Configure inbound checks with Nagios

Server Management Service

Inbound checks are used in federated and distributed monitoring environments, as well as environments where the monitoring server receives passive check results from external applications and services.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Nagios queries.

In this context, we shall look into how to configure inbound checks in Nagios XI.

How to Configure inbound checks with Nagios ?

1. Inbound Transfer APIs

There are two different APIs for handling inbound check transfers (passive checks) in Nagios XI:

NRDP – A newer web-based API that operates over port 80 (HTTP) or 443 (HTTPS).
NSCA – Operates over TCP port 5667 and while it is older than NRDP, it is supported by many more Nagios addons than the newer NRDP API.

Both methods provide the same functionality. However, NRDP is the recommended method. This is because, it is easy to setup, configure and maintain in the long term.

2. Accessing Transfer Settings

We can configure inbound transfers by navigating to Admin > Check Transfers > Inbound Transfers in the interface of Nagios XI.

The Inbound Transfers settings page allows us to configure both the NRDP and NSCA APIs.

3. NRDP Configuration

External applications, services and remote servers must use an authentication token when sending check results to the NRDP API.

We can configure multiple authentication token to support different client. The first time we configure NRDP, it generates a random token. We can change the token to an alpha-numeric string that we like.

Now, click the Update Settings button to save the NRDP settings.

4. NSCA Configuration

Before we can enable inbound check transfers via the NSCA API, we must configure Nagios XI server as follows.

Establish a terminal session to Nagios XI server as the root user. Edit the /etc/xinetd.d/nsca file in any text editor using the following command:

# vi /etc/xinetd.d/nsca

Modify the only_from statement to include the IP addresses of hosts that are allowed to send data (or comment it out to allow all hosts to send data). This is a space-separated list, for example:

only_from = 127.0.0.1 10.25.18.22 10.25.18.23

When we have finished, save the changes and close the file.

Restart the xinetd service using the following command:

# service xinetd restart

Once we have made these changes, navigate to the NSCA tab on the Inbound Transfers page. External applications, services and servers that send passive checks results to Nagios XI using the NSCA API should encrypt the transmitted data.

The Nagios XI server and each client must be using the same:

Decryption/encryption method.
Password.

Click the Update Settings button to save the settings.

5. Firewall Configuration

Modification of firewall settings between the remote data sources and the Nagios XI server may be required in order to allow inbound check results to be sent to Nagios XI.

The NRDP works on TCP port 80 using the HTTP protocol or TCP port 443 the HTTPS protocol.

NSCA uses a custom protocol that runs on TCP port 5667.

Furthermore, we need to configure Firewalls to allow inbound and outbound traffic over the ports used by the API(s) we choose to utilize for handling inbound checks.

6. Configuring Objects

We need to configure Nagios XI to monitor hosts and services for which it receives the passive check results. If it is not configured with a host or service when a passive check arrives, Nagios XI will add that host or service to a list of Unconfigured objects (Admin > Monitoring Config > Unconfigured Objects). Nagios XI will not do anything with the check results it receives when not configured

The Nagios XI administrator can then easily configure the host and service in the monitoring engine.