{"id":59,"date":"2008-05-20T15:57:46","date_gmt":"2008-05-20T13:57:46","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=59"},"modified":"2008-05-20T17:26:24","modified_gmt":"2008-05-20T15:26:24","slug":"surveillance-des-services-sur-les-serveurs-vpn","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=59","title":{"rendered":"Surveillance des services sur les serveurs VPN"},"content":{"rendered":"<p>Pour effectuer la surveillance des serveurs VPN (une fois op\u00e9rationnel, ces serveurs seront des points d&rsquo;entr\u00e9e critique), nous avons d\u00e9cider d&rsquo;utiliser NAGIOS et l&rsquo;<em>addon<\/em> NRPE.<br \/>\nSur les serveurs VPN, lancer <code><small>apt-get update &amp;&amp; apt-get install nagios-plugins nagios-nrpe-server<\/small><\/code><br \/>\net <code><small>apt-get install nagios-plugins-lifc<\/small><\/code>.<br \/>\nModifier le fichier \/etc\/nagios\/nrpe.cfg<br \/>\n<code><small>allowed_hosts=127.0.0.1,&lt;adresse_serveur_nagios&gt;<\/small><\/code><\/p>\n<p><code><small>#command[check_disk1]=\/usr\/lib\/nagios\/plugins\/check_disk -w 20 -c 10 -p \/dev\/hda1<br \/>\n#command[check_disk2]=\/usr\/lib\/nagios\/plugins\/check_disk -w 20 -c 10 -p \/dev\/hdb1<br \/>\ncommand[check_disk1]=\/usr\/lib\/nagios\/plugins\/check_disk -w 20% -c 10% -p \/<br \/>\ncommand[check_ppp_connect]=\/usr\/lib\/nagios\/plugins\/check_ppp_connect -w 20 -c 30<br \/>\ncommand[check_xl2tpd]=\/usr\/lib\/nagios\/plugins\/check_xl2tpd<\/small><\/code><\/p>\n<p>relancer le serveur NRPE : <code><small>\/etc\/init.d\/nagios-nrpe-server restart<\/small><\/code><\/p>\n<p>modification non obligatoire dans le fichier <code><small>\/etc\/services<\/small><\/code><br \/>\n<code><small>nrpe            5666\/tcp                        # Nagios NRPE<\/small><\/code><\/p>\n<p>On v\u00e9rifie que le service nrpe tourne correctement :<br \/>\n<code><small>netstat -at | grep nrpe<\/small><\/code><\/p>\n<p>Tester la connexion depuis le serveur Nagios : <code><small>\/usr\/local\/nagios\/libexec\/check_nrpe -H &lt;adresse_client_nagios&gt; -c check_users <\/small><\/code><br \/>\nsur le serveur nagios<br \/>\nd\u00e9finition d&rsquo;un template service :<br \/>\n<code><small>define service{<br \/>\nis_volatile                     0<br \/>\ncheck_period                    24x7<br \/>\nmax_check_attempts              3<br \/>\nnormal_check_interval           5<br \/>\nretry_check_interval            2<br \/>\nnotification_interval           120<br \/>\ncontact_groups\t\t\tadmins-serveurs-vpn<br \/>\nnotification_options            w,u,c,r<br \/>\nnotification_interval           120<br \/>\nnotification_period             24x7<br \/>\nname\t\t\t\tservices-vpn<br \/>\nactive_checks_enabled           1       ; Active service checks are enabled<br \/>\npassive_checks_enabled          1       ; Passive service checks are enabled\/accepted<br \/>\nparallelize_check               1       ; Active service checks should be parallelized (disabling this can lead to major performance problems)<br \/>\nobsess_over_service             1       ; We should obsess over this service (if necessary)<br \/>\ncheck_freshness                 0       ; Default is to NOT check service 'freshness'<br \/>\nnotifications_enabled           1       ; Service notifications are enabled<br \/>\nevent_handler_enabled           1       ; Service event handler is enabled<br \/>\nflap_detection_enabled          1       ; Flap detection is enabled<br \/>\nfailure_prediction_enabled      1       ; Failure prediction is enabled<br \/>\nprocess_perf_data               1       ; Process performance data<br \/>\nretain_status_information       1       ; Retain status information across program restarts<br \/>\nretain_nonstatus_information    1       ; Retain non-status information across program restarts<br \/>\nregister                        0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!<br \/>\n}<\/small><\/code><\/p>\n<p>d\u00e9finition d&rsquo;un template host :<br \/>\n<code><small>define host{<br \/>\nname                            linux-box       ; The name of this host template<br \/>\nuse                             generic-host    ; This template inherits other values from the generic-host template<br \/>\ncheck_period                    24x7            ; By default, Linux hosts are checked round the clock<br \/>\ncheck_interval \t\t\t5<br \/>\n#\tretry_interval \t\t\t1<br \/>\nmax_check_attempts \t\t10<br \/>\ncheck_command \t\t\tcheck-host-alive<br \/>\nnotification_period \t\t24x7<br \/>\nnotification_interval \t\t120<br \/>\nnotification_options \t\td,r<br \/>\ncontact_groups \t\t\tadmins-serveurs-vpn<br \/>\nregister \t\t\t0<br \/>\n}<\/small><\/code><\/p>\n<p>cr\u00e9ation des hotes :<\/p>\n<p><code><small>define host{<br \/>\nhost_name \tBesancon_Bouloie_metro-C_test-vpn \t; The name we're giving to this server<br \/>\nalias \t\ttest-vpn \t\t\t\t; A longer name for the server<br \/>\naddress \t194.57.91.251 \t\t\t\t; IP address of the server<br \/>\nuse \t\tlinux-box \t\t\t\t; Inherit default values from a template<br \/>\n}<br \/>\n...<\/small><\/code><\/p>\n<p>cr\u00e9ation des services :<\/p>\n<p><code><small>define service{<br \/>\nuse \t\t\t\tservices-vpn<br \/>\nhost_name \t\t\tBesancon_Bouloie_metro-C_test-vpn<br \/>\nservice_description \t\tCPU Load<br \/>\ncheck_command \t\t\tcheck_nrpe!check_load<br \/>\n}<br \/>\n...<\/small><\/code><\/p>\n<p>cr\u00e9ation du hostgroup :<\/p>\n<p><code><small>define hostgroup{<br \/>\nhostgroup_name TEST_Equipements<br \/>\nalias TEST<br \/>\nmembers Besancon_Bouloie_metro-C_test-vpn, Besancon_Bouloie_metro-C_vpn1, Besancon_Bouloie_metro-C_vpn2<br \/>\n}<\/small><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pour effectuer la surveillance des serveurs VPN (une fois op\u00e9rationnel, ces serveurs seront des points d&rsquo;entr\u00e9e critique), nous avons d\u00e9cider d&rsquo;utiliser NAGIOS et l&rsquo;addon NRPE. Sur les serveurs VPN, lancer apt-get update &amp;&amp; apt-get install nagios-plugins nagios-nrpe-server et apt-get install nagios-plugins-lifc. Modifier le fichier \/etc\/nagios\/nrpe.cfg allowed_hosts=127.0.0.1,&lt;adresse_serveur_nagios&gt; #command[check_disk1]=\/usr\/lib\/nagios\/plugins\/check_disk -w 20 -c 10 -p \/dev\/hda1 #command[check_disk2]=\/usr\/lib\/nagios\/plugins\/check_disk -w [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[80,82,81],"class_list":["post-59","post","type-post","status-publish","format-standard","hentry","category-informations-techniques","tag-nagios","tag-nrpe","tag-surveillance"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/59","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=59"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/59\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=59"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=59"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=59"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}