Remote SNMP monitoring


#1

I have a Nagios server running at our corporate location monitoring a few devices. I want to be able to monitor a handful of APC UPS devices which are SNMP capable, however these devices are located at a physically different location. So this would need to be a distributed architecture reporting back to the Nagios server at the corporate campus.

I am under the impression that I need to set up another Linux box running Nagios and install it at the second location to act as a collector of the SNMP data by polling the devices and reporting back to the main Nagios server at the corporate location.

My questions to the community are:
(I did do some due diligence and searched for a few hours for these answers)

  1. Should I use NRPE or NSCA or check_by_ssh ?
  2. Is there a “Step by Step” doc out there on how to accomplish this?
  3. How would I configure the FW / router / server on both ends to get the “collected SNMP data” from the remote location to the corporate one since both Nagios devices would be on two different local LAN segments?
  4. What caveats should I look out for when setting this up?

Any help would be really appreciated!
Thanks,
Jeff


#2

first question… do you have a corporate policy of some sort blocking SNMP access to the remote location?
If you don’t have any problems allowing SNMP on the firewall you don’t need to setup a distributed monitoring system, that would be the easy way :slight_smile:


#3

[quote=“luca”]first question… do you have a corporate policy of some sort blocking SNMP access to the remote location?
If you don’t have any problems allowing SNMP on the firewall you don’t need to setup a distributed monitoring system, that would be the easy way :)[/quote]

Unfortunately SNMP is not allowed on the firewall.


#4

If i remeber correctly nsca runs on the remote hosts and sends to the info back. nrpe would run on the corporate server and request the remote server to make a check. i think there are a couple of sticky threads around the forum on how to setup a distributed environment…
How you do it depends on the firewall policies you are able to create… needing a new firewall policy anyway i suspect it would be easier to get SNMP access from the single nagios box… check_by_ssh is used to run local checks on a remote host, in this case i think it wouldn’t help.

Luca


#5

You are correct and I now have an understanding of this part. I am in the middle of configuring the “remote” host right now to perform SNMP checks on in-house devices here on this VLAN (just to test it out) and get it to report back to the main Nagios server on the same VLAN.

Well, the FW on my side is easy to configure and right now the policies are a little laxed, however the remote side is locked down pretty tight and I do not personally have access to it. I can work with the IT engineers to “open” up their FW, but I would like to have a better understanding of the process and how the Nagios “server” and “remote client” interact via SSH so that I can talk intelligently to the IT people at the remote site.

Any help with this process would be VERY appreciative!


#6

you can set up nsca or nrpe to use encryption… i don’t know much more than this :slight_smile:
i think the latest SNMP versions have encryption too… and again, if the firewall rules are set correctly and you use a read/only community in SNM;P i think it would really be easier to do it this way… :slight_smile:


#7

The devices that I need to monitor are APC UPS battery backups, about 100 of them supporting servers. I don’t know what version of SNMP they are running, but I do not have access to them, nor will the enginers do any configuration on them for me.

Can the Nagios “server” and “remote collector” only talk via SSH over the 'net (between two physically distant locations) or an they do it over a VPN tunnel? I am thinking the easiest way to accomplish this task is through SSH.


#8

I’m not sure what protocol exactly is used, i think you will need to check the docs for that… :slight_smile:


#9

It can be done over a VPN tunnel. Use the NRPE plugin.