Re: [Nagios-users] Critical Passive Alerts do not show up as unhandled
On 30.05.2012 16:45, Alex Griffin wrote: From the Nagios Core docs: Unhandled services problems are those that are not acknowledged, are not currently in scheduled downtime, and for which checks are currently enabled. If I read that right, I think it means that passive checks will never show up in the unhandled service problems. Yes, that is the case, but you can just tweak that away if you have to. Just edit side.php and replace all occurences of serviceprops=42 with serviceprops=10 as well as hostprops=42 with hostprops=10 Regards, Dennis Alex Griffin --- Tech Team agrif...@nagios.com On 05/29/2012 08:21 AM, Ed Greenberg wrote: I have some passive alerts that I fire with nsca. When they are critical, they show up as critical in the service problems, but not in Unhandled service problems. Since they are unhandled, how can I make them show up in Unhandled, until acknowledged or cleared? Thanks, Ed -- .. Riege Software International GmbH Phone: +49 2159 91480 Mollsfeld 10 Fax: +49 2159 914811 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com -- -- Commercial Register: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege VAT Reg No.: DE120585842 Gabriele Riege Johannes Riege TobiasRiege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios 3.4.0 double quote in command bug (fixed)
Hi, sorry to burst into this, is this about the changed behaviour with quoted text? I was able to fix it in my check definitions (removing not needed quotes, etc.) in most cases, also using any kind of special character, e.g. | or * fixes this, but I am still unable to pass check results to a remote Nagios instance by sending them via NSCA. I use perfdata processing for this and only check results with special characters (all checks that do actually have performance data fulfill this as they all contain the pipe character) are processed, others never even show up in my definied service_perfdata_file! Switched backed to Nagios 3.2.3 and everything works like a charm. Are both problems connected and fixed in an upcoming 3.4 release? Regards, Dennis On 14.05.12 11:31, Randal, Phil wrote: Hi Andreas, Yours is probably the safest approach. Cheers, Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk -Original Message- From: Andreas Ericsson [mailto:a...@op5.se] Sent: 14 May 2012 00:17 To: Nagios Users List Cc: Randal, Phil Subject: Re: [Nagios-users] Nagios 3.4.0 double quote in command bug (fixed) On 05/13/2012 10:44 PM, Randal, Phil wrote: I've uploaded a patch to http://tracker.nagios.org/view.php?id=332 Which fixes the double quote issue and my original compile problem. Thanks. The double-quote issue has been resolved by reverting the faulty patch though. I'll see if I get time to take a look at the compile problem tomorrow. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. “Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios 3.4.0 double quote in command bug (fixed)
Hi Phil, On 15.05.12 15:24, Randal, Phil wrote: Hi Dennis, Can you check out Nagios 3.4.1 and see if this fixes the problem? sorry for not checking prior to posting. Anyway, I built the new version, btw., why can't you just build the RPM from the tar? This is what I had to do on RHEL5: # tar xzf nagios-3.4.1.tar.gz # mv nagios nagios-3.4.1 # cd nagios-3.4.1 # vim nagios.spec change datarootdir to datadir in configure statement # cd .. # tar czf nagios-3.4.1.tar.gz nagios-3.4.1/ # rpmbuild -tb nagios-3.4.1.tar.gz Tada, build works. Back to the problem. Installed the update, doesn't help. On my sample host with 31 checks only 18 get submitted via Perfdata. Back to nagios-3.2.3 again and all 31 checks are processed. Please tell me if you need any more details, performance data template configuration or something like that. Cheers, Phil Regards, Dennis -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] SELinux and RHEL6.2 preventing disk checks via NRPE
Hello Trond, On 09.12.2011 14:13, Trond Hasle Amundsen wrote: RHEL6 has the following labels for use with Nagios plugins: # grep nagios /etc/selinux/targeted/contexts/files/file_contexts | grep plugin_exec | cut -d: -f3 | sort -u nagios_admin_plugin_exec_t nagios_checkdisk_plugin_exec_t nagios_mail_plugin_exec_t nagios_services_plugin_exec_t nagios_system_plugin_exec_t nagios_unconfined_plugin_exec_t Try setting the confined types first, e.g.: chcon -t nagios_checkdisk_plugin_exec_t /path/to/check_fs_boot If none of them works properly, you have nagios_unconfined_plugin_exec_t as a last resort. the last resort in fact worked! Thanks! When you find one that works, make it permanent with: semanage fcontext -a -t type '/path/to/check_fs_boot' Geez, there are a lot more contexts set than I thought. I should probably remove duplicate entries, right? You may also have to set proper labels on the path leading up to the actual plugin. Regards, Thanks again, -- .. Riege Software International GmbH Phone: +49 2159 91480 Mollsfeld 10 Fax: +49 2159 914811 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com -- -- Commercial Register: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege VAT Reg No.: DE120585842 Gabriele Riege Johannes Riege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU -- Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] SELinux and RHEL6.2 preventing disk checks via NRPE
Hello, after upgrading to RHEL6.2 I have problems checking some filesystems. Always the same three FS on all hosts, others work fine. /boot /home /var/log/audit $ ./check_nrpe -H backup -c check_fs_boot DISK CRITICAL - /boot is not accessible: Permission denied Now I disable SELinux and it works! $ ./check_nrpe -H backup -c check_fs_boot DISK OK - free space: /boot 36 MB (39% inode=99%);| /boot=55MB;96;;0;96 Although not a single line is logged on the monitored host, neither in messages nor in audit.log I already had a local policy created for the nrpe daemon when RHEL6 was introduced, as somehow many checks failed, although the user nrpe was running in was allowed to perform all checks, the nrpe daemon itself couldn't. I'll attach the policy, although at one point I gave up and just set the entire process to permissive mode. (note that I tried to extend rights on boot filesystem in this policy already, although it would seem to be unnecessary) Anybody experiencing something alike or any suggestions about how to handle nrpe and RHEL6(.2) in a better way than I am? Regards, Dennis -- .. Riege Software International GmbH Phone: +49 2159 91480 Mollsfeld 10 Fax: +49 2159 914811 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com -- -- Commercial Register: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege VAT Reg No.: DE120585842 Gabriele Riege Johannes Riege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU module nrpesudo 1.02; require { type boot_t; type home_root_t; type http_port_t; type initrc_t; type kernel_t; type locate_var_lib_t; type nrpe_t; type pam_var_run_t; type proc_net_t; type rpm_exec_t; type rpm_var_cache_t; type rpm_var_lib_t; type sudo_exec_t; type sysctl_fs_t; type sysctl_net_t; type sysstat_log_t; type tmp_t; type usr_t; type var_lib_t; type var_spool_t; class capability { audit_write sys_nice }; class file { append create execute execute_no_trans getattr ioctl lock open read rename setattr unlink write }; class dir { add_name getattr open read remove_name search write }; class lnk_file read; class netlink_audit_socket { create nlmsg_relay read write }; class sem { create destroy read write unix_write } ; class sock_file write; class system module_request; class tcp_socket name_connect; class unix_stream_socket connectto; } #= nrpe_t == #evil line permissive nrpe_t; allow nrpe_t boot_t:dir { add_name read remove_name write }; allow nrpe_t boot_t:file { append create getattr open read unlink write }; allow nrpe_t home_root_t:dir { add_name read remove_name write }; allow nrpe_t http_port_t:tcp_socket name_connect; allow nrpe_t initrc_t:unix_stream_socket connectto; allow nrpe_t kernel_t:system module_request; allow nrpe_t locate_var_lib_t:dir search; allow nrpe_t locate_var_lib_t:file { getattr open read }; allow nrpe_t pam_var_run_t:dir { getattr search }; allow nrpe_t rpm_exec_t:file { execute execute_no_trans getattr ioctl open read }; allow nrpe_t rpm_var_cache_t:dir { add_name getattr read remove_name search open write }; allow nrpe_t rpm_var_cache_t:file { create open rename setattr unlink }; allow nrpe_t rpm_var_lib_t:dir { getattr open write search }; allow nrpe_t rpm_var_lib_t:file open; allow nrpe_t tmp_t:dir { add_name read remove_name write }; allow nrpe_t tmp_t:file { append create getattr open read unlink write }; allow nrpe_t proc_net_t:dir { getattr open read search }; allow nrpe_t proc_net_t:file { getattr ioctl open read }; allow nrpe_t self:capability { audit_write sys_nice }; allow nrpe_t self:netlink_audit_socket { create nlmsg_relay read write }; allow nrpe_t sudo_exec_t:file { execute execute_no_trans getattr open read }; allow nrpe_t sysctl_fs_t:dir search; allow nrpe_t sysctl_fs_t:file read; allow nrpe_t sysctl_net_t:dir search; allow nrpe_t sysstat_log_t:file read; allow nrpe_t sysstat_log_t:lnk_file read; allow nrpe_t usr_t:file { getattr ioctl open read }; allow nrpe_t usr_t:lnk_file read; allow nrpe_t var_lib_t:file { getattr lock read write open }; allow nrpe_t var_lib_t:sock_file write; allow nrpe_t var_spool_t:dir search; allow nrpe_t self:sem { create destroy read write unix_write } ; -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing
Re: [Nagios-users] A question on using send_nsca
Hijacking this question a little, but maybe it will help other as well: On 22.03.2011 18:22, Jarlath Lyons wrote: [root@jlyonslx test_harness]# /usr/bin/printf HOST\tSERVICE\tCRITICAL\tMy Message \n | /usr/local/nagios/addons/nsca/send_nsca -H localhost -p 5667 -c ./nsca_send.cfg 1 data packet(s) sent to host successfull So far so good. But what abound sending Performance Data AND extended service output via NSCA and parsing that correctly? As a matter of fact I try to do that in a remote monitoring setup with a second nagios instance, so it's not totally the same. Just so you get an idea, here's what's in my nagios.cfg on the remote machine, which is send via nsca service_perfdata_file_template=$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATEID$\t$SERVICEOUTPUT$|$SERVICEPERFDATA$ What I tried was this: service_perfdata_file_template=$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATEID$\t$SERVICEOUTPUT$|$SERVICEPERFDATA$\n$LONGSERVICEOUTPUT$ Didn't work. Any clues? Thanks, Dennis -- .. Riege Software International GmbH Fon: +49 (2159) 9148 0 Mollsfeld 10 Fax: +49 (2159) 9148 11 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com ------ Handelsregister: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege USt-ID-Nr.: DE120585842Gabriele Riege Johannes Riege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU attachment: kuhlmeier.vcf-- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Using NRPE with sudo on RHEL6
Hello, one new thing about RHEL6 is a somewhat more strict sudo approach combined with SELinux. I have nrpe running as user nagios, using sudo logged on as user nagios is not an issue, works fine. But nrpe running as a daemon cannot sudo to root, which I need for several check scripts. No problem in permissive mode. sealert output: ---snip--- $ sealert -l 666fd015-e7a0-4e28-9d5f-ba95689bb549 Summary: SELinux is preventing /bin/bash getattr access on /usr/bin/sudo. Detailed Description: SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Contextunconfined_u:system_r:nrpe_t:s0 Target Contextsystem_u:object_r:sudo_exec_t:s0 Target Objects/usr/bin/sudo [ file ] Sourcesh Source Path /bin/bash Port Unknown Host hostname.domain.de Source RPM Packages bash-4.1.2-3.el6 Target RPM Packages sudo-1.7.2p2-9.el6 Policy RPMselinux-policy-3.7.19-54.el6_0.3 Selinux Enabled True Policy Type targeted Enforcing ModeEnforcing Plugin Name catchall Host Name hostname.domain.de Platform Linux hostname.domain.de 2.6.32-71.18.2.el6.x86_64 #1 SMP Wed Mar 2 14:17:40 EST 2011 x86_64 x86_64 Alert Count 150 First SeenFri Mar 18 18:17:03 2011 Last Seen Wed Mar 23 14:17:00 2011 Local ID 666fd015-e7a0-4e28-9d5f-ba95689bb549 Line Numbers Raw Audit Messages node=hostname.domain.de type=AVC msg=audit(1300886220.376:22605): avc: denied { getattr } for pid=18437 comm=sh path=/usr/bin/sudo dev=dm-1 ino=191489 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:sudo_exec_t:s0 tclass=file node=hostname.domain.de type=SYSCALL msg=audit(1300886220.376:22605): arch=c03e syscall=4 success=no exit=-13 a0=14daeb0 a1=7fffb93d9c40 a2=7fffb93d9c40 a3=e items=0 ppid=18436 pid=18437 auid=500 uid=495 gid=493 euid=495 suid=495 fsuid=495 egid=493 sgid=493 fsgid=493 tty=(none) ses=26 comm=sh exe=/bin/bash subj=unconfined_u:system_r:nrpe_t:s0 key=(null) ---snip--- I have managed to build a local SELinux policy for this issue, but then another issue comes up. Before I keep building local policies and having to install them on all RHEL6 hosts, is there a simpler, known approach to this? Have been struggling with info found here: http://www.0x61.com/forum/selinux-security-f278/sudo-selinux-t1304141.html But I am still unsatisfied with the complexity of this issue which I can't be the only one to suffer from - and I haven't solved it yet. Disabling SELinux is not an option. Thanks for any insight on this, Dennis -- .. Riege Software International GmbH Fon: +49 (2159) 9148 0 Mollsfeld 10 Fax: +49 (2159) 9148 11 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com ------ Handelsregister: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege USt-ID-Nr.: DE120585842Gabriele Riege Johannes Riege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU attachment: kuhlmeier.vcf-- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] alias host configuration not interpreted since 3.2.2
Hi, just noticed that I couldn't change the alias value in an existing host definition. $HOSTALIAS$ just remained on the old value although the web interface showed the current setting. I built myself a little test setup and just returned $HOSTALIAS$ as a check-result and could confirm that in Nagios Core 3.2.1 $HOSTALIAS$ changed without error when changing the alias definition, since version 3.2.2 change is impossible. Thanks for a fix in an upcoming version. Regards, Dennis -- .. Riege Software International GmbH Fon: +49 (2159) 9148 0 Mollsfeld 10 Fax: +49 (2159) 9148 11 40670 MeerbuschWeb: www.riege.com GermanyE-Mail: kuhlme...@riege.com ------ Handelsregister: Managing Directors: Amtsgericht Neuss HRB-NR 4207 Christian Riege USt-ID-Nr.: DE120585842Gabriele Riege Johannes Riege .. YOU CARE FOR FREIGHT, WE CARE FOR YOU attachment: kuhlmeier.vcf-- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null