I configrued a Nagios 3-RC1 in a jail on a FreeBSD 6.3. At first the nagios daemon spawned a second process and then wouldn't exit, had to kill it with a kill -9. Eventhough it hanged the web interface displayed the data but service & host checks remained in a pending state.
After some googling i found a thread in the nagios mailing list for a similar problem. I created a file "/etc/libmap.conf" and added.
[/usr/local/bin/nagios]
libpthread.so.2 libthr.so.2
libpthread.so libthr.so
This made the nagios start and execute the service checks. However due to being in a jail nagios could not do some checks like pinging, due to the jail limitation. Adding thefollowing line in sysctl.conf
security.jail.allow_raw_sockets=1
Will allow ping to function inside a jail.
Subscribe to:
Post Comments (Atom)
2 comments:
I'd also like to try to run Nagios 3 in FreeBSD 7.0 jail, but I don't want to enable raw sockets in all of the jails since this would be quite a security risk for me. Have you maybe tried using TCP/UDP pings instead of ICMP pings in Nagios as well?
Generic alive checks by TCP or UDP tests are difficult - generally, a non-responsive TCP or UDP port must not necessarily mean the target box is dead, but only the service behind that port. You could start dirty stuff with rejected packets to closed ports (presuming the monitored box runs a packet filter that uses rather a reject than a drop policy), but that's rather - well, dirty.
Perhaps you'd like to check out FreeBSD -CURRENT - very recently, a new jail layer has been introduced to the kernel (and will be part of the upcoming 8.0 release) which allows dedicated settings for jails. If I understood the announcement to the -current list correctly, you will be able to enable raw sockets just for the jail running nagios.
Post a Comment