Pour effectuer la surveillance des serveurs VPN (une fois opérationnel, ces serveurs seront des points d’entrée critique), nous avons décider d’utiliser NAGIOS et l’addon NRPE.
Sur les serveurs VPN, lancer apt-get update && apt-get install nagios-plugins nagios-nrpe-server
et apt-get install nagios-plugins-lifc
.
Modifier le fichier /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,<adresse_serveur_nagios>
#command[check_disk1]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1
#command[check_disk2]=/usr/lib/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hdb1
command[check_disk1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_ppp_connect]=/usr/lib/nagios/plugins/check_ppp_connect -w 20 -c 30
command[check_xl2tpd]=/usr/lib/nagios/plugins/check_xl2tpd
relancer le serveur NRPE : /etc/init.d/nagios-nrpe-server restart
modification non obligatoire dans le fichier /etc/services
nrpe 5666/tcp # Nagios NRPE
On vérifie que le service nrpe tourne correctement :
netstat -at | grep nrpe
Tester la connexion depuis le serveur Nagios : /usr/local/nagios/libexec/check_nrpe -H <adresse_client_nagios> -c check_users
sur le serveur nagios
définition d’un template service :
define service{
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 2
notification_interval 120
contact_groups admins-serveurs-vpn
notification_options w,u,c,r
notification_interval 120
notification_period 24x7
name services-vpn
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
définition d’un template host :
define host{
name linux-box ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 24x7 ; By default, Linux hosts are checked round the clock
check_interval 5
# retry_interval 1
max_check_attempts 10
check_command check-host-alive
notification_period 24x7
notification_interval 120
notification_options d,r
contact_groups admins-serveurs-vpn
register 0
}
création des hotes :
define host{
host_name Besancon_Bouloie_metro-C_test-vpn ; The name we're giving to this server
alias test-vpn ; A longer name for the server
address 194.57.91.251 ; IP address of the server
use linux-box ; Inherit default values from a template
}
...
création des services :
define service{
use services-vpn
host_name Besancon_Bouloie_metro-C_test-vpn
service_description CPU Load
check_command check_nrpe!check_load
}
...
création du hostgroup :
define hostgroup{
hostgroup_name TEST_Equipements
alias TEST
members Besancon_Bouloie_metro-C_test-vpn, Besancon_Bouloie_metro-C_vpn1, Besancon_Bouloie_metro-C_vpn2
}