[Nagios-users] regex support for check_proc
I see where people were talking about it but not what came of it, if anything. Did I miss it in the changelog somewhere? Did regex support ever get added? Is anyone still interested in this? -- Sincerely, Owen LaGarde Senior Systems Administrator owen.m.laga...@usace.army.mil 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part -- Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] selectively disable notifications for services inheriting a specific template?
Nope, that would alter the check behavior *and* require me to double the size of the config tree. On Thu, 2009-01-22 at 15:16 +, nagios-users-requ...@lists.sourceforge.net wrote: 6. Re: selectively disable notifications for services inheriting a specific template? (Assaf Flatto) -- Message: 6 Date: Thu, 22 Jan 2009 09:49:42 + From: Assaf Flatto assaf.fla...@ssp-intl.com Subject: Re: [Nagios-users] selectively disable notifications for servicesinheriting aspecific template? To: nagios-users@lists.sourceforge.net Message-ID: 200901220949.42234.assaf.fla...@ssp-intl.com Content-Type: text/plain; charset=US-ASCII Have you looked at service dependencies ? http://nagios.sourceforge.net/docs/3_0/dependencies.html It sounds like this is what you need. Assaf -- Sincerely, Owen LaGarde Senior Systems Administrator owen.m.laga...@usace.army.mil 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] selectively disable notifications for services inheriting a specific template?
Here's a moderately satisfactory fix: with a test already in place to check the availability of a TGT and the cache maintained by an event broker module (ie., such that all nagios child processes see the same cache) you can add an even handler to the service template inherited by the services for which you want to disable notifications when the TGT isn't available. The event handler script then runs the TGT check plugin as an external process and enables/disables service notifications for this service (ie., the one executing the event handler) by including the NAGIOS_HOSTNAME and NAGIOS_SERVICEDISPLAYNAME in the external command. Note: - The TGT check itself must *not* inherit this template -- if it does, TGT failure will be blocked along with TGT-failure-caused failures. - A race condition exists in that the event handler fires after the parent service check declares a state change. That state change, depending on the applicable retries value and delay between retries, can potentially cause a notification to fire prior to processing of any external commands generated by the event handler. Total time between first soft state transition and first hard state transition must be at least twice the interval at which nagios processes the external command queue. - This does *nothing* about the failures themselves -- the assumption is that you want the failure to occur but with select notifications blocked. On Wed, 2009-01-21 at 20:21 -0600, Owen LaGarde wrote: I essentially want to disable only notifications, only when a specific service check fails, only for services inheriting a specific template. And I'm lazy, and don't want to double the size of my config for this one function. I'm using nagios 3.0.2 and nagios-plugins 1.4.12 with a large (1000 hosts/services) configuration. Most (800+) of the services use a check_remote custom plugin to tunnel network calls [ie., to plugins on other hosts] within kerberos authenticated and encrypted sessions. That kerberos activity requires a ticket cache containing a TGT; said cache is maintained by a custom event broker module and said TGT's presence is monitored by a service definition referencing a custom check_krbtgt plugin. This has worked great so far -- no race conditions, clean start/restart/refresh cycles for the cache and TGT, scales well, etc. For a number of policy reasons all service definitions use active checks. When the TGT check fails it logically follows that all service checks using the check_remote plugin have or are about to fail. This is desirable behavior -- depending on the nature of the kerberos TGT problem there are a number of check_remote failure messages and these need to be captured in the event log, so I *don't* want to block *any* checks from running. But... If it's the TGT check that's failed then the notifications for everything except the TGT failure are inappropriate and should be blocked. In effect I want to cause a specific service check's failure to disable notifications for a large (800+) number of other service checks but I don't want to nearly double the size of the config tree and have that much more text to wade through when maintaining the nagios configuration. Remember, I need the checks that are about to fail because of the TGT failure to go on and run, and fail, and log their events and perfdata. It's just the notifications that should be stopped, and only then if the originating service use-es the remote-active-service template. Anybody else doing this? -- Sincerely, Owen LaGarde Senior Systems Administrator owen.m.laga...@usace.army.mil 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] selectively disable notifications for services inheriting a specific template?
I essentially want to disable only notifications, only when a specific service check fails, only for services inheriting a specific template. And I'm lazy, and don't want to double the size of my config for this one function. I'm using nagios 3.0.2 and nagios-plugins 1.4.12 with a large (1000 hosts/services) configuration. Most (800+) of the services use a check_remote custom plugin to tunnel network calls [ie., to plugins on other hosts] within kerberos authenticated and encrypted sessions. That kerberos activity requires a ticket cache containing a TGT; said cache is maintained by a custom event broker module and said TGT's presence is monitored by a service definition referencing a custom check_krbtgt plugin. This has worked great so far -- no race conditions, clean start/restart/refresh cycles for the cache and TGT, scales well, etc. For a number of policy reasons all service definitions use active checks. When the TGT check fails it logically follows that all service checks using the check_remote plugin have or are about to fail. This is desirable behavior -- depending on the nature of the kerberos TGT problem there are a number of check_remote failure messages and these need to be captured in the event log, so I *don't* want to block *any* checks from running. But... If it's the TGT check that's failed then the notifications for everything except the TGT failure are inappropriate and should be blocked. In effect I want to cause a specific service check's failure to disable notifications for a large (800+) number of other service checks but I don't want to nearly double the size of the config tree and have that much more text to wade through when maintaining the nagios configuration. Remember, I need the checks that are about to fail because of the TGT failure to go on and run, and fail, and log their events and perfdata. It's just the notifications that should be stopped, and only then if the originating service use-es the remote-active-service template. Anybody else doing this? -- Sincerely, Owen LaGarde Senior Systems Administrator owen.m.laga...@usace.army.mil 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Undefined symbols during event broker module load?
I have a broker module that creates a kerberos5 memory cache for later use with plugins referencing kerberized client tools. For various reasons this requires use of some customized kerberos and openssl libraries in /usr/KRB5/lib and /usr/KRB5/openssl/lib. Using the existing broker examples was pretty easy; tell the precompiler where the extra headers are and you're done. Here's the resulting compile line for the module: gcc -fPIC -I /usr/KRB5/include -DHAVE_CONFIG_H \ -o krb5cachemgr.o krb5cachemgr.c -shared The ELF shared object this creates is correct as far as symbol references go, and all symbol references are resolvable at runtime if the additional paths are provided to the loader. And that provision appears to be the problem -- nagios fails to load any module referencing anything outside of the builtin path list. Exporting LD_LIBRARY_PATH above the top process for nagios doesn't affect things (I halfway expected this since nagios declares itself the process group leader) but including the new paths in the ld.so.cache is equally ineffective. Just for grins I also tried removing the kerberos calls and testing with a call to a dummy stub in a library in my homedir, with the same results. What precisely is nagios doing on broker module load to resolve relocatable symbol references in the requested module? Is symbol resolution restricted to the nagios install tree? -- Sincerely, Owen LaGarde Senior Systems Administrator [EMAIL PROTECTED] 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] How to cause downtime inheritance from host to service?
Is there no way to enter downtime but once for each host and once again for each service on that host? How about adding another pulldown to the extcmd cgi for host downtime, under the Child Hosts one, that applied to services on the indicated host rather than children of the indicated host? For that matter, how about a checkbox on the downtime form to disable service checks associated with the indicated host (I can easily see cases where, during downtime, you'd not want to have Nagios continue to probe a host with service checks in addition to not notifying if there was a problem). Does this sound like a useful addition to anyone? -- Sincerely, Owen LaGarde Senior Systems Administrator [EMAIL PROTECTED] 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] The philosophy behind use of 'su -' (or lack thereof)
A borderline-nagios-dev question: Line 127 of the initscript (/etc/rc.d/init.d/nagios) uses 'su -' to touch files on startup -- presumably to inherit the default uid/gid of the container account if the 'touch' namespace causes file creation... su - $NagiosUser -c touch $NagiosVarDir/nagios.log $NagiosRetentionFile Use of 'su -', of course, requires the container account to be login enabled. Two lines later the exact same task happens again but without the login shell requirement... touch $NagiosRunFile chown $NagiosUser:$NagiosGroup $NagiosRunFile Any particular reason for the two very different methods of performing the same task, or why both can't use the latter form so that the nagios user can be login disabled? The utils code uses setuid() and setsid(), so it's not like a login shell is actually needed -- Sincerely, Owen LaGarde Senior Systems Administrator [EMAIL PROTECTED] 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Deferring user authentication to the server *and* using server defined usernames?
I've seen reference to using the SSL certificate authentication performed by httpd to drive Nagios user identification -- the LCG wiki at https://twiki.cern.ch/twiki/bin/view/LCG/GridMonitoringNagiosInstall mentions a form of this. I'd like to go a step further and use one of the environment variables (specifically SSL_CLIENT_S_DN_CN) defined by mod_ssl to specify the user name. This is primarily driven by a number of issues -- well outside the scope of this list -- springing from the DoD's use of this certificate component. The basic idea is to set an environment variable, say, USERNAME, to SSL_CLIENT_S_DN_CN when mod_ssl builds the session, and have Nagios honor it as trusted and assign roles/capabilities to it in the usual places. As an example see Numara Footprints' use of $USERNAME, which it expects mod_ssl to populate when the auth method is external. Does anyone else do this? -- Sincerely, Owen LaGarde Senior Systems Administrator [EMAIL PROTECTED] 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Deferring user authentication to the server *and* using server defined usernames?
A more direct question: Torsten Fellhauer wrote a patch for this back in the 1.2 days. Did that functionality ever make it into mainstream, and if so, how do I config for it? On Fri, 2008-05-23 at 12:09 -0500, Owen LaGarde wrote: I've seen reference to using the SSL certificate authentication performed by httpd to drive Nagios user identification -- the LCG wiki at https://twiki.cern.ch/twiki/bin/view/LCG/GridMonitoringNagiosInstall mentions a form of this. I'd like to go a step further and use one of the environment variables (specifically SSL_CLIENT_S_DN_CN) defined by mod_ssl to specify the user name. This is primarily driven by a number of issues -- well outside the scope of this list -- springing from the DoD's use of this certificate component. The basic idea is to set an environment variable, say, USERNAME, to SSL_CLIENT_S_DN_CN when mod_ssl builds the session, and have Nagios honor it as trusted and assign roles/capabilities to it in the usual places. As an example see Numara Footprints' use of USERNAME and mod_ssl. Does anyone else do this? -- Sincerely, Owen LaGarde Senior Systems Administrator [EMAIL PROTECTED] 1-800-522-6937 x4879 Engineering Research and Development Center attn: CEERD-IH-C (Owen LaGarde) 3909 Halls Ferry Road Vicksburg, MS 39180-6199 signature.asc Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null