2

We use a Nagios core 4.3.2 solution on Ubuntu 14.04 to do simple host check monitoring on remote client equipment. One type of device we use is not availible to ping, but as part of it's proprietary control system has the UDP port 5246 open responding to 'capwap-control'. I am attempting to use the check_udp_port plugin availible from

https://exchange.nagios.org/directory/Plugins/Network-Protocols/*-TCP-and-UDP-(Generic)/check_udp_port/details

However when trying to implement on a test device it shows as down with Status Information: "CRITICAL:" No further info is given or any entries in the logs other than the host check was ran.

It uses the nmap utility for the check which requires sudo, I added the entry to the last line of /etc/sudoers to skip password per instructions in the link above.

nagios ALL = NOPASSWD:/usr/local/nagios/libexec/check_udp_port *

Here is how it looks in the define command{ 

    command_line    sudo $USER1$/check_udp_port -H $HOSTADDRESS$ -p $ARG1$ -s $ARG2$

I turned on debuging and watched the log entries as I ran the check a few times in the nagios web admin, the final output command each time looked perfectly correct.

[1497380591.600863] [2048.1] [pid=1259] **** BEGIN MACRO PROCESSING ***********
[1497380591.600880] [2048.1] [pid=1259] Processing: 'sudo $USER1$/check_udp_port -H $HOSTADDRESS$ -p $ARG1$ -s $ARG2$'                
[1497380591.600893] [2048.1] [pid=1259]   Done.  Final output: 'sudo /usr/local/nagios/libexec/check_udp_port -H 172.15.192.211 -p 5246 -s capwap-control'                     
[1497380591.600901] [2048.1] [pid=1259] **** END MACRO PROCESSING *************

First I checked that the pid was running under the nagios user

 1259 nagios    20   0   37404  17036   2800 S   0.3  0.2  12:21.88 nagios

Then I logged in as nagios user and ran the command from the debug log directly and it runs without issue.

nagios@Monitoring:/usr/local/nagios/libexec$ sudo /usr/local/nagios/libexec/check_udp_port -H 172.15.192.211 -p 5246 -s capwap-control
UDP OK - capwap-control listening on port 5246: 5246/udp open capwap-control

I have tested without the line in sudoers and the system info in nagios changes to an error about requiring sudo as expected. Even though from command line it runs flawlessly and logs show it is running the command properly it still fails and simply shows "CRITICAL:" for information.

peterh
  • 4,953
  • 13
  • 30
  • 44
HHMsig
  • 21
  • 2

1 Answers1

0

It could be sudo's requiretty setting. Try adding Defaults:nagios !requiretty to sudoers (or in /etc/sudoers.d somewhere).

A safer option would be to modify the plugin to call nmap via sudo, instead of running the entire plugin through sudo.

Or, better yet, just use the stock check_udp plugin, that doesn't require root/sudo.

Additionally, when testing manually on the command-line, it can be helpful to run your plugin through env -i to simulate what it will do with no $ENV defined.

Keith
  • 4,637
  • 15
  • 25
  • Hello, I tried both of your suggestions, but it made no change in what is occuring. How it shows in the logs looks same as before minus the sudo in front of the plugin command, I made sure to add it before the call to nmap in the plugin itself. I've also tried to use the built in check_udp plugin but I could not get it to work from CLI or nagios itself. It always returns a socket timeout no matter the host or port/service with proper send/expect options. – HHMsig Jun 14 '17 at 18:56