×


NCPA For Passive Checks – Using Nagios Remote Data Processor

Passive checks reduce the load on the Nagios server by reducing the number of active checks run. They are also useful for security-related and asynchronous events we wish to monitor.

This guide is intended for use by Nagios XI or Nagios Core Administrators who want to understand how to configure NCPA to send passive check results.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Nagios queries.

In this context, we shall look into how to configure the Nagios Cross-Platform Agent (NCPA) to send passive check results to Nagios XI or Nagios Core.


NCPA For Passive Checks

In order to begin, ensure that you have:

  • The NRDP listener must configure properly on the Nagios server.
  • Implement SSL/TLS for NRDP.
  • The remote machine should have NCPA.


Configuration Files

NCPA supports multiple configuration files. This allows us to separate our configurations to allow for seamless upgrades.

We can find these files in:

1. Windows

C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg
C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg.d\

2. All Other

/usr/local/ncpa/etc/ncpa.cfg
/usr/local/ncpa/etc/ncpa.cfg.d/


Configure ncpa.cfg

First and foremost, we configure the ncpa.cfg file to send passive check results to Nagios [XI/Core] server using NRDP.

We need to provide the NRDP URL, NRDP Token, and hostname.

For example, here, we will use:

  • NRDP URL = https://10.25.5.21/nrdp/
  • NRDP Token = NRDP_T0k3n
  • hostname = S1601


Initially, we open the ncpa.cfg file in a text editor and locate the [passive] section:

[passive]
handlers = None

Then we configure handlers for NRDP:

[passive]
handlers = nrdp

In the same section we can find a sleep value:

sleep = 300

The default setting is 300 seconds (5 minutes). We can change this if we want to execute/send the passive checks in another time frame.


Then we locate the [nrdp] section:

[nrdp]
parent =
token =
hostname = NCPA 2

We update these values with the correct values for our environment.

For example,

[nrdp]
parent = https://10.25.5.21/nrdp/
token = NRDP_T0k3n
hostname = S1601

Eventually, we save and close the file.


Configure Passive Checks

Next, we need to create a configuration file that contains the passive check commands.

The NCPA installer gives an example file in the ncpa.cfg.d directory, example.cfg. We use it as a starting point for passive checks.

We create a copy of the example.cfg file called nrdp.cfg in the ncpa.cfg.d directory using the following steps:


a. Linux/Mac OS X/AIX

cd /usr/local/ncpa/etc/ncpa.cfg.d/
sudo cp example.cfg nrdp.cfg
sudo chown nagios:nagios nrdp.cfg

b. Windows

We open a command prompt with administrative rights and execute:

cd “C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg.d”
copy example.cfg nrdp.cfg

A prompt to overwrite nrdp.cfg means the file already exists. We do not need to overwrite it.


Define Passive Checks

When we open the nrdp.cfg file in any text editor we will see the following:

#[passive checks]
#%HOSTNAME%|__HOST__ = system/agent_version
#%HOSTNAME%|CPU Usage = cpu/percent –warning 60 –critical 80 –aggregate avg
#%HOSTNAME%|Swap Usage = memory/swap –warning 60 –critical 80 –units Gi
#%HOSTNAME%|Memory Usage = memory/virtual –warning 80 –critical 90 –units Gi
#%HOSTNAME%|Process Count = processes –warning 300 –critical 400

The # symbol means that they are commented out and are not being used. We need to simply remove the # symbol to make the checks active.

Ensure to remove the # before [passive checks] to enable passive checks.

Here, we can see that there is no disk usage check in the example file.

Here is an example of how we can add to the nrdp.cfg file the used disk space with a warning at 80% used and critical at 90% used.


a. Linux/Mac OS X/AIX

This example checks the disk space on the / (root) mount. In NCPA, all \ and / must represent as the | (pipe symbol).

#%HOSTNAME%|Disk Used root = disk/logical/|/used_percent –warning 80 –critical 90

b. Windows

This example checks the disk space on the E:\ drive. In NCPA, all \ and / must represent as | (pipe symbol).

#%HOSTNAME%|Disk Used E = /disk/logical/E:|/used_percent –warning 80 –critical 90

We cannot use the : (colon) in the service name. Otherwise, it will cause that command to fail.

Finally, we save and close the file.


Restart the Service

To apply the changes we made, we need to restart the NCPA Passive service. The command, however, will differ depending on the OS and version.

a. Windows

net stop ncpapassive
net start ncpapassive

b. RHEL/CentOS/Oracle Linux 5.x/6.x

service ncpa_passive restart

c. RHEL/CentOS/Oracle Linux 7.x

systemctl restart ncpa_passive.service

d. Ubuntu 12.x/13.x/14.x

sudo service ncpa_passive restart

e. Ubuntu 15.x+

sudo systemctl restart ncpa_passive.service

f. Debian 7.x

service ncpa_passive restart

g. Debian 8.x+

systemctl restart ncpa_passive.service

h. openSUSE/SUSE SLES 11.x

sudo /sbin/service ncpa_passive restart

i. openSUSE Leap 42.x+/SUSE SLES 12.x+

sudo systemctl restart ncpa_passive.service


j. AIX

stopsrc -s ncpa_passive
startsrc -s ncpa_passive

k. Mac OS X

sudo launchctl stop org.nagios.ncpa_passive
sudo launchctl start org.nagios.ncpa_passive


Check Nagios

Since we configured NCPA, it will start sending passive check results to our Nagios [XI/Core] server.

We can check to see if they have been received because they will be in the nagios.log file.

To check the log file, we execute the following command on our Nagios XI server:

grep ‘Error: Got’ /usr/local/nagios/var/nagios.log

Our output will be like this:

[1508380204] Error: Got host checkresult for ‘S1601’, but no such host can be found
[1508380204] Error: Got check result for service ‘CPU Usage’ on host ‘S1601’. Unable to find service
[1508380204] Error: Got check result for service ‘Disk Usage’ on host ‘S1601’. Unable to find service
[1508380204] Error: Got check result for service ‘Swap Usage’ on host ‘S1601’. Unable to find service
[1508380204] Error: Got check result for service ‘Memory Usage’ on host ‘S1601’. Unable to find service
[1508380204] Error: Got check result for service ‘Process Count’ on host ‘S1601’. Unable to find service
[1508380204] Error: Got check result for service ‘Disk Usage E’ on host ‘S1601’. Unable to find service

We don't have to alarm ourselves due to the error messages. This occurs because Nagios [XI/Core] does not have any object definitions for these check results.


Configure Nagios

Now that Nagios [XI/Core] is receiving the check results, we need to create the host and service objects.

1. Adding Unconfigured Objects to Nagios XI

To add unconfigured objects to Nagios XI as host and service objects, we run the Unconfigured Passive Object wizard.

We can run this wizard in two ways:

  • Add One Host with Services – Click the play button at the top right of the list for that host.
  • Add Multiple Hosts with Services – In the list of unconfigured objects, check the box for each host that we want to add.
  • Then click the gear icon at the bottom of the list.


The list of hosts that will have services created will appear in the summary list. We can run through the wizard and select the preferred settings and Apply.

Then we click the View status details for xxx link which should direct us to a screen.

Eventually, the host and its services will no longer appear under the unconfigured objects section.


2. Passive host and service definitions in Nagios Core

The Passive NRDP checks will not appear anywhere in Nagios until we define host and service definitions.

The following Nagios Definitions will result in:

  • A Passive Host object for the server S1601.
  • Passive Service objects for the server S1601 for the services.


a. Command

define command {
command_name check_dummy
command_line $USER1$/check_dummy $ARG1$
}

b. Templates

Host

define host {
use generic-host
name passive_host
active_checks_enabled 0
passive_checks_enabled 1
flap_detection_enabled 0
register 0
check_period 24×7
max_check_attempts 1
check_interval 5
retry_interval 1
check_freshness 0
contact_groups admins
check_command check_dummy!0
notification_interval 60
notification_period 24×7
notification_options d,u,r
}

Service

define service {
use generic-service
name passive_service
active_checks_enabled 0
passive_checks_enabled 1
flap_detection_enabled 0
register 0
check_period 24×7
max_check_attempts 1
check_interval 5
retry_interval 1
check_freshness 0
contact_groups admins
check_command check_dummy!0
notification_interval 60
notification_period 24×7
notification_options w,u,c,r
}

c. Host Definition

define host {
use passive_host
host_name S1601
}

d. Service Definitions

CPU Usage

define service {
use passive_service
service_description CPU Usage
host_name S1601
}

Disk Usage

define service {
use passive_service
service_description Disk Usage
host_name S1601
}

Swap Usage

define service {
use passive_service
service_description Swap Usage
host_name S1601
}

Memory Usage

define service {
use passive_service
service_description Memory Usage
host_name S1601
}

Process Count

define service {
use passive_service
service_description Process Count
host_name S1601
}

Once we create the objects in Nagios [XI/Core], we will be successfully using NCPA for passive checks.


[Need help with Nagios configuration? We'd be happy to assist. ]


Conclusion

This article covers how to configure NCPA For Passive Checks.

This guide will help you to configure the Nagios Cross Platform Agent (NCPA) to send passive check results to Nagios XI or Nagios Core using Nagios Remote Data Processor (NRDP).


Check results received from external devices / applications is what defines a Passive check. It's the responsibility of the external devices / applications to send the check results through, all Nagios [XI / Core] does is wait for the results (as opposed to Active checks where Nagios [XI / Core] is responsible for performing the check on a schedule).

Passive checks reduce the load on your Nagios [XI / Core] server by reducing the number of active checks run. Passive checks are also useful for security-related and asynchronous events you wish to monitor.