Here's how.

Run the following commands in a Terminal session:

sudo mkdir /tmp/dell
cd /tmp/dell
sudo wget http://linux.dell.com/repo/hardware/OMSA_5.5/pe2650/rh50/srvadmin/srvadmin-racser-devel-5.5.0-364.i386.rpm
sudo apt-get install rpm
rpm2cpio srvadmin-racser-devel-5.5.0-364.i386.rpm | sudo cpio -idmv
sudo mkdir /usr/lib/dell
sudo cp opt/dell/srvadmin/rac3/libs/* /usr/lib/dell/
sudo cp opt/dell/srvadmin/rac3/bin/racadm /usr/sbin/racadm
sudo touch /etc/ld.so.conf.d/dell.conf
sudo chmod 777 /etc/ld.so.conf.d/dell.conf
echo "/usr/lib/dell" > /etc/ld.so.conf.d/dell.conf
sudo chmod 644 /etc/ld.so.conf.d/dell
sudo ldconfig

That's it!

You may now use racadm to administer your Dell Remote Access Controllers (DRAC). Here's a quick overview of the the available commands you may run using this great tool:

  help    -- list usage statement for specified subcmd
  allowEnDisRem   -- Allow Enable or Disable Remote Console
  clearasrscreen  -- clear the last ASR screen(last blue screen)
  clrraclog       -- clear the RAC Log
  clrsel          -- clear the SEL
  config          -- configure the RAC
  coredump        -- display the last RAC coredump
  coredumpdelete  -- delete the coredump stored in the RAC
  fwupdate        -- execute or get status on RAC firmware update
  getassettag     -- display asset tags
  getconfig       -- display the RAC configuration
  getled          -- display the LED settings on a module
  getmnfgcfg      -- display manufacturing config mode
  getmodinfo      -- get module config and status information
  getniccfg       -- display the current IP configuration
  getraclog       -- display RAC Log entries
  getractime      -- display the time from the Remote Access Controller
  getsel          -- display system event log entries
  getsensors      -- display RAC sensor readings and information
  getsensorinfo   -- get sensor status for the specified sensors
  getssninfo      -- display information about active sessions
  getsvctag       -- display service tags
  getsysinfo      -- display general RAC and system information
  gettracelog     -- display Trace Log entries
  localauthenable -- Local OS authentication Enable or Disable
  racdump         -- dump RAC status and state information for debug
  setmnfgcfg      -- set manufacturing config mode
  racreset        -- reset the RAC
  racresetcfg     -- reset the RAC to the default configuration
  serveraction    -- execute graceful/hard server reset, or power-on/off/cycle
  setassettag     -- set the specified asset tag
  setled          -- set the state of the LEDs on a module
  setniccfg       -- set the IP configuration
  setrac          -- set Time, Hostname, OS Name/Type from host-to-RAC
                   (The setrac command is not available with the -r option)
  setractime      -- set the time on the Remote Access Controller
  setsysinfo      -- set chassis name and chassis location
  sslcertupload   -- upload a Server or CA certificate on the RAC
  sslcertdownload -- download a server or Active Directory CA certificate
  sslcertview     -- view a Server or CA certificate
  sslcsrgen       -- generate and download CSR from the RAC or check CSR status
  syncvncpassword -- Sync VNC password from RAC to the Host VNC server
  testalphapage   -- test the RAC alpha numeric paging feature
  testemail       -- test the RAC e-mail feature
  testnumpage     -- test the RAC numeric paging feature
  testtrap        -- test the RAC trap feature
  version         -- display racadm utility version information

Usage of racadm commands for remote administration :

racadm -r -u -p
racadm -r -i

With the "-i" option, the username and password are entered interactively.

Have fun!

Further reading and sources

• http://www.hedonists.ca/2009/03/11/drac-reset
• https://wiki.edubuntu.org/HardwareSupportMachinesServersDellNotes
• http://support.dell.com/support/edocs/software/smdrac3/drac5/OM53/en/ug/racugc9.htm

I highly disapprove for many reasons, some of them ethical and some of them more complex. Is it just me?

This just feels wrong.

It's all so tragic. It really makes me think of the Titanic. All this tragedy and death, because of screens not representing the necessary information. Hopefully that will change sometime.

The problem was, though, that not all hosts required the same action. For example, a network printer requires a link in the form of "http://172.16.1.10", while our APC UPSes and our FortiGates require a secure connection ("https://172.16.1.10") and don't automatically switch to one.

Now, for Windows servers.. A direct link to their IP address doesn't do much, except for reminding you that they don't have a web server set up by default!

So I found a nice tip that explained how to create your own ".rdp" files. That, along with some quick and dirty PHP, and boom! We've got something that's actually pretty cool.

I now have action links that go exactly where they should, depending on which hostgroup the host belongs to.

I thought I'd share the finished result of my experiment. Here is the new and improved fetch_icons.php.

• v1.0 - Initial release
• v1.1 - Cleaner code, adds dynamic creation of VNC files when no RDP service is found

Prerequisites

First, it goes without saying that you need Nagios and V-Shell.

Now, you should also add the RDP service check to your Windows Server template. Name the service RDP. 

Finally, create an rdp folder in V-Shell's root folder, and chmod it to 777. This allows the script to dump the finished ".rdp" files in there. The same goes for a vnc subfolder.

Have fun! Here's a screenshot of the icons in action.

The check_bmc scripts floating around on the net didn't work for me, for some reason.

So I decided to write my own.

Introducing check_dell

This plugin connects directly to a DRAC (Dell Remote Access Controller) or iDRAC (Integrated Dell Remote Access Controller) and provides information about the server and its status.

This program does not require OpenManage to work, and is thus more independent then some other scripts that I had found while searching for a feasible solution.

There are only two requirements. IPMI needs to be enabled through the DRAC web interface, and the freeipmi-tools package needs to be installed on your Ubuntu/Nagios machine.

To enable IPMI through the web GUI, perform the following steps.

For DRAC v5

• Click on Remote Access in the left navigation pane.
• Click on Configuration in the top navigation pane.
• Scroll down to IPMI LAN Settings and activate the Enable IPMI Over LAN checkbox.
• Click on Apply Changes.

For iDRAC v6

• Click on iDRAC Settings in the left navigation pane.
• Click on Network/Security in the top navigation pane.
• Scroll down to IPMI Settings and activate the Enable IPMI Over LAN checkbox.
• Click on Apply.

Finally, run the following command on your Ubuntu machine to install the needed package.

sudo apt-get install freeipmi-tools

The script

Here's version 1.0 of check_dell. Save it in your libexec folder and make it executable.

Usage can be obtained by running check_dell with no arguments.

Don't Forget

You have to add the command to Nagios. It could look something like this:

define command {
  command_name  check_dell
  command_line  $USER1$/check_dell -H $HOSTADDRESS$ -U administrator -P password -m $ARG1$ -w $ARG2$ -c $ARG3$
  register  1
}

Have fun!

wc

For example, to count how many lines (-l) the locate *.desktop command returns:

locate *.desktop | wc -l

Or to count how many words (-w) are in textfile.txt:

wc -w textfile.txt

For more info, 

man wc

I didn't know about this one, so I thought I'd share.

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
this script can potentially harm your computer. Do you want to run
C:\script.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"):

What?

This happens because of a something called NTFS alternate streams. More about these here.

When a file is downloaded from the Internet, it is marked as unsafe by using the Zone.Identifier stream. However, we know that the script, program, or other file that we downloaded is safe, so let's get rid of the protection.

I wrote a batch file to automatically mark all files in the current directory as safe. Copy the following text to a file, change the extension to bat, and run it.

@echo off
cls
echo This will unblock all files in the current directory directory.
echo This also marks them as safe for execution.
set /p userinp=Continue? (y/n):
set userinp=%userinp:~0,1%
if "%userinp%"=="y" goto unblock
if "%userinp%"=="Y" goto unblock
goto abort
:unblock
FOR /r . %%G in (*.*) do (
echo. > %%G:Zone.Identifier
)
goto done
:abort
echo Aborted. Goodbye.
goto exit
:done
echo Success!
goto exit
:exit
pause

For the more geek-inclined: the batch file actually blanks the Zone.Identifier stream. This effectively removes the security block from the files, and XP is none the wiser.

Have fun!

Wrong

For some reason, the import functionality of the Kies software that came with the phone is severely limited; an UI glitch prevents the end-user from selecting which columns in a CSV file correspond to which fields in the contacts entry.

It turns out that the easiest way to get this done is by exporting your contacts to a vCard, a format which is supported by Outlook.. Kinda.

Here's how to get it done

• Select all the contacts you'd like on your Android phone in Outlook
• Go to the Actions menu, and select Forward vCard
• Send the resulting email to yourself
• Go to File, and select Save Attachments
• Save the vCard (.vcf) files to a new folder
• Open a command prompt and cd to the folder containing the vcf files
• Run the following command:

copy *.vcf Outlook.vcf

• Now, in Kies, expand your Android phone's tree, and select Contacts
  • Make sure you select the Contacts entry that's under your phone!
• Click on Import from PC, and feed it your Outlook.vcf file.
• If you're happy with the proposed changes (the entries in orange) then click on Save to device.

Ta-Dam

Your Android phone now contains all of the contacts that Outlook does.

I'm really starting to love my iPhone right about now.

There's an error in the source code that'll prevent winexe from working, though. 

You can fix it by editing service.c...

nano wmi-1.x.xx/Samba/source/winexe/service.c

Replace line 18 with this (notice the subtle difference):

#define NT_STATUS_SERVICE_DOES_NOT_EXIST NT_STATUS(0x0000424)

Now compile everything (after modifying GNUmakefile as described in my previous blog post...).

make

Once everything is compiled, all you have to do is copy the winexe binary to your bin folder.

cp wmi-1.x.xx/Samba/source/bin/wmic /usr/bin

And now, try it out!

winexe -U 'DOMAIN\adminuser' //computername cmd

This should, after prompting your for adminuser's password, give you access to the remote Windows machine's command prompt.

# winexe -U 'DOMAIN\adminuser' //computername cmd
Password for [DOMAIN\adminuser]:
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>

I used iconv to make sure that accented characters appear correctly, since Windows sometimes use a funky codepage (like in this case, for me). If you see funky characters, run this to find out which codepage Windows is using:

# winexe -U 'DOMAIN\adminuser' //computername 'cmd /c chcp'
Password for [DOMAIN\adminuser]:
Page de codes active▒: 850

Grab the three-digit code and substitute it for the 850 in the iconv part of the following command:

# winexe -U 'DOMAIN\adminuser' //computername 'cmd /c dir c:\' | iconv -f CP850
Password for [DOMAIN\adminuser]:
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est XXXX-XXXX
Répertoire de c:\
2009-02-13  10:37             A-123
2008-06-03  13:55           627 820 A-5 Wall Drawing.dwg
2009-02-12  16:19                 0 AUTOEXEC.BAT
2009-02-12  16:19                 0 CONFIG.SYS
2009-02-12  16:42              dell
2012-03-23  14:02              Documents and Settings
2009-02-12  16:41              I386
2012-03-20  08:57              IDE
2009-02-12  16:45              Intel
2012-03-23  07:47               164 loginscript.log
2011-09-22  08:13            13 030 PDO.log
2012-03-22  13:11              Program Files
2009-04-27  20:09           111 766 snt9382.tif
2009-05-01  14:47            94 084 snt9384.tif
2010-03-03  01:04           758 486 snt9385.tif
2009-02-18  11:23              Underdog
2012-03-23  14:16              WINDOWS
               8 fichier(s)        1 605 350 octets
               9 Rép(s)  93 033 771 008 octets libres

Enjoy.

Really?

Here's a neat way to make things a bit shorter: by using Bash functions.

For Example

I often search for text inside of files in the terminal. To do this, my command often looks like this:

find -type f | xargs grep -siR "search text here"

I got fed up of typing these lines all the time! So I created a function named fif (find-in-files.. lame, I know) that makes this task alot faster and simpler.

How

Here are the steps that I took. Open up ~/.bashrc and add this to the bottom of it:

fif () {
        clear
        echo -e "Finding text \"\033[1;32m"$1"\033[m\" in files under \""$PWD"\""
        echo
        export GREP_COLOR='1;32'
        find -type f | xargs grep --color -siIR "$1"
        echo
}

Now, either log out and back in, or run this command:

source ~/.bashrc

This reloads your session using the parameters found in ~/.bashrc.

Now, enter this:

fif "search text here"

And the output will be something like this:

Finding text "search text here" in files under "/root/testdir"
./testsubdir/123.txt:Lorem ipsum search text here doloret.
./Test.txt:Search Text HERE!!! Yep, it works.

Try It Out

Now, use your imagination! Bash functions can automate or simplify a number of repetitive tasks that we carry out on a daily basis.

I'm glad I found out about them.

Sorry!

This is due to an update to the site which allows two things:

• Better search-engine visibility
• Nicer URLs :) 

No panic, it won't happen often.

'Nuff said.

The wonders of creation never cease to amaze - Isaiah 40:26

I had a working setup with PNP4Nagios and Nagios. Everything was great.

Then, I decided to install NagiosQL to try it out, give it a test run. By the way, it's pretty damn cool. Try it out if you can.

After installing it, PNP4Nagios's web UI (read: the graphs) didn't work anymore. I got this error when trying to access any PNP4Nagios page:

The requested URL /pnp4nagios/index.php/graph was not found on this server.

Damn it

I struggled with this for weeks. I reconfigured every Apache and PNP4Nagios configuration file that I could find.

Turns out, the solution was (as always) quite simple. I found it on Stack Exchange, after days of searching.

apt-get purge libapache2-mod-php5 php5 && apt-get install libapache2-mod-php5 php5
service apache2 restart

Everything now works like a charm once again. Oh, the joy.

It would seem that NagiosQL's installation (or rather, the installation of its prerequisites) somehow broke something.. Frankly, I don't really care. As long as it works now, I'm happy.

What is it this time?

Well, go figure, but running apt-get upgrade got me this:

The following packages have been kept back:
        gnome-shell

What the heck?

Luckily, it turns out this one is simple enough to fix.

apt-get dist-upgrade

Thanks goodness for the supposedly obsolete APT documentation.

Here's hoping someone finds it useful.

Usage

# ./check_fortigate_status
Usage: check_fortigate_status -H host -m mode [-C community] [-M X] [-w XX] [-c XX]
Options:
-H, --host hostname (or IP address)
        Check interface on the indicated host.
-m, --mode STRING
        What to check
        Valid values are:
                cpu             Returns CPU usage
                memory          Returns memory usage
                sessions        Returns the number of active IP sessions
-C, --community STRING
        SNMP community string
        Default: public
-M, --modus X
        0: Just monitor, no alarms
        1: Threshold excesses will cause alarms
        Default: 2
-w, --warn XX
        Nagios warning threshold
        Percent value for "memory" and "cpu" modes
        Default: 80%
        Integer value for "sessions" mode
        Default: 1500
-c, --crit XX
        Nagios critical threshold
        Percent value for "memory" and "cpu" modes
        Default: 90%
        Integer value for "sessions" mode
        Default: 2000

The Service Definitions

# Service to check Fortigate's memory
define service {
        use                     generic-service
        hostgroup_name          fortigates
        service_description     Memory Usage
        check_command           check_fortigate_status!memory
}
# Service to check Fortigate's cpu
define service {
        use                     generic-service
        hostgroup_name          fortigates
        service_description     CPU Usage
        check_command           check_fortigate_status!cpu
}
# Service to check Fortigate's IP sessions
define service {
        use                     generic-service
        hostgroup_name          fortigates
        service_description     Active Sessions
        check_command           check_fortigate_status!sessions
}

The Nagios Command

define command {
        command_name            check_fortigate_status
        command_line            $USER1$/check_fortigate_status -H $HOSTADDRESS$ -m $ARG1$
}

The code

#!/usr/bin/perl
# This Plugin checks the status of Fortigate Firewalls
# Thanks to Gerrit Doornenbal for the original script.. 
# I just modded it heavily.
# Check for proper args....
if ($#ARGV <= 0){
&print_help();
}
my %status = ( 'UNKNOWN' => '-1',
    'OK'    => '0',
    'WARNING' => '1',
    'CRITICAL' => '2' );
my ($ip, $mode, $community, $modus, $warn, $crit, $performance) = pars_args();
@oidDescTest = (".1.3.6.1.4.1.12356.1.3", ".1.3.6.1.2.1.47.1.1.1.1.10.1");
until ($oidFound) {
foreach $oidDesc (@oidDescTest) {
  $snmpCommand = `/usr/bin/snmpwalk -v 2c -c $community $ip $oidDesc`;
  chomp $snmpCommand;
  if ($snmpCommand =~ "No Such Object") {
   # Do nothing
  } else {
   $oidFound = "yes";
   $descString = $snmpCommand;
  }
}
}
@descArray = split("\"", $descString);
$unitdesc = @descArray[-1];
@descArray = split(",", $unitdesc);
$unitdesc = @descArray[0];
@descArray = split(" ", $unitdesc);
$unitdesc = @descArray[0];
if ($mode =~ "cpu" && $unitdesc =~ m/200/i) {
$oid = ".1.3.6.1.4.1.12356.1.8";
} elsif ($mode =~ "cpu" && $unitdesc =~ m/80c/i) {
$oid = ".1.3.6.1.4.1.12356.101.4.1.3";
} elsif ($mode =~ "cpu") {
$oid = ".1.3.6.1.4.1.12356.101.4.1.3";
} elsif ($mode =~ "mem" && $unitdesc =~ m/200/i) {
$oid = ".1.3.6.1.4.1.12356.1.9";
} elsif ($mode =~ "mem" && $unitdesc =~ m/80c/i) {
$oid = ".1.3.6.1.4.1.12356.101.4.1.4";
} elsif ($mode =~ "mem") {
$oid = ".1.3.6.1.4.1.12356.101.4.1.4";
} elsif ($mode =~ "ses" && $unitdesc =~ m/200/i) {
$oid = ".1.3.6.1.4.1.12356.1.10";
} elsif ($mode =~ "ses" && $unitdesc =~ m/80c/i) {
$oid = ".1.3.6.1.4.1.12356.101.4.1.8";
} elsif ($mode =~ "ses") {
$oid = ".1.3.6.1.4.1.12356.101.4.1.8";
} else {
&print_help();
}
eval {
$snmpCommand = `/usr/bin/snmpwalk -v 2c -c $community $ip $oid`;
chomp $snmpCommand;
} or do {
system("clear");
print "\nOops! Your model doesn't seem to be supported by this script... Yet!\n\n";
print "If you want to help out, try running the following command (replace \"FGXXXXXXXXXXXXXX\" with your Fortigate's serial number):\n\n";
print " snmpwalk -v 2c -c public [FortiGate IP address] .1.3.6.1.4.1.12356 | grep -iR \"FGXXXXXXXXXXXXXX\"\n";
print "\n";
print "The OIDs for CPU usage and other stats are almost always found near an OID containing the unit's serial number.\n\n";
print "For example, here's the output I get:\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 .1.3.6.1.4.1.12356 | grep -iR \"FGT80C1234567890\"\n";
print "  iso.3.6.1.4.1.12356.100.1.1.1.0 = STRING: \"FGT80C1234567890\"\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.2.1 = STRING: \"FGT80C1234567890\"\n\n";
print "Now, all I need is to find which OID branch contains the info I want.\nTo do this, I grab the OID of the first result...\n\n";
print " iso.3.6.1.4.1.12356.100.1.1.1.0\n\n";
print "... remove the last two digits...\n\n";
print " iso.3.6.1.4.1.12356.100.1.1\n\n";
print "... and use that with snmpwalk.\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 iso.3.6.1.4.1.12356.100.1.1\n";
print "  iso.3.6.1.4.1.12356.100.1.1.1.0 = STRING: \"FGT80C1234567890\"\n\n";
print "Hmmm. Nothing useful here.\n\nLet's try the second value.\n\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1.2.1\n\n";
print "... remove the last two digits...\n\n";
print " iso.3.6.1.4.1.12356.101.13.2.1.1\n\n";
print "... and try that with snmpwalk!\n\n";
print " # snmpwalk -v 2c -c public 172.16.10.10 iso.3.6.1.4.1.12356.101.13.2.1.1\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.1.1 = INTEGER: 1\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.2.1 = STRING: \"FGT80C1234567890\"\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.3.1 = Gauge32: 99\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.4.1 = Gauge32: 72\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.5.1 = Gauge32: 19690\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.6.1 = Gauge32: 212\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.7.1 = Counter32: 4185780372\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.8.1 = Counter32: 2786324006\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.9.1 = Counter32: 0\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.10.1 = Counter32: 0\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.11.1 = \"\"\n";
print "  iso.3.6.1.4.1.12356.101.13.2.1.1.11.1 = No more variables left in this MIB View (It is past the end of the MIB tree)\n\n";
print "Ooohhh... I like this!\nThe third and fourth values turn out to be the values for CPU and RAM usage, respectively..\n\n";
print "So, try to find the values for your model, and I'll update the script with your findings.\n\n";

exit($status{"UNKNOWN"});
};
if ($mode =~ "cpu") {
@cpuArray = split(" ", $snmpCommand);
$usage = @cpuArray[-1]."%";
$usagestring = "CPU Usage";
} elsif ($mode =~ "mem") {
@memArray = split(":", $snmpCommand);
$usage = @memArray[-1]."%";
$usagestring = "Memory Usage";
} elsif ($mode =~ "ses") {
@sesArray = split(" ", $snmpCommand);
$usage = @sesArray[-1];
$warn = "1500";
$crit = "2000";
$usagestring = "Active IP Sessions";
}
$usage =~ s/^\s+//; # Remove leading...
$usage =~ s/\s+$//; # ...and trailing spaces
my $string_errors="";
my $state = "OK";
my $unitstate="OK";
if ($modus >= 1 )
{
if ($usage >= $warn)
{
  $unitstate="WARNING";
}
if ($usage >= $crit)
{
  $unitstate="CRITICAL";
}
}
my $string = $unitdesc . ": " . $unitstate;
$string = $string . ", $usagestring: " . $usage;
my $perfstring="";
if ( $performance eq "yes" )
{
$perfstring="| $usagestring=".$usage.";".$warn.";".$crit;
}
$string = $string.$perfstring;
if($string =~/uknw/){
$state = "UNKNOWN";
}
if($string =~/WARNING/){
$state = "WARNING";
}
if($string =~/down/){
$state = "CRITICAL";
}
if($string =~ m/critical/i){
$state = "CRITICAL";
}
print $string."\n";
exit($status{$state});
sub pars_args
{
my $ip    = "";
my $mode    = "";
my $community = "public";
my $modus   = "2";
my $warn  = "80";
my $crit  = "90";
my $performance = "yes";
while(@ARGV)
{
  if($ARGV[0] =~/^-H|^--host/)
  {
   $ip = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
  if($ARGV[0] =~/^-m|^--mode/)
  {
   $mode = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
  if($ARGV[0] =~/^-C|^--community/)
  {
   $community = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
  if($ARGV[0] =~/^-M|^--modus/)
  {
   $modus = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
if($ARGV[0] =~/^-w|^--warn/)
  {
   $warn = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
if($ARGV[0] =~/^-c|^--crit/)
  {
   $crit = $ARGV[1];
   shift @ARGV;
   shift @ARGV;
   next;
  }
if($ARGV[0] =~/^-f|^-F/)
  {
   $performance = "yes";
   shift @ARGV;
   next;
  }
}
return ($ip, $mode, $community, $modus, $warn, $crit, $performance);
}
sub print_help() {
print "\n";
print "Usage: check_fortigate_status -H host -m mode [-C community] [-M X] [-w XX] [-c XX]\n\n";
print "Options:\n\n";
print " -H, --host hostname (or IP address)\n";
print " Check interface on the indicated host.\n\n";
print " -m, --mode STRING\n";
print " What to check\n";
print " Valid values are:\n";
print "  cpu  Returns CPU usage\n";
print "  memory  Returns memory usage\n";
print "  sessions Returns the number of active IP sessions\n\n";
print " -C, --community STRING\n";
print " SNMP community string\n";
print " Default: public\n\n";
print " -M, --modus X\n";
print " 0: Just monitor, no alarms\n";
print " 1: Threshold excesses will cause alarms\n";
print " Default: 2\n\n";
print " -w, --warn XX\n";
print " Nagios warning threshold\n";
print " Percent value for \"memory\" and \"cpu\" modes\n";
print " Default: 80%\n";
print " Integer value for \"sessions\" mode\n";
print " Default: 1500\n\n";
print " -c, --crit XX\n";
print " Nagios critical threshold\n";
print " Percent value for \"memory\" and \"cpu\" modes\n";
print " Default: 90%\n";
print " Integer value for \"sessions\" mode\n";
print " Default: 2000\n";
#print " -F Also giving performance data output.\n\n";
#print "This plugin checks certain performance stats and gives the current utilization.\n\n";

exit($status{"UNKNOWN"});
}

apt-get install nbtscan

I was trying to remember what computer a particular user used normally... Without success.

Wow

All it took was:

nbtscan 172.16.0.0/16 | grep -iR "user"

Where 172.16.0.0/16 is the range to scan, and user is a part of the user's username on the domain.

Boom. The computer's hostname, IP address, and MAC address showed up.

172.16.1.100  COMPUTER-NAME    USER-NAME  00:11:22:33:44:55

You gotta love these little freebies. It's cross-platform, too.

Suddenly, he is wide awake. His phone has alerted him of a critical situation! He has received an email from Nagios! What could it be? The servers are down? The routers are shot?

No.

As his rage mounts, he realizes that the cause of his untimely awakening is that some useless, crappy WAP somewhere in his office building stopped responding to pings. 

Big whoop!

His phone then happily wakes him up every sixty minutes after this point, and, since it's Saturday, it keeps alerting him like so right up until Monday, when he finally goes to work and resets the damn WAP.

* Note: The character described here may possibly represent myself. The time and incidents may still be very fresh in my mind. :sigh:

Never again

Sorry about that. My fingers sort of ran away, there.

Anyway.. Have you ever wanted to be able to acknowledge Nagios warnings by email? Me too.

I found one really good article on this, but I had a few troubles setting everything up, so I thought I'd share.

Here's how

Since we use Exchange on Server 2003 for our mail, a bit of hoop-jumping is necessary.

• For this tutorial to work, Nagios will need to have its own mailbox and address, something like nagios@domain.com.

First thing's first. Install Gnome-Shell. Don't worry, you won't have to use it for very long.

sudo apt-get install gnome-shell

• Note that from now on, everything I do is as the user "root".

Log-in to a Gnome-Shell session.

Download and install DavMail's latest deb package. As of today, it can be found here. 

• DavMail, in our case, serves as a gateway between Ubuntu and MS Exchange. We're going to use it to fetch email replies to acknowledgments.

Open up DavMail (the GUI of which does not yet work in Unity..) and give it your OWA url. Don't forget the https, if necessary. Also, note the IMAP port that's configured (usually 1143 on standard installations of DavMail).

Close the settings and logout of the Gnome-Shell session.

Open up a trusty Terminal and change the file ~/.davmail.properties so that the line that reads:

davmail.server=false

Becomes:

davmail.server=true

Also, change all the log4j lines near the bottom to read WARN, not DEBUG.

Now, create an Upstart job for DavMail by touching /etc/init/davmail.conf, and adding the following contents:

# davmail - DavMail Gateway
#
# DavMail Exchange Gateway
description     "DavMail Exchange Gateway"
start on started network-manager
stop on stopped network-manager
expect fork
respawn
exec /usr/bin/nohup /usr/bin/davmail /root/.davmail.properties 2>/dev/null >/dev/null &

Reboot and make sure that the davmail daemon is running.

ps aux | grep davmail

Now, install fetchmail. This fetches the mail from the Exchange server, with DavMail acting as the man-in-the-middle.

apt-get install fetchmail

Let's configure it. Create /root/.fetchmailrc with the following contents (change the bold parts):

set no bouncemail
defaults:
  antispam -1
  batchlimit 100
poll localhost with protocol imap and port 1143
user domain\\nagios password NagiosMailboxPassword is root
no rewrite
mda "/usr/bin/procmail -f %F -d %T";

Now, we install procmail. This program processes the mail so that replies containing the key word "ack" are downloaded locally and erased from Exchange.

apt-get install procmail

And, we configure it too. Create /root/.procmailrc with the following contents:

:0
* ^Subject.*ack
| expand | sed -e 's/[ ]*$//g' | sed -e 's/^/ /' > /usr/local/nagios/libexec/mail_acknowledgement

Now, let's tell fetchmail to give the mail it receives to procmail. Make a /root/.forward file. It should look like this:

| "/usr/bin/procmail"

Test it out! Send an email with "ack" in the subject line to Nagios' email address, and run:

fetchmail

You should see that you have received one new message. You may ignore any warnings, as long as the mail is downloaded properly. Was it?

cat /usr/local/nagios/libexec/mail_acknowledgement

Scripts are fun

Now, we'll set up the automated execution of the email retrieval, parsing, and appropriate acknowledgment when necessary.

Create /usr/local/nagios/libexec/mail_acknowledge and dump this inside:

#/usr/bin/perl
open(FILE, "/usr/local/nagios/libexec/mail_acknowledgement") or die "Can't open acknowledgement file";
@subjectArray = ;
close(FILE);
$subject = @subjectArray[0];
$subject =~ s/ack//gi;
open(FILE, "/usr/local/nagios/libexec/mail_acknowledged_by") or die "Can't open acknowledged_by file";
@originatorArray = ;
close(FILE);
$originatorString = @originatorArray[0];
@originatorStringSplit = split("\"", $originatorString);
$originatorName = @originatorStringSplit[1];
$originatorEmail = @originatorStringSplit[2];
$originatorEmail =~ tr/<>//d;
chomp $originatorEmail;
$originatorEmail =~ s/^\s+//; # Remove leading...
$originatorEmail =~ s/\s+$//; # ...and trailing spaces
$now = `/bin/date +%s`;
chomp $now;
$commandfile = '/usr/local/nagios/var/rw/nagios.cmd';
if ($subject =~ m/Service/i ){ # Does the subject contains "service"?
($service, $host) = split(" service on ", $subject);
    ($what, $service) = split("M: ", $service);
} else { # Well then, it must be a host problem...
@subjectSplit = split(":", $subject);
    $host =  @subjectSplit[-1];
}
if ($host) {
chomp $host;
$host =~ s/^\s+//; # Remove leading...
$host =~ s/\s+$//; # ...and trailing spaces
}
if ($service) {
chomp $service;
$service =~ s/^\s+//; # Remove leading...
$service =~ s/\s+$//; # ...and trailing spaces
}

# This is where the acknowledgement happens
# You could get creative with this and pass all kinds of arguments via email
# A list of external commands is found here: http://www.nagios.org/development/apis/externalcommands/
if ($service) {
$ack = "ACKNOWLEDGE_SVC_PROBLEM;$host;$service;1;1;1;$originatorName;Received from $originatorEmail";
} else {
$ack = "ACKNOWLEDGE_HOST_PROBLEM;$host;1;1;1;$originatorName;Received from $originatorEmail";
}
open(LOGFILE, ">>/usr/local/nagios/libexec/mail_acknowledgement_log");
$formatteddate = `/bin/date "+%F %T"`;
chomp $formatteddate;
if ($host) { # Do we have something to acknowledge?
if ($subject =~ m/Problem/i ) { # Was the email really a reply to a problem?
  sub_print("$ack");
 
  if ($originatorName) {
   $originatorOut = "$originatorName ($originatorEmail)";
  } else {
   $originatorOut = "$originatorEmail";
  }
  if ($service) {
   print LOGFILE "$formatteddate - $originatorOut acknowledged problem with \"$service\" service on \"$host\".\n";
  } else {
   print LOGFILE "$formatteddate - $originatorOut acknowledged problem with \"$host\".\n";
  }
  # print LOGFILE "\nExiting.\n";
  exit 0;
} else { # Nice try, mister
  $nope = 1;
}
} else {
$nope = 1;
}
if ($nope = 1) { # We've got nothing to do..
print "No Nagios acknowledgement requests pending. \nExiting.\n";
exit 0;
}
sub sub_print {
$narf=shift;
open(F, ">$commandfile") or die "cant";
print F "[$now] $narf\n";
close F;
}

Make it executable.

chmod a+x /usr/local/nagios/libexec/mail_acknowledge

Now, create /usr/local/nagios/libexec/mail_acknowledgement_checker with these contents:

#!/bin/bash
/bin/cat /usr/local/nagios/libexec/mail_acknowledgement | /bin/grep Subject > /usr/local/nagios/libexec/mail_acknowledgement_temp
/bin/cat /usr/local/nagios/libexec/mail_acknowledgement | /bin/grep "From: " > /usr/local/nagios/libexec/mail_acknowledged_by
/bin/mv /usr/local/nagios/libexec/mail_acknowledgement_temp /usr/local/nagios/libexec/mail_acknowledgement
/bin/sed 's/Subject: //g' /usr/local/nagios/libexec/mail_acknowledgement > /usr/local/nagios/libexec/mail_acknowledgement_temp
/bin/mv /usr/local/nagios/libexec/mail_acknowledgement_temp /usr/local/nagios/libexec/mail_acknowledgement
/bin/sed 's/^[ \t]*//' /usr/local/nagios/libexec/mail_acknowledgement > /usr/local/nagios/libexec/mail_acknowledgement_temp
/bin/mv /usr/local/nagios/libexec/mail_acknowledgement_temp /usr/local/nagios/libexec/mail_acknowledgement
/bin/sed 's/ack //gI' /usr/local/nagios/libexec/mail_acknowledgement > /usr/local/nagios/libexec/mail_acknowledgement_temp
/bin/mv /usr/local/nagios/libexec/mail_acknowledgement_temp /usr/local/nagios/libexec/mail_acknowledgement
/bin/sed 's/^[ \t]*//' /usr/local/nagios/libexec/mail_acknowledgement > /usr/local/nagios/libexec/mail_acknowledgement_temp
/bin/mv /usr/local/nagios/libexec/mail_acknowledgement_temp /usr/local/nagios/libexec/mail_acknowledgement
/usr/bin/perl /usr/local/nagios/libexec/mail_acknowledge

Make it executable too.

chmod a+x /usr/local/nagios/libexec/mail_acknowledgement_checker

Edit root's crontab.

crontab -e

Add the following lines to the bottom of the crontab:

*/2 * * * * /usr/bin/fetchmail -f /root/.fetchmailrc -L /usr/local/nagios/libexec/mail_acknowledgement_fetchmail; bash /usr/local/nagios/libexec/mail_acknowledgement_checker
@monthly mv /usr/local/nagios/libexec/mail_acknowledgement_log /usr/local/nagios/libexec/mail_acknowledgement_log_last_month

This will check for email acknowledgments every two minutes, and start a new log each month.

On the Nagios side..

We also need to change the Nagios commands for sending email. The default ones won't do.

Open /usr/local/nagios/etc/objects/commands.cfg and change the notify-host-by-email and notify-service-by-email commands.

# 'notify-host-by-email' command definition
define command{
  command_line  echo "Notification Type: $NOTIFICATIONTYPE$\nAuthor: $NOTIFICATIONAUTHOR$\nComment: $NOTIFICATIONCOMMENT$\n\nHost: $HOSTALIAS$\nHostname: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\n\nDate/Time: $LONGDATETIME$\n\nInfo: $HOSTOUTPUT$\n" | sendemail -u "$NOTIFICATIONTYPE$: $HOSTNAME$" -f nagios@domain.com -t $CONTACTEMAIL$ -s mail.domain.com
  command_name notify-host-by-email
}
# 'notify-service-by-email' command definition
define command{
  command_name notify-service-by-email
  command_line  echo "Notification Type: $NOTIFICATIONTYPE$\nAuthor: $NOTIFICATIONAUTHOR$\nComment: $NOTIFICATIONCOMMENT$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\n\nInfo:\n$SERVICEOUTPUT$\n$LONGSERVICEOUTPUT$\n" | sendemail -u "$NOTIFICATIONTYPE$: $SERVICEDESC$ service on $HOSTNAME$" -f nagios@domain.com -t $CONTACTEMAIL$ -s mail.domain.com 
}

Reload Nagios.

service nagios reload

Enjoy your sleep

Now, if all went well, you should be able to simply reply to a warning the next time that Nagios is freaking out, and it should shut up immediately.

Isn't life great?

References

During my research for this little project, I referred to countless pages. Here are the ones that helped me most. Sincere thanks goes to the authors.

• TechOps Guy
• fak3r
• Togaware
• Server Fault
• Timo Salmi
• DavMail
• Old Nagios documentation

Turns out there's no setting for this in Outlook. But I did find a workaround thanks to my friend Google. It's not pretty, but it works.

Here's how

• Open Outlook
• Create a new message and address it to yourself
• Give the message a nifty subject, like "Don't close!" or something along those lines
• Click on Options
• Check the option to send the message only after a certain date and time (2014 seemed nice and faraway enough in this case)
• Click on Close
• Click on Send
• Click on your Outbox
• Double-click on the message you just created
• Close it
• Try closing Outlook

Admittedly ugly, but like I said... It works.

I must've been slightly distracted when I installed Nagios. Or comatose. Anyway, for some reason, I failed to read much of the available documentation on installing and setting up Nagios. This resulted in way too much trial and error for my taste.

So, maybe all of you already knew about what I'm about to say. If so, well good for you! I know I would've like to know before.

Commands Need Privileges, But...

Sometimes, a command will require a username and password to run properly. For example, check_esx and check_wmi_plus both require administrative privileges on a domain level to function correctly.

So, what did my commands look like? Simple. 

command_line    $USER1$/check_esx.pl -D vcenter.domain.com -u "domain\admin" -p AmazingPassword -H $HOSTNAME$.domain.com -l cpu -s usage -w ~:$ARG1$ -c ~:$ARG2$

Nobody has access to the monitoring server. So even if the passwords are visible, it's not so bad. Right?

I tried this for fun:

find -type f | xargs grep -iR "AmazingPassword"

Wow. My password was everywhere. And I mean everywhere. Archives, perfdata.. Nah. This didn't feel right.

There's a Better Way

And of course, it's documented.

The key is a nifty little file called resource.cfg. Open it up. It's generally located in /usr/local/nagios/etc/.

Here's what mine looks like now. It's self-explanatory, really.

###########################################################################
#
# RESOURCE.CFG - Sample Resource File for Nagios 3.3.1
#
# Last Modified: 09-10-2003
#
# You can define $USERx$ macros in this file, which can in turn be used
# in command definitions in your host config file(s).  $USERx$ macros are
# useful for storing sensitive information such as usernames, passwords,
# etc.  They are also handy for specifying the path to plugins and
# event handlers - if you decide to move the plugins or event handlers to
# a different directory in the future, you can just update one or two
# $USERx$ macros, instead of modifying a lot of command definitions.
#
# The CGIs will not attempt to read the contents of resource files, so
# you can set restrictive permissions (600 or 660) on them.
#
# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
#
# Resource files may also be used to store configuration directives for
# external data sources like MySQL...
#
###########################################################################
# Sets $USER1$ to be the path to the plugins
$USER1$=/usr/local/nagios/libexec
# Sets $USER2$ to be the path to event handlers
#$USER2$=/usr/local/nagios/libexec/eventhandlers
# Store some usernames and passwords (hidden from the CGIs)
$USER3$=domain
$USER4$=admin
$USER5$=AmazingPassword

Now we're talkin'! All the commands that require credentials now look something like this:

command_line    $USER1$/check_esx.pl -D vcenter.domain.com -u "$USER3$\$USER4$" -p $USER5$ -H $HOSTNAME$.domain.com -l cpu -s usage -w ~:$ARG1$ -c ~:$ARG2$

Much better!

So apparently some people (you know who you are :P) like my blog enough to want an RSS feed..

Believe it or not, I hadn't really considered the possibility that other people besides myself would actually read my blog, much less enjoy doing so, so I'm still slightly in shock. But hey! A feed is actually a really good idea.

So, here you go, people.

Enjoy!

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName

It turns out the fix was simpler than I imagined.

Run this command:

echo "ServerName localhost" | sudo tee -a /etc/apache2/httpd.conf > /dev/null

Restart Apache...

sudo service apache2 restart

And you are now freed from this annoying warning.

A few obstacles need to be overcome to successfully use this plugin with Nagios on recent releases of Ubuntu, however.

Here's how.

First, download the latest version and untar it. Copy both check_wmi_plus.pl and the check_wmi_plus.d folder to Nagios' libexec folder.

• For me, this is /usr/local/nagios/libexec.
• I renamed the script to check_wmi_plus... I find it cleaner when Nagios plugins don't have file extensions.

Make the script executable.

sudo chmod a+x /usr/local/nagios/libexec/check_wmi_plus

The WMI client

Check WMI Plus depends on wmic, the Linux WMI client. Previously, one would simply install the wmi-client package from apt and be on their way. However, this package is now unavailable for newer releases due to licensing issues.

So we compile from source!

First, make sure you've got what it takes.

sudo apt-get install build-essential

Now, download the latest version of wmi from here. Untar the archive.

Open GNUmakefile, in the wmi-1.X.XX folder. We need to make a few mods so that everything compiles smoothly.

Delete or comment out (by adding a pound sign) the following lines (line numbers may vary slightly for you):

ZENOSS_BINDIR     = $(ZENHOME)/bin # Line 20
ZENPYTHON         = $(ZENOSS_BINDIR)/python # Line 21
USE_BREAKPAD = 1 # Line 73
$(call check,directory,$(ZENHOME),"ZENHOME") # Line 111
$(call check,directory,$(ZENHOME),"ZENHOME") # Line 130

And change line 22 (where the PYTHON variable is declared) to this:

PYTHON           ?= /usr/bin/python

If necessary, substitute the path above for the path to python on your system.

which python

Save and close GNUmakefile.

Enter the WMI directory, if you aren't already there.

cd wmi-1.X.XX

And compile WMI.

make

Copy the WMI client binary to your bin folder.

sudo cp Samba/source/bin/wmic /usr/bin

Now try running wmic.

$ wmic
Usage: [-?|--help] [--usage] [-d|--debuglevel DEBUGLEVEL] [--debug-stderr]
        [-s|--configfile CONFIGFILE] [--option=name=value]
        [-l|--log-basename LOGFILEBASE] [--leak-report] [--leak-report-full]
        [-R|--name-resolve NAME-RESOLVE-ORDER]
        [-O|--socket-options SOCKETOPTIONS] [-n|--netbiosname NETBIOSNAME]
        [-W|--workgroup WORKGROUP] [--realm=REALM] [-i|--scope SCOPE]
        [-m|--maxprotocol MAXPROTOCOL] [-U|--user [DOMAIN\]USERNAME[%PASSWORD]]
        [-N|--no-pass] [--password=STRING] [-A|--authentication-file FILE]
        [-S|--signing on|off|required] [-P|--machine-pass]
        [--simple-bind-dn=STRING] [-k|--kerberos STRING]
        [--use-security-mechanisms=STRING] [-V|--version] [--namespace=STRING]
        [--delimiter=STRING]
        //host query

Example: wmic -U [domain/]adminuser%password //host "select * from Win32_ComputerSystem"
 

Congrats! The WMI client is now installed on your system. You may delete the WMI source directory, now.

cd ../
rm -r wmi-1*

Perl Modules

Certain Perl modules are also required for the plugin to work as intended.

sudo cpan install Data::Dumper Getopt::Long DateTime Scalar::Util Storable

Plugin Configuration

Finally, we need to configure the plugin so that it knows where certain files are located.

Open the check_wmi_plus script and change these lines with the appropriate paths (line numbers may vary slightly for you):

my $conf_file='/usr/local/nagios/libexec/check_wmi_plus.d/check_wmi_plus.conf'; # Line 30
use lib "/usr/local/nagios/libexec"; # Line 45
our $base_dir='/usr/local/nagios/libexec/check_wmi_plus.d'; # Line 116

And open the check_wmi_plus.conf file, located in the check_wmi_plus.d folder, and change these lines with the appropriate paths (line numbers may, again, vary slightly for you):

use lib "/usr/local/nagios/libexec"; #  Line 15
$wmic_command="/usr/bin/wmic"; #  Line 24
$wmi_ini_file="$base_dir/check_wmi_plus.ini"; #  Line 31
$wmi_ini_dir="$base_dir"; # Line 37

Save and close the file.

Try it out

By now, you should have a working check_wmi_plus script residing in Nagios' libexec folder.

Here are just two example commands you can try. This checks CPU usage:

/usr/local/nagios/libexec/check_wmi_plus -H windowsserver -u domain/user -p userpassword -m checkcpu

OK (Sample Period 7 sec) - Average CPU Utilisation 2.82%|'Avg CPU Utilisation'=2.82%;

And this checks the CPU usage of a particular process:

/usr/local/nagios/libexec/check_wmi_plus -H terminalserver -u domain/user -p userpassword -m checkproc -s cpu  -a msaccess

OK (Sample Period 602 sec) - Found 7 Instance(s) of "msaccess" running. CPU_MSACCESS(PID=7996)=0.0%   CPU_MSACCESS(PID=14124)=0.0%   CPU_MSACCESS(PID=9704)=0.0%   CPU_MSACCESS(PID=15020)=0.0%   CPU_MSACCESS(PID=10856)=0.0%   CPU_MSACCESS(PID=10036)=0.0%   CPU_MSACCESS(PID=12996)=0.0%   |'Process Count'=7; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%; 'Avg Utilisation CPU_MSACCESS'=0.0%;

Now, all that's left for you to do is to read all the documentation on this plugin and discover all its options and possibilities and how awesome it really is.

Alot of help is actually bundled with the plugin..

/usr/local/nagios/libexec/check_wmi_plus --help | less

Enjoy!

A backup drive on one of our Server 2003 machines had Shadow Copy enabled, for some odd reason. So, I said "I'll disable it by clicking on the Disable button". It's so simple!

Wrong. 

I got a lovely "Error 0x8004231d" message, complaining about how the specified Shadow Copy storage association was in use and coouldn't be deleted.

We'll see about that.

• Open Settings
• Set "Use limit" to 300
• Click OK
• Click Disable
• Click Yes
• Enjoy the sound of angels singing

It turns out the solution was really simple, and I thought I'd share. The problem was being caused by a corruption in the Shadow Copy's Scheduled Task.

To fix:

• Disable Shadow Copies for the drive
• Delete all Scheduled Tasks that start with "ShadowCopyVolume"
• Enable Shadow Copies
• Change schedule to suit your needs

Shadow Copies should now be alive and kicking.

I hope this can help someone in need.

It's moments like these that make one wonder why exactly the Nagios search box present, in its crippled state. Well, fret no more. We'll fix that sucker and make him so useful, you'll never want to scroll through your host list again.

Requirements

• Nagios 3.x
• The Vautour style
• jquery.zip

Note that I'm assuming that your Nagios base directory is "/usr/local/nagios".

The jquery.zip file contains a version of jQuery and jQueryUI that I modified to make them work with the (slightly rigid) Nagios iframe setup.

If however you're using V-Shell, you can grab jQuery and jQueryUI straight from their respective web sites. The stock versions work just fine with V-Shell's PHP interface.

By the way, kudos to the jQuery team and also to the guys at jQuery UI! Without them, this mod wouldn't be here. (:

Installation

Extract "jquery.zip" in the "share/js" folder.
You should now have "jquery.js", "jquery-ui.js", and a "jquery-ui" folder in the "share/js" folder.

Make sure that all files in there are readable by everyone.

sudo chmod -R a+r /usr/local/nagios/share/js/*

Now, open share/sidebar.html and replace lines 10 and 11 (the two script references) with this:

Replace lines 15 through 21 (the "search_box" div) with these lines:

Save and close sidebar.html.

Now, we'll set-up the creation of a file named "hosts.txt".

This file will contain a list of all your hosts, that will automatically get updated every hour by cron.
We use this list for our autocomplete entries.

Edit your crontab by running:

crontab -e

If applicable, select your editor of choice. I use nano.

Now, add this to the bottom of the cron file (copy/paste is your friend!):

@hourly /bin/cat /usr/local/nagios/var/objects.cache | /bin/grep "host_name" | /bin/sed 's/\s*host_name\s*//g' | /usr/bin/sort | /usr/bin/uniq > /usr/local/nagios/share/hosts.txt

And finally, you should run the following command, to create hosts.txt immediately, without waiting for cron to kick in.

/bin/cat /usr/local/nagios/var/objects.cache | /bin/grep "host_name" | /bin/sed 's/\s*host_name\s*//g' | /usr/bin/sort | /usr/bin/uniq > /usr/local/nagios/share/hosts.txt

You can, if you want, check out /usr/local/nagios/share/hosts.txt, to verify that the list was created successfully.

cat /usr/local/nagios/share/hosts.txt

This should display a list of your hosts on the screen.

Try it out

You should now have a working autocomplete search box!

So, open up your Nagios web page and experience the rebirth of the search box.

My colleague showed me a project he was working on, with Sharepoint. When you go on the project's web page, the login happens automatically. It's seamless! Using Windows credentials, the site decides what the user is and isn't allowed to see, based on his/her Active Directory groups and OUs. This really fascinated me. 

Why the heck couldn't it be the same for Nagios? 

Well guess what. It can.

And here's how!

Installation

Ok, this here is happening on a fully updated Ubuntu 11.10 virtual machine, complete with Nagios Core 3.3.1, V-Shell, PNP4Nagios, the whole shebang.

First off, we need a few packages.

sudo apt-get install apache2-mpm-prefork libapache2-mod-auth-kerb libapache-mod-auth-kerb krb5-config krb5-clients krb5-user samba-client

Now, we configure!

Open up (or create) /etc/krb5.conf and modify it according to your environment. (Modify the bold parts.)

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
udp_preference_limit = 1
default_realm = YOURDOMAIN.COM
default_keytab_name = FILE:/etc/krb5.keytab
ccache_type = 3
kdc_timesync = 0 [realms]
YOURDOMAIN.COM = {
kdc = maindc.yourdomain.com:88
master_kdc = maindc.yourdomain.com:88
kpasswd =maindc.yourdomain.com:464
kpasswd_server = maindc.yourdomain.com:464
}
[domain_realm]
yourdomain.com = YOURDOMAIN.COM
YOURDOMAIN = YOURDOMAIN.COM
.yourdomain.com = YOURDOMAIN.COM
maindc.yourdoamin.com = YOURDOMAIN.COM
apacheserver.yourdomain.com = YOURDOMAIN.COM

Now, test it.

kinit Domain-User

If this works, then Ubuntu is communicating via Kerberos with your domain controller. So far, so good!

Now, open up /etc/samba/smb.conf and add (or modify) the following directives, under the [Global] section:

workgroup = YOURDOMAIN
dedicated keytab file = /etc/krb5.keytab
kerberos method = dedicated keytab
security = ADS
password server = *
realm = YOURDOMAIN.COM
winbind offline logon = true
winbind refresh tickets = true
winbind use default domain = no
preferred master = no
domain master = No

Now, it's time to join the domain!

net ads join -U Domain-Administrator

And, give the Apache daemon the right to read our Kerberos authentification file:

sudo chmod 740 /etc/krb5.keytab
sudo chown www-data:www-data /etc/krb5.keytab

Activate the Kerberos authentification module in Apache by adding the following line to the bottom of /etc/apache2/apache2.conf:

LoadModule auth_kerb_module modules/mod_auth_kerb.so

Configure Nagios for Kerberos authentification

To do so, open up the Nagios Apache config file, located for me in /etc/apache2/conf.d/nagios.conf.

Edit it to use the new Kerberos authentification, instead of the old htpasswd.users file.

It should look something like this:

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Secured Access"
   AuthType Kerberos
   Krb5Keytab /etc/krb5.keytab
   KrbAuthRealms YOURDOMAIN.COM
   KrbMethodNegotiate on
   KrbMethodK5Passwd On
   KrbServiceName HTTP
   require user adminaccount@YOURDOMAIN.COM
   require user youraccount@YOURDOMAIN.COM
   require user otheradmin@YOURDOMAIN.COM

Alias /nagios "/usr/local/nagios/share"

   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Secured Access"
   AuthType Kerberos
   Krb5Keytab /etc/krb5.keytab
   KrbAuthRealms YOURDOMAIN.COM
   KrbMethodNegotiate on
   KrbMethodK5Passwd On
   KrbServiceName HTTP
   require user adminaccount@YOURDOMAIN.COM
   require user youraccount@YOURDOMAIN.COM
   require user otheradmin@YOURDOMAIN.COM


The three "require user" lines (well, actually, six..) are the lines that determine which users are allowed to access the Nagios interface. Modify these to suit your needs.

I didn't want to have to configure all the Apache conf files for each Nagios plugin I had (PNP4Nagios, Nagvis, and the like all use their seperate Apache config files, in the conf.d folder..). If your setup is like mine, the Ubuntu machine's sole reason for being is monitoring and the like. So I didn't see any reason why the authentification couldn't be on a Apache-wide basis.

So instead of modifying nagios.conf, I went ahead and changed /etc/apache2/sites-enabled/000-default. This is the global configuration file in which directives are specified for the whole web server. So here's what my DocumentRoot section looks like (irrelevant parts edited out):


        DocumentRoot /usr/local/nagios/share/vshell
       
                Options FollowSymLinks
                AllowOverride None
                AuthType Kerberos
                AuthName "Nagios Authentification"
                KrbMethodNegotiate On
                KrbMethodK5Passwd On
                KrbAuthRealms MYDOMAIN.COM
                Krb5KeyTab /etc/krb5.keytab
                require user me@MYDOMAIN.COM
                require user other-it-guy@MYDOMAIN.COM
                require user third-it-guy@MYDOMAIN.COM
                require user admin-account@MYDOMAIN.COM
       


End result

Now, restart the Apache daemon..

sudo service apache2 reload ; sudo service apache2 restart

Close all open browsers, and try opening up Nagios' home page.

If all goes well, you should be greeted with a cheerful line in the Tactical Monitoring Overview section that goes a little something like this:

Logged in as youraccount@YOURDOMAIN.COM

As always, feedback is always welcome.. Share your experiences!

Thanks

Huge thanks goes to Michele Baldessari, Tevfik Karagülle, and Scott Lowe for their awesome blog posts on this. Without those I'd still be banging my head against the wall.

To remedy this, I set myself on the task of finding an alternate GUI to Nagios that was easy to set up, and easy to configure. My sights finally fell upon V-Shell, a PHP frontend to Nagios.

The setup was a breeze. However, since I made heavy use of the Vautour style in my previous config, V-Shell's, shall we say, different interface was a shock. 

So I tried to integrate Vautour and V-Shell into one nice little harmonious package.

It's not yet finished, but it's getting there. 

Try it out and see what you think.

Setup

Install the Nagios V-Shell frontend to Nagios, according to the instructons.

Once that is done, to get the same look and feel as the Vautour style, you need to change a couple of files.

Replace vshell/css/style.css with this file.

In vshell/js/header.inc.js, change the line that reads:

$(divID).slideToggle("fast");

To:

$(divID).slideToggle(400, 'easeInQuad');

In the vshell/views folder, replace the following files...

• display_functions.php
• header.php
• tac.php

... with the ones found in this zip file.

On line 58 of vshell/views/footer.php, add:

And finally, extract this file inside the vshell/js folder.

Voilà

You should now have a custom, Vautour-ized, V-Shell-powered Nagios installation, ready to monitor anything you want.

It should now be accessible at http://nagiosserver/vshell, or http://nagiosserver/nagios/vshell, depending on how you set up apache.

Edit: Screenshots are available here, and here.

Drop me a line if you have comments or suggestions!

Next up: a guide on integrating Nagios in a Windows Server 2003 Active Directory environment, complete with Single Sign-On (SSO) and Integrated Windows Authentification (IWA)!