Create our own plugins for Check_MK and WATO

For a long time I used Nagios Core without Check_MK or any other GUI for configuration. I used pynag for massive changes, but nothing else.

When I needed to check for something specific, I just wrote what I needed on bash, put as many arguments/parameters/variables I wanted and added it to the commands.cfg file.

But with Check_MK and WATO, that’s a little different. We could add whatever we want as script but configure the arguments it’s not so easy (it’s not hard either). Mathias Kettner explains it very well on the documentation, but I wanted to have my own experience on my blog.

I won’t write about how to do a script. I will just give an example about what I did.

Necessary files

We will create 3 files: the plugin itself – the check function – the manual page


We also will modify this one:

Continue Reading

Install Nagios Core 4.3.2 in Debian Stretch Part 2

We already have a Nagios Core installed. Now we want to add some very nice add ons to the platform.

Download additional software

Go to Mathias Kettner web and download the last version of Check_MK.

wget -O /usr/src/check_mk-1.2.8p25.tar.gz

We also need Nagvis and PNP4Nagios

wget -O /usr/src/nagvis-1.9.2.tar.gz 
wget -O /usr/src/pnp4nagios-0.6.25.tar.gz



Continue Reading

Install Nagios Core 4.3.2 in Debian Stretch Part 1

About Nagios

Nagios is an enterprise class, open source software that can be used for network and infrastructure monitoring. Using Nagios, we can monitor servers, switches, applications and services etc. It alerts the System Administrator when something goes wrong and also alerts back when the issues have been rectified.


Using Nagios, you can:

  • Monitor your entire IT infrastructure.
  • Identify problems before they occur.
  • Know immediately when problems arise.
  • Share availability data with stakeholders.
  • Detect security breaches.
  • Plan and budget for IT upgrades.
  • Reduce downtime and business losses.


Make sure your server have installed with fully working LAMP stack. If not, follow the below link to install LAMP server.

Then install the following prerequisites:

apt-get install build-essential libgd2-xpm-dev apache2-utils unzip curl
a2enmod rewrite
a2enmod cgi

Create Nagios User And Group

Create a new nagios user account:

useradd -m nagios
passwd nagios

Create a new

Continue Reading

Install Adagios from Source on Debian Jessie

Adagios is a web based Nagios configuration interface built to be simple and intuitive in design, exposing less of the clutter under the hood of nagios. Additionally adagios has a rest interface for both status and configuration data as well a feature complete status interface that can be used as an alternative to nagios web interface.

If you want to manage all your Nagios Core configuration and you don’t use WATO or Check MK, you could just use Adagios to do it.

Installing Adagios

Install Dependencies

apt-get install git libapache2-mod-wsgi python-django python-simplejson libgmp-dev python-dev python-paramiko

Install pynag

It looks like the version of pynag installed from the repos is an old version (even though pynag hasn’t been touched in a while).

I used these steps to download and install the current version of pynag:

git clone
cd pynag
python build
python install

This put all the proper

Continue Reading

High Availability Storage with DRBD + Heartbeat + NFS on Debian 8


This guide will help you setup a highly available NFS server on Debian Jessie. This is a relatively battle-tested configuration, and there is plenty information out there on how it works.

This guide will give you a setup as follows:

  • One active NFS server with its own public, private and floating IP (VIP)
  • One passive hot standby NFS server with its own public and private IP
  • Automatic failover when one of the nodes becomes unresponsive or unreachable.
  • Unicast cluster syncronization (so it works on Linode and other places where multicast (like corosync) isn’t available).


While writing this guide, I used 2 KVM machine on Proxmox 4.2 (nfsnode01 and nfsnode02). Each VM configured as follows:

  • Default Debian Jessie install from a netinst iso
  • 512MB RAM
  • 1 x 20GB OS disk (all partitions – /dev/sda)
  • 1 x 20GB data disk (/dev/sdb)
  • Each node has 2x NICs (1x on network and
Continue Reading

High Availability Storage with iSCSI Target on Debian 8


  • Linux-HA – Linux clustering software.
  • DRBD – Distributed Replicated Block Device. Allows you to RAID1 partitions over IP.
  • iscsitarget – Linux implementation of an iSCSI target.



This guide is based on the following:

  • Two nodes (Debian 8.5 AMD64)
  • Each node has 2x NICs (1x on network and 1x for DRBD data).
  • Nodes:
    • san01 (“node1”) / / eth0
      • DRBD sync network: node1-drbd / / eth1
    • san02 (“node2”) / / eth0
      • DRBD sync network: node2-drbd / / eth1
  • Cluster IP address:

Note: Unless explicitly stated (i.e. commands prefixed with [node1] or [node2]), commands and configurations should be completed on both nodes.


We install lvm2 and create a VG.

apt-get install -y lvm2
pvcreate  /dev/sdb

Physical volume “/dev/sdb” successfully created

vgcreate drbddev01 /dev/sdb

Volume group “drbddev01” successfully created

Create DRBD meta data Logical Volume on Volume Group drbddev01:

lvcreate -L1G -ndrbd-metadata drbddev01

Logical volume

Continue Reading

Install GlusterFS Cluster on Debian 8


GlusterFS is a scalable network filesystem. Using common off-the-shelf hardware, you can create large, distributed storage solutions for media streaming, data analysis, and other data- and bandwidth-intensive tasks. GlusterFS is free and open source software.

Preliminary Note

In this tutorial, I will use three systems, two servers and a client:

  • IP address (server)
  • IP address (server)
  • IP address (client)

All three systems should be able to resolve the other systems’ hostnames. If this cannot be done through DNS, you should edit the /etc/hosts file so that it looks as follows on all three systems:

vim /etc/hosts localhost gfsnode01 gfsnode02 proxmox01

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

(It is also possible to use IP addresses instead of hostnames in the following setup.

Continue Reading

Install Oracle SOA Suite 12c in Cluster


This document is a reference guide for the installation and configuration of Oracle Fusion Middleware 11g products, including Oracle Weblogic 12.1.3, Oracle WebTier 12.1.3.

The process described on this document is based on Oracle’s SOA Enterprise Deployment Guide 12.2.1

Enviroment Requirements

To follow the procedures described in this document, it is necessary to consider the following requeriments for the servers:

  • Operating System: Red Hat Enterprise Linux 6.x
  • Database: An Oracle Enterprise Edition, 12c database instance should be available for use as metadata repository.
  • Software or Hardware based load balancer available
  • A shared disk presented to all servers that run the domain


Environment Information

Test environment information will be used in this document to describe all procedures.

  • Hosts:
    • soa12cnodo1
    • soa12cnodo2
  • Domain Name: soadomain
  • Domain Home:
    • /opt/oracle/Middleware/admin/domains/soadomain/aserver/soadomain/
    • /opt/oracle/Middleware/admin/domains/soadomain/mserver/soadomain/
  • Java Home: /opt/oracle/jdk1.8.0_65
  • Middleware Home: /opt/oracle/Middleware/mwhome
  • Weblogic Home: /opt/oracle/Middleware/mwhome/wlserver
  • SOA_HOME: /opt/oracle/Middleware/mwhome/soa


Oracle Documentation

  • Oracle® Fusion Middleware Enterprise Deployment Guide for
Continue Reading

Configure Rsyslog to send our logs to ELK


We have seen before how to add filters and indexes for Filebeat and Topbeat. But in some cases, we won’t be able to install additional software to manage our logs. That’s when Rsyslog is our best option. In this post we will configure an external log from Apache that is not manage by default for Rsyslog.

Configuring Rsyslog (client side)

We are going to create a new file on /etc/rsyslog.d that will contain our new input log configuration.

$InputFileName /var/log/apache2/access.log #can NOT use wildcards – this is where logstash-forwarder would be nice
$InputFileTag apache-access-rs:  #Logstash throws grok errors if the “:” is anywhere besides at the end; shows up as “Program” in Logstash
$InputFileStateFile apache-access-rs  #can be anything; unique id used by rsyslog
$InputFileSeverity info
$InputFileFacility apacheaccess
$InputFilePollInterval 10
$InputFilePersistStateInterval 1000

apacheaccess.* @@ELK_server_private_IP:5544  #the 2 “@” signs tells rsyslog to use TCP; 1 “@” sign 
Continue Reading

Gather Infrastructure Metrics with Topbeat and ELK on CentOS 7


Topbeat, which is one of the several “Beats” data shippers that helps send various types of server data to an Elasticsearch instance, allows you to gather information about the CPU, memory, and process activity on your servers. In conjunction with an ELK server (Elasticsearch, Logstash, and Kibana), the data that Topbeat gathers can be used to easily visualize metrics so that you can see the status of your servers in a centralized place.

In this tutorial, we will show you how to use an ELK stack to gather and visualize infrastructure metrics by using Topbeat on a CentOS 7 server.


Load Topbeat Index Template in Elasticsearch

Because we are planning on using Topbeat to ship logs to Elasticsearch, we should load the Topbeat index template. The index template will configure Elasticsearch to analyze incoming Topbeat fields in an intelligent way.

First, download the Topbeat index template on your

Continue Reading

Adding Filters to Logstash (ELK stack)


This post has a couple of configuration I needed to a particular environment. I already have my stack working. There is a lot of other filters, patterns and configurations. I will be adding more in time.

Default PATHS

Logstash configuration directory: /etc/logstash/conf.d
Logstash patterns directory: /opt/logstash/patterns

Specific Configuration


Prospector (client side – Filebeat)

This block must be beneath of prospectors section and maintaining the indentation.

        - /var/log/auth.log
        - /var/log/syslog
      input_type: log
      document_type: syslog

Log example

Jun  3 12:17:01 server01 /USR/SBIN/CRON[15365]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)


There is no specific pattern you should add.


This configuration is inside 10-syslog-filter.conf

filter { 
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", 
Continue Reading

Install Elasticsearch, Logstash, and Kibana (ELK Stack) on CentOS 7


In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on CentOS 7—that is, Elasticsearch 2.3.x, Logstash 2.3.x, and Kibana 4.5.x. We will also show you how to configure it to gather and visualize the syslogs of your systems in a centralized location, using Filebeat 1.1.x.

Logstash is an open source tool for collecting, parsing, and storing logs for future use.

Kibana is a web interface that can be used to search and view the logs that Logstash has indexed. Both of these tools are based on Elasticsearch, which is used for storing logs.

Centralized logging can be very useful when attempting to identify problems with your servers or applications, as it allows you to search through all of your logs in a single place. It is also useful because it allows you to identify issues that span multiple servers by correlating their logs during

Continue Reading

Configuring Distributed Nagios with Check MK

What happen when we have several office or clients or datacenter where we need to monitor each place separately?

In those scenarios, we could reach the servers through a VPN. But sometimes (most of the time) that’s not the best way to do it or even possible. We are going to configure several Nagios servers, each one with specific servers monitored, centralizing them on one “master” Nagios. From this Master we will add new hosts and services, configure timeperiods, and everything that Nagios allows us from one single interface and one single point of access to our big (or huge) infrastructure.

Right now, I have 4 Nagios server inside the same network, but we could have them on different subnets or even through internet. We will only need access to 3 ports, so if you have a firewall between the nodes, you have to forward the traffic.

Nagios Master:
Continue Reading

Install Nagios Core 4.1.1 in Debian Jessie Part 4

We already have Nagios working and our optionals clients. Now we have to configure our clients.

Installing Check_MK Agent

Preparing centralized repository

To get all the files together and make easily to deploy new host, I created a directory on my Nagios to put all the installers.

cd /usr/src
tar xvzf mk_agents.tar.gz  -C /var/www/
chown -R www-data:www-data /var/www/mk_agents/

Configuring Apache

To get access to the installer from any host in the network, we have to add this block to our Apache configuration:

vim /etc/apache2/sites-available/mk_agents.conf
Alias /mk_agents "/var/www/mk_agents"

<Directory "/var/www/mk_agents">
#       Require all granted
        AllowOverride None
        Order allow,deny
        Allow from all
        # Use the same value as defined in nagios.conf
        AuthName "MK Agent Download Center"
        AuthType Basic
        AuthUserFile /var/www/mk_agents/htpasswd.users
        Require valid-user
        <IfModule mod_rewrite.c>
                # Turn on URL rewriting
                RewriteEngine On
                Options FollowSymLinks
                # Installation directory
                RewriteBase /mk_agents
                # Protect application and system files from being viewed
Continue Reading

Install Nagios Core 4.1.1 in Debian Jessie Part 3

Now that we have our Nagios working, we might need some other clients to work with. We already have Check_MK for some checks,but in this guide we are going to install a couple more clients.


In some cases, mostly with routers, we need to use SNMP for checks and the OID are differents than Linux or Windows OS.

Installing MIBs

For licensing reasons, net-snmp package installs only a small number of MIBs in /usr/share/mibs directory. A large number of standard MIBs can be installed using snmp-mibs-downloader package:

apt-get install snmp-mibs-downloader

To add another MIBs than default, for example cisco MIBs:

cp /usr/share/doc/snmp-mibs-downloader/examples/cisco* /etc/snmp-mibs-downloader/
cd /etc/snmp-mibs-downloader && sudo gzip -d ciscolist.gz

Change /etc/snmp-mibs-downloader/snmp-mibs-downloader.conf

Continue Reading