jpeg"  => "image/jpeg",
        ".png"   => "image/png",
        ".css"   => "text/css",
        ".html"  => "text/html",
        ".htm"   => "text/html",
        ".js"    => "text/javascript",
        ".txt"   => "text/plain",
        ".dtd"   => "text/xml",
        ".xml"   => "text/xml"
 )
$HTTP["url"] =~ "\.pdf$" {
        server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi" )
server.port = 81
server.pid-file = "/var/run/lighttpd.pid"
server.upload-dirs = ( "/tmp" )
cgi.assign = ( ".pl"  => "/usr/bin/microperl", ".cgi" => "" )
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd.user"
auth.require = (
        "/nagios" => (
                "method"  => "basic",
                "realm"   => "Nagios",
                "require" => "valid-user"
        )
)

Some notes:
- I have selected to use port 81 for nagios (just change "server.port" to any port you like)
- I have enabled authentication in order to be able to supply commands to nagios from the web interface
- The authorized users should be in the file /etc/lighttpd.user in the form: username:password (in plain text, one per line)

Now we need a way for nagios to send emails when something is wrong (alert e-mails). In order to do that install the ssmtp package:

opkg install ssmtp

You should edit the following files to properly configure ssmtp:

-  /etc/ssmtp/revaliases:

root:mail_from@domain.from:smtp.of.your.isp

replace "mail_from@domain.from" with the mail you want all the alerts to appear that they are come FROM. Replace "smtp.of.your.isp" with the MX smarthost of your ISP. This is useful in order to make the email alerts to come from e.g., admin@example.com instead of just "root" (which could be rejected by your ISP).

- /etc/ssmtp/ssmtp.conf: change mailhub to be your ISP smarthost and hostname to be your hostname (fully qualified).

Now test that sending email works with the following command:

printf "%b" "Subject: This is a test\n \n Message body\n" | ssmtp -v your_email@your_domain

Check the output of the above command carefully: if you get a "Message accepted for delivery" result in the smtp dialog then everything should be ok.

Now on to the nagios config. This howto will not cover how to configure your nagios (see http://www.nagios.org for that) but I will pin-point some necessary changes:

- /etc/nagios/cgi.cfg: 

main_config_file=/etc/nagios/nagios.cfg
physical_html_path=/usr/share
url_html_path=/nagios
show_context_help=0
use_authentication=1
authorized_for_system_information=nagiosadmin,admin
authorized_for_configuration_information=nagiosadmin,admin
authorized_for_system_commands=nagiosadmin,admin
authorized_for_all_services=nagiosadmin,guest,admin
authorized_for_all_hosts=nagiosadmin,guest,admin
authorized_for_all_service_commands=nagiosadmin,admin
authorized_for_all_host_commands=nagiosadmin,admin
default_statusmap_layout=5
default_statuswrl_layout=4
ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
refresh_rate=90

Make sure that nagiosadmin or admin or guest (or whatever other user you include here) are defined in the /etc/lighttpd.user file. This way you can have a very granular control of who can do what.

- /etc/nagios/nagios.cfg: Make sure you change the following configuration options in that file as follows:

object_cache_file=/var/objects.cache
resource_file=/etc/nagios/resource.cfg
status_file=/var/status.dat
check_external_commands=1
command_file=/var/run/nagios.cmd
comment_file=/usr/share/comments.dat
downtime_file=/usr/share/downtime.dat
lock_file=/var/run/nagios.lock
temp_file=/var/nagios.tmp
log_archive_path=/var/archives

- /etc/nagios/commands.cfg: Use the following commands for ping and mail:

# 'check_ping' command definition
define command{
        command_name    check_ping
        command_line    $USER1$/check_ping.sh $HOSTADDRESS$
        }

# 'host-notify-by-email' command definition
define command{
        command_name    host-notify-by-email
        command_line    /usr/bin/printf "%b" "From: nagios@your.domain\n To: your_email@your.domain\n Subject: Host $HOSTSTATE$ alert for $HOSTNAME$!\n \n ************************\n Notification Type: $NOTIFICATIONTYPE$\n Host: $HOSTNAME$\n State: $HOSTSTATE$\n Address: $HOSTADDRESS$\n Info: $HOSTOUTPUT$\n \n Date/Time: $LONGDATETIME$\n" | /usr/sbin/sendmail $CONTACTEMAIL$
        }

# 'notify-by-email' command definition
define command{
        command_name    notify-by-email
        command_line    /usr/bin/printf "%b" "From: nagios@your.domain\n To: your_email@your.domain\n Subject: ** $NOTIFICATIONTYPE$ alert - $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **\n \n *************************\n Notification Type: $NOTIFICATIONTYPE$\n \n Service: $SERVICEDESC$\n Host: $HOSTALIAS$\n Address: $HOSTADDRESS$\n State: $SERVICESTATE$\n \n Date/Time: $LONGDATETIME$\n \n Additional Info:\n \n $SERVICEOUTPUT$" | /usr/sbin/sendmail $CONTACTEMAIL$
        }

- /etc/nagios/resource.cfg: Make sure that USER1 is defined as:

$USER1$=/usr/libexec/nagios

Define any other services and hosts as you wish.

Lets make lighttpd and nagios to auto-start and start them:

/etc/init.d/nagios enable
/etc/init.d/lighttpd enable
/etc/init.d/nagios start
/etc/init.d/lighttpd start

Point your browser to http://your.router.ip.address:81 and you should be ok. If not then you should check the syslog messages and enable any diagnostic logs available in both nagios and lighttpd.

I will happily upload check_fping and check_nrpe compiled for broadcom-2.4 if I find how to do it and of course if there are requests from other members.

Good luck,
George.

Post #2
cpr
23 Aug 2011, 09:56

This is year 2011. I had to install lighttpd-mod-alias and add to lighttpd.conf

#http://redmine.lighttpd.net/wiki/1/NagiosRecipe
alias.url = (                                                                  
  "/nagios/cgi-bin" => "/usr/sbin",
  "/nagios" => "/usr/share"           
)

Nagios is working now! *yay*


Edit: But it tells me "localhost is down"! *pruuust*

(Last edited by cpr on 23 Aug 2011, 09:57)

Post #4
cpr
9 Sep 2011, 08:15

Now that I continued with this project I also needed to cross-compile. Not my familar territory, but
http://wiki.openwrt.org/doc/devel/crosscompile
http://wiki.openwrt.org/doc/howto/build
http://wiki.openwrt.org/doc/howto/buildroot.exigence
gave me an almost working compiler. (The step after "make" produces the bin-directory that in to be included in PATH).

On this Debian box I had to install two packages, gcc-multilib and and libssl-dev to make configure und make in a separate directory with the nrpe-sources happy.

Post #5
legendyoo
6 May 2014, 03:20

will you please refresh it?
since I cannot install it on openwrt

The discussion might have continued from here.