Nagios - polling arbitrary metrics and remote security

Question

enter image description here

Context: I am a student and I am trying to prepare a proof of concept for secure monitoring of remote metrics.

Researched on how information is polled from remote hosts and understand that it can be done via quite a few methods eg 1) snmp (UDP) 2) check_nrpe etc.

1) I hope to find out how does nrpe format the polled data (xml, json, etc)

2) how is nrpe data transferred? (udp, tcp?)

3) security mechanisms for nrpe transfer, is there an ACL or encryption of xml polled data, etc (security is a concern as I want to prove that nagios is useful for metric pollings from remote networks, I understand that the connection can be wrapped with SSL however I am interested in nagios security features)

2) if nagios plugins can poll data from a database

score 1 · Accepted Answer · answered Feb 07 '13 at 06:45

NRPE uses it's own format for data exchange. It's not XML or JSON. From what I can see/tell, it's a defined type that's packaged and pushed over tcp.

typedef struct packet_struct{
    int16_t   packet_version;
    int16_t   packet_type;
    u_int32_t crc32_value;
    int16_t   result_code;
    char      buffer[MAX_PACKETBUFFER_LENGTH];
}packet;

TCP.
The connection can be wrapped in SSL yes, if nrpe/check_nrpe are compiled with SSL support (requires the development libraries when compiling). There is an ACL in the form of a allowed_hosts directive that limits which hosts it'll answer, but this doesn't restrict what commands can be executed.
It depends what you mean by "poll data". Nagios plugins can do anything you script it to do. If you want it to query a database, and return a value, then write it. If you want it to query a DB and time how long it took, write that (or see if there isn't one already written). If you're looking to see if Nagios can read a database to find out what plugins to execute... No, at least not Nagios Core. I cannot vouch for Nagios XI, but I believe that's a no too.

I hope that helps.

thank you. great answer, would u mind adding your sources for question 1 and 3? — laycat, Feb 07 '13 at 06:48
For 1, I looked at the source code for check_nrpe here http://nagios.svn.sourceforge.net/viewvc/nagios/nrpe/trunk/src/check_nrpe.c?revision=2548&view=markup. line 62 and 63 define a packet object, which you can see referenced later from line 92 down (the meat of the sending/receiving). The type "packet" is defined in include/common.h, which you can see here: http://nagios.svn.sourceforge.net/viewvc/nagios/nrpe/trunk/include/common.h?revision=2548&view=markup As for 3, that's in the documentation http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf. — Jon Angliss, Feb 07 '13 at 06:57
Heh, I say the answer to 3 is in the docs, but it isn't... anymore. They only list install via xinetd. If you do the daemon install, you need to setup the config. See the sample config, line 68+ http://nagios.svn.sourceforge.net/viewvc/nagios/nrpe/trunk/sample-config/nrpe.cfg.in?revision=2537&view=markup — Jon Angliss, Feb 07 '13 at 07:01

Nagios - polling arbitrary metrics and remote security

1 Answers1