= Nagios Installation on FreeBSD 8.0 =

Install Nagios and its plugins:

{{{
sudo pkg_add -r nagios nagios-plugins
}}}

Enable Apache and Nagios by adding the following lines to `/etc/rc.conf`, if not already present:

{{{
apache22_enable="YES"
nagios_enable="YES"
}}}

Start Apache:

{{{
sudo /usr/local/etc/rc.d/apache22 start
}}}

Check that you can browse to [http://localhost].

Create `/usr/local/etc/apache22/Includes/nagios.conf` with the following lines:

{{{
<Directory /usr/local/www/nagios>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
    Allow from 196.200.219.0/24
</Directory>

<Directory /usr/local/www/nagios/cgi-bin>
    Options ExecCGI
</Directory>

ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/ /usr/local/www/nagios/
}}}

Reload Apache configuration:

{{{
sudo /usr/local/etc/rc.d/apache22 reload
}}}

Check that you can browse to [http://localhost/nagios/] and that it shows "Version 3.0.6".

Copy the Nagios configuration samples:

{{{
bash
cd /usr/local/etc/nagios
for i in *-sample; do
    sudo cp $i `basename $i -sample`
done
}}}

Edit `cgi.cfg` and uncomment the following line:

{{{
#default_user_name=guest
}}}

Change the following lines, adding the word ",guest" at the end of each:

{{{
authorized_for_system_information=nagiosadmin,guest
authorized_for_configuration_information=nagiosadmin,guest
authorized_for_all_services=nagiosadmin,guest
authorized_for_all_hosts=nagiosadmin,guest
}}}

Edit `nagios.cfg` and comment out any lines starting with `cfg_file`, including the following if you have them:

{{{
cfg_file=/usr/local/etc/nagios/objects/commands.cfg
cfg_file=/usr/local/etc/nagios/objects/contacts.cfg
cfg_file=/usr/local/etc/nagios/objects/timeperiods.cfg
cfg_file=/usr/local/etc/nagios/objects/templates.cfg
cfg_file=/usr/local/etc/nagios/objects/localhost.cfg
}}}

Add the following line, just below:

{{{
cfg_dir=/usr/local/etc/nagios/objects
}}}

Create `/usr/local/etc/nagios/objects/hosts.cfg` with the following minimal configuration, replacing the XX in pcXX with your own computer's name:

{{{
define command {
	command_name	notify-host-by-email
	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}

define command {
	command_name	notify-service-by-email
	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}

define contact {
	contact_name			admin
	alias				Nagios Admin
	service_notification_commands	notify-service-by-email
	host_notification_commands	notify-host-by-email
}

define host {
	host_name		pcXX
	alias			Workshop PC XX
	address			pcXX.sse.ws.afnog.org
	max_check_attempts	10
	contacts		admin
}

define command {
	command_name		check_ping
	command_line		$USER1$/check_ping -H $HOSTADDRESS$ -w 100,20% -c 500,80% -p 5
}

define service {
	host_name		pcXX
	service_description	ping
	check_command		check_ping
	max_check_attempts	10
	check_interval		5
	contacts		admin
}
}}}

Start Nagios:

{{{
sudo /usr/local/etc/rc.d/nagios start
}}}

In the Nagios web interface, click on the [http://localhost/nagios/cgi-bin/status.cgi?host=all Service Detail] menu item, and check that you can see your host and service:

[[Image(status-pc01-ping.png)]]

Now add another host and service for your neighbour:

{{{
define host {
	host_name		pcYY
	alias			Workshop PC YY
	address			pcYY.sse.ws.afnog.org
	max_check_attempts	10
	contacts		admin
}

define service {
	host_name		pcYY
	service_description	ping
	check_command		check_ping
	max_check_attempts	10
	check_interval		5
	contacts		admin
}
}}}

Tell Nagios to reload its configuration again:

{{{
sudo /usr/local/etc/rc.d/nagios reload
}}}

And check that you can see both hosts and services on the Nagios [http://localhost/nagios/cgi-bin/status.cgi?host=all Service Detail] page:

[[Image(status-pc02-ping.png)]]

Click on the second `ping` service (the one in ''PENDING'' state), then ''Re-schedule the next check of this service'' and ''Commit''. You should see the following error message:

 Sorry, but you are not authorized to commit the specified command. Read the section of the documentation that deals with authentication and authorization in the CGIs for more information.

Now we need to add password protection to our Apache configuration, to ensure that only authorized users can submit commands to Nagios. Edit `/usr/local/etc/apache22/Includes/nagios.conf` and add the following section:

{{{
<Location "/nagios/cgi-bin/cmd.cgi">
        AuthType Basic
        AuthName "Nagios"
        AuthUserFile /usr/local/etc/apache22/htpasswd
        Require valid-user
</Location>
}}}

And then add the `nagiosadmin` user to `/usr/local/etc/apache22/htpasswd`:

{{{
sudo htpasswd /usr/local/etc/apache22/htpasswd nagiosadmin
}}}

And tell Apache to reload its configuration:

{{{
sudo /usr/local/etc/rc.d/apache22 reload
}}}

Then go to ''Service Detail -> ping -> Re-schedule the next check of this service'' again. This time you should be asked for a user name and password. The user name is `nagiosadmin` and the password is the same one you just entered in the `htpasswd` command. Now click on the '''Commit''' button again, and you should see this message instead:

 Your command request was successfully submitted to Nagios for processing. Note: It may take a while before the command is actually processed.

If you click on the '''Done''' link, it will take you back to the ''Service Status'' page. You can right-click and choose '''Reload''' until the '''Last Check Time:''' changes to just a few seconds ago, which means that the command has been processed and the service has been checked again.

Now we're going to add a check for a service that you configured earlier: the recursive DNS resolver on your computer and your neighbour's. First we check that the Nagios DNS plugin command works and the service is up:

{{{
[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H 196.200.223.1 -l www.tiscali.co.uk -T A
DNS OK - 0.462 seconds response time (www.tiscali.co.uk. 300 IN A 212.74.99.30)|time=0.461677s;;;0.000000

[inst@noc ~]$ sudo /etc/rc.d/named stop
Password:
Stopping named.
Waiting for PIDS: 21414.

[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H localhost -l www.tiscali.co.uk -T A
CRITICAL - Plugin timed out while executing system call

[inst@noc ~]$ sudo /etc/rc.d/named start
Starting named.

[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H localhost -l www.tiscali.co.uk -T A
DNS OK - 1.224 seconds response time (www.tiscali.co.uk. 300 IN A 212.74.99.30)|time=1.224043s;;;0.000000

[inst@noc ~]$ /usr/local/libexec/nagios/check_dig -H 10.1.2.3 -l www.tiscali.co.uk -T A
CRITICAL - Plugin timed out while executing system call
}}}

Then add the check command and service definitions to `/usr/local/etc/nagios/objects/hosts.cfg`:

{{{
define command {
	command_name		check_dns
	command_line		$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ -T A
}

define service {
	host_name		pcXX
	service_description	DNS resolver
	check_command		check_dns!www.tiscali.co.uk
	max_check_attempts	10
	check_interval		5
	contacts		admin
}
}}}

Tell Nagios to reload its configuration again:

{{{
sudo /usr/local/etc/rc.d/nagios reload
}}}

And check that you can see the new DNS service:

[[Image(status-pc01-dns-pending.png)]]

Force it to be checked now by rescheduling the next check, and check that it goes green.

Now we're going to add ping checks for all the PCs in the classroom. To make this easier, we'll write a script to generate the 47 host definitions for us. Create the file `generate-hosts.sh` with the following contents:

{{{
#!/usr/local/bin/bash

for ((i=1; i<=47; i++))
do
hostname=`printf "pc%02d" $i`
cat <<EOF
define host {
	host_name		$hostname
	hostgroups		workshop-pcs
	alias			Workshop PC $a
	address			$hostname.sse.ws.afnog.org
	max_check_attempts	10
	contacts		admin
}
EOF
done
}}}

Then make it executable and run it:

{{{
[inst@noc ~]$ chmod a+x generate-hosts.sh
[inst@noc ~]$ ./generate-hosts.sh
...
define host {
	host_name		pc47
	hostgroups		workshop-pcs
	alias			Workshop PC 
	address			pc47.sse.ws.afnog.org
	max_check_attempts	10
	contacts		admin
}
}}}

Then back up your `hosts.cfg` and append the script's output to it:

{{{
[inst@noc ~]$ cd /usr/local/etc/nagios/objects/
[inst@noc /usr/local/etc/nagios/objects]$ sudo cp hosts.cfg hosts.cfg.bak
[inst@noc /usr/local/etc/nagios/objects]$ 
[inst@noc /usr/local/etc/nagios/objects]$ cd -
/home/inst
[inst@noc ~]$ ./generate-hosts.sh | sudo tee -a /usr/local/etc/nagios/objects/hosts.cfg
}}}

Open the `hosts.cfg` file for editing again:

 * check that your original lines are still at the top
 * check that the new host definitions are at the bottom
 * remove your original host definition for your own PC (e.g. `pc01`) and your neighbour, as they are now duplicates.
 * add a hostgroup definition:
 {{{
define hostgroup {
	hostgroup_name		workshop-pcs
}
 }}}
 * change the `ping` service `host_name pcXX` to `hostgroup_name workshop-pcs`
 * remove the `ping` service for your neighbour, as it's now a duplicate

Tell Nagios to reload its configuration, and check that all 47 PCs are displayed on the '''Status Detail''' page.