Installation NSCA

Quelques fichiers mal linkés

sudo apt-get install libbind-dev
sudo ln -s /usr/include/linux/config.h /usr/include/sys/
sudo ln -s /usr/include/dns/db.h /usr/include/

Compilation

tar -xzf nsca-2.7.2.tar.gz
pushd nsca-2.7.2/
./configure
make

copier les exécutables pour finir l’installation

sudo cp src/nsca /usr/local/bin/

Le script de démarrage fourni fonctionnant, nous avons utilisé le code ci-dessous qui est un dérivé du script nrpe comme script de démarrage

#!/bin/sh
# Start/stop the nsca daemon.
#
# Contributed by Andrew Ryder 06-22-02
# Slight mods by Ethan Galstad 07-09-02

NscaBin=/usr/local/nagios/bin/nsca
NscaCfg=/usr/local/nagios/etc/nsca.cfg

test -f $NscaBin || exit 0

case "$1" in
start)  echo -n "Starting nagios service check acceptator daemon: nsca"
        start-stop-daemon --start --quiet --exec $NscaBin -- -c $NscaCfg --daemon
        echo "."
        ;;
stop)   echo -n "Stopping nagios service check acceptator daemon: nsca"
        start-stop-daemon --stop --quiet --exec $NscaBin
        echo "."
        ;;
restart) echo -n "Restarting nagios service check acceptator daemon: nsca"
        start-stop-daemon --stop --quiet --exec $NscaBin
        start-stop-daemon --start --quiet --exec $NscaBin -- -c $NscaCfg --daemon
        echo "."
        ;;
reload|force-reload) echo -n "Reloading configuration files for nagios service check acceptator daemon: nsca"
        # nsca reloads automatically
        echo "."
        ;;
*)      echo "Usage: /etc/init.d/nsca start|stop|restart|reload|force-reload"
        exit 1
        ;;
esac
exit 0

Pour l’activer

sudo update-rc.d nsca defaults

1. NagiosEventLog uses NSCA to send passive alerts. Therefore, you need to have NSCA installed and running on your Nagios server. You also need to define Passive Services in Nagios for anything that you want to send an alert on.
2. Although the default filter set consists of one filter per event log, and each filter sends an alert to a different Nagios service, you do not have to do it this way. You can have several filters sending to the same service, or several filters on each eventlog or one filter over all eventlogs, or anything else you care to have.
3. Here is an example of how to define the services in the Nagios configuration files. Note that active checks are disabled, and the freshness check is used to ‘reset’ to OK after a set period of time.

define service{
        service_description             EventLog
        active_checks_enabled           0
        passive_checks_enabled          1
        flap_detection_enabled          0
        register                        0
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              1
        normal_check_interval           5
        retry_check_interval            1
        check_freshness                 1
        freshness_threshold             1800
        check_command                   check_dummy!0!No messages in last 30mins
        contact_groups                  YOUR_CONTACT_GROUP
        notification_interval           120
        notification_period             24x7
        notification_options            w,u,c,r
        stalking_options                w,c,u
        name                            EventLog
	register 			0
        }

define service{
        use                             EventLog
        service_description             Application EventLog
        host_name                       YOUR_HOSTNAME
        }

define service{
        use                             EventLog
        service_description             System EventLog
        host_name                       YOUR_HOSTNAME
        }

define service{
        use                             EventLog
        service_description             Security EventLog
        host_name                       YOUR_HOSTNAME
        }

4) You need to have the check_command ‘check_dummy’ defined: This should call a script which resets status to OK.

define command {
	command_name	check_dummy
	command_line	$USER1$/check_dummy $ARG1$ "$ARG2$"
}

The check_dummy plugin should already be shipped with the Nagios plugins.

Heartbeat Function

You can tell the agent to send a periodic heartbeat alert to the Nagios server, to confirm it is still running. Define the service in this way:

define service{
        service_description             EventLog Agent
        active_checks_enabled           0
        passive_checks_enabled          1
        flap_detection_enabled          0
        check_period                    24x7
        max_check_attempts              1
        normal_check_interval           15
        retry_check_interval            1
        check_command                   check_dummy!3!Check agent is running
        contact_groups                  YOUR_CONTACT_GROUP
        notification_interval           120
        notification_period             24x7
        notification_options            c,r
        }

If you change the default heartbeat option in the agent, you will need to give a different service_description.

Problems

If you are not getting alerts, check the following:

1) Make sure the hostname defined in Nagios EXACTLY matches the hostname defined in the agent, INCLUDING upper/lower case, and spaces.

2) Make sure the service description used in the agent EXACTLY matches the Nagios service description, including case, embedded spaces, etc.

3) Check the NSCA log (syslog?) to make sure that the messages are being received by NSCA.

4) Check the nagios.log file to make sure they are being processed by Nagios. Have you enabled the external command file in the nagios.cfg?

5) Check the nagios.log file. Are the NSCA messages being ignored because you have the wrong hostname or service description?

6) Send a test NSCA message from the agent. Did it work? Maybe there is a firewall or encryption setting problem.