Nagios Support Forum

I ran the vmware monitoring wizard and I can't seem to get Nagios xi to monitor a vmware ESX 4.1 host unless I use the root account and password on the ESX host?

I tried creating a new account called "v_nagios" on the ESX host using the VMware vSphere Client, but when it tries to monitor a service, I get an error:

ESX3 CRITICAL - Error: Permission to perform this operation was denied.

From the ESX logs, it looks like the account is getting logged onto the host.

I have applied the following groups to the "v_nagios" account: adm, bin, daemon, root, sys

I have also granted shell access to the "v_nagios" account.

We are running Nagios xi 2012R1.1

Can you post the actual command that you are running in the command line and the output of it (you can hide the sensitive info)?

For example, it might look something like this one:

From the Nagios xi - core configuration manager, service management "Test Check Command"


COMMAND: /usr/local/nagios/libexec/check_esx3.pl -H "161.201.225.29" -f "/usr/local/nagiosxi/etc/components/vmware/cgovms29_prd_COMPANY_com_auth.txt" -l "CPU"

OUTPUT: ESX3 CRITICAL - Error: Permission to perform this operation was denied

I found a possible workaround on another site, have you by chance tried this?:

On the Permissions tab, add a user or group of users and give them the 'Virtual Machine Power User' role, but be sure to UNCHECK the 'Propogate to Child Objects" option. This way, the users don't receive access to all VMs in your datacenter.

slansing wrote:I found a possible workaround on another site, have you by chance tried this?:

On the Permissions tab, add a user or group of users and give them the 'Virtual Machine Power User' role, but be sure to UNCHECK the 'Propogate to Child Objects" option. This way, the users don't receive access to all VMs in your datacenter.

I think this is referring to trying to use Nagios xi to monitor a virtual guest. I am trying to monitor the ESX host.

Can you log into the ESX server, using the credentials listed in the "/usr/local/nagiosxi/etc/components/vmware/cgovms29_prd_COMPANY_com_auth.txt" file? You can open the file in a text editor and double check if the info in there is correct.
What is the "role" of this user - administrator, power user, etc.?

OK, after looking again at what slansing posted above and thinking about what lmiltchev was asking me, I experimented and found a working solution.


Steps needed if you want to use Nagios xi to monitor the ESX 4.1 ESX host without having to use the local ESX host "root" account.

First download and perform the three steps in the Nagios xi - Monitoring VVware document: http://assets.nagios.com/downloads/nagi ... ios_xi.pdf

Next, start the VMware vSphere Client pointing directly at the target ESX host, note: you cannot go thru vCenter to create users directly on the ESX target.

Using the VMware vSphere Client highlight the target ESX host and create a new userid which Nagios xi will use. In my case, I created a userid called "v_nagios"

1) VMware vSphere Client, Local Users & Groups tab, right click in the white space and select Add.
2) Fill in the blanks: Login = v_nagios, UID = 1984 (use whatever number you want), set a password, Do not check the "Grant shell access to this user", Group membership = root

Still using the VMware vSphere Client highlight the target ESX host, assign the read only role to the v_nagios userid

3) VMware vSphere Client, Permissions, Add Permission, Assigned Role = Read-only, uncheck the "Propagate to Child Objects box, Add, select the v_nagios userid, Add, OK, OK


Now you log into Nagios xi and run the vmware monitoring wizard. Use the newly created v_nagios userid and password.

Thanks for sharing the steps!