check_hw_sensors not remove after Nagios deletion or a pkg_delete
Hello, Seems that check_hw_sensors is not removed after a Nagios deletion and a pkg_delete -a. I notice this only now after different months I use Nagios. pkg_info check_hw_sensors Information for inst:check_hw_sensors-1.42p3 Comment: Nagios plugin to monitor sysctl hw.sensors Description: Works like sensorsd(8) but reports to Nagios. Allows you to monitor the hardware sensors that OpenBSD supports. Things like fan speed, temperature and many more. Hope this helps. --Daniele Bonini
Re: Nagios check_by_ssh
On 2022-01-11, Nick Holland wrote: > On 1/10/22 6:33 PM, F Bax wrote: >> nagios install creates user _nagios with login = /sbin/nologin >> I have some OpenBSD systems not configured to send email to external >> addresses; there is one system (host0) that is configured to send email >> outside. I wish to use nagios on host0 to monitor the other systems and >> send notifications to an offsite email address. I was thinking that some >> sort of restricted shell (only access to /usr/local/libexec/nagios/) would >> be appropriate. Anyone able to provide a clue how this can be accomplished? >> Is there a best practices document for using check_by_ssh in OpenBSD? >> Frank > > ok, I'm totally lost as to what e-mail has to do with your question. > > Been a while since I managed setting up new services on Nagios, but if you > are having your nagios server monitor other systems by SSH, you probably > want to have passwords disabled on the monitored node accounts, use keys > and IP address restrictions. Setting up a restricted shell or a chroot is > probably going to be very frustrating and in the end, not very productive. > > What you ask for is basically what the nagios nrpe modules are about -- > avoiding full logins. NRPE runs various tests and answers queries about > the results. Strongly recommend not using NRPE. If it's something that can be monitored via SNMP (e.g. cpu, memory, process counts, disk space, network interfaces) then that's often not a bad way to do it, there are scripts that work with nagios/icinga that will do this nicely in the "manubulon-snmp" package. Then you can just run snmpd(8) on the monitored node. Icinga has quite nice distributed monitoring where it has its own methods to distribute check jobs to agents, which might be appropriate for setups that aren't wedded to nagios. For check_by_ssh probably the best way to go is to generate separate keys for different checks and use ForceCommand so each key can only run the relevant check.
Re: Nagios check_by_ssh
On 1/10/22 6:33 PM, F Bax wrote: nagios install creates user _nagios with login = /sbin/nologin I have some OpenBSD systems not configured to send email to external addresses; there is one system (host0) that is configured to send email outside. I wish to use nagios on host0 to monitor the other systems and send notifications to an offsite email address. I was thinking that some sort of restricted shell (only access to /usr/local/libexec/nagios/) would be appropriate. Anyone able to provide a clue how this can be accomplished? Is there a best practices document for using check_by_ssh in OpenBSD? Frank ok, I'm totally lost as to what e-mail has to do with your question. Been a while since I managed setting up new services on Nagios, but if you are having your nagios server monitor other systems by SSH, you probably want to have passwords disabled on the monitored node accounts, use keys and IP address restrictions. Setting up a restricted shell or a chroot is probably going to be very frustrating and in the end, not very productive. What you ask for is basically what the nagios nrpe modules are about -- avoiding full logins. NRPE runs various tests and answers queries about the results. The monitoring service account on the monitored nodes should be unpriv'd, no doas access. If you need to monitor something only root can tell you, have a process run periodically as root on the monitored machine and drop a status report in some place the monitor service account can read it, then digest it on the nagios server. I look at monitoring systems as "read only" apps. Some people disagree with me...but I consider those people wrong. :) Nick.
Nagios check_by_ssh
nagios install creates user _nagios with login = /sbin/nologin I have some OpenBSD systems not configured to send email to external addresses; there is one system (host0) that is configured to send email outside. I wish to use nagios on host0 to monitor the other systems and send notifications to an offsite email address. I was thinking that some sort of restricted shell (only access to /usr/local/libexec/nagios/) would be appropriate. Anyone able to provide a clue how this can be accomplished? Is there a best practices document for using check_by_ssh in OpenBSD? Frank
Anyone got Nagios 4.3.1 web working?
Hello everyone, I try to get nagios 4.3.1 web page working with no luck so far. It opens first page (main.php) but when I try to get to Hosts, Services etc. I get 500 Internal Server Error. On home page there is warning "Unable to get process status" but nagios seems to be working, I see checks going on, I am getting alerts by e-mail and sms. It is on 6.3 amd64, httpd, nagios installed from packages. Configs below. Is there something I am missing? Thanks for your help, Ivo /etc/httpd.conf domain = "nagios.mydomain.net" ext_ip = "XX.XX.XX.XX" server $domain { listen on $ext_ip port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI; } server $domain { listen on $ext_ip tls port 443 tls { key "/etc/ssl/private/nagios.key" certificate "/etc/ssl/nagios.crt" } authenticate "/nagios" with "/nagios/nagios.passwd" authenticate "/cgi-bin" with "/nagios/nagios.passwd" root "/nagios" directory { index "index.php" } location "/cgi-bin/nagios/*.cgi" { root { "/nagios" } fastcgi socket "/run/slowcgi.sock" } location "*.php" { root { "/nagios" } fastcgi socket "/run/php-fpm.sock" } } types { include "/usr/share/misc/mime.types" } ~ # pkg_info bzip2-1.0.6p8 block-sorting file compressor, unencumbered femail-1.0p1simple SMTP client femail-chroot-1.0p2 simple SMTP client for chrooted web servers gdiff-3.6 GNU versions of the diff utilities gettext-0.19.8.1p1 GNU gettext runtime libraries and programs glib2-2.54.3p1 general-purpose utility library intel-firmware-20180312v0 firmware binary images for intel(4) driver jpeg-1.5.3v0SIMD-accelerated JPEG codec replacement of libjpeg libelf-0.8.13p4 read, modify, create ELF files on any arch libffi-3.2.1p4 Foreign Function Interface libiconv-1.14p3 character set conversion library libltdl-2.4.2p1 GNU libtool system independent dlopen wrapper libsigsegv-2.12 library for handling page faults in user mode libslang-2.2.4p2stack-based interpreter for terminal applications libssh2-1.8.0 library implementing the SSH2 protocol libxml-2.9.8XML parsing library mc-4.8.20 free Norton Commander clone with many useful features monitoring-plugins-2.2p4 monitoring plugins (for Nagios, Icinga, etc) mtr-0.92p1 Matt's traceroute - network diagnostic tool nagios-4.3.1p0-chroot host and service monitor nagios-plugins-resmon-20090802p1 nagios plugin for resmon nagios-web-4.3.1-chroot cgis and webpages for nagios oniguruma-5.9.6 regular expressions library pcre-8.41 perl-compatible regular expression library php-5.6.34 server-side HTML-embedded scripting language php-gd-5.6.34 image manipulation extensions for php png-1.6.34 library for manipulating PNG images python-2.7.14p1 interpreted object-oriented programming language quirks-2.414exceptions to pkg_add rules sqlite3-3.22.0p0embedded SQL implementation t1lib-5.1.2p0 Type 1 rasterizer library for UNIX/X11 unzip-6.0p11extract, list & test files in a ZIP archive xz-5.2.3p0 LZMA compression and decompression tools zip-3.0p0 create/update ZIP files compatible with PKZip(tm) ~ # dmesg OpenBSD 6.3 (GENERIC) #4: Sun Jun 17 11:09:51 CEST 2018 r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 4278124544 (4079MB) avail mem = 4141481984 (3949MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (556 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 09/21/2015 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz, 2833.29 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1,x2APIC,DEADLINE,XSAVE,HV,NXE,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN cpu0: 6MB 64b/line 16-way L2 cache acpitimer0: recalibrated TSC frequency 2833433365 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 65MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acp
Re: [Solved] Re: Nagios/OpenBSD 5.8: success anyone?
Olivier Debré free.fr> writes: [...] > I still have some minor 404 difficulties with icons and stylesheets, but > managed to correct them with some dirty directory duplication. With the help of jiri and others, I finally have a working config, compatible with nagios-4.0.8p1-chroot and nagios-web-4.0.8p1-chroot packages installed as-is, and a minor modification to /var/www/nagios/main.php. httpd.conf excerpt: lan_if= "em0" loop_if = "lo0" chroot "/var/www" default type application/octet-stream. server "nagios.siderlog-ra.fr" { listen on $lan_if port 80 listen on $loop_if port 80 root "/" directory index index.php location "/cgi-bin/nagios/*.cgi" { root { "/" } fastcgi socket "/run/slowcgi.sock" } # Fin du : location "/cgi-bin/nagios/*.cgi" { location "*.php" { root { "/nagios" } fastcgi socket "/run/php-fpm.sock" } # Fin du : location "*.php" { } diff /var/www/nagios/main.php.2016_03_01-11_00_12 /var/www/nagios/main.php 98c98 < $.get('cgi-bin/statusjson.cgi?query=programstatus', function(d) { --- > $.get('cgi-bin/nagios/statusjson.cgi?query=programstatus', function(d) { Thanks a lot everyone. Olivier Debré
[Solved] Re: Nagios/OpenBSD 5.8: success anyone?
Jiri B devio.us> writes: [...] > >location "/cgi-bin/nagios/*.cgi" { > > root "/cgi-bin/nagios/*.cgi" > ^^ seems wrong > > man httpd.conf says it should be path, so i assume wildcard > is wrong. Hello and thanks a lot, Jiri. Actually, right after posting my message, I corrected this mistake, which was transient (temporary copy/paste error). Anyway, you sent me another message, pointing at my misunderstanding of the path interpretations for the 'root' directive by slowcgi/httpd. You've got the right answer! Here are the two versions which work : Version 1 : location "/cgi-bin/nagios/*.cgi" { root "/" fastcgi socket "/run/slowcgi.sock" } Version 2 : location "/cgi-bin/nagios/*.cgi" { root { "/cgi-bin/nagios", strip 2 } fastcgi socket "/run/slowcgi.sock" } I still have some minor 404 difficulties with icons and stylesheets, but managed to correct them with some dirty directory duplication. Once again, thanks a lot for your help, Jiri. Olivier Debré
Re: Nagios/OpenBSD 5.8: success anyone?
On Thu, Feb 25, 2016 at 04:24:31PM +, Olivier Debr wrote: > Symptoms: > trying to access any cgi yields error 500 and lines as follows in > /var/log/messages > slowcgi[32405]: execve /cgi-bin/nagios/: Is a directory > > [...] > I have never used slowcgi but check below: > lan_ip="em0" > server "nagios.siderlog-ra.fr" { > listen on $lan_ip port 80 >root "/nagios" >directory index index.php >location "*.php" { > root "/nagios" > fastcgi socket "/run/php-fpm.sock" >} >location "/cgi-bin/nagios/*.cgi" { > root "/cgi-bin/nagios/*.cgi" ^^ seems wrong man httpd.conf says it should be path, so i assume wildcard is wrong. > fastcgi socket "/run/slowcgi.sock" >} > } j.
Nagios/OpenBSD 5.8: success anyone?
Hello. I've been using Nagios/OpenBSD/Apache for years, but can't make it work now on 5.8/httpd. I think this must be related with my (very) poor understanding of httpd/slowcgi/fastcgi. Symptoms: trying to access any cgi yields error 500 and lines as follows in /var/log/messages slowcgi[32405]: execve /cgi-bin/nagios/: Is a directory Setup: - OpenBSD 5.8 - packages: nagios-4.0.8p1-chroot, nagios-web-4.0.8p1-chroot, php-fpm-5.6.11p0 - /var/www/cgi-bin/nagios/ and all files inside : owner and group www, mod 555 - slowcgi daemon run without any option - excerpt from /etc/httpd.conf : lan_ip="em0" server "nagios.siderlog-ra.fr" { listen on $lan_ip port 80 root "/nagios" directory index index.php location "*.php" { root "/nagios" fastcgi socket "/run/php-fpm.sock" } location "/cgi-bin/nagios/*.cgi" { root "/cgi-bin/nagios/*.cgi" fastcgi socket "/run/slowcgi.sock" } } Any idea to what I did wrong? Thanks. Olivier Debré
5.7 & Nagios
What is the intended upgrade path for i386 versions of monitoring software? No Nagios in packages, .. icinga is reported amd only, .. Nagios in ports is amd only, .. and nagioscore will not build: # make all cd ./base && make make -C ../lib Using $< in a non-suffix rule context is a GNUmake idiom (Makefile:157) *** Error 2 in /usr/src/nagioscore (Makefile:71 'all') Inquiring minds want with Nagios installations want to know! Lee
Re: Slightly OT, .. 5.5 Nagios
On 2015/09/28 19:34, L. V. Lammert wrote: > On Tue, 29 Sep 2015, Stuart Henderson wrote: > > > Also note: if this is on a 32-bit machine (e.g. i386), the time_t > > change breaks things with nagios and icinga. Fixed for icinga in > > the OpenBSD 5.7 package (patches in 200+ places for this) but nagios > > is comparatively unloved. ;) > > > Interesting, .. so, the nagios package is broken? Removing and > reinstalling after upgrading to 5.5 DNW on i386? > > In this case, the nagios 4.0.1 chroot does run, but it does exhibit some > weird symptoms: > > * It will not start daemonized - it can only be started in the foreground >and detached; > > Thanks! > Lee Yes. I'm not sure which exact symptoms you'll run into, but anything that displays or logs times is fairly likely to crash. The simplest path to getting things working again properly on i386 is probably to upgrade to 5.7 and switch to icinga, it uses the same config format and the pkg-readme file has advice on migrating.
Re: X security claims in FAQ considering Xorg setuid root binary (was: Slightly OT, .. 5.5 Nagios)
Op 28-09-15 om 23:29 schreef Philip Guenther: On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammertwrote: ... X has never been installed on this box, .. why now? http://www.openbsd.org/faq/faq4.html#FilesNeededX From the FAQ: "By itself, installing X on a system does not change the risk of external security issues." I might be misinterpreting "external" here, but considering some files from the X sets[1], wouldn't the following be more accurate: "Installing X adds one setuid root binary and some setgid non-root binaries on a system, but apart from that does not change the risk of external security issues."? [1] from xbase57.tgz and xserv57.tgz: -rwsr-xr-x 1 root wheel 2651992 Aug 12 15:28 /usr/X11R6/bin/Xorg -rwxr-sr-x 1 root auth 2970888 Mar 7 2015 /usr/X11R6/bin/xlock -rwxr-sr-x 1 root utmp594648 Aug 12 15:24 /usr/X11R6/bin/xterm
Re: X security claims in FAQ considering Xorg setuid root binary (was: Slightly OT, .. 5.5 Nagios)
Tim Kuijsten wrote: > Op 28-09-15 om 23:29 schreef Philip Guenther: > > On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammertwrote: > > ... > >> X has never been installed on this box, .. why now? > > > > http://www.openbsd.org/faq/faq4.html#FilesNeededX > > > > From the FAQ: > "By itself, installing X on a system does not change the risk of > external security issues." > > I might be misinterpreting "external" here, but considering some files > from the X sets[1], wouldn't the following be more accurate: "Installing > X adds one setuid root binary and some setgid non-root binaries on a > system, but apart from that does not change the risk of external > security issues."? those are local security issues.
Re: X security claims in FAQ considering Xorg setuid root binary (was: Slightly OT, .. 5.5 Nagios)
> Op 28-09-15 om 23:29 schreef Philip Guenther: > > On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammertwrote: > > ... > >> X has never been installed on this box, .. why now? > > > > http://www.openbsd.org/faq/faq4.html#FilesNeededX > > > > From the FAQ: > "By itself, installing X on a system does not change the risk of > external security issues." > > I might be misinterpreting "external" here, but considering some files > from the X sets[1], wouldn't the following be more accurate: "Installing > X adds one setuid root binary and some setgid non-root binaries on a > system, but apart from that does not change the risk of external > security issues."? > > [1] from xbase57.tgz and xserv57.tgz: > -rwsr-xr-x 1 root wheel 2651992 Aug 12 15:28 /usr/X11R6/bin/Xorg > -rwxr-sr-x 1 root auth 2970888 Mar 7 2015 /usr/X11R6/bin/xlock > -rwxr-sr-x 1 root utmp594648 Aug 12 15:24 /usr/X11R6/bin/xterm External means connetions from the outside. Since nothing from the X set will be be running, there is no risk. As to your list, the setuid binary is privsep, and the other two are privdrop. They were refactored in OpenBSD specifically to reduce risk. I think your text is a bit short. Maybe you could write up 10-20 paragraphs. Then the document will become even more unwieldly, and noone will read it. /sarc In all seriousness, I think the statement made in the FAQ is short, true, and satisfactory for 99.9% of usage cases. Extending this with concepts people must judge using outdated mindsets, will push more towards avoiding X set installs, and then lead to far greater problems with use of packages. This needs to be balanced. We don't need to make narrow claims that other systems avoid. So in summary, leave the text alone. It is doing the best it can do. The world is not perfect. We could make it more perfect by removing X support from 500 packages /sarc
Slightly OT, .. 5.5 Nagios
Trying to upgrade our 5.4 Nagios system to 5.5, .. everything went fine with the system, but it appears that there are some new dependencies for the web UI: # pkg_add nagios-web-4.0.1-chroot Can't install php-gd-5.4.24 because of libraries |library X11.16.0 not found | not found anywhere |library Xpm.9.0 not found | not found anywhere |library freetype.22.0 not found | not found anywhere X has never been installed on this box, .. why now? Lee
Re: Slightly OT, .. 5.5 Nagios
On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammert <l...@omnitec.net> wrote: > Trying to upgrade our 5.4 Nagios system to 5.5, .. everything went fine > with the system, but it appears that there are some new dependencies for > the web UI: ... > X has never been installed on this box, .. why now? http://www.openbsd.org/faq/faq4.html#FilesNeededX
Re: Slightly OT, .. 5.5 Nagios
On Mon, 28 Sep 2015, Philip Guenther wrote: > On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammert <l...@omnitec.net> wrote: > > Trying to upgrade our 5.4 Nagios system to 5.5, .. everything went fine > > with the system, but it appears that there are some new dependencies for > > the web UI: > ... > > X has never been installed on this box, .. why now? > > http://www.openbsd.org/faq/faq4.html#FilesNeededX > Of course, .. the question was about Nagios [hence the slightly OT]. Lee
Re: Slightly OT, .. 5.5 Nagios
On 2015-09-28, Philip Guenther <guent...@gmail.com> wrote: > On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammert <l...@omnitec.net> wrote: >> Trying to upgrade our 5.4 Nagios system to 5.5, .. everything went fine >> with the system, but it appears that there are some new dependencies for >> the web UI: > ... >> X has never been installed on this box, .. why now? > > http://www.openbsd.org/faq/faq4.html#FilesNeededX > > Also note: if this is on a 32-bit machine (e.g. i386), the time_t change breaks things with nagios and icinga. Fixed for icinga in the OpenBSD 5.7 package (patches in 200+ places for this) but nagios is comparatively unloved. ;) If you're running amd64 then this issue won't affect you.
Re: Slightly OT, .. 5.5 Nagios
On Tue, 29 Sep 2015, Stuart Henderson wrote: > Also note: if this is on a 32-bit machine (e.g. i386), the time_t > change breaks things with nagios and icinga. Fixed for icinga in > the OpenBSD 5.7 package (patches in 200+ places for this) but nagios > is comparatively unloved. ;) > Interesting, .. so, the nagios package is broken? Removing and reinstalling after upgrading to 5.5 DNW on i386? In this case, the nagios 4.0.1 chroot does run, but it does exhibit some weird symptoms: * It will not start daemonized - it can only be started in the foreground and detached; Thanks! Lee
Re: Nagios package incomplete? Anybody got it working? OBSD 4.5
Quoting Andres Salazar ndrsslz...@gmail.com: Hello, Iam using OBSD 4.5, and i tried to install Nagios nagios-3.0.6p1 (also tried nagios-3.0.6p1-chroot) from packages.. and Ive noticed that after the install the WebGUI files are missing and there is no instruction whatsoever if one should need to get these from somewhere else..? (the faq on nagios.org also takes for granted that the install includes the files). Seeing this failed, I also tried compiling from ports with no luck... the /var/www/nagios is created and left empty. What could it be that iam missing? nagios-web-3.0.6.tgz Al -- Dr Alastair F. Brown, Head of Computing MRC Human Genetics Unit, Edinburgh EH4 2XU, UK Mailto:alastair.br...@hgu.mrc.ac.uk http://www.hgu.mrc.ac.uk/Users/Alastair.Brown/ Fax: +44 (0)131 467 8456Phone: +44 (0)131 332 2471
Nagios package incomplete? Anybody got it working? OBSD 4.5
Hello, Iam using OBSD 4.5, and i tried to install Nagios nagios-3.0.6p1 (also tried nagios-3.0.6p1-chroot) from packages.. and Ive noticed that after the install the WebGUI files are missing and there is no instruction whatsoever if one should need to get these from somewhere else..? (the faq on nagios.org also takes for granted that the install includes the files). Seeing this failed, I also tried compiling from ports with no luck... the /var/www/nagios is created and left empty. What could it be that iam missing? Thanks Andres
Re: Nagios package incomplete? Anybody got it working? OBSD 4.5
On 2009-07-21, Andres Salazar ndrsslz...@gmail.com wrote: Hello, Iam using OBSD 4.5, and i tried to install Nagios nagios-3.0.6p1 (also tried nagios-3.0.6p1-chroot) from packages.. and Ive noticed that after the install the WebGUI files are missing and there is no instruction whatsoever if one should need to get these from somewhere else..? (the faq on nagios.org also takes for granted that the install includes the files). Seeing this failed, I also tried compiling from ports with no luck... the /var/www/nagios is created and left empty. What could it be that iam missing? the nagios-web package.
Re: Compiling Nagios NRPE on OpenBSD 4.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Abel. On Apr 15, 2009 at 06:20:03 -0300, Abel Camarillo wrote: Although I saw that OpenBSD 4.4 has NRPE 2.7, wanted to install something newer and I'm trying to compile NRPE 2.12 downloading of Nagios site. But after executing 'configure', the process finishes with the following error message: checking for SSL headers... SSL headers found in /usr checking for SSL libraries... configure: error: Cannot find ssl libraries It seems that openssl is already installed. Would have to indicate some specific path with configure? Have you tried reading how the nagios port actually works? /usr/ports/net/nagios/ I would really read that before trying to build it from source (particulary the patches dir) I was trying yesterday with patch-configure that I found here [1] and this time in the compilation didn't appear error messages, although I obtained some warnings, like for example the following: warning: strcpy() is almost always misused, please use strlcpy() warning: vsprintf() is often misused, please use vsnprintf() warning: sprintf() is often misused, please use snprintf() warning: strcat() is almost always misused, please use strlcat() Could this affect in something the generated binaries? Thanks for your reply. Regards, Daniel [1] http://www.openbsd.org/cgi-bin/cvsweb/ports/net/nagios/nrpe/patches/ iEYEARECAAYFAknm+zoACgkQZpa/GxTmHTdEJQCdG/+BNaUS2YeE3gOHmNBnYLDK bH0AniDyBqZyxuoHOvvAqWuZLjQ/E0jj =/0kK -END PGP SIGNATURE-
Re: Compiling Nagios NRPE on OpenBSD 4.4
On Thu, Apr 16, 2009 at 06:32:28AM -0300, Daniel Bareiro wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Abel. On Apr 15, 2009 at 06:20:03 -0300, Abel Camarillo wrote: Although I saw that OpenBSD 4.4 has NRPE 2.7, wanted to install something newer and I'm trying to compile NRPE 2.12 downloading of Nagios site. But after executing 'configure', the process finishes with the following error message: checking for SSL headers... SSL headers found in /usr checking for SSL libraries... configure: error: Cannot find ssl libraries It seems that openssl is already installed. Would have to indicate some specific path with configure? Have you tried reading how the nagios port actually works? /usr/ports/net/nagios/ I would really read that before trying to build it from source (particulary the patches dir) I was trying yesterday with patch-configure that I found here [1] and this time in the compilation didn't appear error messages, although I obtained some warnings, like for example the following: warning: strcpy() is almost always misused, please use strlcpy() warning: vsprintf() is often misused, please use vsnprintf() warning: sprintf() is often misused, please use snprintf() warning: strcat() is almost always misused, please use strlcat() Could this affect in something the generated binaries? Thanks for your reply. Regards, Daniel [1] http://www.openbsd.org/cgi-bin/cvsweb/ports/net/nagios/nrpe/patches/ iEYEARECAAYFAknm+zoACgkQZpa/GxTmHTdEJQCdG/+BNaUS2YeE3gOHmNBnYLDK bH0AniDyBqZyxuoHOvvAqWuZLjQ/E0jj =/0kK -END PGP SIGNATURE- I think that is `normal', you can try reading: http://www.openbsd.org/papers/strlcpy-paper.ps for a better understanding. PD: I really recommend to have a local copy of the ports CVS tree. -- DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/ This message will self-destruct in 3 seconds.
Compiling Nagios NRPE on OpenBSD 4.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! Although I saw that OpenBSD 4.4 has NRPE 2.7, wanted to install something newer and I'm trying to compile NRPE 2.12 downloading of Nagios site. But after executing 'configure', the process finishes with the following error message: checking for SSL headers... SSL headers found in /usr checking for SSL libraries... configure: error: Cannot find ssl libraries It seems that openssl is already installed. Would have to indicate some specific path with configure? Thanks in advance. Regards, Daniel iEYEARECAAYFAknlok8ACgkQZpa/GxTmHTcQPgCeIKT0mJbsgS2SxZLvcB6aq5te o14An1l7u4Rdwvd+k1rllt5NhhU8pJ+z =DmDt -END PGP SIGNATURE-
Re: Compiling Nagios NRPE on OpenBSD 4.4
On Wed, Apr 15, 2009 at 06:00:50AM -0300, Daniel Bareiro wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! Although I saw that OpenBSD 4.4 has NRPE 2.7, wanted to install something newer and I'm trying to compile NRPE 2.12 downloading of Nagios site. But after executing 'configure', the process finishes with the following error message: checking for SSL headers... SSL headers found in /usr checking for SSL libraries... configure: error: Cannot find ssl libraries It seems that openssl is already installed. Would have to indicate some specific path with configure? Thanks in advance. Regards, Daniel iEYEARECAAYFAknlok8ACgkQZpa/GxTmHTcQPgCeIKT0mJbsgS2SxZLvcB6aq5te o14An1l7u4Rdwvd+k1rllt5NhhU8pJ+z =DmDt -END PGP SIGNATURE- Have you tried reading how the nagios port actually works? /usr/ports/net/nagios/ I would really read that before trying to build it from source (particulary the patches dir) -- DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/ This message will self-destruct in 3 seconds.
problem installing nagios
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How i can solve this: bash-3.2# make install === net/nagios/cnagios === net/nagios/nagios === net/nagios/nagios,chroot === nagios-3.0.3-chroot depends on: nagios-plugins-* - found === Verifying specs: glib-2.0 ltdl.=4 intl.=4 iconv.=4 c m pthread === found glib-2.0.1600.1 ltdl.4.4 intl.4.0 iconv.5.0 c.48.0 m.3.0 pthread.11.0 === Installing nagios-3.0.3-chroot from /usr/ports/packages/i386/all/ Can't install nagios-3.0.3-chroot because of conflicts (nagios-3.0.3) /usr/sbin/pkg_add: nagios-3.0.3-chroot:Fatal error *** Error code 1 Stop in /usr/ports/net/nagios/nagios (line 1452 of /usr/ports/infrastructure/mk/bsd.port.mk). === Exiting net/nagios/nagios,chroot with an error *** Error code 1 Stop in /usr/ports/net/nagios (line 124 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmmhgIACgkQ35zeJy7JhChWqACbBC5RDgH8RMul8Xxa2N9r/Wo3 IRUAnRNmHi0Sn3sM5p7LH0fSSXqh6jpa =pBc+ -END PGP SIGNATURE-
Re: problem installing nagios
Hi, first remove nagios-3.0.3 and last install nagios-3.0.3-chroot. 2009/2/26 Zhu Sha Zang zhushaz...@yahoo.com.br -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How i can solve this: bash-3.2# make install === net/nagios/cnagios === net/nagios/nagios === net/nagios/nagios,chroot === nagios-3.0.3-chroot depends on: nagios-plugins-* - found === Verifying specs: glib-2.0 ltdl.=4 intl.=4 iconv.=4 c m pthread === found glib-2.0.1600.1 ltdl.4.4 intl.4.0 iconv.5.0 c.48.0 m.3.0 pthread.11.0 === Installing nagios-3.0.3-chroot from /usr/ports/packages/i386/all/ Can't install nagios-3.0.3-chroot because of conflicts (nagios-3.0.3) /usr/sbin/pkg_add: nagios-3.0.3-chroot:Fatal error *** Error code 1 Stop in /usr/ports/net/nagios/nagios (line 1452 of /usr/ports/infrastructure/mk/bsd.port.mk). === Exiting net/nagios/nagios,chroot with an error *** Error code 1 Stop in /usr/ports/net/nagios (line 124 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmmhgIACgkQ35zeJy7JhChWqACbBC5RDgH8RMul8Xxa2N9r/Wo3 IRUAnRNmHi0Sn3sM5p7LH0fSSXqh6jpa =pBc+ -END PGP SIGNATURE- -- Beto www.compumundohypermegared.org
Re: problem installing nagios
On Thu, 26 Feb 2009, Zhu Sha Zang wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How i can solve this: bash-3.2# make install === net/nagios/cnagios === net/nagios/nagios === net/nagios/nagios,chroot === nagios-3.0.3-chroot depends on: nagios-plugins-* - found === Verifying specs: glib-2.0 ltdl.=4 intl.=4 iconv.=4 c m pthread === found glib-2.0.1600.1 ltdl.4.4 intl.4.0 iconv.5.0 c.48.0 m.3.0 pthread.11.0 === Installing nagios-3.0.3-chroot from /usr/ports/packages/i386/all/ Can't install nagios-3.0.3-chroot because of conflicts (nagios-3.0.3) /usr/sbin/pkg_add: nagios-3.0.3-chroot:Fatal error *** Error code 1 Stop in /usr/ports/net/nagios/nagios (line 1452 of /usr/ports/infrastructure/mk/bsd.port.mk). === Exiting net/nagios/nagios,chroot with an error *** Error code 1 Stop in /usr/ports/net/nagios (line 124 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmmhgIACgkQ35zeJy7JhChWqACbBC5RDgH8RMul8Xxa2N9r/Wo3 IRUAnRNmHi0Sn3sM5p7LH0fSSXqh6jpa =pBc+ -END PGP SIGNATURE- make package pkg_add the package you want
Re: nagios check_via_ssh on (chroot) OpenBSD
On Fri, Sep 12, 2008 at 10:26:37PM +0200, Pete Vickers wrote: Does anyone have it running in nagios chroot environment ? I used to. perhaps like the ssh libraries are not needed, but where should the ssh keys be put ? Libraries not needed since it's /usr/local/sbin/nagios that executes the plugin, not httpd. [EMAIL PROTECTED] /grep nagios /etc/passwd _nagios:*:550:550:Nagios user:/var/www/nagios:/sbin/nologin in /var/www/nagios/.ssh/ ? Looks right. Did you try it? TiA, Pete Vickers [EMAIL PROTECTED] | +47 48 17 91 00 SystemNet AS
nagios check_via_ssh on (chroot) OpenBSD
Does anyone have it running in nagios chroot environment ? [EMAIL PROTECTED] / ldd /usr/local/libexec/nagios/check_by_ssh /usr/local/libexec/nagios/check_by_ssh: StartEnd Type Open Ref GrpRef Name exe 10 0 /usr/local/libexec/ nagios/check_by_ssh 052b6000 252ba000 rlib 01 0 /usr/local/lib/ libintl.so.4.0 0e276000 2e352000 rlib 01 0 /usr/local/lib/ libiconv.so.4.0 0e739000 2e76d000 rlib 01 0 /usr/lib/libc.so.43.0 0fc4 0fc4 rtld 01 0 /usr/libexec/ld.so perhaps like the ssh libraries are not needed, but where should the ssh keys be put ? [EMAIL PROTECTED] /grep nagios /etc/passwd _nagios:*:550:550:Nagios user:/var/www/nagios:/sbin/nologin in /var/www/nagios/.ssh/ ? TiA, Pete Vickers [EMAIL PROTECTED] | +47 48 17 91 00 SystemNet AS
nagios monitoring of a remote openntp service
Hi, Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? /Pete
Re: nagios monitoring of a remote openntp service
On Thursday, 08.05.2008 at 11:53 +0200, Pete Vickers wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? openntpd does not listen on port 123 by default: that's what Nagios would use to monitor, Check man ntpd.conf for the 'listen' option. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: nagios monitoring of a remote openntp service
Hi, That's not the problem ! - the hosting is correctly listening, and indeed other hosts are correctly syncing to it. It's only the nagios check_ntp_* that doesn't like it. $ ~ grep -i listen /etc/ntpd.conf # Addresses to listen on (ntpd does not listen by default) listen on * $ ~ ps -aux | grep ntp _ntp 18182 0.0 0.0 468 612 ?? S 19Nov065:57.94 ntpd: ntp engine (ntpd) root 10889 0.0 0.0 512 616 ?? Is19Nov060:00.24 ntpd: [priv] (ntpd) /Pete On 8 May 2008, at 12:59 PM, Dave Ewart wrote: On Thursday, 08.05.2008 at 11:53 +0200, Pete Vickers wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? openntpd does not listen on port 123 by default: that's what Nagios would use to monitor, Check man ntpd.conf for the 'listen' option. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: nagios monitoring of a remote openntp service
On 2008-05-08, Pete Vickers [EMAIL PROTECTED] wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? this is against an OpenNTP server; [EMAIL PROTECTED]:12$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s;60.00;120.00; so, it can work.
Re: nagios monitoring of a remote openntp service
that works fine: $ ~/usr/local/libexec/nagios/check_ntp_time -H ntp1 NTP OK: Offset 0.0008395434124 secs|offset=0.000840s; 60.00;120.00; but, I'm trying to verifty the NTP server's health, not that my monitoring host is sync'd to it. Notes: This plugin checks the clock offset between the local host and a remote NTP server. It is independent of any commandline programs or external libraries. If you'd rather want to monitor an NTP server, please use check_ntp_peer. but that doesn't work (for me) : $ ~/usr/local/libexec/nagios/check_ntp_peer -H ntp1 -t 3 CRITICAL - Socket timeout after 3 seconds /Pete On 8 May 2008, at 1:55 PM, Stuart Henderson wrote: On 2008-05-08, Pete Vickers [EMAIL PROTECTED] wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? this is against an OpenNTP server; [EMAIL PROTECTED]:12$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; 60.00;120.00; so, it can work.
Re: nagios monitoring of a remote openntp service
On Thursday, 08.05.2008 at 13:29 +0200, Pete Vickers wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? openntpd does not listen on port 123 by default: that's what Nagios would use to monitor, Check man ntpd.conf for the 'listen' option. That's not the problem ! - the hosting is correctly listening, and indeed other hosts are correctly syncing to it. It's only the nagios check_ntp_* that doesn't like it. On this network, Nagios runs on a Debian Etch machine and issuing: /usr/lib/nagios/plugins/check_ntp -H myhostname returns NTP OK: Offset -0.0001729539945 secs|offset=-0.0001729539945 What output do *you* get when you run check_ntp? Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: nagios monitoring of a remote openntp service
On 2008/05/08 14:33, Pete Vickers wrote: that works fine: $ ~/usr/local/libexec/nagios/check_ntp_time -H ntp1 NTP OK: Offset 0.0008395434124 secs|offset=0.000840s;60.00;120.00; but, I'm trying to verifty the NTP server's health, not that my monitoring host is sync'd to it. check_ntp_time should be fine for that. Notes: This plugin checks the clock offset between the local host and a remote NTP server. It is independent of any commandline programs or external libraries. If you'd rather want to monitor an NTP server, please use check_ntp_peer. I think that's just useful for ISC ntpd, it checks stratum.
Re: nagios monitoring of a remote openntp service
On Thu, 2008-05-08 at 14:33 +0200, Pete Vickers wrote: that works fine: $ ~/usr/local/libexec/nagios/check_ntp_time -H ntp1 NTP OK: Offset 0.0008395434124 secs|offset=0.000840s; 60.00;120.00; but, I'm trying to verifty the NTP server's health, not that my monitoring host is sync'd to it. Nagios checks almost never have sufficient debugging mechanisms, and UDP services dont send RST+ICMP. You an always: $ sudo ntpdate -qdv [host to check] ~BAS Notes: This plugin checks the clock offset between the local host and a remote NTP server. It is independent of any commandline programs or external libraries. If you'd rather want to monitor an NTP server, please use check_ntp_peer. but that doesn't work (for me) : $ ~/usr/local/libexec/nagios/check_ntp_peer -H ntp1 -t 3 CRITICAL - Socket timeout after 3 seconds /Pete On 8 May 2008, at 1:55 PM, Stuart Henderson wrote: On 2008-05-08, Pete Vickers [EMAIL PROTECTED] wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? this is against an OpenNTP server; [EMAIL PROTECTED]:12$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; 60.00;120.00; so, it can work. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.
Re: nagios monitoring of a remote openntp service
On Thu, May 8, 2008 at 8:52 AM, Brian A. Seklecki [EMAIL PROTECTED] wrote: Nagios checks almost never have sufficient debugging mechanisms, and UDP services dont send RST+ICMP. you should get an ICMP port unreachable if there is no UDP service listening. i haven't looked at nagios, but i wonder if it's not trying to use NTP mode 6 control messages to get more status information out of the daemon. openntpd doesn't support these queries... You an always: $ sudo ntpdate -qdv [host to check] or rdate -pnv host. quite some time ago i added a check to make rdate bail out if the server is unsync'd. ... if ((data.status STATUS_ALARM) == STATUS_ALARM) { warnx(Ignoring NTP server with alarm flag set); return (-1); } ... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: nagios monitoring of a remote openntp service
On 2008-05-08, Chris Kuethe [EMAIL PROTECTED] wrote: On Thu, May 8, 2008 at 8:52 AM, Brian A. Seklecki [EMAIL PROTECTED] wrote: Nagios checks almost never have sufficient debugging mechanisms, and UDP services dont send RST+ICMP. you should get an ICMP port unreachable if there is no UDP service listening. i haven't looked at nagios, but i wonder if it's not trying to use NTP mode 6 control messages to get more status information out of the daemon. openntpd doesn't support these queries... check_ntp_peer does exactly that. You an always: $ sudo ntpdate -qdv [host to check] or rdate -pnv host. quite some time ago i added a check to make rdate bail out if the server is unsync'd. ... if ((data.status STATUS_ALARM) == STATUS_ALARM) { warnx(Ignoring NTP server with alarm flag set); return (-1); } ... CK check_ntp_time says NTP CRITICAL: Offset unknown| if that happens, same as if the server isn't running. Not quite as much information as it could give, but if you're basically looking to be alerted when your server is broken, it's still helpful.
Re: [Nagiosplug-devel] nagios check_carp for OpenBSD carp(4)
Just to follow-up: I have written a plugin that uses the somewhat complete PHP Net-SNMP bindings (no getsnmptable() ?!) and the new PF-MIB::CARP Agent Extensions to Net-SNMP snmpd(8). I'll post it on NagiosExchange for review if/when I can deploy a production 4.1-stable system. ~BAS On Fri, 2006-12-15 at 19:15 -0500, Brian A. Seklecki wrote: Thoughts? Strategies? Ideas? --- IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Nagios plugin for checking OpenBGPd-Peers
* Falk Brockerhoff - smartTERRA GmbH [EMAIL PROTECTED] [2007-02-14 22:24]: has anybody wrote a nagios plugin to check the presence of some specified bgp-peers set up with openbgpd? not that I am aware of; but I have kind of prepared it :) the way to go is pbly: -restricted control socket (bgpd -r) -use bgpctl show summary terse (use restricted socket of course), this is made to be easily parsable -us a superserver like inetd to run the above on some weird port that your firewall so only you nagios host(s) can reach it rest is straightforward. could pbly also use nrpe on the router and have it run the above bgpctl command; I don't trust nagios + nrpe code too much tho (now, that was very nicely and diplomatic put, no?) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Nagios plugin for checking OpenBGPd-Peers
Hello, has anybody wrote a nagios plugin to check the presence of some specified bgp-peers set up with openbgpd? In the past I used check_bgp in combination with cisco routers, which checks the peer-state via snmp. Regards, Falk
Nagios plugin exit code not being read ?
This is a weird one and I'm not even sure if it's a nagios issue or something else.. I'm running an lpq shell script that I found through the nagios exchange and it's not working. I modified the script a little but it exits with the correct exit code as per nagios docs but nagios doesn't see it...it thinks it exits with 0 every time. Here's the trace of the script that exits with 1 as the code. What am I missing ? + LPR=lp + WARN=1 + ERROR=5 + lpq -P lp + wc -l + sed s/^ *// + sed s/ *$// + QUEUE=4 + QUEUE=2 + INFO=Queue(2) + [ 2 -ge 5 ] + [ 2 -ge 1 ] + echo WARNING - Queue(2) WARNING - Queue(2) + exit 1 The script looks like so: #! /bin/sh LPR=$1 WARN=1 ERROR=5 QUEUE=`lpq -P $LPR | wc -l | sed 's/^ *//' | sed 's/ *$//'` QUEUE=$(($QUEUE-2)) INFO=Queue($QUEUE) if [ $QUEUE -ge $ERROR ]; then echo CRITICAL - $INFO exit 2 fi if [ $QUEUE -ge $WARN ]; then echo WARNING - $INFO exit 1 fi echo OK - $INFO exit 0 I'm running these packages related to nagios: nagios-2.5-chroot host and service monitor nagios-plugins-1.4.3p2 nagios base plugins nagios-plugins-mysql-1.4.3 mysql plugin nagios-web-2.5-chroot cgis and webpages for nagios -- ~Allie D.
Nagios check_hw_sensors for the new two level sensors
I am doing better this time, I saw that the sensors output changed, and I am running -current on my laptop :-) However, that doesn't give me a lot of sensors to try, so if you are using Nagios and -current or just want to try it, grab version 1.22 of check_hw_sensors and let me know about anything that is broken. If you do have problems, if you could include the output from sysctl hw.sensors with any reports, I can see what I can do. The latest version is available here: http://openbsd.somedomain.net/nagios/check_hw_sensors.html and should still work on older versions of OpenBSD. A direct download link for 1.22 is here: http://openbsd.somedomain.net/nagios/check_hw_sensors-1.22.tar.gz l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: The hardware bus needs a new token.
Re: nagios check_carp for OpenBSD carp(4)
--- Quoting Christopher Snell on 2006/12/18 at 22:38 -0700: On 12/15/06, Brian A. Seklecki [EMAIL PROTECTED] wrote: Thoughts? Strategies? Ideas? --- Ask the machine directly? Ask an adjacent machine? Joel Knight just released an updated OpenBSD SNMP MIB that supports reading data from the sensors framework. Perhaps he could be persuaded to add support for CARP state detection? :) Actually reading this thread has already persuaded me. This is something that would be useful for me. Stay tuned. .joel
Re: nagios check_carp for OpenBSD carp(4)
On 12/15/06, Brian A. Seklecki [EMAIL PROTECTED] wrote: Thoughts? Strategies? Ideas? --- Ask the machine directly? Ask an adjacent machine? Joel Knight just released an updated OpenBSD SNMP MIB that supports reading data from the sensors framework. Perhaps he could be persuaded to add support for CARP state detection? :) Chris
Re: nagios check_carp for OpenBSD carp(4)
* Brian A. Seklecki [EMAIL PROTECTED] [2006-12-16 01:20]: - C utility to ask /dev/pf pf(4) definately the best option. except that there is no carp shitz to query via /dev/pf. c'mon, it's and INTERFACE, and doesn't have ANYTHING to do with pf whatsoever. Preempt: Unlike HSRP Groups where interfaces can preempt can apply to select group of interfaces, it is safe to assume that if preempt is enabled and one interface in a SLAVE state; all other are in that state. not true. first, it's per-group in 4.0 and up. all carp interfaces are in group carp by default, so that is used to emulate the old behaviour. but nothing stops you from doing # ifconfig carp3 -group carp # ifconfig carp4 -group carp # ifconfig carp3 group hsrp # ifconfig carp4 group hsrp and you have your hsrp group with two carp ifs. then, they don't really actually fail over as groups. they try to, tho. assume a setup with carp0, 1 and 2 on 2 boxes, one group, preempt enable. box1 is master. due to operator screwup, carp2 on box2 is not up (similarities to reality are pure coincidence, this is of course all fictional...), something raises carpdemote on box1, so box2 takes over. carp0 and 1 will be master on box2 now, carp2 still on box1 tho, because there is no other. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
OT: nagios thttpd
Has anyone setup Nagios using Thttpd as the web daemon on Openbsd? If so, anything I need watch out for? thanks roland
Re: nagios plugin: isakmpd
2006/8/15, Jacob Yocom-Piatt [EMAIL PROTECTED]: does anyone on list have a nagios plugin that will check the status of isakmpd on an openbsd machine? Hi, I used ike-scan (http://www.nta-monitor.com/tools/ike-scan/) to check if a vpn is up. Then a shell script exiting with 0,1 or 2 status if vpn is ok, unknow status or down. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
nagios plugin: isakmpd
does anyone on list have a nagios plugin that will check the status of isakmpd on an openbsd machine? i had asked about this on the nagios-users mailing list a while back and was told that i should write such a plugin. want to make sure i don't do anything unnecessarily redundant. cheers, jake
Re: Nagios check_bioctl available
On Fri, Jul 28, 2006 at 09:17:28PM -0500, Marco Peereboom wrote: andrew fresh wrote: I have written a perl script that parses the output from bioctl and returns it in a format that Nagios can use. Sweet :-) Thanks! One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? No! dang! oh well, sudo is a good enough solution then. Also, in biovar.h, both a raid volume and a disk can be Offline. However, I am not sure what that means. Currently it is a WARNING, but I don't know what status it should be set to. If 2 or more physical disks of a RAID 5 are offline a volume will be marked offline as well. An offline RAID 5 is obviously a critical event. Hope this makes sense since I am not exactly sure what you are asking. I will change Offline to be a CRITICAL error. and here is the new version: http://openbsd.somedomain.net/nagios/check_bioctl-1.4.tar.gz However, I guess my question is what would cause a disk to be Offline? There is a separate status for Failed, and I could see the RAID being Offline if too many disks had Failed. Are there any other status that should be different? They seemed to be fairly straight forward, but there may be good arguments for them to be changed. my %Status_Map = ( Online = 'OK', Offline = 'CRITICAL', Degraded= 'CRITICAL', Failed = 'CRITICAL', Building= 'WARNING', Rebuild = 'WARNING', 'Hot spare' = 'OK', Unused = 'OK', Scrubbing = 'WARNING', Invalid = 'CRITICAL', ); l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Windows 95 undocumented feature
Re: Nagios check_bioctl available
On Sun, Jul 30, 2006 at 03:03:26AM +0200, Wijnand Wiersma wrote: 2006/7/29, andrew fresh [EMAIL PROTECTED]: One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? Well, I think you only need the status of the drives and that is availlable using sysctl hw.sensors in current (you already mentioned sysctl). A monitoring system should not use the capabilities of bioctl, it just needs to know the status and report that. If that is the case, then this check will become obsolete. That would be nice! I will have to go put -current on my test box and try it out. As it is, on my 3.9-stable box, the output from sysctl if it is available does not seem very reliable: hw.sensors.29=esm0, Drive 0, drive, online hw.sensors.30=esm0, Drive 1, drive, online hw.sensors.31=esm0, Drive 2, drive, unknown hw.sensors.32=esm0, Drive 3, drive, unknown hw.sensors.33=esm0, Drive 4, drive, online hw.sensors.34=esm0, Drive 5, drive, online hw.sensors.35=esm0, Drive 6, drive, unknown hw.sensors.36=esm0, Drive 7, drive, unknown $ sudo bioctl ami0 Password: Volume Status Size Device ami0 0 Online 8984199168 sd0 RAID1 0 Online 8984199168 0:0.0 safte0 IBM DRVS09D 0140 1 Online 8984199168 0:1.0 safte0 IBM DRVS09D 0140 ami0 1 Online36234592256 sd1 RAID10 0 Online18117296128 0:3.0 safte0 QUANTUM ATLAS10K2-TY184JDA40 1 Online18117296128 0:4.0 safte0 QUANTUM ATLAS10K2-TY184JDA40 2 Online18117296128 0:5.0 safte0 QUANTUM ATLAS10K2-TY184JDA40 3 Online18117296128 0:8.0 safte0 QUANTUM ATLAS10K2-TY184JDA40 ami0 2 Hot spare 8984199168 0:2.0 safte0 IBM DMVS09M 0220 ami0 3 Hot spare 18117296128 0:9.0 safte0 QUANTUM ATLAS 10K 18SCA UCHD The rest of the sensors seem mostly correct though, and there are sure enough of them! $ sysctl hw.sensors | tail -1 hw.sensors.99=safte0, temp1, OK, temp, 27.78 degC / 82.00 degF Also, on another box that has external disk box connected with ses, I don't get any status for those disks in sysctl. The disks that are actually in the server are using safte and those show up in sysctl. I don't know why, so now I have this check :-) Now that I think of it, I should add support to the upwatch monitoring system too, but I am not that lucky to have hardware to actually test it :-) If the information is available in sysctl in 4.0, that would be the check to integrate. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: dynamic software linking table corrupted
Re: Nagios check_bioctl available
2006/7/29, andrew fresh [EMAIL PROTECTED]: One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? Well, I think you only need the status of the drives and that is availlable using sysctl hw.sensors in current (you already mentioned sysctl). A monitoring system should not use the capabilities of bioctl, it just needs to know the status and report that. Now that I think of it, I should add support to the upwatch monitoring system too, but I am not that lucky to have hardware to actually test it :-) Wijnand
Nagios check_bioctl available
I have written a perl script that parses the output from bioctl and returns it in a format that Nagios can use. check_bioctl is avaliable here: http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz It is useful to me, and so I thought it might be useful to someone else. I wrote this on OpenBSD 3.9 and tested on Dell PERC 3/DC controllers using the ami driver. It should work just fine on other versions of OpenBSD as well as with other cards and drivers. If you do run into trouble, send me the output from bioctl on the system you are having trouble with and I can try to help. Patches to fix problems would be even better. One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? Also, in biovar.h, both a raid volume and a disk can be Offline. However, I am not sure what that means. Currently it is a WARNING, but I don't know what status it should be set to. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/biovar.h?rev=1.25content-type=text/x-cvsweb-markup If anyone knows what the Offline status means, I would sure like to know. An additional useful feature is that you can specify multiple devices to check in a single check /usr/local/libexec/nagios/check_bioctl -d ami0 -d ami1 Output is similar to below, except with NAGIOS_OUTPUT set to 1 in the source (as it usually is) all output is on a single line separated with br and it hides any devices that are OK because Nagios has a limit on the length of a response. CRITICAL (1): ami0 sd1 Degraded WARNING (1): ami0 0:8.0 Rebuild QUANTUM ATLAS10K2-TY184JDA40 OK (7): ami0 sd0 Online ami0 0:0.0 Online IBM DMVS09M 0220 ami0 0:1.0 Online IBM DRVS09D 0140 ami0 0:3.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:4.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:5.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:2.0 Hot spare IBM DRVS09D 0140 I currently configure it something like this: $ grep check_bioctl /etc/sudoers /etc/nrpe.cfg /etc/sudoers:_nrpe ALL = NOPASSWD:/usr/local/libexec/nagios/check_bioctl -d ami0 /etc/nrpe.cfg:command[check_bioctl]=/usr/bin/sudo /usr/local/libexec/nagios/check_bioctl -d ami0 Also available is check_hw_sensors for checking of sysctl hw.sensors from Nagios. http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: YOU HAVE AN I/O ERROR - Incompetent Operator error
Re: Nagios check_bioctl available
andrew fresh wrote: I have written a perl script that parses the output from bioctl and returns it in a format that Nagios can use. Sweet :-) check_bioctl is avaliable here: http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz It is useful to me, and so I thought it might be useful to someone else. I wrote this on OpenBSD 3.9 and tested on Dell PERC 3/DC controllers using the ami driver. It should work just fine on other versions of OpenBSD as well as with other cards and drivers. If you do run into trouble, send me the output from bioctl on the system you are having trouble with and I can try to help. Patches to fix problems would be even better. One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? No! Also, in biovar.h, both a raid volume and a disk can be Offline. However, I am not sure what that means. Currently it is a WARNING, but I don't know what status it should be set to. If 2 or more physical disks of a RAID 5 are offline a volume will be marked offline as well. An offline RAID 5 is obviously a critical event. Hope this makes sense since I am not exactly sure what you are asking. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/biovar.h?rev=1.25content-type=text/x-cvsweb-markup If anyone knows what the Offline status means, I would sure like to know. An additional useful feature is that you can specify multiple devices to check in a single check /usr/local/libexec/nagios/check_bioctl -d ami0 -d ami1 Output is similar to below, except with NAGIOS_OUTPUT set to 1 in the source (as it usually is) all output is on a single line separated with br and it hides any devices that are OK because Nagios has a limit on the length of a response. CRITICAL (1): ami0 sd1 Degraded WARNING (1): ami0 0:8.0 Rebuild QUANTUM ATLAS10K2-TY184JDA40 OK (7): ami0 sd0 Online ami0 0:0.0 Online IBM DMVS09M 0220 ami0 0:1.0 Online IBM DRVS09D 0140 ami0 0:3.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:4.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:5.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:2.0 Hot spare IBM DRVS09D 0140 I currently configure it something like this: $ grep check_bioctl /etc/sudoers /etc/nrpe.cfg /etc/sudoers:_nrpe ALL = NOPASSWD:/usr/local/libexec/nagios/check_bioctl -d ami0 /etc/nrpe.cfg:command[check_bioctl]=/usr/bin/sudo /usr/local/libexec/nagios/check_bioctl -d ami0 Also available is check_hw_sensors for checking of sysctl hw.sensors from Nagios. http://openbsd.somedomain.net/nagios/ l8rZ,
Re: Nagios check_bioctl available
andrew fresh wrote: I have written a perl script that parses the output from bioctl and returns it in a format that Nagios can use. Sweet :-) check_bioctl is avaliable here: http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz It is useful to me, and so I thought it might be useful to someone else. I wrote this on OpenBSD 3.9 and tested on Dell PERC 3/DC controllers using the ami driver. It should work just fine on other versions of OpenBSD as well as with other cards and drivers. If you do run into trouble, send me the output from bioctl on the system you are having trouble with and I can try to help. Patches to fix problems would be even better. One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? No! Also, in biovar.h, both a raid volume and a disk can be Offline. However, I am not sure what that means. Currently it is a WARNING, but I don't know what status it should be set to. If 2 or more physical disks of a RAID 5 are offline a volume will be marked offline as well. An offline RAID 5 is obviously a critical event. Hope this makes sense since I am not exactly sure what you are asking. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/biovar.h?rev=1.25content-type=text/x-cvsweb-markup If anyone knows what the Offline status means, I would sure like to know. An additional useful feature is that you can specify multiple devices to check in a single check /usr/local/libexec/nagios/check_bioctl -d ami0 -d ami1 Output is similar to below, except with NAGIOS_OUTPUT set to 1 in the source (as it usually is) all output is on a single line separated with br and it hides any devices that are OK because Nagios has a limit on the length of a response. CRITICAL (1): ami0 sd1 Degraded WARNING (1): ami0 0:8.0 Rebuild QUANTUM ATLAS10K2-TY184JDA40 OK (7): ami0 sd0 Online ami0 0:0.0 Online IBM DMVS09M 0220 ami0 0:1.0 Online IBM DRVS09D 0140 ami0 0:3.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:4.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:5.0 Online QUANTUM ATLAS10K2-TY184JDA40 ami0 0:2.0 Hot spare IBM DRVS09D 0140 I currently configure it something like this: $ grep check_bioctl /etc/sudoers /etc/nrpe.cfg /etc/sudoers:_nrpe ALL = NOPASSWD:/usr/local/libexec/nagios/check_bioctl -d ami0 /etc/nrpe.cfg:command[check_bioctl]=/usr/bin/sudo /usr/local/libexec/nagios/check_bioctl -d ami0 Also available is check_hw_sensors for checking of sysctl hw.sensors from Nagios. http://openbsd.somedomain.net/nagios/ l8rZ,
Re: Nagios and Apache
resource_file=/usr/local/nagios/etc/resource.cfg works great for the default source install of Nagios. But switch it to a RPM, or PKG'd version of Nagios and you can't ensure that this directive will point to the right place or not. -Pete On 6/24/06, Lars Hansson [EMAIL PROTECTED] wrote: On Saturday 24 June 2006 18:13, Peter Blair wrote: At work we run Nagios across Linux, OpenBSD FreeBSD machines. Compiling it from source is the only way to ensure config file compatibility. Say what? How does the compilation affect the config file? The config file format is exactly the same no matter where or when you compile nagios. --- Lars Hansson
Re: Nagios and Apache
On 6/23/06, Spruell, Darren-Perot [EMAIL PROTECTED] wrote: Incidentally, if you haven't used the package(s) for Nagios, do. I had no problems and I went with a package install. No mysteries. At work we run Nagios across Linux, OpenBSD FreeBSD machines. Compiling it from source is the only way to ensure config file compatibility.
Re: Nagios and Apache
On Saturday 24 June 2006 18:13, Peter Blair wrote: At work we run Nagios across Linux, OpenBSD FreeBSD machines. Compiling it from source is the only way to ensure config file compatibility. Say what? How does the compilation affect the config file? The config file format is exactly the same no matter where or when you compile nagios. --- Lars Hansson
Nagios and Apache
Hi all, I've installed and configured nagios, and I can open the start page with no problems. But I don't have access to the links that monitor services, such as Tatical Overview. At apache log I have the following error messages: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed [Fri Jun 23 15:42:51 2006] [error] [client 127.0.0.1] Premature end of script headers: /cgi-bin/nagios/tac.cgi My httpd.conf is how it follows: ScriptAlias /cgi-bin/nagios /var/www/cgi-bin/nagios Directory /var/www/cgi-bin/nagios # SSLRequireSSL Options ExecCGI AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory Alias /nagios /var/www/nagios Directory /var/www/nagios # SSLRequireSSL Options ExecCGI Options None AllowOverride None AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory My apache server runs using the chroot feature. Could please anyone tell me what's going wrong? Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Nagios and Apache
On 6/23/06, Joco Salvatti [EMAIL PROTECTED] wrote: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed A quick guess: check your file permissions for tac.cgi. From errno(2): 13 EACCES Permission denied. An attempt was made to access a file in a way forbidden by its file access permissions. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: Nagios and Apache
From: [EMAIL PROTECTED] I've installed and configured nagios, and I can open the start page with no problems. But I don't have access to the links that monitor services, such as Tatical Overview. At apache log I have the following error messages: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed [Fri Jun 23 15:42:51 2006] [error] [client 127.0.0.1] Premature end of script headers: /cgi-bin/nagios/tac.cgi My httpd.conf is how it follows: ScriptAlias /cgi-bin/nagios /var/www/cgi-bin/nagios Directory /var/www/cgi-bin/nagios # SSLRequireSSL Options ExecCGI AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory Alias /nagios /var/www/nagios Directory /var/www/nagios # SSLRequireSSL Options ExecCGI Options None AllowOverride None AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory My apache server runs using the chroot feature. Could please anyone tell me what's going wrong? My config matches yours, except for the Allow directive. you are accessing things from 127.0.0.1?
Re: Nagios and Apache
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Spruell, Darren-Perot Sent: Friday, June 23, 2006 3:22 PM To: Misc OpenBSD Subject: Re: Nagios and Apache From: [EMAIL PROTECTED] I've installed and configured nagios, and I can open the start page with no problems. But I don't have access to the links that monitor services, such as Tatical Overview. At apache log I have the following error messages: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed [Fri Jun 23 15:42:51 2006] [error] [client 127.0.0.1] Premature end of script headers: /cgi-bin/nagios/tac.cgi My httpd.conf is how it follows: ScriptAlias /cgi-bin/nagios /var/www/cgi-bin/nagios Directory /var/www/cgi-bin/nagios # SSLRequireSSL Options ExecCGI AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory Alias /nagios /var/www/nagios Directory /var/www/nagios # SSLRequireSSL Options ExecCGI Options None AllowOverride None AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory My apache server runs using the chroot feature. Could please anyone tell me what's going wrong? My config matches yours, except for the Allow directive. you are accessing things from 127.0.0.1? That was my concern... you could try the actual ip or possibly 'localhost'? Dan Farrell Applied Innovations [EMAIL PROTECTED]
Re: Nagios and Apache
Obvious, but ensure that /var/www/cgi-bin/nagios is a valid directory from the perspective of your chroot'd server. Another caveat is to ensure that the named pipe is accessable to both the nagios executable, and to the chroot'd cgi's (once they start working that is). Nagios references the pipe via absolute naming, so you may have to 'break' things a bit and create a symlink under your chroot directory of /usr/local/nagios/rw/nagios.cmd that points to the actual pipe. Also, try turning off chroot to see if that helps. That will at the least tell you if it's a visibility issue or not. Best of luck! On 6/23/06, Joco Salvatti [EMAIL PROTECTED] wrote: Hi all, I've installed and configured nagios, and I can open the start page with no problems. But I don't have access to the links that monitor services, such as Tatical Overview. At apache log I have the following error messages: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed [Fri Jun 23 15:42:51 2006] [error] [client 127.0.0.1] Premature end of script headers: /cgi-bin/nagios/tac.cgi My httpd.conf is how it follows: ScriptAlias /cgi-bin/nagios /var/www/cgi-bin/nagios Directory /var/www/cgi-bin/nagios # SSLRequireSSL Options ExecCGI AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory Alias /nagios /var/www/nagios Directory /var/www/nagios # SSLRequireSSL Options ExecCGI Options None AllowOverride None AuthName Nagios Access AuthType Basic AuthUserFile /var/www/nagios/htpasswd.users Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 /Directory My apache server runs using the chroot feature. Could please anyone tell me what's going wrong? Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Nagios and Apache
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Blair Sent: Friday, June 23, 2006 4:02 PM To: Joco Salvatti Cc: Misc OpenBSD Subject: Re: Nagios and Apache Obvious, but ensure that /var/www/cgi-bin/nagios is a valid directory from the perspective of your chroot'd server. I would say that it is a valid directory... it was on my installation. Isn't /var/www/cgi-bin a valid chroot directory by definition? Another caveat is to ensure that the named pipe is accessable to both the nagios executable, and to the chroot'd cgi's (once they start working that is). Nagios references the pipe via absolute naming, so you may have to 'break' things a bit and create a symlink under your chroot directory of /usr/local/nagios/rw/nagios.cmd that points to the actual pipe. Also, try turning off chroot to see if that helps. That will at the least tell you if it's a visibility issue or not. I think if you turn off chroot then the other parts of the program that depend on the chroot'd directory structure will break when you un-chroot it... right? Dan Farrell Applied Innovations [EMAIL PROTECTED]
Re: Nagios and Apache
From: [EMAIL PROTECTED] Obvious, but ensure that /var/www/cgi-bin/nagios is a valid directory from the perspective of your chroot'd server. I would say that it is a valid directory... it was on my installation. Isn't /var/www/cgi-bin a valid chroot directory by definition? Incidentally, if you haven't used the package(s) for Nagios, do. I had no problems and I went with a package install. No mysteries. DS
Re: Nagios and Apache
On Fri, Jun 23, 2006 at 03:45:35PM -0300, Joco Salvatti wrote: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed /var[/www] mounted noexec in fstab?
Re: Nagios and Apache
Hi folks... Thanks for the suggestions. But I didn't have paid attention that the problem was at /etc/fstab file : noexec flag was active for /var partition. I should have paid better attention to that before. Thanks. On 6/23/06, Craig Skinner [EMAIL PROTECTED] wrote: On Fri, Jun 23, 2006 at 03:45:35PM -0300, Joco Salvatti wrote: [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of /cgi-bin/nagios/tac.cgi failed /var[/www] mounted noexec in fstab? -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Nagios plugin to check hw.sensors
I monitor most of the stuff around here with Nagios, and, with the new sensors framework that gives me a whole bunch of stuff to monitor. But, I found there wasn't an easy way to monitor them remotely. So, I put some work into a Nagios plugin. It is a bit rough yet, so patches are welcomed. So far, it has been working fairly well. The exception being one of the machines I am using it on (a Dell PowerEdge 2450) doesn't show the same sensors everytime I restart. It is probably an issue with the machine, not the plugin though. Details and download are here: http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: short leg on process table
Nagios Port - Installation problem (3.8)
Hi all I've tried installing the Nagios (2.0b4p0) port chrooted but I get the following error when it comes to the last stage of the install: === Installing nagios-2.0b4p0-chroot from /usr/ports/packages/i386/all/nagios-2.0b4p0-chroot.tgz Can't install nagios-2.0b4p0-chroot because of conflicts (nagios-2.0b4p0) /usr/sbin/pkg_add: /usr/ports/packages/i386/all/nagios-2.0b4p0-chroot.tgz:Fatal error *** Error code 1 Stop in /usr/ports/net/nagios/nagios (line 1902 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/net/nagios (line 108 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). I installed like so: # cd /usr/ports/net/nagios/ # make flavor='chroot' # make install After reading a post I found on Google I tried: # cd /usr/ports/net/nagios/ # make flavor='chroot' # cd nagios # make install Both options fail with the above error. All the dependenciess seemed to install OK. I also tried without using the flavor='chroot' in the make cmd. The system is a GENERIC kernel base install with the ports tree installed and updated. The only other thing I have done to the system is install SSL certs for Apache. Can anyone suggest what I might be doing wrong? I don't mind either way whether I get a full chrooted install although it would be very nice! Thanks -- Simon H
Re: Nagios Port - Installation problem (3.8)
--On 07 December 2005 16:12 +, Simon H wrote: === Installing nagios-2.0b4p0-chroot from /usr/ports/packages/i386/all/nagios-2.0b4p0-chroot.tgz Can't install nagios-2.0b4p0-chroot because of conflicts (nagios-2.0b4p0) Looks like you've already got the non-chroot flavour installed, pkg_delete it first. # make flavor='chroot' That's not how ports(7) says to do this (see the section headed FLAVORS if you actually want to build it yourself for some reason: otherwise, it's simpler to just use the provided packages).
Re: Nagios Port - Installation problem (3.8)
Stuart Henderson wrote: --On 07 December 2005 16:12 +, Simon H wrote: === Installing nagios-2.0b4p0-chroot from /usr/ports/packages/i386/all/nagios-2.0b4p0-chroot.tgz Can't install nagios-2.0b4p0-chroot because of conflicts (nagios-2.0b4p0) Looks like you've already got the non-chroot flavour installed, pkg_delete it first. # make flavor='chroot' That's not how ports(7) says to do this (see the section headed FLAVORS if you actually want to build it yourself for some reason: otherwise, it's simpler to just use the provided packages). Thanks for this Stuart. I tried it withe right way from the man page and it failed because the plugins dont support chroot flavor. So I cleaned everything up again and tried a normal make make install and it still fails with the original message. This is even after the fact that I did a pkg_delete and cleaned the directories recommended after the pkg_delete. So any ideas why this would happen in a normal build of the port? I'll perhaps try to install the package instead of the port but I like installing from src where possible. Thanks again -- Simon H
Re: Nagios Port - Installation problem (3.8)
cd /usr/ports/net/nagios/ FLAVOR=chroot make install clean-depends that should do it ;) -- viq -- INTERIA.PL | Kliknij po wiecej http://link.interia.pl/f18c1
Re: Nagios Port - Installation problem (3.8)
--On 07 December 2005 16:52 +, Simon H wrote: Thanks for this Stuart. I tried it withe right way from the man page and it failed because the plugins dont support chroot flavor. Plugins and the main software are in subdirectories (/usr/ports/net/nagios/nagios /usr/ports/net/nagios/plugins), you can compile them separately, one with flavours, one without. But you don't need to, read on.. So I cleaned everything up again and tried a normal make make install and it still fails with the original message. This is even after the fact that I did a pkg_delete and cleaned the directories recommended after the pkg_delete. So any ideas why this would happen in a normal build of the port? I'll perhaps try to install the package instead of the port but I like installing from src where possible. When you 'make install', the port is built, packages are created (you'll see them in /usr/ports/packages/...) then installed. Packages for ftp sites and CDs are made this way too. For e.g. Nagios, well, take a look at /usr/ports/net/nagios/Makefile and see how it works... Making the packages is done inside fake directories so multiple flavours don't conflict until they're actually installed. So, your current system probably has /usr/ports/packages/.../All/nagios-* already built for both flavours of the port, and you can just pkg_add (this is all 'make install' does anyway: see for yourself with 'make -n install').
Re: Nagios Port - Installation problem (3.8)
viq wrote: cd /usr/ports/net/nagios/ FLAVOR=chroot make install clean-depends that should do it ;) Thanks viq, but this still fails on the plugins install as they dont support chroot flavor aparently: Fatal: Unknown flavor: chroot (in net/nagios/plugins) (Possible flavors are: no_db no_ntp no_samba no_snmp). (in net/nagios/plugins) *** Error code 1 Stop. *** Error code 1 Stop in /usr/ports/net/nagios (line 108 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). # Is there a way around this so the full install c/w plugins, etc all work in a chrooted environment? Thanks -- Simon H
Re: Nagios Port - Installation problem (3.8)
Stuart Henderson wrote: --On 07 December 2005 16:52 +, Simon H wrote: Thanks for this Stuart. I tried it withe right way from the man page and it failed because the plugins dont support chroot flavor. Plugins and the main software are in subdirectories (/usr/ports/net/nagios/nagios /usr/ports/net/nagios/plugins), you can compile them separately, one with flavours, one without. But you don't need to, read on.. So I cleaned everything up again and tried a normal make make install and it still fails with the original message. This is even after the fact that I did a pkg_delete and cleaned the directories recommended after the pkg_delete. So any ideas why this would happen in a normal build of the port? I'll perhaps try to install the package instead of the port but I like installing from src where possible. When you 'make install', the port is built, packages are created (you'll see them in /usr/ports/packages/...) then installed. Packages for ftp sites and CDs are made this way too. For e.g. Nagios, well, take a look at /usr/ports/net/nagios/Makefile and see how it works... Making the packages is done inside fake directories so multiple flavours don't conflict until they're actually installed. So, your current system probably has /usr/ports/packages/.../All/nagios-* already built for both flavours of the port, and you can just pkg_add (this is all 'make install' does anyway: see for yourself with 'make -n install'). I understand this and have tried just installing the chroot package manually also but nothing seems to be going in the right place (/var/www/nagios is empty after adding the chrooted package). I'm doing this in a VM so I'm reverting back to a snapshot which is just after updating the ports tree and starting again. What I dont understand is why the plugins dont require the chroot flavor and how they would work with nagios chrooted. Also, what about the dependencies such as GD and the like...do they all get chrooted automagically too and if not, how does it work? Is it really possible to get a full nagios implementation (inc. plugins) chrooted? Thanks -- Simon H
Re: Nagios Port - Installation problem (3.8)
I understand this and have tried just installing the chroot package manually also but nothing seems to be going in the right place (/var/www/nagios is empty after adding the chrooted package). I'm doing this in a VM so I'm reverting back to a snapshot which is just after updating the ports tree and starting again. What I dont understand is why the plugins dont require the chroot flavor and how they would work with nagios chrooted. Also, what about the dependencies such as GD and the like...do they all get chrooted automagically too and if not, how does it work? Is it really possible to get a full nagios implementation (inc. plugins) chrooted? The plugins are not chrooted, there is no reason to do so. The main nagios daemon runs outside of Apache's chroot, hence, so do the plugins. Benny -- NOT WORK SAFE! Extreme animated violence, language, birds, and what appears to be God with a katana. -- SA list
Re: Nagios Port - Installation problem (3.8)
On Wednesday 07 December 2005 19:01, Simon H wrote: viq wrote: cd /usr/ports/net/nagios/ FLAVOR=chroot make install clean-depends that should do it ;) Thanks viq, but this still fails on the plugins install as they dont support chroot flavor aparently: Fatal: Unknown flavor: chroot (in net/nagios/plugins) (Possible flavors are: no_db no_ntp no_samba no_snmp). (in net/nagios/plugins) *** Error code 1 Stop. *** Error code 1 Stop in /usr/ports/net/nagios (line 108 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). # Is there a way around this so the full install c/w plugins, etc all work in a chrooted environment? Ah. I don't have yet that much experience with ports, and didn't play with nagios, so i'm afraid the help will have to come from someone else. All i can help you with is that FLAVORS have to be capitalised, and you need to enter it on every line that has a make in it ;) -- viq -- INTERIA.PL | Kliknij po wiecej http://link.interia.pl/f18c1
Re: Nagios Port - Installation problem (3.8)
From: viq [mailto:[EMAIL PROTECTED] Is there a way around this so the full install c/w plugins, etc all work in a chrooted environment? Ah. I don't have yet that much experience with ports, and didn't play with nagios, so i'm afraid the help will have to come from someone else. All i can help you with is that FLAVORS have to be capitalised, and you need to enter it on every line that has a make in it ;) In the time everyone's been discussing this I installed the packages from FTP; why are we messing with ports and FLAVORs? DS
Re: Nagios Port - Installation problem (3.8)
On Wednesday 07 December 2005 23:30, Spruell, Darren-Perot wrote: In the time everyone's been discussing this I installed the packages from FTP; why are we messing with ports and FLAVORs? Some people prefer to build stuff from source on their own machine, instead of having binary packages from (semi-)unknown sources. Or just because they like to ;) And not all flavours are available as packages. Though yes, i guess in this case they are. -- viq -- INTERIA.PL | Kliknij po wiecej http://link.interia.pl/f18c1
Re: Nagios Port - Installation problem (3.8)
viq wrote: On Wednesday 07 December 2005 23:30, Spruell, Darren-Perot wrote: In the time everyone's been discussing this I installed the packages from FTP; why are we messing with ports and FLAVORs? Some people prefer to build stuff from source on their own machine, instead of having binary packages from (semi-)unknown sources. Or just because they like to ;) And not all flavours are available as packages. Though yes, i guess in this case they are. It's also a good learning experience even if you do need a little help from time to time. I finally got it working once I realised how it all worked and figured out that I needed to install the web interface from the package manually, which although it was created with the make, it wasnt installed with the make install. So, yep, I've got a working system now. Thanks everyone for their help! -- Simon H
Re: Nagios: Premature end of script headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Look at this http://www.mand4la.info/index.php/NagiosObsd I've wrote this doc in italian, bat the code is the same :P BTW..try to lunch apache with -u httpd -u Bye Matteo Joco Salvatti wrote: Hi all, I installed and configured Nagios on my machine. The Nagios webpage can be retrieve normally, but something strange happens when I try to retrieve host detail: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Eu olhei o arquivo de log de erros e ele me diz o seguinte: [Tue Aug 23 11:35:06 2005] [error] [client 10.10.1.254http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/tac.cgi [Tue Aug 23 11:35:16 2005] [error] [client 10.10.1.254 http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/status.cgi I've already tried to look for some reference about how to solve this problem at Google, but I couldn't find a thing. Has anyone any suggestion about how to solve this? Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] iD8DBQFDI9p3/TjXD9LUVswRAs5yAJsGLNFH58td7e8N3JdJ2bezdDcPFwCfTzEy xoyM8FNkgYBWqAhxutXURRw= =Ntg4 -END PGP SIGNATURE-
Nagios: Premature end of script headers
Hi all, I installed and configured Nagios on my machine. The Nagios webpage can be retrieve normally, but something strange happens when I try to retrieve host detail: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Eu olhei o arquivo de log de erros e ele me diz o seguinte: [Tue Aug 23 11:35:06 2005] [error] [client 10.10.1.254http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/tac.cgi [Tue Aug 23 11:35:16 2005] [error] [client 10.10.1.254 http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/status.cgi I've already tried to look for some reference about how to solve this problem at Google, but I couldn't find a thing. Has anyone any suggestion about how to solve this? Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Nagios: Premature end of script headers
At 02:37 PM 8/23/2005 -0300, Joco Salvatti wrote: Hi all, I installed and configured Nagios on my machine. The Nagios webpage can be retrieve normally, but something strange happens when I try to retrieve host detail: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Actually doesn't have anything to do with OBSD, .. but you might check: 1) All libaries are installed in your chroot environment; 2) Nobody has ftp'd files with extra crs (took me a while to figure out that one); 3) The separate programs will run from a command line. In the case of 1 3, sometimes it's helpful to *test* the script chroot'd. Lee
Nagios
quick question Does a package exist for Nagios the host and server monitor software ? Thanks A. Lester Burke Network Analyst Arlington Public Schools, VA V 703-228-6057 E [EMAIL PROTECTED] -- A complaint is a gift Anon
Re: Nagios
No. You just have to build it from source and use -- options to tell nagios where your png libraries are. Don't now the exact build phrase anymore, but just google for it and you'll find it. (I just remember; it might be in the online docs of www.nagios.org) You'll be wise to install its dependant packages in forward: freetype-1.3.1p1free and portable TrueType font rendering engine gd-1.8.3graphics library for fast PNG creation jpeg-6b IJG's JPEG compression utilities png-1.2.5p5 library for manipulating PNG images popt-1.7getopt(3)-like library with a number of enhancements Nils -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Lester Verzonden: donderdag 19 mei 2005 18:25 Aan: misc@openbsd.org Onderwerp: Nagios quick question Does a package exist for Nagios the host and server monitor software ? Thanks A. Lester Burke Network Analyst Arlington Public Schools, VA V 703-228-6057 E [EMAIL PROTECTED] -- A complaint is a gift Anon