Nagios over wan


#1

Hi all,

I’m trying to monitor a few remote sites using Nagios. I have it running locally 100%. Is there a way I can open up one port such as 1248 and do my most common server checks, disk,cpu,mem etc… From what I gathered so far I would need a port for each server I want to monitor which isn’t something i like not to mention we’re going to deploy this possibly to each machine in each remote office which would open up 100s of ports I rather not have open or care to do administrator work on router/switches. I was going to use the NSCA but I’ve never used it, and from what I read so far it doesn’t retry a feed unless there is a local small install on the box.

Is there a way to maybe put a local nagios box in each office and route all that data to my main server?
Is there a way I can open up just one port and specify a machine name or internal IP address to do my checks?
Can Nagios handle what I’m looking for? or am I fishing for the wrong information here?

I would like to be able if possible to open 1 port to a network and then request data from any of the machines I care to monitor.

Any help would be greatly appreciated.


#2

I think you just want to run NRPE - I don’t see that you would have to open 100’s of ports just the default (5666 i think) or do you mean the same port on every machnine - which ofcourse you would have to do. Let me know if that is of any help.


#3

I’m located in one site and our other few locations are on different subnets / behind firewalls. I want to punch 1 hole in the firewall and be able to query as many machines as needed. I don’t mind opening local firewall ports in windows most of the firewalls are disabled as is, internally except on my servers. I want to query the servers, local machines, without punching holes in my main firewalls.


#4

Also, now reading more about NRPE, when I make the hole in my firewall to allow this port, how does it know which machine it goes to? or how do I tell it I want it to go to server1, server2, pc1,pc2 etc. I don’t want it to port forward to one machine and respond as if they were all 4.


#5

Sounds like your devices are behind a NAT device. Best thing to so would be to have have a vpn between the firewalls so you can see all the IP addresses.

But if this is not possible you need to go back to the Big Nagios Manual - all this stuff is possible. Perhaps look at passive host checks. So all the windows boxes push the plugin results to nagios server, then you just forward the port on the Nagios server side. Look at the NSCA client stuff (i think nagios exchange has the win clinet pre-compiled)


#6

I found little bit of information as I’m digging through this about passive mode, I was hoping to find an active mode to query so when I’m more on real time and the requests are being sent and received. On passive mode I haven’t found yet key word yet a way to tell nagios that for instance if a client hasn’t responded in 4 hours consider it down or something along those lines. Our remote locations are behind NAT but we don’t want to open VPN for security reasons.


#7

You need to enable Service and Host Result Freshness Checks (page 114 of the pdf manual i have) I think that should do what you need.