Can Nagios alarm on a pass?


#1

I need Nagios to trigger an alarm on a pass (return code 0).

The reason for is I want to use Nagios to test my firewall. Thus, for example Nagios should stay quiet if it can’t get through on telnet and ssh for example, but but should alarm if it is able to get through.

Does anyone know how I could do this?

Much thanks.


#2

not sure i would trust nagios for this…

nagios is on a single host so it could check only for rules regarding that single host as origin IP…
I think relying on such a check for a firewall config would be a risk.
Have a look at rancid or similar software to check for configuration changes…

Luca

PS: I’m not sure if it can be done i remeber there was the possibility to check for regexes in the results but i’m not sure how it wokrs or in which check_* i saw this.


#3

My understanding is that Nagios will only notify if a host undergoes a hard state change: WARNING to CRITICAL or CRITICAL to OK, etc (unless you can figure out a way to check regex values like luca refers to). Multiple critical/warning notifications can be sent out, per the value for notification_interval in the .cfg files. However, by default Nagios will only send out one OK notification. You can, though, tell Nagios not to send out notifications even if the state does change to WARNING or CRITICAL; just remove the w and c values from the notification_options value in the .cfg files.


#4

Luca…

I understand that the service check against my firewall would only be relevant to the host from which it originated. But this would work in my case, because if any host can telnet or ssh to my network than that is a problem. Of course, the inability for the Nagios host to telnet/ssh in doesn’t necessarily mean that other hosts can’t get in.

Anywho, thanks for the info, I’ll look around at Rancid and other tools to see what I can find. It’s just that my company has a Nagios host setup so if I could find a way to make Nagios do it that would be much easier.


#5

look in your libexec directory for negate and try it.
./negate --help
Negates the status of a plugin (returns OK for CRITICAL, and vice-versa).