Installing Nagios on OpenWRT

First we need to install nagios and nagios-plugins with the following command:

opkg install nagios nagios-plugins

This will also install microperl in case you want to create some new plugins based on perl. Unfortunately nagios doesn't come with three very important files:
- /etc/init.d/nagios. Use the following:

#!/bin/sh /etc/rc.commonSTART=50BIN=nagiosDEFAULT=/etc/default/$BINLOG_D=/var/log/$BINRUN_D=/var/runPID_F=$RUN_D/$BIN.lockstart() {        [ -f $DEFAULT ] && . $DEFAULT        mkdir -p $LOG_D        mkdir -p $RUN_D        $BIN $OPTIONS}stop() {        [ -f $PID_F ] && kill $(cat $PID_F)}

you also need to create /etc/default/nagios with the following line:

OPTIONS="-d /etc/nagios/nagios.cfg"

This will instruct nagios to start in daemon mode with the specified configuration file.

- check_ping (which segfaults, at least on broadcom-2.4). You can compile check_fping which works ok or use the following equivalent script putting it in /usr/libexec/nagios/check_ping.sh :

#! /bin/ashS=`ping -W 1 -c 1 -q $1`RESULT=$?R=`echo $S | awk '{ printf("%s\t%s\n",$18,$24); }'`if [ $RESULT -eq 0 ]; then  echo "PING OK: $R"  exit 0;else  echo "PING NOT OK: $R"  exit 2;fi

- check_nrpe (which should have been included in the nagios-plugins or nrpe but it is not). You can get one if you compile the nrpe package and copy check_nrpe from build_dir to /usr/libexec/nagios on WRT.

I have found that the default httpd server installed with luci is very limited, so, in order to run the nagios cgi's I have taken the lightttpd route. This web server is very fast, capable and has very small requirements:

opkg install lighttpd lighttpd-mod-auth lighttpd-mod-cgi

I have opted to use the non-SSL service but you can easily adjust the following configuration file to use SSL. Now you have to modify the /etc/lighttpd.conf file as follows:

server.modules = (        "mod_auth",        "mod_cgi")server.network-backend = "write"server.document-root = "/usr/share"server.errorlog = "/var/log/lighttpd/error.log"index-file.names = ( "index.html", "default.html", "index.htm", "default.htm" )mimetype.assign = (        ".pdf"   => "application/pdf",        ".class" => "application/octet-stream",        ".pac"   => "application/x-ns-proxy-autoconfig",        ".swf"   => "application/x-shockwave-flash",        ".wav"   => "audio/x-wav",        ".gif"   => "image/gif",        ".jpg"   => "image/jpeg",        ".jpeg"  => "image/jpeg",        ".png"   => "image/png",        ".css"   => "text/css",        ".html"  => "text/html",        ".htm"   => "text/html",        ".js"    => "text/javascript",        ".txt"   => "text/plain",        ".dtd"   => "text/xml",        ".xml"   => "text/xml" )$HTTP["url"] =~ "\.pdf$" {        server.range-requests = "disable"}static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi" )server.port = 81server.pid-file = "/var/run/lighttpd.pid"server.upload-dirs = ( "/tmp" )cgi.assign = ( ".pl"  => "/usr/bin/microperl", ".cgi" => "" )auth.backend = "plain"auth.backend.plain.userfile = "/etc/lighttpd.user"auth.require = (        "/nagios" => (                "method"  => "basic",                "realm"   => "Nagios",                "require" => "valid-user"        ))

Some notes:
- I have selected to use port 81 for nagios (just change "server.port" to any port you like)
- I have enabled authentication in order to be able to supply commands to nagios from the web interface
- The authorized users should be in the file /etc/lighttpd.user in the form: username:password (in plain text, one per line)

Now we need a way for nagios to send emails when something is wrong (alert e-mails). In order to do that install the ssmtp package:

opkg install ssmtp

You should edit the following files to properly configure ssmtp:

- /etc/ssmtp/revaliases:

root:mail_from@domain.from:smtp.of.your.isp

replace "mail_from@domain.from" with the mail you want all the alerts to appear that they are come FROM. Replace "smtp.of.your.isp" with the MX smarthost of your ISP. This is useful in order to make the email alerts to come from e.g., admin@example.com instead of just "root" (which could be rejected by your ISP).

- /etc/ssmtp/ssmtp.conf: change mailhub to be your ISP smarthost and hostname to be your hostname (fully qualified).

Now test that sending email works with the following command:

printf "%b" "Subject: This is a test\n \n Message body\n" | ssmtp -v your_email@your_domain

or cat msg.txt|ssmtp -v mail@domain

where msg.txt contains

Subject: <Text>

<body>

Check the output of the above command carefully: if you get a "Message accepted for delivery" result in the smtp dialog then everything should be ok.

Now on to the nagios config. This howto will not cover how to configure your nagios (see http://www.nagios.org for that) but I will pin-point some necessary changes:

- /etc/nagios/cgi.cfg:

main_config_file=/etc/nagios/nagios.cfgphysical_html_path=/usr/shareurl_html_path=/nagiosshow_context_help=0use_authentication=1authorized_for_system_information=nagiosadmin,adminauthorized_for_configuration_information=nagiosadmin,adminauthorized_for_system_commands=nagiosadmin,adminauthorized_for_all_services=nagiosadmin,guest,adminauthorized_for_all_hosts=nagiosadmin,guest,adminauthorized_for_all_service_commands=nagiosadmin,adminauthorized_for_all_host_commands=nagiosadmin,admindefault_statusmap_layout=5default_statuswrl_layout=4ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$refresh_rate=90

Make sure that nagiosadmin or admin or guest (or whatever other user you include here) are defined in the /etc/lighttpd.user file. This way you can have a very granular control of who can do what.

- /etc/nagios/nagios.cfg: Make sure you change the following configuration options in that file as follows:

object_cache_file=/var/objects.cacheresource_file=/etc/nagios/resource.cfgstatus_file=/var/status.datcheck_external_commands=1command_file=/var/run/nagios.cmdcomment_file=/usr/share/comments.datdowntime_file=/usr/share/downtime.datlock_file=/var/run/nagios.locktemp_file=/var/nagios.tmplog_archive_path=/var/archives

- /etc/nagios/commands.cfg: Use the following commands for ping and mail:

# 'check_ping' command definitiondefine command{        command_name    check_ping        command_line    $USER1$/check_ping.sh $HOSTADDRESS$        }# 'host-notify-by-email' command definitiondefine command{        command_name    host-notify-by-email        command_line    /usr/bin/printf "%b" "From: nagios@your.domain\n To: your_email@your.domain\n Subject: Host $HOSTSTATE$ alert for $HOSTNAME$!\n \n ************************\n Notification Type: $NOTIFICATIONTYPE$\n Host: $HOSTNAME$\n State: $HOSTSTATE$\n Address: $HOSTADDRESS$\n Info: $HOSTOUTPUT$\n \n Date/Time: $LONGDATETIME$\n" | /usr/sbin/sendmail $CONTACTEMAIL$        }# 'notify-by-email' command definitiondefine command{        command_name    notify-by-email        command_line    /usr/bin/printf "%b" "From: nagios@your.domain\n To: your_email@your.domain\n Subject: ** $NOTIFICATIONTYPE$ alert - $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **\n \n *************************\n Notification Type: $NOTIFICATIONTYPE$\n \n Service: $SERVICEDESC$\n Host: $HOSTALIAS$\n Address: $HOSTADDRESS$\n State: $SERVICESTATE$\n \n Date/Time: $LONGDATETIME$\n \n Additional Info:\n \n $SERVICEOUTPUT$" | /usr/sbin/sendmail $CONTACTEMAIL$        }

- /etc/nagios/resource.cfg: Make sure that USER1 is defined as:

$USER1$=/usr/libexec/nagios

Define any other services and hosts as you wish.

Lets make lighttpd and nagios to auto-start and start them:

/etc/init.d/nagios enable/etc/init.d/lighttpd enable/etc/init.d/nagios start/etc/init.d/lighttpd start

Point your browser to http://your.router.ip.address:81 and you should be ok. If not then you should check the syslog messages and enable any diagnostic logs available in both nagios and lighttpd.

I will happily upload check_fping and check_nrpe compiled for broadcom-2.4 if I find how to do it and of course if there are requests from other members.

Good luck,
George.

2cpr2011-08-23 09:56:58 (edited by cpr 2011-08-23 09:57:39)

Member
Offline

Registered: 2011-08-01
Posts: 22

This is year 2011. I had to install lighttpd-mod-alias and add to lighttpd.conf

#http://redmine.lighttpd.net/wiki/1/NagiosRecipealias.url = (                                                                    "/nagios/cgi-bin" => "/usr/sbin",  "/nagios" => "/usr/share"           )

Nagios is working now! *yay*