Skip to main content

Install and Configure Nagios4 on Ubuntu 20.04

·6 mins
Table of Contents

Installation #

Ubuntu and Debian have an older version of Nagios in their repo, but it’s stable:

$ apt install apache2 -y
$ systemctl enable --now apache2
$ apt install nagios4 nagios-plugins-contrib nagios-nrpe-plugin

Verify the Installation #

Verify the installation by running nagios4stats:

$ systemctl enable --now nagios4
$ nagios4stats

Configure the web interface with Digest Authentication #

By default, the web interface is accessible at http://yourdomain/nagios4. To enable Digest Authentication, comment the following lines in /etc/apache2/conf-enabled/nagios4-cgi.conf:

  • Require ip
  • <Files “cmd.cgi”> and its closing tag(not the content)
  • Require all granted

And uncomment the following:

  • Require valid-user

Nagios doesn’t provide default credentials. Run the following to create a new user(replace “nagios” with your preferred username):

htdigest /etc/nagios4/htdigest.users Nagios4 nagios

Enable the two following apache2 modules:

a2enmod authz_groupfile auth_digest

Restart apache2, and browse to http://yourdomain/nagios4.

Configure Remote Host with NRPE #

……

Install NRPE #

Install the nrpe server and nrpe nagios plugins on your client platform, allow port 5666 and enable the service.

Alpine #

Alpine:

$ apk add nrpe nrpe-plugin
$ rc-service nrpe start
$ rc-update add nrpe
$ ufw allow 5666

Configuration file is /etc/nrpe.cfg.

Ubuntu/Debian #

Ubuntu/Debian:

$ apt install nagios-nrpe-server nagios-plugins -y
$ systemctl enable --now nagios-nrpe-server
$ ufw allow 5666

Configuration file is /etc/nagios/nrpe.cfg.

Centos/Rocky #

  1. Centos/Rocky:
$ dnf install nrpe nagios-plugins nagios-plugins-all -y
$ systemctl enable --now nrpe
$ firewall-cmd --permanent --zone=public --add-port=5666/tcp  
$ firewall-cmd --reload

Configuration file is /etc/nrpe.cfg.

Communicate via NRPE with a Remote Client #

I’m using an Alpine VM as the remote client. On the client, edit /etc/nrpe.cfg, look for allowed_hosts, and add your nagios server’s IP:

alpine:~# cat /etc/nrpe.cfg | grep allowed_hosts
allowed_hosts=127.0.0.1, 192.168.100.104

Restart nrpe:

alpine:~# rc-service nrpe restart
 * Stopping nrpe ...	[ ok ]                                                  
 * Starting nrpe ...	[ ok ]

On your nagios server, execute check_nrpe -H [remote_clientIP], to test the connection:

root@ubuntu:/usr/lib/nagios/plugins# ./check_nrpe -H 192.168.100.130
NRPE v4.0.3

Define a new Host #

I’ll define a new host with basic options just to get started. Each configuration file should end with .cfg, and located inside /etc/nagios4/. I like to keep mine in /etc/nagios4/conf.d/.

My new configuration is in /etc/nagios4/conf.d/remote_hosts/linux_servers.cfg:

define host{
	host_name 	alpine2
	address 	192.168.100.130
	check_command	check-host-alive
	max_check_attempts 2
}

By default, /etc/nagios4/conf.d is already added in /etc/nagios4/nagios.cfg:

# Debian uses by default a configuration directory where nagios4-common,
# other packages and the local admin can dump or link configuration
# files into.
cfg_dir=/etc/nagios4/conf.d

If you want to add files outside of conf.d, for e.g /etc/nagios4/remote_hosts/linuxservers.cfg, you should add a line in /etc/nagios4/nagios.cfg, like so:

cfg_file=/etc/nagios4/remote_hosts/linux_servers.cfg
cfg_dir=/etc/nagios4/remote_hosts
  • cfg_file: for a single configuration file
  • cfg_dir: to read everything inside the directory

You should use either a file or just specify a directory if it will contain multiple files. Don’t specify the same directory twice(like above), or else Nagios will see it as a duplicate:

Reading configuration data...
   Read main config file okay...
Warning: Duplicate definition found for host 'alpine2' (config file '/etc/nagios4/conf.d/remote_hosts/linux_servers.cfg', starting on line 1)

Verify your configuration file #

Verify the main configuration, by running nagios4 -v [main_config_file]:

$ nagios4 -v /etc/nagios4/nagios.cfg | egrep -i "total|warning"

Warning: Host 'alpine2' has no default contacts or contactgroups defined!
Total Warnings: 1
Total Errors:   0

A warning won’t stop Nagios from restarting, as long as no errors are found. I’ll define a contact group later. Restart Nagios:

$ systemctl restart nagios4

Now refresh the web interface or run check_host or nagios4stats to verify if the host is up or reachable:

root@ubuntu:~# nagios4stats | grep -i up
Hosts Up/Down/Unreach:                  2 / 0 / 0

root@ubuntu:~# /usr/lib/nagios/plugins/check_host -H 192.168.100.130
OK - 192.168.100.130 responds to ICMP. Packet 1, rta 1.842ms|pkt=1;;0;5 rta=1.842;1000.000;1000.000;;

If the host is still showing as down, try restarting Nagios or execute a host check command from the web interface itself. By default, the CGI won’t allow you access to perform such tasks.

Enable Access to CGI #

To enable access, edit /etc/nagios4/cgi.cfg, look for these lines:

root@ubuntu:/etc/nagios4# cat cgi.cfg | egrep "use_authentication|nagiosadmin"
use_authentication=1
authorized_for_system_information=nagiosadmin,nagios
authorized_for_configuration_information=nagiosadmin,nagios
authorized_for_system_commands=nagiosadmin,nagios
authorized_for_all_services=nagiosadmin,nagios
authorized_for_all_hosts=nagiosadmin,nagios
authorized_for_all_service_commands=nagiosadmin,nagios
authorized_for_all_host_commands=nagiosadmin,nagios

Change use_authentication to 1, and append your username to the remaining settings. Restart Nagios, and you should now be able to execute all Host Commands from the web interface.

Define Host and Contact Groups #

  • Host Groups: A hostgroup makes it easier to apply host command checks or services to a list of remote hosts.

  • Contact Groups: Contacts define the owners or the person responsible in case of problems. Contact Groups can contain multiple contacts that should be informed when a certain event occurs.

Host Groups #

To be able to define a hostgroup, you would need atleast a host already defined in your configuration. I already created named alpine2. Let’s add another one named alpinemain:

define host{
	host_name 	alpine2
	address 	192.168.100.130
	check_command	check-host-alive
	max_check_attempts 2
}

define host{
	host_name 	alpinemain
	address 	192.168.100.120
	check_command	check-host-alive
	max_check_attempts 2
}

The check_command, and max_check_attempts was repeated in both definition. A templace will save us some time, by enabling defaults option on all our hosts. Let’s create a contact group first.

Contacts and Contact Groups #

Creat a new file called mycontacts.cfg in /etc/nagios4/conf.d/remote_hosts/ with the following content:

define contact{
	use				generic-contact
	contact_name 		kavishgr
	alias 		 	Kavish Gour
	email		 	kavishgr@localhost.com
}

define contact{
	use				generic-contact
	contact_name 		test
	alias 		 	test user
	email		 	test@localhost.com
}

define contactgroup{
    contactgroup_name	           linux-admins
    alias 			   Linux Administrators
    members 			   kavishgr,test
}

The generic-contact template is defined in /etc/nagios4/objects/contacts.cfg

Service Templates #

Templates are defined with parameters and options that can be re-use in host and service definitions. You can define a template in a separate file. I’m gonna stick with my remote hosts file:

## Host Template

define host{
	name 			alpine-servers-temp
	notifications_enabled        1
	event_handler_enabled        1
	flap_detection_enabled       1
	process_perf_data            1
	retain_status_information    1
	retain_nonstatus_information 1
	check_command	check-host-alive
	check_interval	3
	max_check_attempts 2
	check_period	24x7
	notification_interval 30
	notification_period	24x7
	notification_options	d,u,r
	contact_groups linux-admins
	register 	0
}

## Service Template
define service{
	name                         alpine-service
	active_checks_enabled        1
	passive_checks_enabled       1
	parallelize_check            1
	obsess_over_service          1
	check_freshness              0
	notifications_enabled        1
	event_handler_enabled        1
	flap_detection_enabled       1
	process_perf_data            1
	retain_status_information    1
	retain_nonstatus_information 1
    notification_interval        0
    is_volatile                  0
    check_period                 24x7
    check_interval               5
    retry_interval               1
    max_check_attempts           2
    notification_period          24x7
    notification_options         w,u,c,r
    contact_groups               linux-admins
	register                     0
}

## Hosts
define host{
	use 		alpine-servers-temp
	host_name 	alpine2
	address 	192.168.100.130
}

define host{
	use 		alpine-servers-temp
	host_name 	alpinemain
	address 	192.168.100.120
}

Now we just use the host and service templates instead of defining the same things multiple times. Notice the register 0 in the template. This tell nagios not to use the templates as a host or service. You can lookup the defined options in the Nagios Core Documentation.

Test your configuration:

$ nagios4 -v /etc/nagios4/nagios.cfg | egrep -i "total|warning"

Total Warnings: 0
Total Errors:   0

Then restart Nagios:

$ systemctl restart nagios

“You only live once, but if you do it right, once is enough.”Mae West