I am a big fan of Nagios for host and service monitoring and this is my first post on the subject. My task was to check services on a Windows Server with Nagios and NSClient++. But the firewall only allowed me to use ssh and thats why I could not connect to port 12489 (that NSClient listens to) from my Nagios server. The only way to solve the problem was to use a SSH-tunnel that I can open and close whenever I needed to.
Workflow for my solution
1. Nagios initiates that a service should be checked.
2. Nagios executes the check_nt_by_ssh_tunnel check-command with additional parameters
3. The script creates a ssh-tunnel
4. The script checks the Windows server with the Nagios builtin command check_nt
5. The script returns the check_nt output
6. The script closes the ssh-tunnel
7. Nagios does its processing.
* A fully working Nagios installation
* NSClient installed and working on the Windows Server that should be monitored
* SSH autologin is configured between the two machines
* Read my other article for details about the SSH-tunnel used in this solution.
First you have to create the check-script on the Nagios server (in the Nagios libexec-folder). See below:
# $1 = HOSTNAME, 220.127.116.11
# $2 = LOCAL PORT, 14880
# $3 = USERNAME, ex: someusername
# $4 = CHECK PARAMETERS, ex: -w 80 -c 90 -v MEMUSE
if [ -z "$1" ]
echo "Missing HOSTNAME"
if [ -z "$2" ]
echo "Missing LOCAL PORT"
if [ -z "$3" ]
echo "Missing USERNAME"
# Open ssh-tunnel and wait for it to open
ssh -f -N -L $2:localhost:12489 $3@$1 &
# Run check_nt command
CHECK="/usr/local/nagios/libexec/check_nt -H localhost -p $2 $4"
# Close ssh-tunnel
CMD="ps -eo pid,args | grep 'ssh -f -N -L $2:localhost' | grep -v 'grep' | cut -c1-6"
kill -9 $PID
Make it executable:
chmod 755 check_nt_by_ssh_tunnel.sh
Then verify that i works by running the command:
./check_nt_by_ssh_tunnel.sh 18.104.22.168 14880 someusername ”-w 80 -c 90 -v MEMUSE”
You should then either see a valid Nagios plugin-output or get an error-message. Make sure that is works! You may have to modify the script depending on your *nix OS.
Next modify Nagios checkcommands.cfg or similiar and add the following. This makes the command available for use in Nagios.
# USAGE: check_nt_by_ssh_tunnel!11101!username!"-l 5,80,90 -v CPULOAD"
command_line PATH_TO_COMMAND/check_nt_by_ssh_tunnel.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$
Next add a service definition that uses the check-command.
service_description Memory usage
check_command check_nt_by_ssh_tunnel!11100!username!"-w 80 -c 90 -v MEMUSE"
The last step you need to do is to restart Nagios and check if it works.
* I recommend you to change the portnumber for each service-definition to avoid collisions. Make them unique to the service-check.