Thursday , October 18 2018
Home / Network Admin / Configuring Nagios on Client for OSSIM

Configuring Nagios on Client for OSSIM

In this tutorial, I am going to install Nagios on Windows and Linux Hosts to monitor them with AlienVault OSSIM SIEM for 24 x 7 Availability check.

Configuring Nagios on Client for OSSIM:

1- Install latest version of:
– NSClient++ on windows hosts.

Download from:        nsclient.org/nscp/downloads

.
– NRPE Plugins is required with Nagios Plugins on Linux/Unix hosts.

Download Link:  sourceforge.net/projects/nagios/files/nrpe-2.x/

 

Configuring Windows Host:

a) Install NSClient++ on Windows host as shown below:

Nagios-1-NSClient-1
b) Enter OSSIM Server IP and Password to use for NSClient Secure communication between OSSIM Server and Client as shown below:

Nagios-2-NSClient-2
c) Enter “Services.msc” in Run Command, Right Click on “NSClient++” Service, Select “Properties“.

Nagios-3-NSClient-3
d) Goto “Logon” Tab, and select option “Allow Service to interact with desktop

Nagios-4-NSClient-4
e) Restart NSClient++ Service from “Services.msc” Console window.
f) Now configure Nagios on OSSIM Server:
i)         Select “Jailbreak System”
ii)        # cd /etc/nagios3/conf.d/
iii)     Create Windows Config file:

# vim WinServer1-21.cfg
— Modify according to yourself and Add following code:

#### HOST DEFINITION

define host{
use             generic-host
host_name       Win_Server_1_21
alias           Windows Server 1.21
address         192.168.1.21
statusmap_image     win40.gd2
icon_image          win40.png

}
####  SERVICE DEFINITIONS

define service{
use                     generic-service
host_name               Win_Server_1_21
service_description     Uptime
check_command           check_ntcomm!UPTIME
}

define service{
use                     generic-service
host_name               Win_Server_1_21
service_description     CPU Load
check_command           check_ntcomm!CPULOAD!-l 5,80,90
}

define service{
use                     generic-service
host_name               Win_Server_1_21
service_description     Memory Usage
check_command           check_ntcomm!MEMUSE!-w 80 -c 90
}

define service{
use                     generic-service
host_name               Win_Server_1_21
service_description     Drive C – Windows
check_command           check_ntcomm!USEDDISKSPACE!-l c -w 80 -c 90
}

define service{
use                     generic-service
host_name               Win_Server_1_21
service_description     Drive D – Data
check_command           check_ntcomm!USEDDISKSPACE!-l d -w 80 -c 90
}

iv)     Save and Exit.
v)      Run Pre-flight Check by following command to find any errors and remove if there are.

# /usr/sbin/nagios3 -v /etc/nagios3/nagios.cfg
vi)        “ntcomm” Service Error will probably be shown, to resolve that, add following lines to:

/etc/nagios3/conf.d/services_nagios2.cfg

define command{
command_name    check_ntcomm
command_line    $USER1$/check_nt -H $HOSTADDRESS$ -s password -p 12489 -t 180 -v $ARG1$ $ARG2$                //Here, we have to enter password that we’ve given to NSClient++ plugin on Windows Host.
}

vii)        Now pre-flight check should not give error.
viii)        Restart Nagios3 Service by:

    # service nagios3 restart
ix)          Check if Host is shown now on  “Environment”   >  “Availability” option as shown below:
Nagios-5
x)   Done Adding Windows Host in OSSIM for Monitoring its Availability.

 

Adding Linux/Unix Host:

Install Nagios-Plugins on Linux/Unix Host:

# groupadd -g 9000 nagios
# groupadd -g 9001 nagcmd
# useradd -u 9000 -g nagios -G nagcmd -d  /usr/local/nagios -c “Nagios Admin” nagios
# passwd nagios                    //set password for nagios user…
# yum install -y gcc gcc-c++ gd-devel gd png png-devel jpeg jpeg-devel zlib zlib-devel php mysql mysql-server mysql-devel make vim mailx wget
# yum install -y gcc gcc-c++ gd-devel gd zlib zlib-devel php mariadb mariadb-server mariadb-devel make vim mailx wget mlocate            //CENTOS 7
# cd /usr/local/src   
– Download latest Nagios Plugins, current latest version is 2.0.3
# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar xzvf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3
# ./configure –sysconfdir=/etc/nagios –localstatedir=/var/nagios
# make
# make install
# /usr/local/nagios/libexec/check_icmp -H <HostIP>            //Checking if plugins installed correctly.
– Following Screen Shows Plugins have been installed correctly and working.

Nagios-9-NRPE

Install NRPE on Linux/Unix Host:

# yum install openssl-devel  xinetd -y
# cd /usr/local/src
# wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar -xzvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# ./configure –enable-openssl
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd
# vim /etc/xinetd.d/nrpe

– SET / Modify:::
only_from    127.0.0.1  192.168.1.5        // Add OSSIM Server’s IP, there should be space but not any comma between IPs

Nagios-7-NRPE

# vim /etc/services
– ADD Following line:
nrpe       5666/tcp            #NPRE

Nagios-8-NRPE

# chkconfig xinetd on
# systemctl enable xinetd            //CentOS 7
# service xinetd start
# systemctl start xinetd            //CentOS 7

– CHECK if xinetd has made NRPE listen…

# netstat -at | grep nrpe
– Confirm that Plugin of NRPE is working fine…
# /usr/local/nagios/libexec/check_nrpe  -H 192.168.1.5
It must tell current version of nrpe installed on localhost like   NRPE v2.15

Install NRPE on OSSIM Server:

First check if “check_nrpe” is present at: “/usr/lib/nagios/plugins“, if not, install by:
– Install C Compiler:

# apt-get install build-essential libssl-dev

Nagios-11
– Download/Extract & Install NRPE:

# wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar -xzvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# make all
# make install-plugin
# mv /usr/local/nagios/libexec/check_nrpe /usr/lib/nagios/plugins
# chown root:root /usr/lib/nagios/plugins/check_nrpe

c)    Configuring OSSIM Server for Linux/Unix Host:

# cd /etc/nagios3/conf.d/
# vim LinServer-1-31.cfg
–    Modify as per requirement and add following lines into it:

####   HOST DEFINITIONS

define host{
use                     generic-host
host_name               LinServer-1-31
alias                   Linux Server 1.31
address                 192.168.1.31
statusmap_image         linux40.gd2
icon_image              linux40.png
}
####    SERVICE DEFINITIONS

define service{
use                             generic-service
host_name                       LinServer-1-31
service_description             PING
check_command                   check_ping!100.0,20%!500.0,60%
}
define service{
use                             generic-service
host_name                       LinServer-1-31
service_description             Directory: /
check_command                   check_nrpe!check_Root
}
define service{
use                             generic-service
host_name                       LinServer-1-31
service_description             Current Users
check_command                   check_nrpe!check_users
}
define service{
use                             generic-service
host_name                       LinServer-1-31
service_description             Total Processes
check_command                   check_nrpe!check_total_procs
}
define service{
use                             generic-service
host_name                       LinServer-1-31
service_description             Directory:  /var
check_command                   check_nrpe!check_Var
}

Add following NRPE command in the “/etc/nagios3/conf.d/services_nagios2.cfg” file:

define command{
command_name    check_nrpe
command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c $ARG1$
}

– Add /Modify following commands in “/usr/local/nagios/etc/nrpe.cfg” file on LinServer-1-31:

command[check_Root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_Var]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /var

– Restart Xinetd Process on LinServer-1-31:

# service xinetd restart
– Run Pre-flight check on OSSIM Server:
# /usr/sbin/nagios3 -v /etc/nagios3/nagios.cfg
– If No Error Shown, Restart Nagios3 Service:
# serivce nagios3 restart
– Now “LinServer-1-31”    should be shown in “Environment”   >     “Availability” as shown below:

Nagios-10

About Muhammad Attique

Check these out :)

How to Modify GRUB Bootloader version 2

I’m going to show you how can we edit and modify GRUB Bootloader version 2, …

5 comments

  1. What if I need to generate alarms based on the resources usage? (I.E if the CPU goes above 80%)? Could I do it with policies?

  2. good morning
    i dont know why it keeps saying on ossim interface that the host is down can you help me please

    • i solved this problem but for drive D data it gives me in the status information that the played is invalid . “Espace disque libre : Lecteur invalide “

Leave a Reply

Your email address will not be published. Required fields are marked *