Nagios Installation and Configuration: Part One

NagiosNagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, and offers monitoring and alerting services. It alerts the users when things go wrong, and alerts them a second time when the problem has been resolved.

Nagios was originally designed to run under Linux, but it also runs well on other Unix variants. It is licensed under the terms of the GNU GPL version 2. It was originally created under the name NetSaint, and was written and maintained by Ethan Galstad along with a group of developers who are actively maintaining both the official (and unofficial) plugins. The name of NetSaint was changed in response to a legal challenge by owners of a similar trademark; Nagios is a recursive acronym which stands for “Nagios Ain’t Gonna Insist On Sainthood”.

Nagios includes the following capabilities, among others:

  • Monitoring of network services
  • Monitoring of host resources (processor load, disk usage, system logs) on a majority of network operating systems (including Microsoft Windows)
  • Monitoring of anything else like probes which have the ability to send collected data via a network to specifically written plugins
  • Monitoring via remotely run scripts via Nagios Remote Plugin Executor
  • Remote monitoring supported through SSH or SSL encrypted tunnels

Nagios Installation

The process of installing Nagios under Linux is fairly straightforward. First, you need to install some prerequisites, which you can get from the repositories. First, install Apache 2 and the Apache PHP libraries:

sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5

Next, install the GCC compiler and development libraries:

sudo apt-get install build-essential

Finally, you need to install the GD 2 development libraries. With some distributions, you install it like this:

sudo apt-get install libdg2-dev

But with some newer distros (including Ubuntu 7.10 and above), the name of the gd2 library has changed:

sudo apt-get install libgd2-xpm-dev

Next, you need to set up the Nagios account. Start by becoming the root user:

sudo -s

Now create a new user and give it a password:

/usr/sbin/useradd -m -s /bin/bash/nagios
passwd nagios

On some distros, you may need to add a group, but on newer server versions of Ubuntu, you can skip this step:

/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios

In either case, you will need to create a new nagcmd group for allowing external commands to be submitted through the web interface, and to add the nagios user and the Apache user to the group:

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd www-data

Now you need to download the nagios souce code tarball from the download section of the official Nagios web site. You probably also want to download the plugins tarball as well. Unpack the tarball:

tar xzf nagios-4.0.8.tar.gz
cd nagios-4.0.8

Then run the configure script, passing the name of the group you created earlier:

./configure –with-command-group=nagcmd

Compile the source code:

make all

Next, install the binaries, init script, sample config files and set permissions on the external command directory:

make install
make install-init
make install-config
make install-commandmode

This takes care of Nagios installation. In the next article, we will cover installation of the plugins and configuration.

External Links:

The official Nagios site

Nagios on Wikipedia

netio: A Network Benchmark Tool


netio in action under pfSense 2.1.5.

netio is a network benchmark utility for OS/2 2.x, Windows, Linux and Unix. It measures the net throughput of a network via TCP and UDP protocols using various different packet sizes. For netio to run a benchmark, one instance has to be run on one computer as a server process, while another instance is used on another computer to perform the benchmark. Starting with version 1.20, multi-threading support is required. While this does not affect anyone using the program under Linux or BSD, it did mean that DOS was no longer supported.

netio: Installation and Use

To install netio under pfSense, navigate to System -> Packages, and scroll down to netio in the list. Press the “plus” button to begin installation, and on the next screen, press “Confirm” to confirm installation. netio should complete installation within a few minutes.

Once netio is installed, there will be a new item on the Diagnostics menu called “netio“. If you navigate to it, you will find two tabs: “Client” and “Server“. The “Client” tab, appropriately enough, is to configure netio to run as a client, while “Server” will allow it to act as a server. On the “Client” tab there are two settings: “Server” (for the IP address or hostname netio will connect to) and “Port” (for the port that netio will connect to). On the “Server” tab, there is only one field: “Port“, to specify the port netio will bind to (the default is 18767). Press the “Save” button at the bottom to save settings.

Running netio at the command prompt under Windows 8.1.

Whether you run netio as a client or server, netio requires another node with which to connect. As a result, you are going to have to download netio, which you can do from the official netio site. The zip file contains both the source code and binaries for several platforms, including Windows, Linux, BSD, OS/2 and Mac OS X. Select the right binary for your platform and run netio from your system’s command prompt/shell.

At the risk of stating the obvious, if you are running netio under pfSense as a server, then you want to be running it under the other system as a client, and vice-versa. To test netio, I decided to run it under pfSense as a server (I kept the default port and just pressed “Save”). In Windows, I typed:

win32-i386 -t

where win32-i386 is the name of the windows executable, -t specifies the TCP protocol, and is the IP address of the server (my pfSense box). The output of netio can be seen in the screenshot on the right.

And here we are running it under Linux Mint 17.

One problem with this program is that it seems if you connect with one protocol (e.g. TCP), you cannot connect to the server again with another protocol (e.g. UDP). If you try to do this and you get an “error code 10060” message, try restarting the server and then attempt a client connection a second time.

Did I mention that netio supports several platforms? This last screenshot shows what happened when I ran netio under Linux on an old IBM Lenovo M51 running Mint Linux 17. The only shortcoming is that the binary for Linux is version 1.30 of the program, not the latest version (1.32). Thus if you want the latest version under Linux, you’ll have to compile it yourself.

External Links:

The official netio site

HAProxy Load Balancing: Part Three


Editing the HAProxy pool under pfSense 2.1.5.

In the previous two articles in this series, we introduced HAProxy and began looking at configuration of HAProxy under pfSense. In this article, we conclude our look at HAProxy configuration.

In the HAProxy Listener configuration tab, we had gotten as far as “Balance“. The next setting is “Stats Enabled“, which simply enables the saving of HAProxy statistics. If this check box is checked, 4 additional settings will appear: “Stats Realm“, “Stats Uri“, “Stats Username“, and “Stats Password“. “Stats Realm” is simply the authentication realm. It can be set to anything, although you need to escape space characters with a backslash. “Stats Uri” is the virtual URL to access the stats page. “Username” and “Password” are simply the username/password you want to use.

Moving along to the remaining advanced settings, “Max connections” is the maximum number of allowed connections. “Client timeout” is the time (in milliseconds) HA Proxy will wait for data from the client, or for the client to accept data (default is 30000). The next option is the “Use ‘forwardfor’ option“. This option creates an HTTP ‘X-Forwarded-For’ header which contains the client’s IP address. This is useful to let the final web server know what the client address was. The “Use ‘httpclose’ option” removes any ‘Connection’ header both ways, and adds a ‘Connection: close’ header in each direction. This makes it easier to disable HTTP keep-alive than the previous 4-rules block. Finally, the “Advanced pass thru” text box is for pasting text you would like to pass through.

The final tab is the “Server Pool” tab. Press the “plus” button on the right to add a server. In the “Name” field you can enter any name. For “Cookie“, you need to enter a cookie value, which will be checked in incoming requests. The first operational pool possessing the same value will be selected. In return, in cookie insertion or rewrite modes, this value will be assigned to the cookie sent to the client. At “Server list“, you can enter a list of servers, press the “plus” button under “Server list” to add a server. At “Check freq“, you can enter the interval at which HAProxy checks the server pool (default is 1000 milliseconds). “Health check URI” allows you to specify the virtual URL to check the health of the server pool (default is “/”). Finally, there is an “Advanced pass thru” text box for text you would like to pass through.

External Links:

The official HAProxy site

HAProxy on Wikipedia

Amazon Affiliate Purchases: October 2014

Here are some of the items readers bought through my Amazon affiliate links:

Coolerguys Programmable Thermal Fan Controller with LED Display

EnGenius Technologies Dual Band 2.4/5 GHz Wireless AC1200 Router with Gigabit and USB (ESR1200)

Fan Controller FC5V2 Black, Version 2, Changeable Display Colors, 30W per Channel, Controls up to 4 fans, RPM and TempretureDisplay

Samsung Electronics 840 EVO-Series 1TB 2.5-Inch SATA III Single Unit Version Internal Solid State Drive MZ-7TE1T0BW

The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall

A special thanks to everyone who used my affiliate links to make purchases from Amazon in October (or any other month). Remember, your purchases through’s affiliate links help keep the lights on at pfSense Setup HQ without costing you a dime.

HAProxy Load Balancing: Part Two


Listener configuration in HAProxy under pfSense 2.1.5.

In the previous article, we introduced HAProxy as a load balancing solution for TCP and HTTP-based applications. In this article, we will continue our look at HAProxy configuration.

The next setting in the “Settings” tab is “Global Advanced pass thru“, which is for text that you would like to pass through to the global settings area. The next section is “Configuration synchronization“. The first check box allows you to synchronize the HAProxy configuration to back up CARP members via XML-RPC, a remote procedure call which uses XML to encode its calls and uses HTTP as a transport mechanism. The next two fields are for the username and password that will be used during configuration synchronization. The username is general “admin” or an admin-level privileged account on the target system, and the password is generally the remote web configurator password. The next three fields are for sync hosts 1, 2, and 3. HAProxy will synchronize settings to the host’s IP address, if it is specified here. Finally, there are two buttons at the bottom. “Save” will just save the configuration, whereas “Save and Check Config” will parse the automatically generated config file and check for errors.

HAProxy: Configuring Listener Settings

The next tab is “Listener“. By pressing the “plus” button on the right side, you can specify a server to which HAProxy will listen. “Name” is the IP address of the interface to listen to. You can also specify an option “Description“. “Status” indicates whether the server pool is active or disabled. In the next field, “External address“, if you want the rule to apply to an IP address other than the IP address of the interface chosen here, you can select it here. You need to define virtual IP addresses for it first. If you are trying to redirect connections on the LAN, select the “any” option. You can also specify the port to listen to at “External port“, a backend server pool, the default server port, and the protocol at “Type” (HTTP, HTTPS, TCP, or a check for health). You can specifyy an ACL at “Access Control lists“.

Under “Advanced settings“, you can specify several other paramters. “Connection timout” allows you to specify the amount of time in milliseconds HAProxy will wait for a connection to complete, while “Server timeout” indicates the amount of time to wait for data from the server. “Retries” indicates the number of retry attempts. “Balance” indicates what method is used to load balance. If “Round robin” is selected, each server is used in turns, according to their weights. The algorithm is dynamic, which means that server weights may be adjusted on the fly for slow starts. If “Source” is selected, the source IP address will be hashed and divided by the total weight of the running servers to designate which server will receive the request. As a result, the same client IP address will always reach the same server as long as no server goes up or down. If the hash result changes due to the number of running servers changing, many clients will be directed to a different server.

In the next article, we we conclude our look at HAProxy configuration.

External Links:

The official HAProxy site

HAProxy on Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy