Linux – Configuring different SSH ports for each host remotley monitored by Nagios

linuxmonitoringnagiosremote-connection

I've completed the Nagios install and setup on three servers so that the instance on server A also provides reports for servers B & C (via NRPE).

SSHD is purposefully listening to a different port on each host so I edited the /etc/nagios3/conf.d/services_nagios2.cfg file on each host to test the appropriate port. The native HTTP instance of Nagios on servers B & C confirm that SSH is running but the report on server A is showing critical failures for SSH on both B & C.

I was under the impression that the NRPE service was designed to run local checks on the remote hosts, forwarding the rests back to the monitoring host that would then collate the data into one report for all machines.

Looking at the Services section of the Configuration web page (on server A), Nagios is testing the same SSH port on all three servers rather than different ports on B & C. Can anyone explain why?

The only way I can correct this (to date) is to create a different host group_name and check_command for each remote host in the conf.d/services_nagios2.cfg file on server A.

This can't be the only way?

Surely the file would multiply in length each time a different service configuration was needed for servers being remotely monitored!

Best Answer

OK, I've been trawling though the Nagios3 documentation and have answered the port configuration part of my question...

The answer lies in the Object Inheritance model that exists within the Nagios configuration files. Essentially I created a custom variable in each host definition that specifies the unique ssh port on that machine:

define host {
    use              generic-host
    host_name        serverB
    address          10.0.1.3
    _sshport         67382
}

The hosts are grouped together inside the hostgroups_nagios2.cfg file:

# A list of your ssh-accessible servers
define hostgroup {
    hostgroup_name  ssh-servers
    alias           SSH servers
    members         localhost,serverB,serverC
}

This group is referenced inside the services_nagios2.cfg by the block that checks SSH:

# check that ssh services are running
define service {
    hostgroup_name                  ssh-servers
    service_description             SSH
    check_command                   check_ssh_port!$_HOSTSSHPORT
    use                             generic-service
    notification_interval           0 ; set > 0 if you want to be renotified
}

At the end of the check_ssh_port command you can see that I added the sshport variable $_HOSTSSHPORT that is inherited from each host inside the ssh-servers hostgroup as the checks are run.

Now, when adding new servers, I only have to modify my hosts_nagios2.cfg file with the details of the new host.

To enable backward compatibility, I also modified my generic-host_nagios2.cfg file adding the line _sshport 22 so that if for some reason I need to monitor some system running SSH on the default port, the port config will already be inherited from the generic host template.

I hope this helps others who find themselves in the same predicament. I am still trying to understand why the remote checks aren't using the custom config files on the remote servers.

Related Question