Chapter 10: Nagios Integration
use
check_command active_checks_enabled passive_checks_enabled
}
check_conn_via_Black Box!tcp!22 0 1
define servicedependency{ |
|
name | Black Box_nrpe_daemon_dep |
host_name | Black Box |
dependent_host_name | server |
dependent_service_description | SSH Port |
service_description | NRPE Daemon |
execution_failure_criteria | w,u,c |
} |
|
10.4.2 Basic Nagios Plug-Ins
check_tcp and check_udp are used to check open ports on network hosts
check_ping is used to check network host availability
check_nrpe is used to execute arbitrary
Each console server is preconfigured with two checks that are specific to Black Box:
check_serial_signals is used to monitor the handshaking lines on the serial ports
check_port_log is used to monitor the data logged for a serial port.
10.4.3 Number of Supported Devices
Ultimately the number of devices any particular console server can support depends upon the number of checks made, and how often they are performed. Access method will also play a part. The table below shows the performance of three of the console servers:
Time |
|
| No encryption | 3DES |
|
| SSH tunnel | ||
NSCA for single check |
|
| ~ ½ second | ~ ½ second |
|
| ~ ½ second | ||
NSCA for 100 sequential checks |
|
| 100 seconds | 100 seconds |
| 100 seconds | |||
NSCA for 10 sequential checks, batched upload |
| 1 ½ seconds | 2 seconds |
|
| 1 second | |||
NSCA for 100 sequential checks, batched upload |
| 7 seconds | 11 seconds |
|
| 6 seconds | |||
|
|
|
|
|
|
| |||
| No encryption |
| SSL |
|
| no encryption - | |||
|
|
|
|
|
|
| tunneled over existing | ||
|
|
|
|
|
|
| SSH session | ||
NRPE time to service 1 check | 1/10th second |
| 1/3rd second |
|
| 1/8th second | |||
NRPE time to service 10 simultaneous | 1 second |
| 3 seconds |
|
| 1 ¼ seconds | |||
checks |
|
|
|
|
|
|
|
|
|
Maximum number of simultaneous checks | 30 |
|
| 20 (1,2 and 8) or 25 |
| 25 (8 port), 35 (16 and | |||
before timeouts |
|
|
| (16 and 48 port) |
| 48 port) |
| ||
The results were from running tests 5 times in succession with no timeouts on any runs. There are a number of ways to increase the number of checks you can do.
Usually when using NRPE checks, an individual request will need to set up and tear down an SSL connection. This overhead can be avoided by setting up an SSH session to the console server and tunneling the NRPE port. This allows the NRPE daemon to run securely without SSL encryption, because SSH will provide the security.
When the console server submits NSCA results, it staggers them over a certain time period (for example, 20 checks over 10 minutes will result in two check results every minute). Staggering the results like this means that if the power fails or other incident causes multiple problems, the individual freshness checks will be staggered too.
NSCA checks are also batched. In the previous example, the two checks per minute are sent through in a single transaction.
103 |
