Nagios nrpe daemon on Liquidfiles server

Discussion in 'LiquidFiles General' started by Paul Hirose, Jun 24, 2023.

  1. Paul Hirose

    Paul Hirose New Member

    Joined:
    Jan 10, 2020
    Messages:
    17
    Likes Received:
    0
    What's the recommended way to allow incoming nrpe traffic to 5666/TCP on the Liquidfiles server?

    I see Liquidfiles uses firewalld. I'd like to properly (w/in the context of Liquidfiles) add the nrpe daemon for monitoring via Nagios. What is the best way to do this so that I don't interfere w/how Liquidfiles is managed?

    I could issue the command: firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x/32" port protocol="tcp" port="5666" accept' This would generally add the following stanza to /etc/firewalld/zones/public.xml (where x.x.x.x is my Nagios server IP):
    <rule family="ipv4">
    <source address="x.x.x.x/32"/>
    <port protocol="tcp" port="5666"/>
    <accept/>
    </rule>

    But I wasn't sure given the way Liquidfiles sets up firewalld (and I notice it additionally uses tcp-wrappers, for example, for sshd.)

    I'd like to monitor simple stuff like disk usage. But I'd also like to monitor license usage, which in another forum thread/posting said the only way to do that was with "ft status". If a lot of these monitoring options are now available via an API call, please let me know. I skimmed the API docs for Liquidfiles, but didn't see one that reports this type of stuff.

    Alternatively, I suppose I could use send_nsca (from the nsca-client rpm) and crontab a job that locally checks stuff and executes send_nsca to inform my Nagios server as a passive check.

    If you're monitoring your Liquidfiles server with Nagios (or any other monitoring software) and have any recommendations, would love to hear.
     
  2. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    802
    Likes Received:
    31
    yes, the firewall-cmd tool is preferred for enabling/disabling the custom ports on the FW.
    Easiest way how to enable permanently the required port is on this example:
    #firewall-cmd --permanent --add-port=5666/tcp
    #firewall-cmd --reload

    That sensitive information about the system or application like version and the license we don't export via API.
    Correct, you can use the ft status tool, where you can filter all the basic information you need, like the license and disk status. The output can then be send to your monitoring agent.

    ft status|grep "License: License"
    License Limit: 10 Users, 5 users counted towards license

    ft status|grep "Disk Usage:"
    Disk Size: 66G, Used: 7.1G, Available: 59G, Usage: 11%

    According to the monitoring. I think SNMP protocol is most universal for that needs.
    Frequently is used the SNMP agent which can be easily installed from Centos repositories.
    Here is an example how to configure it for sending information about disk as well.
    https://forum.liquidfiles.com/threads/snmp-monitoring.377/#post-814
     

Share This Page