How do we configure inbound checks with Nagios?
This is a common support request that we receive as a part of our Server Management Services. Inbound checks help in federated and distributed monitoring environments, as well as environments where the monitoring server receives passive check results from external applications and services.
Today. Let see how to configure inbound checks in Nagios XI.
Configure inbound checks with Nagios
Inbound Transfer APIs
There are two different APIs for handling inbound check transfers (passive checks) in Nagios XI:
- NRDP – A newer web-based API that operates over port 80 (HTTP) or 443 (HTTPS)
- NSCA – Operates over TCP port 5667 and while it is older than NRDP, it is supported by many more Nagios addons than the newer NRDP API
Both methods provide the same functionality. However, NRDP is the recommended method. This is because, it is easy to setup, configure and maintain in the long term.
Accessing Transfer Settings
We can configure inbound transfers by navigating to Admin > Check Transfers > Inbound Transfers in the interface of Nagios XI.
The Inbound Transfers settings page allows us to configure both the NRDP and NSCA APIs.
External applications, services and remote servers must use an authentication token when sending check results to the NRDP API.
We can configure multiple authentication token to support different client. The first time we configure NRDP, it generates a random token. We can change the token to an alpha-numeric string that we like.
Now, click the Update Settings button to save the NRDP settings.
Before we can enable inbound check transfers via the NSCA API, we must configure Nagios XI server as follows.
Establish a terminal session to Nagios XI server as the root user. Edit the /etc/xinetd.d/nsca file in any text editor using the following command:
# vi /etc/xinetd.d/nsca
Modify the only_from statement to include the IP addresses of hosts that are allowed to send data (or comment it out to allow all hosts to send data). This is a space-separated list, for example:
only_from = 127.0.0.1 10.25.18.22 10.25.18.23
When we have finished, save the changes and close the file.
Restart the xinetd service using the following command:
# service xinetd restart
Once we have made these changes, navigate to the NSCA tab on the Inbound Transfers page. External applications, services and servers that send passive checks results to Nagios XI using the NSCA API should encrypt the transmitted data.
The Nagios XI server and each client must be using the same:
- Decryption/encryption method
Click the Update Settings button to save the settings.
Modification of firewall settings between the remote data sources and the Nagios XI server may be required in order to allow inbound check results to be sent to Nagios XI.
The NRDP works on TCP port 80 using the HTTP protocol or TCP port 443 the HTTPS protocol.
NSCA uses a custom protocol that runs on TCP port 5667.
Furthermore, we need to configure Firewalls to allow inbound and outbound traffic over the ports used by the API(s) we choose to utilize for handling inbound checks.
We need to configure Nagios XI to monitor hosts and services for which it receives the passive check results. If it is not configured with a host or service when a passive check arrives, Nagios XI will add that host or service to a list of Unconfigured objects (Admin > Monitoring Config > Unconfigured Objects). Nagios XI will not do anything with the check results it receives when not configured
The Nagios XI administrator can then easily configure the host and service in the monitoring engine.
[Need any further assistance to configure inbound checks with Nagios – We’re available 24*7]
In short, there are two APIs available to handle inbound check transfers in Nagios XI. Today, we saw how our Support Engineers configure inbound checks using both these APIs.