Opsview Unix Agent Customisation
The Opsview unix agent package is based upon the NRPE daemon.
Communication
Protocol
However, the NRPE version is patched to allow sending more data than the regular NRPE (usually limited to 1K, but extended with our version to 16K) in a backward compatible way. It is important that you use the check_nrpe plugin delivered with Opsview as this can communicate between a regular NRPE daemon and the Opsview Agent version.
Security
All NRPE communication is default to sending with encryption on. However, there is no authentication built in to NRPE.
It is possible to set an allowed_hosts
variable to only allow connections from specific IP addresses, although this is only a rudimentary security check. We recommend you use firewall rules to determine which IP addresses are allowed to connect.
If you were to set the allowed_hosts
variable, and attempted to connect from an alternative IP, you would get the error:
CHECK_NRPE: Error - Could not complete SSL handshake
To set the allowed_hosts
variable, follow the instructions based on the version of the Opsview Agent:
Agents 3.2.0 and newer
Create an override file in /usr/local/nagios/etc/nrpe_local/override.cfg
. Ensure the nagios user owns the file.
Add the line:
allowed_hosts=127.0.0.1,192.168.101.2
Restart the nrpe agent:
/etc/init.d/opsview-agent stop /etc/init.d/opsview-agent start
Agents Pre 3.2.0
Amend the nrpe configuration file /usr/local/nagios/etc/nrpe.cfg
to include the line:
allowed_hosts=127.0.0.1,192.168.101.2
Restart the nrpe agent:
/etc/init.d/opsview-agent stop /etc/init.d/opsview-agent start
Note: in agents pre-3.2.0, any upgrades to the opsview-agent package will remove the configuration changes.
Adding New Plugins
The unix agents can be modified to add extra plugins as as below.
Newer agents allow for supplementary packages to be created and installed over the top of the Opsview agent, which enables packaged customisations.
Agents 3.2.0 and newer
- Copy the new plugin into the
/usr/local/nagios/libexec/nrpe_local
directory and ensure it has the correct permissions to run as the nagios user.
- Amend the nrpe configuration file
/usr/local/nagios/etc/nrpe_local/nrpe.cfg
to include a line similar to
command[<script_name>]=/usr/local/nagios/libexec/nrpe_local/<script_name> $ARG1$
i.e.
command[my_check_script]=/usr/local/nagios/libexec/nrpe_local/my_check_script.sh $ARG1$
- restart the nrpe agent.
/etc/init.d/opsview-agent stop /etc/init.d/opsview-agent start
You can set up the service check within Opsview and assign to hosts as normal. Any upgrade to the agent package should not lose any customisations.
Agents Pre 3.2.0
- Copy the new plugin into the
/usr/local/nagios/libexec/
directory and ensure it has the correct permissions to run as the nagios user.
- Amend the nrpe configuration file
/usr/local/nagios/etc/nrpe.cfg
to include a line similar to
command[<script_name>]=/usr/local/nagios/libexec/<script_name> $ARG1$
i.e.
command[my_check_script]=/usr/local/nagios/libexec/my_check_script.sh $ARG1$
- restart the nrpe agent.
/etc/init.d/opsview-agent stop /etc/init.d/opsview-agent start
You can set up the service check within Opsview and assign to hosts as normal. Please note in agents pre 3.2.0 any upgrades to the agent package will remove the configuration changes.