Configure logstash to read yum.log of 'exampleserver' and notify via Icinga2 if any new packages are installed.
OS: RHEL 7
icinga2 : 2.3.10
Logstash Ver : 2.0
a. vim /etc/icinga2/zones.d/global-templates/templates.conf
template Service "passive-service" {
max_check_attempts = 3
retry_interval = 1m
check_interval = 2m
enable_active_checks = false
check_command = "dummy"
vars.dummy_state = 3
vars.dummy_text = "No Passive Check Result Received."
}
b. vim /etc/icinga2/zones.d/examplezone/services.conf
apply Service "yumcheck" {
import "passive-service"
assign where host.name == "exampleserver"
}
c. icinga2 feature enable command
c. icinga2 daemon --validate
d. systemctl reload icinga2
e. Test the setup
/bin/echo "[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;exampleserver;yumcheck;2;Yum Monitoring Testing" >> /var/run/icinga2/cmd/icinga2.cmd
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/appendix#external-commands-list-detail
http://docs.icinga.org/latest/en/extcommands2.html
a. Download latest version of nsca_ng from https://github.com/weiss/nsca-ng/releases
b. tar xvf nsca-ng-redhat-v1.4-1.tar.gz
c. cd nsca-ng-redhat-v1.4-1
d. ./build-aux/make-confuse
e. ./autogen.sh
f. ./configure --enable-server --disable-client
g. make
h. make install
i. vim /usr/local/etc/nsca-ng.cfg
command_file = "/var/run/icinga2/cmd/icinga2.cmd"
authorize "*" {
password = "c18An70artdhYD"
#
# The original NSCA server permits all authenticated clients to submit
# arbitrary check results. To get this behaviour, enable the following
# lines:
#
hosts = ".*"
services = ".*"
}
j. cp contrib/nsca-ng.init /etc/init.d/nsca-ng
k. chmod +x /etc/init.d/nsca-ng
l. systemctl enable nsca-ng
m. systemctl start nsca-ng
a. tar xvf nsca-ng-redhat-v1.4-1.tar.gz
b. cd nsca-ng-redhat-v1.4-1
c. ./build-aux/make-confuse
d. ./autogen.sh
e. ./configure
f. make
g. make install
h. cat /usr/local/etc/send_nsca.cfg
server = "<monserverIP/Hostname>"
port = 5668
password = "c18An70artdhYD"
i. Test it
echo -e "exampleserver\tyumcheck\t2\tYum Monitoring Testing" | /usr/local/sbin/send_nsca -c /usr/local/etc/send_nsca.cfg
a. cat /etc/logstash/conf.d/32-icinga-output.conf
output {
if [type] == "yumlog" and [yum_action] == "Installed"
{
nagios_nsca {
host => "<monserverIP/Hostname>"
port => 5668
send_nsca_bin => "/usr/local/sbin/send_nsca"
send_nsca_config => "/usr/local/etc/send_nsca.cfg"
message_format => "Installed %{yum_package} on %{host} at %{@timestamp}"
nagios_host => "%{host}"
nagios_service => "yumcheck"
nagios_status => "2"
}
}
}
b. /opt/logstash/bin/plugin install logstash-output-nagios_nsca
c. /opt/logstash/bin/logstash -t -f /etc/logstash/conf.d/32-icinga-output.conf
d. /etc/init.d/logstash restart
##Ref https://www.elastic.co/guide/en/logstash/current/plugins-outputs-nagios_nsca.html