PNP4Nagios installation and integration with Nagios @CIGNEX Datamatics

Hello guys,

I would like to share how to install PNP4Nagios and integrate with nagios to see graphs.
With nagios if you want to configure graphs for your any of the services you need performance data as part in output.

Performance Data: Plugins can return optional performance data in their output by sending the normal, human-readable text string that they usually would, followed by a pipe character (|), and then a string containing one or more performance data metrics. Let's take the check_ping plugin as an example and assume that it has been enhanced to return percent packet loss and average round trip time as performance data metrics. 

Sample output from the plugin might look like this:

PING ok - Packet loss = 0%, RTA = 0.80 ms | percent_packet_loss=0, rta=0.80

If you are new to performance data see below link for more information:
Performance Data

Installation and configuration of PNP4Nagios:

Step1: Install pnp4nagios and rrdtool-perl package

yum install pnp4nagios* rrdtool-perl

Step2: Change some parameters in nagios Configuration file 

Edit the performance data section of /usr/local/nagios/etc/nagios.cfg:

Enable performance data by adding following line
process_performance_data=1 

Define path where performance data files should be stored.
host_perfdata_file=/var/perfdatanagios/host-perfdata
service_perfdata_file=/var/perfdatanagios/service-perfdata

Create /var/perfdatanagios/ direcrtory and change permission.

mkdir /var/perfdatanagios/

chown nagios:apache /var/perfdatanagios/

chmod 775 /var/perfdatanagios 

Now add below performance data templates lines

host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tHOSTOUTPUT::$HOSTOUTPUT$

service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$\tSERVICEOUTPUT::$SERVICEOUTPUT$

Change below parameters
host_perfdata_file_mode=a 
service_perfdata_file_mode=a 

Change interval to process perfdata 
host_perfdata_file_processing_interval=15 
service_perfdata_file_processing_interval=15 

Add commands to check perfdata 
host_perfdata_file_processing_command=process-host-perfdata-file 
service_perfdata_file_processing_command=process-service-perfdata-file

Now create commands in commands.cfg file to process performance data as below:

define command {
        command_name    process-service-perfdata-file
        command_line    /usr/local/nagios/libexec/plugins/process_perfdata.pl --bulk=/var/perfdatanagios/service-perfdata
}
define command {
        command_name    process-host-perfdata-file
        command_line    /usr/local/nagios/libexec/plugins/process_perfdata.pl --bulk=/var/perfdatanagios/host-perfdata
}
Note: use your plugin directory path.

Download process_perfdata.pl
wget https://raw.github.com/willixix/WL-NagiosPlugins/master/graphing_templates/pnp4nagios/process_perfdata.pl

Change ownership and permissions as below.
chown nagios:nagios process_perfdata.pl
chmod +x  process_perfdata.pl

change conf array in process_perfdata.pl plugin according to your configuration in /etc/pnp4nagios/process_perfdata.cfg and /etc/pnp4nagios/config.php.

Change below parameters /etc/pnp4nagios/config.php

$conf['rrdtool'] = "/usr/bin/rrdtool";

$conf['rrdbase'] = "/var/perfdatanagios/";

$conf['page_dir'] = "/etc/pnp4nagios/pages/";

find below strings in process_perfdata.pl file and change its value according to your environment.

RRDPATH            => "/var/perfdatanagios/", 

RRA_CFG            => "/etc/pnp4nagios/rra.cfg",

STATS_DIR          => "/var/log/pnp4nagios/stats",

LOG_FILE           => "/var/log/pnp4nagios/perfdata.log",

ENCRYPTION         => 0,   

find below strings in process_perfdata.cfg file and change its value according to your environment.

RRDPATH = /var/perfdatanagios/ ## [ path of perfdata directory ]

RRA_CFG = /etc/pnp4nagios/rra.cfg ## [ path of rra.cfg file]

STATS_DIR = /var/log/pnp4nagios/stats ## [ create directory /var/log/pnp4nagios/stats ]

LOG_FILE = /var/log/pnp4nagios/pnp4nagios.log

Add below line 

ENCRYPTION=0

Move process_perfdata.pl plugin to you your plugin directory

mv process_perfdata.pl /usr/local/nagios/libexec/plugins/

Add below line in generic-host template in /etc/nagios/lconf/default-templates.cfg 
action_url /pnp4nagios/graph?host=$HOSTNAME$

Add below line in generic-service template in /etc/nagios/lconf/default-templates.cfg file
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$

Now Restart Nagios and Httpd service.

service nagios restart

service httpd restart

Now you can see new graph icon before service name in Nagios UI.

How to Ban SSH attackers ip

Most servers that allow SSH over known ports get hammered from time to time as they are reveled by scans or simple misconfiguration. 

The following how-to is stitched together from advice gleaned online.

	Count the number per day of failed SSH login attempts For Ubuntu: [Root@Box]#cat ./auth.log* | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort | uniq -c [Root@Box]#grep "Failed" ./auth.log |awk '{print $NF}' | sort|uniq -c|sort -nr|head -n 25 For CentOS: [Root@Box]#cat ./secure* | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort | uniq -c [Root@Box]#grep "Failed" ./secure |awk '{print $NF}' | sort|uniq -c|sort -nr|head -n 25
	Add rules to IPTABLES [Root@Box]#iptables -I INPUT -p tcp --dport <YOUR PORT HERE> -i eth0 -m state --state NEW -m recent --set [Root@Box]#iptables -I INPUT -p tcp --dport <YOUR PORT HERE> -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP The first line basically creates a rule that only applies to packets used for new connection attempts on the ssh port. The second line says that if there are more than 4 attempts from an IP within 60 seconds, then any traffic from that IP should be blackholed. This solution doesn't care whether or not the attempts on different user accounts.

Standalone Monitoring of Linux Server

I was surfing and suddenly I came across a software which can monitor on which we install it. I found it very useful for those guys who don't wants OR can't configure (Because of some access restrictions) Nagios kind of application for monitoring linux servers. It is like dashboard which can show you all useful information about your server. 

Advantage: If you can write some php code then you can add your own custom monitoring block.

I am going to demonstrate installation of linux-dash installation on centos-6.3.

You need below packages installed on that host.

httpd, mysql, mysql-server, php5, php5-json subversion

Also you have to add iptables rule to allow request on 80 port from outside of network.

Download code in to your webroot directory.

[root@monitoringhost html]# svn co https://github.com/afaqurk/linux-dash/trunk

[root@monitoringhost html]# mv trunk linux-dash

[root@monitoringhost html]# chown apache:apache linux-dash/ -R

Thats it.

Now you can browse url of your host in browser and can see host status any time.

You will see below screen in browser.