Nagios check_nt over ssh-tunnel

I am a big fan of Nagios for host and service monitoring and this is my first post on the subject. My task was to check services on a Windows Server with Nagios and NSClient++. But the firewall only allowed me to use ssh and thats why I could not connect to port 12489 (that NSClient listens to) from my Nagios server. The only way to solve the problem was to use a SSH-tunnel that I can open and close whenever I needed to.

Workflow for my solution
1. Nagios initiates that a service should be checked.
2. Nagios executes the check_nt_by_ssh_tunnel check-command with additional parameters
3. The script creates a ssh-tunnel
4. The script checks the Windows server with the Nagios builtin command check_nt
5. The script returns the check_nt output
6. The script closes the ssh-tunnel
7. Nagios does its processing.

Prerequisites
* A fully working Nagios installation
* NSClient installed and working on the Windows Server that should be monitored
* SSH autologin is configured between the two machines
* Read my other article for details about the SSH-tunnel used in this solution.

First you have to create the check-script on the Nagios server (in the Nagios libexec-folder). See below:

check_nt_by_ssh_tunnel.sh

#!/bin/bash

# $1 = HOSTNAME, 83.121.233.2
# $2 = LOCAL PORT, 14880
# $3 = USERNAME, ex: someusername
# $4 = CHECK PARAMETERS, ex: -w 80 -c 90 -v MEMUSE

if [ -z "$1" ]
then
        echo "Missing HOSTNAME"
        exit
fi

if [ -z "$2" ]
then
        echo "Missing LOCAL PORT"
        exit
fi

if [ -z "$3" ]
then
        echo "Missing USERNAME"
        exit
fi

# Open ssh-tunnel and wait for it to open
ssh -f -N -L $2:localhost:12489 $3@$1 &
sleep 30

# Run check_nt command
CHECK="/usr/local/nagios/libexec/check_nt -H localhost -p $2 $4"
#echo $CHECK
eval $CHECK

# Close ssh-tunnel
sleep 5
CMD="ps -eo pid,args | grep 'ssh -f -N -L $2:localhost' | grep -v  'grep' | cut -c1-6"
#echo $CMD
PID=`eval $CMD`
#echo $PID
kill -9 $PID

Make it executable:
chmod 755 check_nt_by_ssh_tunnel.sh

Then verify that i works by running the command:
./check_nt_by_ssh_tunnel.sh 83.121.233.2 14880 someusername ”-w 80 -c 90 -v MEMUSE”

You should then either see a valid Nagios plugin-output or get an error-message. Make sure that is works! You may have to modify the script depending on your *nix OS.

Next modify Nagios checkcommands.cfg or similiar and add the following. This makes the command available for use in Nagios.

# USAGE: check_nt_by_ssh_tunnel!11101!username!"-l 5,80,90 -v CPULOAD"
define command{
	command_name		check_nt_by_ssh_tunnel
	command_line		PATH_TO_COMMAND/check_nt_by_ssh_tunnel.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$
}

Next add a service definition that uses the check-command.

define service{
	use				       generic-service
        host_name                        MY_HOSTNAME
        service_description             Memory usage
        check_command                 check_nt_by_ssh_tunnel!11100!username!"-w 80 -c 90 -v MEMUSE"
}

The last step you need to do is to restart Nagios and check if it works.

* I recommend you to change the portnumber for each service-definition to avoid collisions. Make them unique to the service-check.

One Comment

Bash script that open and close an ssh-tunnel automagically | Marcus Nyberg  on januari 4th, 2010

[...] I have used this solution successfully with the Nagios monitoring system. Read Nagios check_nt over ssh-tunnel. [...]

Leave a Comment