Icinga2 on Debian 8

Icinga is an open source monitoring tool originally based on Nagios. Icinga2 has been completely rewritten from scratch. The web interface is very fast and is capable of monitoring many different services from simple ping tests to database tests. I only need to monitor relatively simple things like HTTPS services and TCP ports. SNMP is relatively easy to set up with Icinga so I’ll monitor important hosts with it as well (local switches and routers). Icinga will poll the configured hosts but it will not produce graphs. It will, however, warn you if a check is at the set “warning” level or “critical” level. These settings can be changed on a per service basis. It can be very useful in this regard - easily finding issues or outages with your servers.

Installing Icinga2

  1. Add the Icinga2 repository.

    • 1
      2
      3
      wget -O - http://packages.icinga.org/icinga.key | apt-key add -
      echo 'deb http://packages.icinga.org/debian icinga-jessie main' >/etc/apt/sources.list.d/icinga.list
      apt-get update
  2. Install Icinga2.

    • apt-get install icinga2
  3. Install Nagios plugins.

    • apt-get install nagios-plugins nagios-snmp-plugins
  4. Install and configure MySQL. This needs to be done before installing Icinga web otherwise you’ll end up with issues where Icinga is installed before MySQL.

    • apt-get install mysql-server mysql-client
      • mysql -u root -p
      • CREATE DATABASE icingaweb2;
      • GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'icingaweb2';
  5. Install the web interface.

    • apt-get install icingaweb2
  6. Install the Icinga IDO plugin.

    • apt-get install icinga2-ido-mysql
      • icinga2 feature enable ido-mysql
      • systemctl restart icinga2
  7. Configure the web interface.

    • icingacli setup token create
      • http://<ip address>/icingaweb2/setup
      • For the IDO database set it to icingaweb2

Congratulations! The Icinga2 web interface is now up and running.

snmp

  1. apt-get install snmpd snmp-mibs-downloader

  2. Next, edit the SNMPd config and add a user.

    • /etc/snmp/snmpd.conf
    • 1
      2
      createUser <username> SHA <secure password> AES
      rouser <username> priv
    • Uncomment agentAddress udp:161,udp6:[::1]:161

    • Comment out agentAddress udp:127.0.0.1:161
  3. For SNMPv2c you can just add/uncomment (no encryption, useful for local monitoring because it’s easier):

    • rocommunity public default
  4. Restart SNMPd

    • systemctl restart snmpd.service

You can test SNMPv3 by using this command:

1
snmpwalk -v 3 -l authPriv -u <username> -a SHA -x AES -A <password> -X <password> <host>

Services

/etc/icinga2/conf.d/hosts.conf

Simple host definition for SNMPv2c:

1
2
3
4
5
6
7
8
object Host "<name of host>" {
address = "<address>"
check_command = "hostalive"
vars.os = "Linux"
vars.snmp_address = "<address>"
vars.snmp_community = "public"
vars.snmp_v2 = "true"
}

The above definition will configure Icinga to do a simple ping check, and then because the host OS is set to “Linux” it will also do an SSH check.

SNMPv3 configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
object Host "<name of host>" {
address = "<address>"
check_command = "hostalive"
vars.os = "Linux"
vars.snmp_address = "<address>"
vars.snmp_v3 = "true"
vars.snmp_login = "<snmp login>"
vars.snmp_v3_use_privpass = "true"
vars.snmp_v3_use_authprotocol = "true"
vars.snmp_authprotocol = "sha,aes"
vars.snmp_nocrypt = "false"
vars.snmp_password = "<password>"
vars.snmp_privpass = "<password>"
}

Simple interface check via SNMP:

1
2
3
4
5
6
7
8
9
10
11
object Service "eth0" {
host_name = "<name of host>"
vars.snmp_interface = "eth0"
vars.snmp_interface_label = "<connection label>"
vars.snmp_interface_perf = "true"
vars.snmp_interface_bits_bytes = "true"
vars.snmp_interface_megabytes = "true"
vars.snmp_interface_noregexp = "true"
vars.snmp_perf = "true"
check_command = "snmp-interface"
}

Storage monitoring:

1
2
3
4
5
6
7
object Service "storage" {
host_name = "<name of host>"
vars.snmp_warn = "50"
vars.snmp_crit = "80"
vars.snmp_storage_name = "/"
check_command = "snmp-storage"
}

Memory monitoring:

1
2
3
4
5
6
object Service "memory" {
host_name = "<name of host>"
vars.snmp_warn = "75,0"
vars.snmp_crit = "90,0"
check_command = "snmp-memory"
}

Load monitoring:

1
2
3
4
5
object Service "load" {
host_name = "<name of host>"
vars.snmp_load_type = "stand"
check_command = "snmp-load"
}

TCP connect monitoring:

1
2
3
4
5
object Service "1234" {
host_name = "<name of host>"
vars.tcp_port = "1234"
check_command = "tcp"
}

UPS monitoring:

Requires nut to be installed.

1
2
3
4
5
6
7
8
9
object Host "ups" {
vars.ups_address = "<address of UPS>""
vars.ups_name = "ups"
vars.ups_warning = "65"
vars.ups_critical = "85"
vars.ups_celsius = "true"
vars.ups_variable = "BATTPCT"
check_command = "ups"
}

HTTPS service monitoring:

1
2
3
4
5
6
7
8
9
object Service "web" {
host_name = "<name of host>"
vars.http_address = "<ip address if needed>""
vars.http_vhost = "<vhost if needed>"
vars.http_sni = "true"
vars.http_ssl = "true"
vars.http_ssl_force_tlsv1_or_higher = "true"
check_command = "http"
}

Uptime monitoring:

This command will not work with only SNMPv3.

1
2
3
4
object Service "uptime" {
host_name = "<name of host>"
check_command = "snmp-uptime"
}