blog.muhammadattique.

com

http://blog.muhammadattique.com/configuring-nagios-client-ossim/

Configuring Nagios on Client for OSSIM

Rate this post
Facebook
Twitter
Google+
LinkedIn
E-mail
In this tutorial, I am going to install Nagios on Windows and Linux Hosts to monitor them with AlienVault OSSIM
SIEM for 24 x 7 Availability check.

Configuring Nagios on Client for OSSIM:

1- Install latest version of:
NSClient++ on windows hosts.
Download from:

nsclient.org/nscp/downloads

.
NRPE Plugins is required with Nagios Plugins on Linux/Unix hosts.
Download Link: sourceforge.net/projects/nagios/files/nrpe-2.x/

Configuring Windows Host:

a) Install NSClient++ on Windows host as shown below:

1/10

b) Enter OSSIM Server IP and Password to use for NSClient Secure communication between OSSIM Server and
Client as shown below:

c) Enter Services.msc in Run Command, Right Click on NSClient++ Service, Select Properties.

2/10

d) Goto Logon Tab, and select option Allow Service to interact with desktop

e) Restart NSClient++ Service from Services.msc Console window.

3/10

f) Now configure Nagios on OSSIM Server:

i)
Select Jailbreak System
ii)
# cd /etc/nagios3/conf.d/
iii) Create Windows Config file:
# vim WinServer1-21.cfg
Modify according to yourself and Add following code:
#### HOST DEFINITION
define host{
use
generic-host
host_name
Win_Server_1_21
alias
Windows Server 1.21
address
192.168.1.21
statusmap_image win40.gd2
icon_image
win40.png
}
#### SERVICE DEFINITIONS
define service{
use
generic-service
host_name
Win_Server_1_21
service_description Uptime
check_command
check_ntcomm!UPTIME
}
define service{
use
generic-service
host_name
Win_Server_1_21
service_description CPU Load
check_command
check_ntcomm!CPULOAD!-l 5,80,90
}
define service{
use
generic-service
host_name
Win_Server_1_21
service_description Memory Usage
check_command
check_ntcomm!MEMUSE!-w 80 -c 90
}
define service{
use
generic-service
host_name
Win_Server_1_21
service_description Drive C Windows
check_command
check_ntcomm!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use
generic-service
host_name
Win_Server_1_21

4/10

service_description
check_command
}
iv)
v)

Drive D Data
check_ntcomm!USEDDISKSPACE!-l d -w 80 -c 90

Save and Exit.

Run Pre-flight Check by following command to find any errors and remove if there are.

# /usr/sbin/nagios3 -v /etc/nagios3/nagios.cfg
vi)
ntcomm Service Error will probably be shown, to resolve that, add following lines to:
/etc/nagios3/conf.d/services_nagios2.cfg
define command{
command_name check_ntcomm
command_line $USER1$/check_nt -H $HOSTADDRESS$ -s password -p 12489 -t 180 -v $ARG1$ $ARG2$
//Here, we have to enter password that weve given to NSClient++ plugin on Windows Host.
}
vii)
viii)

Now pre-flight check should not give error.

Restart Nagios3 Service by:

# service nagios3 restart

ix)
Check if Host is shown now on Environment > Availability option as shown below:

x) Done Adding Windows Host in OSSIM for Monitoring its Availability.

Adding Linux/Unix Host:

Install Nagios-Plugins on Linux/Unix Host:
5/10

# groupadd -g 9000 nagios

# groupadd -g 9001 nagcmd
# useradd -u 9000 -g nagios -G nagcmd -d /usr/local/nagios -c Nagios Admin nagios
# passwd nagios
//set password for nagios user
# yum install -y gcc gcc-c++ gd-devel gd png png-devel jpeg jpeg-devel zlib zlib-devel php mysql mysql-server
mysql-devel make vim mailx wget
# yum install -y gcc gcc-c++ gd-devel gd zlib zlib-devel php mariadb mariadb-server mariadb-devel make vim mailx
wget mlocate
//CENTOS 7
# cd /usr/local/src
Download latest Nagios Plugins, current latest version is 2.0.3
# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar xzvf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3
# ./configure sysconfdir=/etc/nagios localstatedir=/var/nagios
# make
# make install
# /usr/local/nagios/libexec/check_icmp -H
//Checking if plugins installed correctly.
Following Screen Shows Plugins have been installed correctly and working.

Install NRPE on Linux/Unix Host:

# yum install openssl-devel xinetd -y
# cd /usr/local/src
# wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar -xzvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# ./configure enable-openssl
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd
# vim /etc/xinetd.d/nrpe
SET / Modify:::
only_from 127.0.0.1 192.168.1.5
between IPs

// Add OSSIM Servers IP, there should be space but not any comma

6/10

# vim /etc/services
ADD Following line:
nrpe
5666/tcp

#NPRE

# chkconfig xinetd on
# systemctl enable xinetd
# service xinetd start
# systemctl start xinetd

//CentOS 7
//CentOS 7

CHECK if xinetd has made NRPE listen

# netstat -at | grep nrpe
Confirm that Plugin of NRPE is working fine
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.5
It must tell current version of nrpe installed on localhost like NRPE v2.15

Install NRPE on OSSIM Server:

First check if check_nrpe is present at: /usr/lib/nagios/plugins, if not, install by:

7/10

 Install C Compiler:
# apt-get install build-essential libssl-dev

Download/Extract & Install NRPE:

# wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar -xzvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# make all
# make install-plugin
# mv /usr/local/nagios/libexec/check_nrpe /usr/lib/nagios/plugins
# chown root:root /usr/lib/nagios/plugins/check_nrpe
c)

Configuring OSSIM Server for Linux/Unix Host:

# cd /etc/nagios3/conf.d/
# vim LinServer-1-31.cfg
Modify as per requirement and add following lines into it:
#### HOST DEFINITIONS
define host{
use
generic-host
host_name
LinServer-1-31
alias
Linux Server 1.31
address
192.168.1.31
statusmap_image
linux40.gd2
icon_image
linux40.png
}
#### SERVICE DEFINITIONS
define service{
use
host_name
service_description

generic-service
LinServer-1-31
PING

8/10

check_command
}
define service{
use
host_name
service_description
check_command
}
define service{
use
host_name
service_description
check_command
}
define service{
use
host_name
service_description
check_command
}
define service{
use
host_name
service_description
check_command
}

check_ping!100.0,20%!500.0,60%

generic-service
LinServer-1-31
Directory: /
check_nrpe!check_Root

generic-service
LinServer-1-31
Current Users
check_nrpe!check_users

generic-service
LinServer-1-31
Total Processes
check_nrpe!check_total_procs

generic-service
LinServer-1-31
Directory: /var
check_nrpe!check_Var

Add following NRPE command in the /etc/nagios3/conf.d/services_nagios2.cfg file:

define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c $ARG1$
}
Add /Modify following commands in /usr/local/nagios/etc/nrpe.cfg file on LinServer-1-31:
command[check_Root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_Var]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /var
Restart Xinetd Process on LinServer-1-31:
# service xinetd restart
Run Pre-flight check on OSSIM Server:
# /usr/sbin/nagios3 -v /etc/nagios3/nagios.cfg
If No Error Shown, Restart Nagios3 Service:
# serivce nagios3 restart
Now LinServer-1-31 should be shown in Environment >

Availability as shown below:

9/10

10/10