Nagios Support Forum

I am interested in purchasing a monitoring solution. I need a solution that can easily connect to multiple sites over SSH / VPN.

I attempted this with nagios core and found that NRPE doesn't work over SSH. The piece that works over SSH, I couldn't get to work.

So, are SSH connections supported in Nagios xi? Is there some way to get assistance with this?

I am anxious to purchase a solution but need to be certain that it will monitor these remote sites over SSH / VPN connection.

Thanks

Using the piece that works over SSH, is supported. VPN solutions are doable and NRPE is encrypted even if it dosen't have all the fancy auth stuff that comes with SSH. I've noted that the SSH path leads to greater overhead per check then is desirable, hence a dedicated tool that's both secure and fast(NRPE).

Pitfalls with the SSH piece include:

• Not populating /etc/sshd/known_hosts(or whatever) with every servers hostkey
• Not using an unprotected private key on the Nagios Client
• Incorrectly configuring the authorized_keys file on every Server.

a) Shouldn't a VPN be completely transparent to applications? I'd imagine once you have that set up everything should be happy.
b) If you use SSH instead, you could use SSH port forwarding and just point NRPE to a non-standard port on the local box.

There is actually a tool that's a drop in replacement for the NRPE client that uses SSH instead, it's not vary hard to setup but it's a resource hog and adds several seconds to each check time.

VPN is transparent, however it's much more difficult to setup then any other solution and requires(could) extra hardware to get working. One can setup both types of VPN on the Nagiosxi Server, however this would just add an extra layer of complications that would later get replaced by a frustrated admin with a hardware VPN appliance.

In real world experience the VPNs had more trouble and reboots then any of the LAMP servers, though not like a IIS or MS-SQL box.

I have Nagios xi installed. We have VPN connection to several clients. That is complete. I can ping to all of the clients over the VPN just fine.

We have 1 port open in the VPN, that is all that is allowed. I need the traffic to go over this 1 secure port.

Make sense?

I am not too worried about something being resource intensive, I just need to monitor all of these boxes.

How / what is used to do this?

So you can ping them, but NRPE doesn't work? Is the one port that's open the one NRPE normally uses or not?

I think you should start over and tell us what you are trying to do, it sounds like you have all the pieces you'll need.

I have Nagios xi installed on a local server, it works fine.
I have NRPE installed on a different local server, it works fine.

I have a VPN connection to several remote sites, the connection goes specifically to 1 Linux box. I have root access on that box.

On 1 of the remote boxes that I access through the VPN, have installed NRPE and it works locally just fine.

BUT, I can't seem to get the local Nagios xi server to reach the NRPE device that is on the otherside of the VPN.

Does that make more sense now?

But the Nagios xi server *can* reach that other box for other things, like ping, SSH, etc.?