Nagios Question

fbexec · 05-31-2012, 09:36 AM

I am adding services for Nagios to monitor, but I am having problems getting the iptables service to be monitored. My current entry into the nrpe.cfg file is:

command[check_iptables]=/usr/lib64/nagios/plugins/check_procs -w 1:1 -c 1: -C iptables

The entry shows up in the Nagios GUI, but I can't get it to come out of the critical state. The service is up and running, so the issue (I'm guessing) is with the nrpe.cfg entry. Does anyone have any experience with this? Are there specific switches to be used with monitoring iptables via Nagios?

MensaWater · 05-31-2012, 01:34 PM

check_procs is designed to look for processes. Those would be the things you could see with "ps -ef".

iptables is not a process in the process table - it is run as part of the kernel. If you run "ps -ef |grep iptables" the only process you might get back is your grep command itself.

You can use "iptables -L" to see status of iptables. Unfortunately this is going to have output whether iptables is started or not with the difference being that if it IS started you'll see the rules you defined whereas if it isn't you'll just see basic information. For example on one CentOS5 workstation:

iptables running: iptables -L outputs:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Whereas with iptables NOT running iptables -L outputs only:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

So what you'd have to do is create a script that ran iptables -L (or iptables -nL to prevent host lookups in output) and see if what you get is the output without iptables running. Nagios allows for writing scripts and using them easily within nrpe. The main rules for such scripts:
1) Only have 1 line of output - Nagios can't deal with multiple lines of output from the script (the script itself can be written to deal with multi-line output it receivies but it can only output one line to Nagios/nrpe).
2) Define return codes using Nagios standards.
UNKNOWN_STATE=3
CRITICAL_STATE=2
WARNING_STATE=1
OK_STATE=0

As an example have a look at this memory checker I wrote a long time ago:

Code:

#!/bin/bash

# Determine memory usage percentage on Linux servers.


# Usage:  check_mem.sh WARNING CRITICAL
#         Where WARNING and CRITICAL are the integer only portions of the
#         percentage for the level desired.
#         (i.e. 85% Warning & 95% Critical should be input only as "85 95".)

# Define Levels based on input
#
WARNLEVEL=$1
CRITLEVEL=$2

# Setup standard Nagios/NRPE return codes
#
UNKNOWN_STATE=3
CRITICAL_STATE=2
WARNING_STATE=1
OK_STATE=0

# Give full paths to commands - Nagios can't determine location otherwise
#
BC=/usr/bin/bc
GREP=/bin/grep
AWK=/bin/awk
FREE=/usr/bin/free
TAIL=/usr/bin/tail
HEAD=/usr/bin/head

# Get memory information from the "free" command - output of top two lines
# looks like:
#                 total       used       free     shared    buffers     cached
#    Mem:       8248768    6944444    1304324          0     246164    5647524
# The set command will get everything from the second line and put it into
# posiional variables $1 through $7.
#
set `$FREE |$HEAD -2 |$TAIL -1`

# Now give variable names to the positional variables we set above
#
MEMTOTAL=$2
MEMUSED=$3
MEMFREE=$4
MEMBUFFERS=$6
MEMCACHED=$7

# Do calculations based on what we got from free using the variables defined
#
REALMEMUSED=`echo $MEMUSED - $MEMBUFFERS - $MEMCACHED | $BC`
USEPCT=`echo "scale=3; $REALMEMUSED / $MEMTOTAL * 100" |$BC -l`
#USEPCT=`echo scale=3 "\n" $REALMEMUSED \/ $MEMTOTAL \* 100 |$BC -l |$AWK -F\. '{print $1}'`

# Compare the Used percentage to the Warning and Critical levels input at
# command line.  Issue message and set return code as appropriate for each
# level.  Nagios web page will use these to determine alarm level and message.
#
#if [ `echo "5.0 > 5" |bc` -eq 1 ]
#then echo it is greater
#else echo it is not greater
#fi
if [ `echo "$USEPCT > $CRITLEVEL" |bc` -eq 1 ]
then echo "CRITICAL - Memory usage is ${USEPCT}%"
     exit ${CRITICAL_STATE}
elif [ `echo "$USEPCT > $WARNLEVEL" |bc` -eq 1 ]
then echo "WARNING - Memory usage is ${USEPCT}%"
     exit ${WARNING_STATE}
elif [ `echo "$USEPCT < $WARNLEVEL" |bc` -eq 1 ]
then echo "OK - Memory usage is ${USEPCT}%"
     exit ${OK_STATE}
else echo "Unable to determine memory usage."
     exit ${UNKNOWN_STATE}
fi
echo "Unable to determine memory usage."
exit ${UNKNOWN_STATE}