LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-03-2012, 06:59 AM   #1
Springs
Member
 
Registered: Apr 2008
Posts: 73

Rep: Reputation: 0
Nagios monitoring with a Dynamic IP..


Hi all,

Hoping someone will be able to help with a small nagios Problem / query.

I have a nagios server setup at home and need to set it up to monitor a remote Linux server.

The network the nagios server is located on uses a dynamic IP and not a static.

The remote server also has the firewall activated and would need to be configured to allow connections from a particular IP.

Is there anyway i can get around this?

Was hoping to use NRPE to perform the checks instead of over ssh
 
Old 07-03-2012, 08:14 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Since nrpe uses a specific port you could open iptables to allow connections to that port from any IP. This is not ideal but not as dangerous as it might be since it is only giving access to monitoring data. Someone would have to know or guess what you had in nrpe.cfg on the Linux server and know that the port they'd found was for nrpe to do anything with it. (Of course you'd want to use an atypical port.)

You could also use ssh and setup a trusted connection from your home server to the Linux host. Here again you'd have to open up to any IP but could use an atypical port (i.e. do NOT use port 22) for your ssh. Since the trust is based on the key from your home system only your home system would be able to make the trusted connection. If it were me I'd go with the nrpe idea as being somewhat less dangerous.

Of course if you could narrow down the range of IPs that would be helpful as well. It is better to allow 1000 IPs than 10,000,000 although still entails a bit of risk. Is the "dynamic IP" provided by your ISP or by something else?

Another option you might explore is setting up a vpn connection from your home PC to the Linux host (or the network on which it sits). The VPN would a) Give you a limited range of IPs you are coming from so limit how many IPs you allow in iptables and b) Encrypt the traffic so that the nrpe attachment isn't visible. That is to say that while your home system's public IP is still random the IP the VPN sets up will be somewhat less random.
 
Old 07-03-2012, 10:11 AM   #3
Springs
Member
 
Registered: Apr 2008
Posts: 73

Original Poster
Rep: Reputation: 0
The Dynamic side is done by the IP. They don't offer static to the public and only to business users. I use Dyndns.com service so i can get connected at home no matter where i am / ip

I'll try and speak to my colleague who mainly manages the server and see what we can come up with..

Last edited by Springs; 07-03-2012 at 10:12 AM.
 
Old 07-04-2012, 05:46 AM   #4
Springs
Member
 
Registered: Apr 2008
Posts: 73

Original Poster
Rep: Reputation: 0
I've been able to connect for the time being to the remote sever via nagios.

I've had to put my current ip into ip tables and into the nrpe file in allow hosts..

I've spoken to my colleague and we can allow the port open to all and will change the nrpe port number to a random one


What i need to know is if there is a script that can pick up my current ip address from the dymanic dns name and then add that ip into the nrpe file under the correct line / position.
 
Old 02-06-2013, 09:41 AM   #5
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,860
Blog Entries: 36

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
I know I'm raising the dead but one thing I'd like to mention is that NRPE is for active checks. In the case of a dynamic host it is best to use nsca to submit passive checks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nagios Monitoring sachingarg18@yahoo.com Linux - Newbie 3 04-12-2011 04:50 AM
Nagios monitoring call_krushna Linux - Networking 1 01-12-2011 08:51 AM
nagios monitoring 124vikas.dange@gmail.com Linux - Server 1 10-04-2010 12:55 AM
[SOLVED] nagios h/w monitoring divyashree Linux - Hardware 9 09-21-2010 06:47 AM
network monitoring:unable to launch nagios network monitoring system oladapo1980 Linux - Newbie 0 07-21-2009 01:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration