Installation and basic configuration ---- Nagios Cloud Security
Knowledge goal:
掌握Nagios监控
Skills objectives:
掌握Nagios监控服务的搭建和配置
A. Training environment
-
Two virtual machines, server and client, Server installed nagios software, data monitoring do processing, and provides a web interface to view and manage, you can also monitor the machine's own information, Client installed NRPE and other clients, according to monitoring request machines perform monitoring, then the results back to the monitoring machine.
-
Firewall off / iptables: Filewall is not running.
SELINUX=disabled
Centos version: Centos Linux
Release 7.x (Core) 64-Wei
Apache version: Apache / 2.4.6
Nagios Version: nagios-4.3.1
Nagios-plugins version: nagios-plugins-2.2.1
Training steps:
One. Basic training environment to build
Step one: Install the client and server virtual machine, as shown:
Install Nagios-server virtual machine
Install Nagios-client virtual machine [VM Server installation process and the same, to provide only a partial screenshot]
Step two: two virtual machines are configured IP address
Server virtual machine configuration IP:
Client IP address of the virtual machine configuration
Step three. Close selinux
Step Four: Configure Yum source virtual machine [way]
Please operations before the following virtual machine settings at the check, this option is required to check after the system boots.
Mount Mirror
Backup original source configuration yum
Create a local yum source configuration file
Yum update source configuration
Test yum command
Check depend on the environment
Change the hostname
two. Nagios-server installation
Step One Create nagios user and group
upload files
Step two mounting Nagios
Source Configuration
[Results before can not be turned when the command line vmware, login server and client host through x-shell5, this operation more convenient, below]
Compile and install
Check the directory [directory check the correct installation was successful]
. Step Three Install Messaging Service:
Start Service
Send e-mail to send a test [Ctrl + D to exit when finished and sent]
Designated to receive a warning e-mail address [email] to modify the parameters
步骤四:修改Web界面登陆验证信息
修改nagios用户权限(因为系统默认用户为nagiosadmin)配置完成后需重http服务
检测主配置文件是否有语法错误【如无警告无错误即为成功】
步骤五:安装nagios插件
配置
编译并安装
查看已安装的插件数量
步骤六:启动验证服务
安装防火墙前启动httpd服务
安装防火墙[如果防火墙没有安装会影响后续的验证]
启动防火墙
查看防火墙状态
添加防火墙规则
重启防火墙
重启nagios服务
打开nagios的web页面验证:192.168.1.111:/Nagios
主页
查看本机的监视信息
查看本机的服务信息(其中有一条warning信息,应该受到告警信息)
步骤七.安装nrpe
检查/usr/local/Nagios/libexec目录下是否已经安装了check_nrpe插件
三.Nagios-client的安装:
步骤一.关闭防火墙和selinux
修改参数:SELINUX=disabled
重启服务器
步骤二.配置环境
步骤三.安装nagios-plugin
添加nagios用户
解压安装
步骤四.安装nrpe
启动nrpe
[如果需要重启则先需要关闭相关进程,再查看端口5666是否关闭,最后使用启动命令]
四.调试验证:
步骤一.验证连通性:
在/usr/local/nagios/etc/nrpe.cfg文件中server的ip地址
重启nrpe
在server主机做验证
验证成功
在client端上做同样的验证
注释nrpe.cfg中以下几行
注释前
注释后
步骤二.创建监控脚本
在nrpe.cfg文件末尾增加下面几行内容
创建一个监控内存的perl脚本
修改脚本权限
重启nrpe服务
在本机验证脚本效果
在server端进行脚本验证
修改nagios.cfg配置文件
注释掉这行
在/usr/local/Nagios/etc/objects路径下创建hosts.cfg和services.cfg文件
修改检查语法脚本
修改commands.cfg文件,末尾添加以下内容:
步骤三.主机模板配置
删除下面示例内容
添加以下内容
将监控的主机添加到主机组里
服务模板配置
写入以下内容
重启nagios服务
调试验证
问题1.连接虚拟机传输文件时老是连接不上。如图:
解决办法:在网络设置中更改适配器选项,将VMnet8的IPV4属性改了,将IP地址改为和Server主机【192.168.1.112】同一网段,即192.168.1.113,网关为192.168.1.1,然后打开xftp,成功上传文件,如图:
问题2.挂载镜像时,执行命令没有成功
解决方案:根据报错信息在csdn查找,如图:
按照上面所述操作,CD/DVD光盘还是显示灰色,不能加载cd/dvd 在虚拟机设置,CD/DVD(IDE)栏的设备状态栏中点击已连接,如图:
然后进行上述操作,显示已加载CD/DVD,如图所示:
然后执行挂载命令,成功执行
问题3.Nagios-server编译安装的时候,出现了异常,显示unzip—命令没有找到,如图:
其原因是没有安装unzip。利用一句命令解决【yum install -y unzip zip】,如图:
安装完成后,重新执行编译安装命令make all和make install,成功执行,如图:
问题4. 查看已安装的插件数量时显示59与课件不同【60】,如图
解决办法:对实验没有影响,继续后面的实验
问题5.安装nrpe时执行./configure --with-nrpe-user=nagios --with-nrpe-group=nagios --with-nagios-user=nagios --with-nagios-group=nagios --enable-command-args --enable-ssl命令时出错,如图:
解决方案:回头检查,发现将目录进错了,应该进入root/software/nrpe-3.2.1目录下,执行命令,成功运行,如图:
问题6.client主机验证连通性的时候,执行netstat -lnput|grep 5666的时候出现设备找不到的问题,如图:
Solution: Check the command, the command is found to knock on the wrong, Lnput knock became Input, re-run, successful results as:
7. Verify debugging problems when the machine verification script error results, as shown:
Solution: Check the log and found that perl script to create a monitor memory check_mem.pl have problems when debugging verification file exists, as shown:
But the contents of the file missing something, errors when copying files content, delete files, re-create, as shown:
Successful implementation, as shown:
