The Monitoring Setup Part 1: Installing Centreon, Nagios & NDOUtils

E

ehansen

Guest
Nagios, one of the most popular network monitoring software out there. While the software itself is pretty intensive very robust, the web UI leaves a bit to be desired. For starters, it does not graph trends regarding to hosts and services. This isn't a big missing feature, but it would still be nice to have. However, there is one feature that I really wish was implemented, especially with the general concept being easy to handle, and that is ACL (access control list). With Nagios, you can have multiple accounts to login to the web UI, but everyone could see every server. As I wanted my clients to view just theirs, this was not acceptable.

I did a lot of research and discovered a few solutions. However, I was looking for more of a centralized solution to monitoring and trend watching. Currently there was Nagios for the monitoring and Cacti for the trends, but I knew there had to be a better solution. Then, I found Centreon.

Centreon is not like software such as Alien Vault that requires to be its own turn-key distribution. Instead it's mostly a web UI for Nagios that also offers plugins, data storage and its own engine that's heavily based off of Nagios, but with improvements. I went through the demo on their website and talked to a few people on their IRC about how to set ACLs and such, and walked away very pleased and ready to go. The only problem I really felt there was with Centreon is that it is intended for use on RPM-based OSes. So if you're looking to install this on CentOS, Red Hat, etc... then it is as simple as installing an RPM file. But, my servers are Debian and Ubuntu, so that was not an option. Luckily, it's also available in tar.gz format.

Assumptions

This article assumes the following things about your set up:

You have the required software already installed and configured for Apache, PHP, GD, RRD, MySQL libraries & headers (libmysqlclient-dev), SNMPd and build-essentials
You have administrative access, since we will be using /usr and /var a lot
You have patience, as compiling some of this stuff and going through the installs can be a little on the lengthy side
Downloading and Installing Nagios

Since we won't be using Centreon's customized engine (because it requires installing the Qt framework), we will need to install Nagios first. I've been using 3.4.1 which is the latest version as of this writing.

First, we need to download the tarball:


Code:
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.4.1.tar.gz

We switch to the /usr/local/src directory just to make future jobs easier if we need to recompile or something. Trust me, this can happen.

Next, we need to untar and go into the new directory:


Code:
tar -zxf nagios-3.4.1.tar.gz
cd nagios-3.4.1


Now we need to create the Nagios user on the system (this can be done at any point before compiling Nagios, I just do it now because):


Code:
useradd -m nagios
passwd nagios
groupadd nagcmd
usermod -a -G nagcmd www-data

Why do we create a password for user "nagios" when it's generally advised to lock it down? Centreon requires being able to execute commands as user nagios in order to restart the service, edit configuration files, etc... We don't want to run into any permissions issues with our web server (since Centreon is run by the web server user, right?), so we need to grant the web server access to nagios files by group as well.

Here's the compiling of Nagios. Before running the make commands, make sure that the output of ./configure is correct. Also, if you change your "--prefix=", troubleshooting might be a bit on the painful side:


Code:
./configure --prefix=/usr/local/nagios --with-command-group=nagcmd --enable-nanosleep --enable-event-broker
make all
make install
make install-init
make install-commandmode
make install-config

This installs the Nagios information into /usr/local/nagios with event broker enabled (so we can use NDOUtils to store data collection into MySQL). install-init creates the init.d script, install-commandmode configures the nagios.cmd file for proper use so using 'external command' in Centreon doesn't cause issues. If you're curious on the nanosleep switch, it's basically saying use Nagios' version of sleep to reduce any conflicts.

At this point, Nagios should be installed, so we must now install NDOUtils.

Installing NDOUtils

Now, this one is a bit more tricky for 2 reasons:

There are the official releases, and then there are patched versions (Ubuntu's package manager carries the patched version)
While you still run make, there is no make install (which can changed by editing the Makefile)

This will focus on the official release. The patched version only offers benefits if you are using it in a large monitoring set up, because with so many systems and it writing to MySQL constantly it causes a lot of I/O performance hits.

Go back into /usr/local/src, download, untar and cd into the ndoutils:


Code:
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/ndoutils-1.4b9.tar.gz
tar -zxf ndoutils-1.4b9.tar.gz
cd ndoutils-1.4b9

There is a 1.5 branch out there, but I haven't tested this with it yet.

After this, we need to compile NDOUtils. This is why we need to have libmysqlclient-dev installed, because we need to have NDOUtils connect to MySQL (more specifically ndo2db):


Code:
./configure --prefix=/usr/local/nagios/ --enable-mysql --disable-pgsql --with-ndo2db-user=nagios --with-ndo2db-group=nagios
make

We enable MySQL for NDOUtils and disable the use of PostgresSQL. Then we run make to compile the entire program. However, as stated, there is no "make install" so we have to manually do some installation ourselves:


Code:
cp ./src/ndomod-3x.o /usr/local/nagios/bin/ndomod.o
cp ./src/ndo2db-3x /usr/local/nagios/bin/ndo2db
cp ./config/ndo2db.cfg-sample /usr/local/nagios/etc/ndo2db.cfg
cp ./config/ndomod.cfg-sample /usr/local/nagios/etc/ndomod.cfg
chmod 774 /usr/local/nagios/bin/ndo*
chown nagios:nagios /usr/local/nagios/bin/ndo*

I've ran into issues with this at times (you may not though), so to ensure the configuration files can be read & wrote to by Centreon:

Code:
chown nagios:nagios /usr/local/nagios/etc/ndo*

We should also copy over the init.d script:


Code:
chmod +x daemon-init
cp daemon-init /etc/init.d/ndo2db
update-rc.d ndo2db defaults


Now the worst of it (for now, until part 2) is over. We can, in theory, have everything running smoothly now. But, hold on. Now it's time to install Centreon.

Installation of Centreon

This won't be a difficult process, but the install script can be a bit annoying at times. However, it is worth it in the end.

As always, the download of the archive:


Code:
cd /usr/local/src
wget http://download.centreon.com/centreon/centreon-2.3.8.tar.gz
tar -zxf centreon-2.3.8.tar.gz
cd centreon-2.3.8


Now starts the install. To do so, just run the install.sh script in interactive mode:

Code:
./install.sh -i
The output for this is a lot, but install the Web Front, CentCore, Nagios Plugins & SNMP traps process. All the default values should be fine, and if it asks to create a folder say "y" (yes). To finish the install of the Centreon web UI go to http://<server/fqdn/ip>/centreon and follow the web install process. This is all pretty straight forward.

What to Expect From Part 2

In part 2 I'll cover configuring Nagios to work with Centreon, as well as how to monitor remote servers (Centreon calls them satellites).

About the Author

Eric Hansen is the owner and a security consultant for Security For Us. He has been involved with Linux for a little over a decade and has dabbed in a little bit of everything that comes with the operating system. With a background in various programming languages and a strong desire to learn more, he constantly stays active in providing code, patches and new programs or scripts to aide in the administration of Linux servers.


Interesting Links

Nagios & NDOUtils - http://www.nagios.org
Centreon - http://www.centreon.com
Security For Us - https://www.securityfor.us
 


Great article,
Have you ever test Centreon-broker & engine ? how replace Nagios & ndo2db ?
 
I've been using Nagios for over 10 years now, and all during that period the Nagios web UI has supported accounts that are restricted to particular hosts or services, which cannot see every server. It is just not true that there is no "ACL"-like support in the Nagios UI.
 

Members online


Top