Nagios: exercises-nagios.txt

File exercises-nagios.txt, 10.5 KB (added by admin, 9 years ago)

Lab

Line 
1ANOG 16 - Nagios Installation and Configuration
2
3Notes:
4------
5* Commands preceded with "$" imply that you should execute the command as
6  a general user - not as root.
7* Commands preceded with "#" imply that you should be working as root.
8* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>")
9  imply that you are executing commands on remote equipment, or within
10  another program.
11
12Exercises
13---------
14
15PART I
16------
17
181. Start by enabling Nagios
19
20 * in /etc/rc.conf add the following line:
21
22   nagios_enable="YES"
23
24 Configuration templates are available in /usr/local/etc/nagios as
25 *.cfg-sample files.  Copy them to *.cfg files where required and
26 edit to suit your needs.  Documentation is available in HTML form
27 in /usr/local/www/nagios/docs.
28
29  Before we can use Nagios, we need to configure it -- we will do
30  this in Part II
31
322. Configure Aapche for Nagios
33
34        * create /usr/local/etc/apache22/Includes/nagios.conf
35
36        In the file, add:
37
38
39<Directory /usr/local/www/nagios>
40  Order deny,allow
41  Allow from all
42</Directory>
43
44<Directory /usr/local/www/nagios/cgi-bin>
45  Options ExecCGI
46</Directory>
47
48<Directory /usr/local/www/nagios>
49     AllowOverride AuthConfig
50</Directory>
51
52ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
53Alias /nagios/ /usr/local/www/nagios/
54
55
56
57        Save this file and exit.
58
593. Create the Web user password file:
60
61    # htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin
62
63New password:         
64Re-type new password:
65
66   We suggest you use your standard user password used in class.
67
68    Now, create a .htaccess file to ask for a password when opening
69        the Nagios page:
70
71        # vi /usr/local/www/nagios/.htaccess
72
73        In the file, add:
74
75
76AuthName "Nagios Access"
77AuthType Basic
78AuthUserFile /usr/local/etc/nagios/htpasswd.users
79require valid-user
80
81
82        Save the file, and exit.
83
844. The web interface of Nagios should be ready at this point, but
85   most views won't work since Nagios has not been configured yet!
86
87    - Open a browser, and go to
88
89    http://wsXX.ws3.conference.sanog.org/nagios/
90
91    - At the login prompt, login as:
92
93        user: nagiosadmin
94        pass:
95
96
97    Now we need to configure Nagios
98
99PART II
100Configuring Equipment
101-----------------------------------------------------------------------------
102
1031. Let's configure Nagios
104
105
106        # cd /usr/local/etc/nagios/
107        # cp cgi.cfg-sample cgi.cfg                                             <- Web module config
108        # cp resource.cfg-sample resource.cfg                   <- Nagios internal config
109        # cp nagios.cfg-sample nagios.cfg                               <- Nagios main config
110
111        # cd /usr/local/etc/nagios/objects/
112        # cp commands.cfg-sample commands.cfg           <- plugin configuration
113        # cp contacts.cfg-sample contacts.cfg           <- contact people
114        # cp templates.cfg-sample templates.cfg                 <- predefined objects
115        # cp timeperiods.cfg-sample timeperiods.cfg     <- timeperiods
116       
117        # cp localhost.cfg-sample localhost.cfg                 <- a sample config
118
119        This is the most basic and minimal configuration -- we have taken
120        all the default configuration files and enabled them.
121
122        The last file, "localhost.cfg", defines a monitoring configuration
123        for your own PC (wsXX).
124
1252. Let's verify that nagios is happy with the configuration:
126
127        # cd /usr/local/etc/nagios
128        # nagios -v nagios.cfg
129
130
131        You should see:
132
133... output ...
134
135Total Warnings: 0
136Total Errors:   0
137
138Things look okay - No serious problems were detected during the pre-flight check
139
140        We are ready to start nagios!
141
142        # /usr/local/etc/rc.d/nagios start
143
144
1453. You can now go back to the web interface
146
147        http://wsXX.ws3.conference.sanog.org/nagios/
148
149        ... over the next few minutes, Nagios will update the status
150        for the services on the localhost (wsXX).
151
152        You can check out "Hostgroup grid" and "Hostgroup overview"
153        options in the left menu, then click on "localhost" to get
154        the details.
155
156        Look at the file:
157
158/usr/local/etc/nagios/objects/localhost.cfg
159
160        ... and try to understand what is being monitored, by comparing
161        what you see in the "localhost" view in the Nagios web interface,
162        and the .cfg file.
163
164        We need to make a small change to the file:
165
166        /usr/local/etc/nagios/nagios.cfg
167
168        ... so it will automatically read all .cfg files from the
169        /usr/local/etc/nagios/objects directory, and we don't have
170        to always edit nagios.cfg to add them.
171
172        So edit /usr/local/etc/nagios/nagios.cfg, and make the
173        following changes:
174
175        COMMENT the 4 lines like this:
176
177cfg_file=/usr/local/etc/nagios/objects/commands.cfg
178cfg_file=/usr/local/etc/nagios/objects/contacts.cfg
179cfg_file=/usr/local/etc/nagios/objects/timeperiods.cfg
180cfg_file=/usr/local/etc/nagios/objects/templates.cfg
181
182        Comment = add '#' at the beginning, so they look
183        like this:
184
185# cfg_file=/usr/local/etc/nagios/objects/commands.cfg
186# cfg_file=/usr/local/etc/nagios/objects/contacts.cfg
187# cfg_file=/usr/local/etc/nagios/objects/timeperiods.cfg
188# cfg_file=/usr/local/etc/nagios/objects/templates.cfg
189
190        Do the same for
191 
192cfg_file=/usr/local/etc/nagios/objects/localhost.cfg
193
194        ... so it becomes:
195
196# cfg_file=/usr/local/etc/nagios/objects/localhost.cfg
197
198        ... and add another line:
199 
200cfg_dir=/usr/local/etc/nagios/objects
201
202        ... Now save the file and exit.
203       
204        One last change:
205
206        # cd /usr/local/etc/nagios/objects/
207        # mv localhost.cfg main.cfg
208
209        main.cfg is a nicer name than localhost, since we're going to
210        be adding new hosts and parameters to it.
211
212        Test that nagios is happy:
213
214        # nagios -v nagios.cfg
215
216        If Nagios complains, double check your changes, and if
217        it is still a problem, ask one of the instructors for help.
218
219        Finally, restart Nagios:
220
221        # /usr/local/etc/rc.d/nagios restart
222
223
2244. Let's start monitoring another computer in our classroom:
225
226    - Pick any other WS in the class, which you will monitor.
227
228    # cd /usr/local/etc/nagios/objects
229
230    # vi ws-all.cfg
231
232
233define host {
234    use         freebsd-server
235    host_name   wsYY
236    alias       WS YY in WS3
237    address     _______________       [wsYY's IP address here]
238}
239
240
241        Note:  YY is *another* machine in the class, not your own.
242
243    ... Save and quit
244
2455. Let's create a new hostgroup for the occasion, and add our host
246   to it
247
248    - Let's add the hostgroup to the "main.cfg" file:
249
250        # cd /usr/local/etc/nagios/objects/
251    # vi main.cfg
252
253        Find the section called "Define an optional hostgroup for FreeBSD machines",
254        and just under it, add:
255
256
257
258define hostgroup {
259    hostgroup_name  classroom
260    alias           All WS in the class
261    members         wsYY
262}
263
264
2656.  Now let's associate some services to that host
266
267    Still in the file "main.cfg", find the section called:
268        "Define a service to check SSH on the local machine"
269    and change the line:
270
271
272host_name                       localhost
273
274        to
275
276hostgroup_name      freebsd-servers, classroom
277
278
279        Save the file and exit
280
281
2827. Verify that your configuration file is OK:
283
284    # nagios -v /usr/local/etc/nagios/nagios.cfg
285
286    ... You should get :
287
288Total Warnings: 0
289Total Errors:   0
290
291Things look okay - No serious problems were detected during the check.
292
293
2948. Reload/Restart Nagios
295
296    # /usr/local/etc/rc.d/nagios restart
297
2989. Go to the web interface (http://wsXX.ws3.conference.sanog.org/nagios)
299   and check the host you just added.
300
301
30210. Add ALL the PCs (WS1 - WS15) in your classroom.
303
304    - Remember to verify the configuration file!
305
306    - I suggest that you create a single config file called "ws-all.cfg"
307      to do this, and put all the hosts in it.
308
309    - You will repeat step 4 for each machine.
310       
311        - When finished, remember to add all the hosts into the "classroom" group
312          in the file main.cfg.  The format of the members statement is:
313
314      members       wsXX,wsYY,wsZZ,...
315
31611. Reload/Restart Nagios
317
318    # /usr/local/etc/rc.d/nagios restart
319
320    - Take a look at http://wsXX.ws3.conference.sanog.org/nagios to see your changes.
321
322    - Click on the "Status Map" link to see how things look.
323
324
325PART III
326Adding Services
327-----------------------------------------------------------------------------
328
3291. Determine what services to add for what devices
330
331   - This is core to how you use Nagios and network monitoring tools in
332     general. So far we are simply checking SSH to see if the machines
333     are up on our network. The next step is to decide what services you
334         wish to monitor for each host.
335
336   - In this particular class we have:
337
338     pcs:      All wsXX are running ssh, http and imap/pop
339               All student pcs are running an snmp daemon
340             
341     So, let's configure Nagios to check for all of these services for these
342     devices.
343
3442.) Verify that HTTP is running on the classrom PCs
345
346   - In the file main.cfg there is already an entry for the HTTP
347     service check, so you do not need to create this step.
348         
349         Instead, you simply need to change "host_name       localhost" for
350         that service, to use a "hostgroup_name        classroom", just
351         like we did in step 6 in part II.
352
353         So make this change in the "main.cfg" file -- find the section
354         "Define a service to check HTTP on the local machine", and update
355         the line:
356
357host_name               localhost
358
359to
360
361hostgroup_name  classroom
362
363       
364         And save the file.  This tells Nagios that the HTTP service is not only
365         running on the single host "localhost", but on ALL hosts in the hostgroup
366         "classroom".
367
368    - Once you are done, run the pre-flight check:
369
370    # nagios -v /usr/local/etc/nagios/nagios.cfg
371
372    If everything looks good, then restart Nagios and see your changes in the
373    Nagios web interface.
374
3753.) Check that all hosts answer to ping.
376
377    - Like for HTTP, there is already a check_ping service defined and it automatically
378      applies to the freebsd-servers group. (Note, you can add additional groups of hosts
379      for any service check if you wish). So, you need to update the "PING" service
380          definition in the main.cfg file, and make it use the hostgroup_name classroom,
381          as we did in the previous step.
382
383    - See the previous exercise and make the appropriate change to do this. If you have
384      any questions ask your instructor for help.
385
386
3874.) Let's add IMAP and POP monitoring
388
389        The *commands* for check_pop and check_imap are already configured,
390        so all we need to do is create *services* for them.
391
392
393        First, edit the main.cfg file, and at the end, add the service definition
394        for the check_pop:
395
396
397define service {
398        use                   local-service
399        hostgroup_name        classroom
400        service_description   POP
401        check_command         check_pop
402}
403
404
405        Check the configuration (nagios -v ...) and restart Nagios,
406        then go to the web interface.
407
408
409        Now, you add IMAP check in the same fashion (create service
410        definition, called "check_imap", etc...).  Don't forget to
411        update the service_description!
412
4135.) One last change...
414
415        In the file main.cfg, REMOVE all the lines like:
416
417notifications_enabled           0
418
419        (there should be 2 lines like this -- delete them)