Category Archives: Nagios

Monitor VMware ESXi hardware without root (Nagios)

Download and configure the plugin: http://exchange.nagios.org/directory/Plugins/Operating-Systems/*-Virtual-Environments/VMWare/check_esxi_hardware-2Epy/

– Create a new user in ESXi with no access privilege, you need to login to the ESXi directly to do that.

user

esxi_access

– Enable SSH, and add nagios user to root group:
# vi /etc/group
root:x:0:root,nagios

– Check from the command line, if it works
./check_esxi_hardware.py --host https://esxihost:5989 --user file:credentials.txt --pass file:credentials.txt
OK - Server: Cisco Systems Inc.....

– Configure the credentials files to use the nagios user credentials.

Host group based access restriction – Nagios

This is useful especially when you have different host groups belongs to different entities and you need to have access separation.

The basic idea is to use the same login user name in the contact groups. I assume that you have Apache htaccess authentication or LDAP authentication in place.

You may create new contact group of use the already existing one , just make sure your username and contact_name matches.

- Create a contact group
define contactgroupĀ {
 contactgroup_name customer1
 alias Customer1 Servers
 members customer1
}
- Create the contact
define contact {
 contact_name customer1 #make sure this matches with the username
 alias Customer1 Contact
 service_notification_period 24x7
 host_notifications_enabled 0
 host_notification_period 24x7
 service_notification_options w,u,c,r
 host_notification_options d,u,r
 service_notification_commands notify-by-email
 host_notification_commands host-notify-by-email
 email customer1@example.com
}
- Use this contact group in host definition
define host {
 use generic-alerted-host
 host_name customer1-host
 address 8.8.8.8
 contact_groups customer1 # make sure this matches with the contactgroup_name
 max_check_attempts 3
}

Just restart nagios and try to login with the new user account. You may give more privileges to this user if required from cgi.cfg

./run