7171u/ logstash-output-nagios_nsca for Icinga2.markdown

## logstash-output-nagios_nsca for Icinga2.markdown

      
    Raw
  

               logstash-output-nagios_nsca for Icinga2.markdown
            
          
    How to configure logstash-output-nagios_nsca for Icinga2

Configure logstash to read yum.log of 'exampleserver' and notify via Icinga2 if any new packages are installed.
Environment

OS: RHEL 7
icinga2 : 2.3.10
Logstash Ver : 2.0

Configure icinga2 passive service

a. vim /etc/icinga2/zones.d/global-templates/templates.conf
	template Service "passive-service" {
		max_check_attempts = 3
		retry_interval = 1m
		check_interval = 2m
		enable_active_checks = false
		check_command = "dummy"
		vars.dummy_state = 3
		vars.dummy_text = "No Passive Check Result Received."
	}

b. vim  /etc/icinga2/zones.d/examplezone/services.conf
	apply Service "yumcheck" {
	  import "passive-service"
	  assign where host.name == "exampleserver"
	}
c. icinga2 feature enable command
c. icinga2 daemon --validate
d. systemctl reload icinga2
e. Test the setup
	/bin/echo "[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;exampleserver;yumcheck;2;Yum Monitoring Testing" >> /var/run/icinga2/cmd/icinga2.cmd

Ref:

http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/appendix#external-commands-list-detail
http://docs.icinga.org/latest/en/extcommands2.html

Install nsca_ng server and client

Install nsca_ng server on Icinga2 server

	a. Download latest version of nsca_ng from https://github.com/weiss/nsca-ng/releases
	b. tar xvf nsca-ng-redhat-v1.4-1.tar.gz
	c. cd nsca-ng-redhat-v1.4-1
	d. ./build-aux/make-confuse
	e. ./autogen.sh
	f. ./configure --enable-server --disable-client
	g. make
	h. make install
	i. vim /usr/local/etc/nsca-ng.cfg
		command_file = "/var/run/icinga2/cmd/icinga2.cmd"
		authorize "*" {
		password = "c18An70artdhYD"
		#
		# The original NSCA server permits all authenticated clients to submit
		# arbitrary check results.  To get this behaviour, enable the following
		# lines:
		#
				hosts = ".*"
				services = ".*"
		}
	j. cp contrib/nsca-ng.init /etc/init.d/nsca-ng
	k. chmod +x /etc/init.d/nsca-ng
	l. systemctl enable nsca-ng
	m. systemctl start nsca-ng

Install nsca_ng client on logstash server

	a. tar xvf nsca-ng-redhat-v1.4-1.tar.gz
	b. cd nsca-ng-redhat-v1.4-1
	c. ./build-aux/make-confuse
	d. ./autogen.sh
	e. ./configure
	f. make
	g. make install
	h. cat /usr/local/etc/send_nsca.cfg
		server = "<monserverIP/Hostname>"
		port = 5668
		password = "c18An70artdhYD"
	i. Test it
	 echo -e "exampleserver\tyumcheck\t2\tYum Monitoring Testing" | /usr/local/sbin/send_nsca -c /usr/local/etc/send_nsca.cfg

Configure Logstash to communicate with nsca_ng

a.  cat /etc/logstash/conf.d/32-icinga-output.conf
	output {
	 if [type] == "yumlog" and [yum_action] == "Installed"
		  {
			nagios_nsca {
			 host => "<monserverIP/Hostname>"
			 port => 5668
			 send_nsca_bin => "/usr/local/sbin/send_nsca"
			 send_nsca_config => "/usr/local/etc/send_nsca.cfg"
			 message_format => "Installed %{yum_package} on %{host} at %{@timestamp}"
			 nagios_host => "%{host}"
			 nagios_service => "yumcheck"
			 nagios_status => "2"
			}
		  }
	}

b. /opt/logstash/bin/plugin install logstash-output-nagios_nsca
    c. /opt/logstash/bin/logstash -t -f /etc/logstash/conf.d/32-icinga-output.conf
d. /etc/init.d/logstash restart

##Ref
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-nagios_nsca.html