nagios用NRPE监控Linux主机服务端和客户端的安装配置

2025-01-02 技术教程

安装配置nagios服务端：

安装前的准备工作

yum-yinstallhttpdgccglibcglibc-commongdgd-develphpphp-mysqlmysqlmysql-develmysql-servergroupaddnagcmduseradd-Gnagcmdnagiospasswdnagiosusermod-a-Gnagcmdapache

vim /etc/httpd/conf/httpd.conf

DirectoryIndex index.php index.html index.html.var #找到这一行，添加index.php

编译安装nagios：

wgethttp://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.5.tar.gztarzxfnagios-4.0.5.tar.gzcdnagios-4.0.5./configure--with-command-group=nagcmd--enable-event-brokermakeallmakeinstallmakeinstall-initmakeinstall-commandmodemakeinstall-config

附：在解压的时候如果提示下面的错误，是因为系统时间不对

tar: nagios-4.0.5/xdata/xsddefault.c: time stamp 2014-04-12 02:37:42 is 250653.223481153 s in the future

tar: nagios-4.0.5/xdata/xsddefault.h: time stamp 2014-04-12 02:37:42 is 250653.223419364 s in the future

tar: nagios-4.0.5/xdata: time stamp 2014-04-12 02:37:42 is 250653.223359922 s in the future

修改系统时间

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

service ntpd stop

ntpdate asia.pool.ntp.org ; hwclock -w

需要在httpd的配置文件目录(conf.d)中生成Nagios的Web程序配置文件，继续在此编译安装目录输入一条命令：

# make install-webconf

创建一个登录nagios web程序的用户，这个用户帐号在以后通过web登录nagios认证时所用：

# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin #输入登陆nagios的密码

# service httpd restart

编译、安装nagios-plugins

nagios的所有监控工作都是通过插件完成的，因此，在启动nagios之前还需要为其安装官方提供的插件。http://exchange.nagios.org/directory/Plugins nagios插件链接

wgethttp://nagios-plugins.org/download/nagios-plugins-2.0.tar.gztarzxfnagios-plugins-2.0.tar.gzcdnagios-plugins-2.0./configure--with-nagios-user=nagios--with-nagios-group=nagiosmakemakeinstall

配置并启动Nagios

# chkconfig --add nagios

# chkconfig nagios on

检查其主配置文件

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

# service nagios start

关闭selinux，

vim /etc/sysconfig/selinux 将其中的selinux后面的值“force”修改为“disable”或者

临时性的改动selinux也可以

#setenforce0#getenforcePermissive

或者将nagios的CGI程序运行于SELinux/targeted模式而不用关闭selinux：

# chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin

# chcon -R -t httpd_sys_content_t /usr/local/nagios/share

通过web界面查看nagios：

http://your_nagios_IP/nagios

输入帐号和密码

这时候可以看到本机的服务状态，如果没有出现页面，请检查iptables的80端口是否开放

如果出现下面提示，说明是selinux的问题，setenforce 0即可

InternalServerErrorTheserverencounteredaninternalerrorormisconfigurationandwasunabletocompleteyourrequest.Pleasecontacttheserveradministrator,root@localhostandinformthemofthetimetheerroroccurred,andanythingyoumighthavedonethatmayhavecausedtheerror.Moreinformationaboutthiserrormaybeavailableintheservererrorlog.

安装NRPE，服务端需要自己的check_nrpe，和被监控端联系

下载页面

http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz?r=&ts=1363788540&use_mirror=hivelocity

tar-zxvfnrpe-2.15.tar.gzcdnrpe-2.15./configure--with-nrpe-user=nagios\--with-nrpe-group=nagios\--with-nagios-user=nagios\--with-nagios-group=nagios\--enable-command-args\--enable-sslmakeallmakeinstall-pluginmakeinstall-daemonmakeinstall-daemon-config

如果./configure时候出现下面错误

checkingforSSLheaders...SSLheadersfoundin/usr/local/sslcheckingforSSLlibraries...configure:error:Cannotfindssllibraries

则

#find/usr/-namelibssl.so/usr/local/ssl/lib/libssl.so#./configure--with-nrpe-user=nagios--with-nrpe-group=nagios--with-nagios-user=nagios--with-nagios-group=nagios--enable-command-args--enable-ssl--with-ssl-lib=/usr/local/ssl/lib

安装配置被监控端：

yum -y install gcc glibc glibc-common gd gd-devel

或者

yum grouplist #检查 yum -y groupinstall "Development Tools" "Development Libraries"

添加nagios用户

useradd-s/sbin/nologinnagiostarzxfnagios-plugins-2.0.tar.gzcdnagios-plugins-2.0./configure--with-nagios-user=nagios--with-nagios-group=nagios--with-mysql=/usr/local/mysqlmakeallmakeinstall

安装NRPE

下载页面

http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz?r=&ts=1363788540&use_mirror=hivelocity

注：如果./configure有下面提示，请 yum install openssl-devel
checking for SSL headers... SSL headers found in /usr/local/ssl
checking for SSL libraries... configure: error: Cannot find ssl libraries

配置NRPE

# vim /usr/local/nagios/etc/nrpe.cfg 找到相应的做修改

log_facility=daemonpid_file=/var/run/nrpe.pidserver_address=172.16.100.11#本机ip，本机提供nrpe服务，所以自己为服务端,此行需手动添加server_port=5666nrpe_user=nagiosnrpe_group=nagiosallowed_hosts=172.16.100.1#监控端的ipcommand_timeout=60connection_timeout=300debug=0

启动NRPE

# /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

为了便于NRPE服务的启动，可以将如下内容定义为/etc/init.d/nrped脚本,用service nrped start 启动：vim /etc/init.d/nrped

#!/bin/bash#chkconfig:23458812#description:NRPEDAEMONNRPE=/usr/local/nagios/bin/nrpeNRPECONF=/usr/local/nagios/etc/nrpe.cfgcase"$1"instart)echo-n"StartingNRPEdaemon..."$NRPE-c$NRPECONF-decho"done.";;stop)echo-n"StoppingNRPEdaemon..."pkill-unagiosnrpeecho"done.";;restart)$0stopsleep2$0start;;*)echo"Usage:$0start|stop|restart";;esacexit0

chmod +x /etc/init.d/nrped

基于NRPE的监控

配置允许远程主机监控的对象

vim /usr/local/nagios/etc/nrpe.cfg

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10

command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20

command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1

command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z

command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

上面是系统自带的，下面是添加的

command[check_rootdisk]=/usr/local/nagios/libexec/check_disk-w20%-c10%-p/command[check_swap]=/usr/local/nagios/libexec/check_disk-w40%-c20%command[check_sensors]=/usr/local/nagios/libexec/check_sensorscommand[check_zombies]=/usr/local/nagios/libexec/check_procs-w5-c10-sZcommand[check_sda1]=/usr/local/nagios/libexec/check_disk-w20%-c10%-p/dev/sda1command[check_sda3]=/usr/local/nagios/libexec/check_disk-w20%-c10%-p/dev/sda3#对mysql监控：command[check_mysql]=/usr/local/nagios/libexec/check_mysql-utest-ptest-s/var/lib/mysql/mysql.sock-Hlocalhost#为了监控mysql需要在被监控的mysql加授权#createdatabasetest;#grantselectontest.*totest@localhostidentifiedby"test";#flushprivileges;

因为我这里是sda1和sda3,磁盘检测请添加自己的

# service nrped restart

再回到nagios服务端定义配置

cd /usr/local/nagios/libexec

./check_nrpe -H 172.16.100.11 #测试一下

如果提示CHECK_NRPE: Socket timeout after 10 seconds. 那就把iptables的5666端口打开

/usr/local/nagios/libexec/check_nrpe -H 172.16.100.11 -c check_load

OK - load average: 1.55, 1.31, 1.30|load1=1.550;15.000;30.000;0; load5=1.310;10.000;25.000;0; load15=1.300;5.000;20.000;0;

配置服务端

先定义命令 commands.cfg

vim /usr/local/nagios/etc/objects/commands.cfg

在最后添加

define command{

command_name check_nrpe

command_line $USER1$/check_nrpe -H "$HOSTADDRESS$" -c $ARG1$

}

再定义主机和服务

vim /usr/local/nagios/etc/objects/linuxhost.cfg

definehost{uselinux-serverhost_namemylinuxserveraliasmylinuxserveraddress172.16.100.11#被监控端的ip}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckuserscheck_commandcheck_nrpe!check_users}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckloadcheck_commandcheck_nrpe!check_load}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckzombieprocecheck_commandcheck_nrpe!check_zombie_procs}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptionchecktotalprocecheck_commandcheck_nrpe!check_total_procs}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckrootdiskcheck_commandcheck_nrpe!check_rootdisk}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckswapcheck_commandcheck_nrpe!check_swap}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptionchecksda1check_commandcheck_nrpe!check_sda1}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptionchecksda3check_commandcheck_nrpe!check_sda3}defineservice{usegeneric-servicehost_namemylinuxserverservice_descriptioncheckmysqlcheck_commandcheck_nrpe!check_mysql}

vim /usr/local/nagios/etc/nagios.cfg #添加刚才的配置文件

cfg_file=/usr/local/nagios/etc/objects/linuxhost.cfg

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg #检查配置是否正确

service nagios restart

到网页查看nagios

如果出现下面的提示，是说明iptables开启了，不过开启的是udp 5666端口，而不是tcp，这里需要开启tcp的5666

[1416991726] Warning: Return code of 255 for check of service 'check total proce' on host 'my linux server' was out of bounds