Tags

, ,

Using Nagios to monitor systems gives you a freedom that you will marvel at if you’ve not had it before. No longer must you search out problems with your systems; they are flagged and noted for you immediately – and you can be notified any way you can think of.

However, sometimes there is no way to reach out to the remote host and check details. One could perhaps log in using SSH and get check information that way, but that might not be the best way.

If you are checking for one-time notifications – such as security notifications – an active check of the remote host is either impossible or too time and resource intensive for the results you get. What you need is to use passive checks.

Passive checks originate at the host and are sent back to the Nagios server. In my opinion, the best way to do this is to utilize the send_nsca script provided by the Nagios team.

The format of service check data sent to send_nsca is the following:

host \t service description \t status \t check output \t performance data

The service description will be used (with the host name) to put the information in the right slot. Thus a misspelling will cause the service check information to “disappear.”

Each field is separated by a tab character. The performance data is optional and unnecessary – but it can be used by other programs through Nagios.

To send check data to the Nagios server, use the program send_nsca program. There is a Perl version of this that should work almost anywhere Perl does – though I’ve yet to test this in an OpenVMS environment!

There are certain Nagios configuration options that must be enabled before passive checks work. In nagios.cfg:

accept_passive_service_checks=1
check_service_freshness=1

Make sure that your passive services have the following entries:

active_checks_enabled           0                       ; Active service checks are disabled
        passive_checks_enabled          1
        parallelize_check               1
        is_volatile                     1
        obsess_over_service             0
        check_freshness                 1                       ; Check service 'freshness'
        freshness_threshold             4800                    ; How fresh must the check be?
        check_command                   gone_stale              ; Report staleness

If the active checks are enabled (1) then your check_command can check and flag the freshness of the service check – instead of just failing outright. Freshness is how recent does the check have to be in order to be valid.

Then you have to make sure that the NSCA service daemon is running; on this particular Red Hat installation I’m using it requires a

/etc/init.d/nsca start

This should be enough to make your passive checks start working. Don’t forget to restart Nagios to make sure your configuration changes have taken effect.

One more thing: if you confuse NSCA (Nagios Service Check Acceptor) with NCSA (National Center for Supercomputing Applications) – NCSA was where the web browser Mosaic originated, and where Apache derived from (starting with NCSA httpd) – remember that NCSA is wrong. If you remember the National Center for Supercomputing Applications – then the Nagios addon and programs become nsca.

Advertisements