Opsview Unix Agent Customisation

The Opsview unix agent package is based upon the NRPE daemon.

However, the NRPE version is patched to allow sending more data than the regular NRPE (usually limited to 1K, but extended with our version to 16K) in a backward compatible way. It is important that you use the check_nrpe plugin delivered with Opsview as this can communicate between a regular NRPE daemon and the Opsview Agent version.

All NRPE communication is default to sending with encryption on. However, there is no authentication built in to NRPE.

It is possible to set an allowed_hosts variable to only allow connections from specific IP addresses, although this is only a rudimentary security check. We recommend you use firewall rules to determine which IP addresses are allowed to connect.

If you were to set the allowed_hosts variable, and attempted to connect from an alternative IP, you would get the error:

CHECK_NRPE: Error - Could not complete SSL handshake

To set the allowed_hosts variable, follow the instructions based on the version of the Opsview Agent:

Create an override file in /usr/local/nagios/etc/nrpe_local/override.cfg. Ensure the nagios user owns the file.

Add the line:

allowed_hosts=127.0.0.1,192.168.101.2

Restart the nrpe agent:

/etc/init.d/opsview-agent stop
/etc/init.d/opsview-agent start

Amend the nrpe configuration file /usr/local/nagios/etc/nrpe.cfg to include the line:

allowed_hosts=127.0.0.1,192.168.101.2

Restart the nrpe agent:

/etc/init.d/opsview-agent stop
/etc/init.d/opsview-agent start

Note: in agents pre-3.2.0, any upgrades to the opsview-agent package will remove the configuration changes.

The unix agents can be modified to add extra plugins as as below.

Newer agents allow for supplementary packages to be created and installed over the top of the Opsview agent, which enables packaged customisations.

• Copy the new plugin into the /usr/local/nagios/libexec/nrpe_local directory and ensure it has the correct permissions to run as the nagios user.

• Amend the nrpe configuration file /usr/local/nagios/etc/nrpe_local/nrpe.cfg to include a line similar to

command[<script_name>]=/usr/local/nagios/libexec/nrpe_local/<script_name> $ARG1$

i.e.

command[my_check_script]=/usr/local/nagios/libexec/nrpe_local/my_check_script.sh $ARG1$

• restart the nrpe agent.

/etc/init.d/opsview-agent stop
/etc/init.d/opsview-agent start

You can set up the service check within Opsview and assign to hosts as normal. Any upgrade to the agent package should not lose any customisations.

• Copy the new plugin into the /usr/local/nagios/libexec/ directory and ensure it has the correct permissions to run as the nagios user.

• Amend the nrpe configuration file /usr/local/nagios/etc/nrpe.cfg to include a line similar to

command[<script_name>]=/usr/local/nagios/libexec/<script_name> $ARG1$

i.e.

command[my_check_script]=/usr/local/nagios/libexec/my_check_script.sh $ARG1$

• restart the nrpe agent.

/etc/init.d/opsview-agent stop
/etc/init.d/opsview-agent start

You can set up the service check within Opsview and assign to hosts as normal. Please note in agents pre 3.2.0 any upgrades to the agent package will remove the configuration changes.