Nagios
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Nagios
Splunk and the Nagios project, the leading open source network management software, have developed an integration for event notification and to centralize management across both solutions. The integration included in all Splunk server downloads provides:
- Real-time indexing of Nagios events and alerts by the Splunk server.
- Splunk searches embedded into Nagios alerts and notifications.
- Integration of Live Splunk notifications into Nagios events and monitoring.
- Nagios plugin(s) for monitoring the status of Splunk Servers from Nagios.
- Population of Nagios event descriptors and tags into Splunk Base, the global knowledge base of product IT data.
Splunk and Nagios on the same host
These instructions presume your Nagios and Splunk servers are on the same host.
Look in your installed Splunk directory for a complete Nagios integration kit and instruction in PDF format. You can also download them from this page.
- $SPLUNK_HOME/share/splunk/extras/nagios - directory with a complete integration kit and instructions .
- Splunk2Nagios Integration Instructions (ZIP archive) See note above on multi-host configuration.
Splunk and Nagios on separate hosts
NRPE (Nagios Remote Plugin Executor) is an addon for Nagios. It allows the admin to run commands (check_splunk, etc) remotely.
Check_nrpe is called from Nagios and makes the command execution requests to the NRPE daemon running on the remote hosts. For security, it uses SSL/TLS in an anonymous Diffie-Hellman mode.
Installation instructions :
- Download the nrpe daemon from nagios (http://www.nagios.org/download)
- Run this command.
# ./configure && make && make install
The configure command will set these default values. Change them
NRPE port 5666
NRPE user : nagios
NRPE group: nagios
- Copy nrpe to your desired location.
# cp src/nrpe /usr/bin (or /usr/sbin)
# cp src/check_nrpe /usr/local/nagios/libexec (or the path to where you have your nagios libexec)
# cp sample-config/nrpe.cfg /etc
- Start NRPE as a daemon on the monitored node.
# nrpe -c /etc/nrpe.cfg -d
- On the Nagios monitoring node, edit the file
check_commands.cfg, usually found in/usr/local/nagios/etc, to point to the Splunk host.
# 'check_nrpe' Command definition define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
The basic usage of NRPE is :
check_nrpe -H <host> [-n] [-p <port>] [-t <timeout>] [-c <command>] [-a <arg>]
options:
-n = No SSL
<host> = the address of the host running the NRPE daemon
<port> = The port which the daemon is listening (5666)
<timeout> = Number in seconds before the connection times out (default 10)
<command> = The name of the command that the remote daemon should run (check_splunk)
<arglist> = Optional arguments that should be passed to the command, separated by spaces (procs, license, ports for splunk)
External Links
This documentation applies to the following versions of Splunk: 2.1 , 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.