×


Nagios – Monitor hosts using SSH: How to use the plugin ?

Nagios XI can monitor metrics and services on remote machines with the help of the SSH proxy plugin, check_by_ssh.

This enables Nagios Server to monitor system metrics and services on remote Linux server using SSH. 

Here at Ibmi Media, as part of our Server Management Services, we regularly help our customers to perform related Nagios queries.

In this context, we shall look into how to monitor hosts with Nagios XI by using SSH.


Nagios – Monitor hosts using SSH

To start, we suggest configuring SSH keys for the Nagios user on the Nagios XI server:

# su nagios
# ssh-keygen

When we receive a prompt for a filename and passphrase, we press ENTER.

The public and private SSH keys will generate and save in the following directory:

/home/nagios/.ssh

Before we use the check_by_ssh plugin, we must install/configure the following on the remote Linux/Unix server we want to monitor.


1. Create a Nagios user

$ useradd nagios
$ passwd nagios

2. Install Nagios plugins and/or monitoring scripts

We install the following packages to resolve all dependencies required for installing the plugins:

$ yum install -y gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel

Then we download the Nagios plugins to the system:

$ wget https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz

Eventually, we will extract the plugins from the downloaded tar archive.

$ tar -xvf nagios-plugins-2.2.1.tar.gz
$ cd nagios-plugins-2.2.1

Then we will compile and install the plugins.

$ ./configure –with-nagios-user=nagios
$ make
$ make install

After the installation of the plugin completes, we change the ownership of the plugins folders.

$ chown nagios.nagios /usr/local/nagios
$ chown -R nagios.nagios /usr/local/nagios/libexec

3. Install and configure the SSH daemon

Generally, SSH is installed on almost all Linux distributions.

For check_by_ssh to work, we must copy the public key file of the Nagios user on the Nagios XI server to the authorized_keys file for the Nagios user on the remote Linux/Unix server.

# ssh-copy-id -i ~/.ssh/id_rsa.pub nagios@remoteip

Here, the remoteip is the IP address of the Linux/Unix server we connect to.


Then we have to add the host to the list of new hosts. We need to type yes to proceed and type the password for the Nagios user.

Ensure that:

  • If we specify an IP address, we need to use that IP address in the wizard (not a DNS record).
  • If we specify a DNS record, we need to use that DNS record in the wizard (not an IP address).


The permissions must be such that the file cannot be read or written to by anyone other than the Nagios user:

[nagios@localhost .ssh]$ ls -al
total 24
drwx—— 2 nagios users 4096 May 03 09:44 .
drwx—— 3 nagios users 4096 May 03 16 09:43 ..
-rw——- 1 nagios users 410 May 03 09:44 authorized_keys
-rw——- 1 nagios users 1675 May 03 09:43 id_rsa
-rw-r–r– 1 nagios users 410 May 03 09:43 id_rsa.pub

The ssh-copy-id command will correctly set these permissions. However, ff we copied the id_rsa.pub using another method, then we ensure the file permissions are correct.

If the destination host is a Solaris machine, on the Solaris server, as the Nagios user, we execute:

# mkdir -p /export/home/nagios/.ssh
# chmod 0700 /export/home/nagios/.ssh/

On the Nagios XI server, instead of the ssh-copy-id command, we use:

# cat ~/.ssh/id_rsa.pub | ssh nagios@10.25.13.45 ‘umask 077; cat >>/export/home/nagios/.ssh/authorized_keys’


Test Passwordless Login

To confirm that we can log in to the remote server without supplying a password, we run:

# ssh nagios@remoteip

If the SSH keys are configured properly, we will be able to log in to the remote machine without credentials. To close the ssh session, we can type exit.

In addition, to test the check_by_ssh plugin, we run:

# /usr/local/nagios/libexec/check_by_ssh -H remoteip -C uptime

With a proper setup, we should get output from the “uptime” command on the remote server that looks similar to this:

12:01:42 up 35 min, 1 user, load average: 0.00, 0.01, 0.05

This output means that passwordless authentication is working.


Configuring check_by_ssh on server

Our final step to set up Nagios monitoring using SSH will be this. We have to define the command’s definition to use check_by_ssh for connecting to clients.

i. To do this, we edit ‘commands.cfg’ which is in '/usr/local/nagios/etc' folder.

Initially, we open the file:

$ vim /usr/local/nagios/etc/commands.cfg

ii. Then we add the following commands to the file:

define command{
command_name check_remote_disk
command_line $USER1$/check_by_ssh -p $ARG1$ \
-H $HOSTADDRESS$ -C ‘/usr/lib/nagios/plugins/check_disk \
-w $ARG2$ -c $ARG3$ -p $ARG4$’
}
define command{
command_name check_remote_users
command_line $USER1$/check_by_ssh -p $ARG1$ \
-H $HOSTADDRESS$ -C ‘/usr/lib/nagios/plugins/check_users \
-w $ARG2$ -c $ARG3$’
}
define command{
command_name check_remote_load
command_line $USER1$/check_by_ssh -p $ARG1$ \
-H $HOSTADDRESS$ -C ‘/usr/lib/nagios/plugins/check_load \
-w $ARG2$ -c $ARG3$’
}
define command{
command_name check_remote_procs
command_line $USER1$/check_by_ssh -p $ARG1$
-H $HOSTADDRESS$ -C ‘/usr/lib/nagios/plugins/check_procs \
-w $ARG2$ -c $ARG3$ -s $ARG4$’
}
define command{
command_name check_remote_swap
command_line $USER1$/check_by_ssh -p $ARG1$ \
-H $HOSTADDRESS$ -C ‘/usr/lib/nagios/plugins/check_swap \
-w $ARG2$ -c $ARG3$’
}

iii. Eventually, we save the changes and close the file.

iv. Finally, to implement the changes, we restart the Nagios server:

$ service nagios restart

Now on the Nagios monitoring page, we will have the client information.


How to use The SSH Wizard ?

To use the SSH Proxy wizard, we navigate via the top menu bar to Configure > Run a configuring wizard and select the SSH Proxy wizard.

1. We have to provide the address of the server we will monitor via SSH. In addition, we have to select the Operating System. Then click Next.

2. We configure all the options for monitoring. To begin, we ensure to provide a valid Host Name.

The SSH Commands section allows us to specify the commands to execute and monitor. We can also specify the display name to associate with each command.

Once done, click Next and then complete the wizard by choosing the required options.

3. Finally, click on Finish. This will create the new hosts and services and begin monitoring.

Once the wizard applies the configuration, we can click the View status details for the <ssh host> link to see the new host and services.


[Need help with Server Monitoring? We'd be happy to assist. ]


Conclusion

This article covers how to monitor Nagios using SSH. 

In order to monitor Linux hosts using the Nagios check_by_ssh plugin, there are a few prerequisites that must be met:

  • Create a Nagios user for monitoring on the host to be monitored.
  • Configure passwordless SSH authentication as nagios user on host to monitor.
  • Install Nagios plugins on the host to monitor.


To Create a Nagios user:

Login to the host to monitor and create a user called nagios and set the login password.

useradd -m nagios
passwd nagios