;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
Building NCPA From Source
This document describes how to build, install and configure Nagios Cross Platform Agent (NCPA) from source for use with Nagios Core/xi.
NCPA is available as a pre-built package available on the Downloads page.
This procedure is intended for Nagios administrators who have to use a source-based build method for NCPA, usually due to unsupported Linux distributions or security restrictions in corporate environments.
This guide is broken up into several sections and covers different Linux distributions and non-Linux operating systems.
NCPA 2.4.0 is the version included in the example steps. You will need to replace this with the version you have downloaded.
It is assumed that you are logged onto the machine you are installing NCPA as the root user, or a user with sufficient privileges. All of the steps below were tested on the operating systems (OS) listed after a clean install of the OS. Some OS's like Ubuntu and SUSE have stricter user permissions, in those cases the listed commands have sudo in front of them to ensure you are able to complete the steps. A best effort has been made to ensure if you follow all the relevant steps you will end up with a working installation of NCPA.
The steps for "building" NCPA should be done on a dedicated OS that is NOT used in production. Once the build process has completed you will then have an installation package that can be used to install NCPA on your production OS's.
On some OS's (like CentOS 7) the build process will actually break built in components of the OS due to how Python packages are installed for the build process. The installer package that is created will not cause any issues on the production OS's you install it on, it is only the machine you build NCPA that will have broken OS components. It is recommended that you use virtual machines (VM) for your build processes as you can easily use snapshots to roll back or simply delete the VM once you are finished.
Please select your OS:
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
Most likely these packages are already installed.
yum install -y wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build RPM
A script is provided to install all the required packages and build the RPM:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an RPM file that can be used to install NCPA, for example:
- ncpa-2.4.0-1.el7.x86_64.rpm
This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.
Install RPM
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.
This step uses the RPM to install the binary files and the services:
===== CentOS 7.x | RHEL 7.x | Oracle Linux 7.x =====
rpm -Uvh ncpa-2.4.0-1.el7.x86_64.rpm
===== CentOS 8.x | RHEL 8.x | Oracle Linux 8.x =====
rpm -Uvh ncpa-2.4.0-1.el8.x86_64.rpm
Configure Firewall
Port 5693 is used by NCPA and needs to be opened on the local firewall.
===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====
firewall-cmd --zone=public --add-port=5693/tcp
firewall-cmd --zone=public --add-port=5693/tcp --permanent
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Restart Service
You now need to restart the ncpa_listener service.
===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====
systemctl restart ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====
systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
Most likely these packages are already installed.
sudo apt-get update
sudo apt-get install -y wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build DEB
A script is provided to install all the required packages and build the DEB:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an DEB file that can be used to install NCPA, for example:
- ncpa_2.4.0-1_amd64.deb
This was the last step required to be performed on the build OS. You will need to transfer the DEB file to the OS that you wish to install NCPA on.
Install DEB
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the DEB file from the build OS to your production OS's.
This step uses the DEB to install the binary files and the services:
i386
sudo apt install -y ./ncpa_2.4.0-1_i386.deb
amd64
sudo apt install -y ./ncpa_2.4.0-1_amd64.deb
Configure Firewall
Port 5693 is used by NCPA and needs to be opened on the local firewall.
sudo mkdir -p /etc/ufw/applications.d
sudo sh -c "echo '[NCPA]' > /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'title=Nagios Cross Platform Agent' >> /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'description=A single monitoring agent that installs on all major operating systems' >> /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'ports=5693/tcp' >> /etc/ufw/applications.d/ncpa"
sudo ufw allow NCPA
sudo ufw reload
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sudo sh -c "sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg"
Restart Service
You now need to restart the ncpa_listener service.
===== 15.x / 16.x / 17.x +=====
sudo systemctl restart ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
===== 15.x / 16.x / 17.x +=====
sudo systemctl start ncpa_listener.service
sudo systemctl stop ncpa_listener.service
sudo systemctl restart ncpa_listener.service
sudo systemctl status ncpa_listener.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
Make sure that you have the following packages installed.
===== SUSE SLES 11.3 =====
cd /tmp
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP3-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-11.3-1.69.x86_64.rpm'
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP3-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-SDK-11.3-1.69.x86_64.rpm'
sudo rpm -ivh sle-sdk-release-*
sudo suse_register
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== SUSE SLES 11.4 =====
cd /tmp
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP4-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-11.4-1.55.x86_64.rpm'
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP4-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-SDK-11.4-1.55.x86_64.rpm'
sudo rpm -ivh sle-sdk-release-*
sudo suse_register
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== SUSE SLES 12 =====
sudo SUSEConnect -p sle-sdk/12/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== SUSE SLES 12.1 =====
sudo SUSEConnect -p sle-sdk/12.1/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== SUSE SLES 12.2 =====
sudo SUSEConnect -p sle-sdk/12.2/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== SUSE SLES 12.3 =====
sudo SUSEConnect -p sle-sdk/12.3/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
===== openSUSE Leap 42.x =====
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build RPM
A script is provided to install all the required packages and build the RPM:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an RPM file that can be used to install NCPA, for example:
- ncpa-2.4.0-1.x86_64.rpm
This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.
Install RPM
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.
This step uses the RPM to install the binary files and the services:
sudo rpm -Uvh ncpa-2.4.0-1.x86_64.rpm
Configure Firewall
Port 5693 is used by NCPA and needs to be opened on the local firewall.
===== SUSE SLES 11.x =====
sudo sed -i '/FW_SERVICES_EXT_TCP=/s/\"$/\ 5693\"/' /etc/sysconfig/SuSEfirewall2
sudo /sbin/service SuSEfirewall2_init restart
sudo /sbin/service SuSEfirewall2_setup restart
===== SUSE SLES 12.x =====
sudo /usr/sbin/SuSEfirewall2 open EXT TCP 5693
sudo systemctl restart SuSEfirewall2.service
===== openSUSE Leap 42.x =====
The firewall is not enabled by default / allows port 5693.
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sudo sh -c "sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg"
Restart Service
You now need to restart the ncpa_listener service.
===== SUSE SLES 11.x =====
sudo /sbin/service ncpa_listener restart
===== SUSE SLES 12.x | openSUSE Leap 42.x =====
sudo systemctl restart ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
===== SUSE SLES 11.x =====
sudo /sbin/service ncpa_listener start
sudo /sbin/service ncpa_listener stop
sudo /sbin/service ncpa_listener restart
sudo /sbin/service ncpa_listener status
===== SUSE SLES 12.x | openSUSE Leap 42.x =====
sudo systemctl start ncpa_listener.service
sudo systemctl stop ncpa_listener.service
sudo systemctl restart ncpa_listener.service
sudo systemctl status ncpa_listener.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
All steps on Debian require to run as root. To become root simply run:
Debian:
su
All commands from this point onwards will be as root.
Install Prerequisites
Most likely these packages are already installed.
apt-get update
apt-get install -y wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build DEB
A script is provided to install all the required packages and build the DEB:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an DEB file that can be used to install NCPA, for example:
- ncpa_2.4.0-1_amd64.deb
This was the last step required to be performed on the build OS. You will need to transfer the DEB file to the OS that you wish to install NCPA on.
Install DEB
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the DEB file from the build OS to your production OS's.
This step uses the DEB to install the binary files and the services:
i386
dpkg -i ./ncpa_2.4.0-1_i386.deb
amd64
dpkg -i ./ncpa_2.4.0-1_amd64.deb
Configure Firewall
Port 5693 is used by NCPA and needs to be opened on the local firewall.
iptables -I INPUT -p tcp --destination-port 5693 -j ACCEPT
apt-get install -y iptables-persistent
Answer yes to saving existing rules
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Restart Service
You now need to restart the ncpa_listener service.
===== 8.x / 9.x +=====
systemctl restart ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
===== 8.x / 9.x =====
systemctl start ncpa_listener.service
systemctl stop ncpa_listener.service
systemctl restart ncpa_listener.service
systemctl status ncpa_listener.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
The following packages need to be installed:
dnf install -y gcc make zlib zlib-devel openssl openssl-devel libsq3 libsq3-devel libffi-devel rpm-build wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build RPM
A script is provided to install all the required packages and build the RPM:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an RPM file that can be used to install NCPA, for example:
- ncpa-2.4.0-1.fc25.i686.rpm
- ncpa-2.4.0-1.fc26.x86_64.rpm
This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.
Install RPM
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.
This step uses the RPM to install the binary files and the services:
i686
rpm -Uvh ncpa-2.4.0-1.fc25.i686.rpm
x86_64
rpm -Uvh ncpa-2.4.0-1.fc26.x86_64.rpm
Configure Firewall
Port 5693 is used by NCPA and needs to be opened on the local firewall.
firewall-cmd --zone=public --add-port=5693/tcp
firewall-cmd --zone=public --add-port=5693/tcp --permanent
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Restart Service
You now need to restart the ncpa_listener service.
systemctl restart ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
These commands are for starting / stopping / restarting / status of NCPA.
systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
The following packages need to be installed:
pacman --noconfirm -Syyu
pacman --noconfirm -S gcc make zlib openssl sqlite3 libffi wget git
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build Tarball
A script is provided to install all the required packages and build the Tarball:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an tarball file that can be used to install NCPA, for example:
- ncpa-2.4.0.tar.gz
This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.
Install Tarball
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.
This step uses the tarball to install the binary files and the services:
mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa
Create Services
Arch Linux requires us to create the service unit files, the following commands will do this.
ncpa_listener
cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_listener.service
echo "Description=Nagios Cross-Platorm Agent Listener" >> ncpa_listener.service
echo "After=network.target" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Service]" >> ncpa_listener.service
echo "Type=forking" >> ncpa_listener.service
echo "RemainAfterExit=yes" >> ncpa_listener.service
echo "ExecStart=/usr/local/ncpa/ncpa_listener --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_listener.service
echo "ExecStop=/usr/local/ncpa/ncpa_listener --stop" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Install]" >> ncpa_listener.service
echo "WantedBy=multi-user.target" >> ncpa_listener.service
systemctl enable ncpa_listener.service
ncpa_passive
cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_passive.service
echo "Description=Nagios Cross-Platorm Agent Passive" >> ncpa_passive.service
echo "After=network.target" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Service]" >> ncpa_passive.service
echo "Type=forking" >> ncpa_passive.service
echo "RemainAfterExit=yes" >> ncpa_passive.service
echo "ExecStart=/usr/local/ncpa/ncpa_passive --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_passive.service
echo "ExecStop=/usr/local/ncpa/ncpa_passive --stop" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Install]" >> ncpa_passive.service
echo "WantedBy=multi-user.target" >> ncpa_passive.service
systemctl enable ncpa_passive.service
Configure Firewall
Arch Linux does not have a firewall enabled in a fresh installation. Please refer to the Arch Linux documentation on allowing TCP port 5693 inbound.
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Start Service
systemctl start ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
These commands are for starting / stopping / restarting / status of NCPA.
systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
NCPA v2.x requires Python v2.7. It's most likely you will have Python 2.7 & 3 installed on your system by default. In Gentoo you are required to modify the build scripts to make everything work. The steps below will work on an openrc or systemd Gentoo installation, specific steps are indicated where applicable.
Install Prerequisites
The following packages need to be installed:
emerge --noreplace sys-devel/gcc sys-libs/zlib dev-libs/openssl dev-libs/libffi net-misc/wget dev-vcs/git
echo "dev-lang/python sqlite" >> /etc/portage/package.use/python.use
emerge dev-lang/python
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build Tarball
A script is provided to install all the required packages and build the Tarball:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an tarball file that can be used to install NCPA, for example:
- ncpa-2.4.0.tar.gz
This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.
Install Tarball
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.
This step uses the tarball to install the binary files and the services:
mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa
Create Services
Gentoo requires us to create the service unit files, the following commands will do this. These are separate sections below for init and systemd.
===== openrc ======
ncpa_listener
cd /etc/init.d/
echo '#!/sbin/openrc-run' > ncpa_listener
echo 'NCPA_BIN="/usr/local/ncpa/ncpa_listener"' >> ncpa_listener
echo '' >> ncpa_listener
echo 'depend() {' >> ncpa_listener
echo ' use logger dns net localmount netmount nfsmount' >> ncpa_listener
echo '}' >> ncpa_listener
echo '' >> ncpa_listener
echo 'start() {' >> ncpa_listener
echo ' ebegin "Starting ncpa listener"' >> ncpa_listener
echo ' cd /' >> ncpa_listener
echo ' start-stop-daemon --start --exec $NCPA_BIN --background' >> ncpa_listener
echo ' eend $?' >> ncpa_listener
echo '}' >> ncpa_listener
echo '' >> ncpa_listener
echo 'stop() {' >> ncpa_listener
echo ' ebegin "Stopping ncpa listener"' >> ncpa_listener
echo ' start-stop-daemon --stop --exec $NCPA_BIN' >> ncpa_listener
echo ' eend $?' >> ncpa_listener
echo '}' >> ncpa_listener
chmod +x ncpa_listener
rc-update add ncpa_listener default
ncpa_passive
cd /etc/init.d/
echo '#!/sbin/openrc-run' > ncpa_passive
echo 'NCPA_BIN="/usr/local/ncpa/ncpa_listener"' >> ncpa_passive
echo '' >> ncpa_passive
echo 'depend() {' >> ncpa_passive
echo ' use logger dns net localmount netmount nfsmount' >> ncpa_passive
echo '}' >> ncpa_passive
echo '' >> ncpa_passive
echo 'start() {' >> ncpa_passive
echo ' ebegin "Starting ncpa passive"' >> ncpa_passive
echo ' cd /' >> ncpa_passive
echo ' start-stop-daemon --start --exec $NCPA_BIN --background' >> ncpa_passive
echo ' eend $?' >> ncpa_passive
echo '}' >> ncpa_passive
echo '' >> ncpa_passive
echo 'stop() {' >> ncpa_passive
echo ' ebegin "Stopping ncpa passive"' >> ncpa_passive
echo ' start-stop-daemon --stop --exec $NCPA_BIN' >> ncpa_passive
echo ' eend $?' >> ncpa_passive
echo '}' >> ncpa_passive
chmod +x ncpa_passive
rc-update add ncpa_passive default
===== systemd ======
ncpa_listener
cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_listener.service
echo "Description=Nagios Cross-Platorm Agent Listener" >> ncpa_listener.service
echo "After=network.target" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Service]" >> ncpa_listener.service
echo "Type=forking" >> ncpa_listener.service
echo "RemainAfterExit=yes" >> ncpa_listener.service
echo "ExecStart=/usr/local/ncpa/ncpa_listener --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_listener.service
echo "ExecStop=/usr/local/ncpa/ncpa_listener --stop" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Install]" >> ncpa_listener.service
echo "WantedBy=multi-user.target" >> ncpa_listener.service
systemctl enable ncpa_listener.service
ncpa_passive
cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_passive.service
echo "Description=Nagios Cross-Platorm Agent Passive" >> ncpa_passive.service
echo "After=network.target" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Service]" >> ncpa_passive.service
echo "Type=forking" >> ncpa_passive.service
echo "RemainAfterExit=yes" >> ncpa_passive.service
echo "ExecStart=/usr/local/ncpa/ncpa_passive --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_passive.service
echo "ExecStop=/usr/local/ncpa/ncpa_passive --stop" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Install]" >> ncpa_passive.service
echo "WantedBy=multi-user.target" >> ncpa_passive.service
systemctl enable ncpa_passive.service
Configure Firewall
Gentoo does not have a firewall enabled in a fresh installation. Please refer to the Arch Linux documentation on allowing TCP port 5666 inbound.
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Start Service
===== openrc =====
rc-service ncpa_listener start
===== systemd =====
systemctl start ncpa_listener.service
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
===== openrc =====
rc-service ncpa_listener start
rc-service ncpa_listener stop
rc-service ncpa_listener restart
rc-service ncpa_listener status
===== systemd =====
systemctl start ncpa_listener.service
systemctl stop ncpa_listener.service
systemctl restart ncpa_listener.service
systemctl status ncpa_listener.service
Do NOT build NCPA on a production system, please read the Important Information section for information as to why.
Install Prerequisites
The following packages need to be installed:
pkg install -y wget git bash gmake openssl python27 cx_freeze py27-sqlite3
Downloading the Source
cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz
Install Required Packages and Build Tarball
A script is provided to install all the required packages and build the Tarball:
cd /tmp/ncpa-2.4.0/build/
./build.sh
This will generate an tarball file that can be used to install NCPA, for example:
- ncpa-2.4.0.tar.gz
This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.
Install Tarball
These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.
This step uses the tarball to install the binary files:
pw useradd -n nagios
mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa
Install Services
Two service files need to be created using the following commands:
/usr/local/etc/rc.d/ncpa_listener
cd /usr/local/etc/rc.d/
printf '#\!/bin/sh\n' > ncpa_listener
printf '. /etc/rc.subr\n' >> ncpa_listener
printf 'name="ncpa_listener"\n' >> ncpa_listener
printf "start_cmd='/usr/local/ncpa/ncpa_listener --start'\n" >> ncpa_listener
printf "stop_cmd='/usr/local/ncpa/ncpa_listener --stop'\n" >> ncpa_listener
printf 'load_rc_config $name\n' >> ncpa_listener
printf 'run_rc_command "$1"\n' >> ncpa_listener
chmod +x ncpa_listener
echo '/usr/local/etc/rc.d/ncpa_listener start' >> /etc/rc.local
/usr/local/etc/rc.d/ncpa_passive
cd /usr/local/etc/rc.d/
printf '#\!/bin/sh\n' > ncpa_passive
printf '. /etc/rc.subr\n' >> ncpa_passive
printf 'name="ncpa_passive"\n' >> ncpa_passive
printf "start_cmd='/usr/local/ncpa/ncpa_passive --start'\n" >> ncpa_passive
printf "stop_cmd='/usr/local/ncpa/ncpa_passive --stop'\n" >> ncpa_passive
printf 'load_rc_config $name\n' >> ncpa_passive
printf 'run_rc_command "$1"\n' >> ncpa_passive
chmod +x ncpa_passive
echo '/usr/local/etc/rc.d/ncpa_passive start' >> /etc/rc.local
Configure Firewall
Please refer to the FreeBSD documentation for information on how to enable or configure IP Filter to allow TCP port 5693 inbound.
Documentation - Firewalls
Configure NCPA
These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:
Documentation - Using NCPA For Passive Checks
The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:
[api]
community_string = mytoken
You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:
sed -i '' 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
Start Service
You now need to start the ncpa_listener service.
service ncpa_listener start
Test NCPA
Now check that NCPA is listening and responding to requests.
/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
You should see the output similar to the following:
OK: Agent_version was ['2.4.0']
If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.
You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:
Documentation - Understanding Certificate Warnings
Service / Daemon Commands
Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.
service ncpa_listener start
service ncpa_listener stop
service ncpa_listener restart
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word
