Nagios ist ein bewährtes Open-Source-Monitoring-System. Es überwacht Server, Netzwerkgeräte und Services und alarmiert bei Problemen. Dieser Artikel zeigt die Einrichtung von Nagios Core.
Nagios Architektur
┌─────────────────────────────────────────────────┐
│ Nagios Core │
│ ┌─────────┐ ┌─────────┐ ┌─────────────────┐ │
│ │ Checks │ │ Status │ │ Notifications │ │
│ │ Engine │──│ Data │──│ (E-Mail/SMS) │ │
│ └────┬────┘ └─────────┘ └─────────────────┘ │
│ │ │
└───────┼──────────────────────────────────────────┘
│ Check-Plugins
▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ Server 1 │ │ Server 2 │ │ Router │
│ (NRPE) │ │ (NRPE) │ │ (SNMP) │
└───────────────┘ └───────────────┘ └───────────────┘Installation (Ubuntu/Debian)
Abhängigkeiten installieren
apt update
apt install -y apache2 php libapache2-mod-php php-gd
apt install -y autoconf gcc make unzip libgd-dev libssl-dev
apt install -y libmcrypt-dev bc gawk dc build-essential snmp libnet-snmp-perl gettextNagios-Benutzer erstellen
useradd -m -s /bin/bash nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd www-dataNagios Core kompilieren
cd /tmp
wget https://github.com/NagiosEnterprises/nagioscore/releases/download/nagios-4.5.0/nagios-4.5.0.tar.gz
tar xzf nagios-4.5.0.tar.gz
cd nagios-4.5.0
./configure --with-httpd-conf=/etc/apache2/sites-enabled
make all
make install
make install-init
make install-commandmode
make install-config
make install-webconfNagios Plugins installieren
cd /tmp
wget https://github.com/nagios-plugins/nagios-plugins/releases/download/release-2.4.6/nagios-plugins-2.4.6.tar.gz
tar xzf nagios-plugins-2.4.6.tar.gz
cd nagios-plugins-2.4.6
./configure
make
make installApache konfigurieren
a2enmod rewrite cgi
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
systemctl restart apache2Nagios starten
systemctl enable nagios
systemctl start nagiosWeb-Interface
Öffnen Sie http://server-ip/nagios und melden Sie sich an.
Konfigurationsstruktur
/usr/local/nagios/etc/
├── nagios.cfg # Hauptkonfiguration
├── cgi.cfg # CGI-Konfiguration
├── resource.cfg # Makros und Variablen
├── objects/
│ ├── commands.cfg # Check-Befehle
│ ├── contacts.cfg # Kontakte
│ ├── timeperiods.cfg
│ ├── templates.cfg # Vorlagen
│ ├── localhost.cfg # Lokaler Host
│ └── hosts/ # Eigene Host-Definitionen
└── htpasswd.users # Web-AuthentifizierungHosts definieren
Host-Template
# /usr/local/nagios/etc/objects/templates.cfg
define host {
name linux-server
use generic-host
check_period 24x7
check_interval 5
retry_interval 1
max_check_attempts 10
check_command check-host-alive
notification_period 24x7
notification_interval 30
notification_options d,u,r
contact_groups admins
register 0
}Host hinzufügen
# /usr/local/nagios/etc/objects/hosts/webserver.cfg
define host {
use linux-server
host_name webserver1
alias Web Server 1
address 192.168.1.10
}
define host {
use linux-server
host_name dbserver1
alias Database Server 1
address 192.168.1.20
}In nagios.cfg einbinden
# /usr/local/nagios/etc/nagios.cfg
cfg_dir=/usr/local/nagios/etc/objects/hostsServices definieren
Service-Template
# /usr/local/nagios/etc/objects/templates.cfg
define service {
name generic-service
active_checks_enabled 1
passive_checks_enabled 1
parallelize_check 1
obsess_over_service 1
check_freshness 0
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
is_volatile 0
check_period 24x7
max_check_attempts 3
check_interval 10
retry_interval 2
contact_groups admins
notification_options w,u,c,r
notification_interval 60
notification_period 24x7
register 0
}Services für einen Host
# /usr/local/nagios/etc/objects/hosts/webserver.cfg
# PING Check
define service {
use generic-service
host_name webserver1
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
# SSH Check
define service {
use generic-service
host_name webserver1
service_description SSH
check_command check_ssh
}
# HTTP Check
define service {
use generic-service
host_name webserver1
service_description HTTP
check_command check_http
}
# HTTPS Check
define service {
use generic-service
host_name webserver1
service_description HTTPS
check_command check_http!-S -p 443
}
# Disk Space (via NRPE)
define service {
use generic-service
host_name webserver1
service_description Disk Space
check_command check_nrpe!check_disk
}
# Load (via NRPE)
define service {
use generic-service
host_name webserver1
service_description CPU Load
check_command check_nrpe!check_load
}Check-Befehle
Wichtige Check-Commands
# /usr/local/nagios/etc/objects/commands.cfg
# HTTP Check
define command {
command_name check_http
command_line $USER1$/check_http -H $HOSTADDRESS$ $ARG1$
}
# HTTPS mit Zertifikatsprüfung
define command {
command_name check_https_cert
command_line $USER1$/check_http -H $HOSTADDRESS$ -S -C $ARG1$
}
# MySQL
define command {
command_name check_mysql
command_line $USER1$/check_mysql -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$
}
# NRPE (Remote-Checks)
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
# TCP Port
define command {
command_name check_tcp
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$
}NRPE für Remote-Checks
NRPE auf überwachtem Server installieren
# Auf dem zu überwachenden Server
apt install nagios-nrpe-server nagios-pluginsNRPE konfigurieren
# /etc/nagios/nrpe.cfg
# Erlaubte Nagios-Server
allowed_hosts=127.0.0.1,192.168.1.5
# Check-Befehle
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
command[check_mem]=/usr/lib/nagios/plugins/check_mem.sh -w 80 -c 90NRPE starten
systemctl restart nagios-nrpe-server
systemctl enable nagios-nrpe-serverFirewall öffnen
ufw allow from 192.168.1.5 to any port 5666Kontakte und Benachrichtigungen
Kontakt definieren
# /usr/local/nagios/etc/objects/contacts.cfg
define contact {
contact_name admin
alias System Administrator
email admin@example.com
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
}
define contactgroup {
contactgroup_name admins
alias System Administrators
members admin
}E-Mail-Benachrichtigung
# /usr/local/nagios/etc/objects/commands.cfg
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nHost: $HOSTNAME$\nService: $SERVICEDESC$\nState: $SERVICESTATE$\nInfo: $SERVICEOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTNAME$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}Host-Gruppen
# /usr/local/nagios/etc/objects/hostgroups.cfg
define hostgroup {
hostgroup_name linux-servers
alias Linux Servers
members webserver1,dbserver1
}
define hostgroup {
hostgroup_name web-servers
alias Web Servers
members webserver1
}
define hostgroup {
hostgroup_name database-servers
alias Database Servers
members dbserver1
}Konfiguration prüfen
# Syntax prüfen
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
# Nagios neu laden
systemctl reload nagiosWichtige Check-Plugins
Lokale Checks
# Festplatte
/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
# Load
/usr/lib/nagios/plugins/check_load -w 5,4,3 -c 10,8,6
# Prozesse
/usr/lib/nagios/plugins/check_procs -w 250 -c 400
# Swap
/usr/lib/nagios/plugins/check_swap -w 20% -c 10%Netzwerk-Checks
# Ping
/usr/lib/nagios/plugins/check_ping -H 192.168.1.10 -w 100,20% -c 500,60%
# HTTP
/usr/lib/nagios/plugins/check_http -H example.com
# HTTPS mit Zertifikat
/usr/lib/nagios/plugins/check_http -H example.com -S -C 30
# TCP Port
/usr/lib/nagios/plugins/check_tcp -H 192.168.1.10 -p 3306Eigene Plugins schreiben
Plugin-Format
#!/bin/bash
# check_custom.sh
# Exit-Codes:
# 0 = OK
# 1 = WARNING
# 2 = CRITICAL
# 3 = UNKNOWN
VALUE=$(cat /proc/loadavg | cut -d' ' -f1)
WARNING=5
CRITICAL=10
if (( $(echo "$VALUE >= $CRITICAL" | bc -l) )); then
echo "CRITICAL - Load is $VALUE"
exit 2
elif (( $(echo "$VALUE >= $WARNING" | bc -l) )); then
echo "WARNING - Load is $VALUE"
exit 1
else
echo "OK - Load is $VALUE"
exit 0
fiPlugin registrieren
# commands.cfg
define command {
command_name check_custom
command_line $USER1$/check_custom.sh $ARG1$ $ARG2$
}Performance-Daten
PNP4Nagios für Graphen
apt install pnp4nagiosIn nagios.cfg aktivieren
process_performance_data=1
host_perfdata_command=process-host-perfdata
service_perfdata_command=process-service-perfdataZusammenfassung
| Aufgabe | Befehl/Datei | |---------|--------------| | Konfig prüfen | nagios -v /usr/local/nagios/etc/nagios.cfg | | Neu laden | systemctl reload nagios | | Host hinzufügen | /etc/objects/hosts/.cfg | | Service hinzufügen | Gleiche Datei wie Host | | Manueller Check | /usr/lib/nagios/plugins/check_ | | Web-Interface | http://server/nagios |
Fazit
Nagios ist ein robustes Monitoring-System mit großer Community und vielen Plugins. Die Konfiguration ist textbasiert und damit versionierbar. Für moderne Umgebungen sind Alternativen wie Icinga2, Prometheus oder Zabbix eventuell besser geeignet, aber Nagios bleibt ein zuverlässiger Klassiker.
