Build

Monitoring using Nagios

Nagios is one of the big names in monitoring tools. It monitors and alerts your servers, systems, networks and other infrastructure in general.

Nalle

Nalle

5 min read
Monitoring using Nagios

What is Nagios?

Nagios is an event monitoring system that offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. Ethan Galstad and a group of developers originally wrote Nagios as NetSaint. As of 2015, they actively maintain both the official and unofficial plugins. Nagios is a recursive acronym: "Nagios Ain't Gonna Insist On Sainthood" – "sainthood" makes reference to the original name NetSaint, which changed in response to a legal challenge by owners of a similar trademark. Wikipedia

Nagios has been designed with scalability and flexibility in mind. It's a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end users and customers.

Why Nagios

  • Plan for infrastructure upgrades before outdated systems cause failures
  • Respond to issues at the first sign of a problem
  • Automatically fix problems when they are detected
  • Coordinate technical team responses
  • Ensure your organization’s SLAs are being met
  • Ensure IT infrastructure outages have a minimal effect on your organization’s bottom line
  • Monitor your entire infrastructure and business processes

Installation

Create a LXC using Debian/Ubuntu or Alpine. For this post, I used Ubuntu 24.04.

LXC specs: 2 core, 4 GiB RAM 32 GiB disk.

Update and upgrade the LXC

apt update && apt upgrade -y

Install Nagios and dependencies and plugins

apt install nagios4 nagios-plugins-contrib -y

Start Apache

systemctl enable --now apache2

Enable the Apache cgi modules

a2enmod rewrite cgi && systemctl restart apache2

Start Nagios 

systemctl enable --now nagios4

Open Nagios in the browser

To open in a browser, use <IP of the LXC>:nagios4

Add a Password

Backup the nagios4-cgi.conf configuration file

mv /etc/apache2/conf-enabled/nagios4-cgi.conf{,.backup}

Make a backup copy of the original

Edit the nagios4-cgi.conf configuration file

nano /etc/apache2/conf-enabled/nagios4-cgi.conf

Copy and paste the example below:

# apache configuration for nagios 4.x

ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4

# Where the stylesheets (config files) reside
Alias /nagios4/stylesheets /etc/nagios4/stylesheets

# Where the HTML pages live
Alias /nagios4 /usr/share/nagios4/htdocs

<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
    Options FollowSymLinks
    DirectoryIndex index.php index.html
    AllowOverride AuthConfig
    AuthDigestDomain "Nagios4"
    AuthDigestProvider file
    AuthUserFile    "/etc/nagios4/htdigest.users"
    AuthGroupFile   "/etc/group"
    AuthName        "Restricted Nagios4 Access"
    AuthType        Digest
    #Require all     granted
    Require        valid-user
    #Require ip  ::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
</DirectoryMatch>

<Directory /usr/share/nagios4/htdocs>
    Options     +ExecCGI
</Directory>

Use Authentication

The default Debian Nagios4 install sets use_authentication=0 in /etc/nagios4/cgi.cfg, which turns off Nagios's internal authentication.
This is insecure. As a compromise, this default apache2 configuration only allows private IP addresses access.

Edit the /etc/nagios4/cgi.cfg configuration file

nano /etc/nagios4/cgi.cfg

By setting use_authentication=1 you can configure which people get to see a particular service from within the Nagios configuration.

Create users

Create the allowed user by issuing the command below and entering a password.

htdigest -c /etc/nagios4/htdigest.users "Restricted Nagios4 Access" nagiosadmin

Create your user. Nagios default admin user is nagiosadmin

Restricting access to only Local IPs

Why we removed the line in /etc/apache2/conf-enabled/nagios4-cgi.conf that restricts access to local IPs is: Required ip ::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16.
Because we are using user and password authentication.

Restart Apache

systemctl restart apache2

Now Nagios will ask for a user and the corresponding password.

Next steps

Set up your servers and services to be monitored by Nagios

References

Nagios 4 [1] GitHub [2] NRPE [3] NDOutils [4] Nagios CSP is free to use for life! The Open Source components can be used as their license allows, and the commercial Nagios XI virtual machine comes with a free, perpetual licenses for personal, non-commercial use. If you are interested in a commercial license of Nagios XI with professional support, click here. [5]

  1. Nagios homepage, Downloads, Documentation,
    Latest version of Nagios Core — Free, powerful monitoring and alerting for servers, networks, applications and services. download or the tarball ↩︎

  2. Nagios GitHub page ↩︎

  3. NRPE – A server agent for allowing Nagios Core to monitor remote Linux and Unix systems pdf ↩︎

  4. NDOutils – The database backend for Nagios Core that allows for a powerful UI with dashboards and multi-user accessInstallation pdf and Database design guide pdf ↩︎

  5. Switching to Nagios XI page ↩︎

Read more