Getting More out of the Nagios Statusmap

March 27, 2011 in Nagios | 2 comments

The Nagios Statusmap is one of those features that gets a lot of attention when you first set up your monitoring server, but when looking back after a while most people notice that they don’t really use it at all.

When it comes to daily monitoring I never found it very useful, either, but it has always served one important purpose for me: when adding new hosts or networks the Statusmap reveals whether I got all my parent/child relationships right. And since I work in a dynamic and growing environment I add a lot of hosts on a regular basis.

There is one thing that always annoyed me when looking at the Statusmap: when you exclude certain host groups from the map, only the host icons for those hosts get removed, but the map still shows their status in green or red, and with over a hundred hosts it’s still very hard to identify individual hosts.

Today I stumbled across a patch for the Statusmap on the Nagios Exchange that addresses this very issue. It really excludes the hosts from the map, i.e. it is re-drawn as if the excluded hosts just didn’t exist.

Here’s an example:

original Statusmap (before the update)

improved Statusmap (after the update)

If you would like to update your Nagios install, proceed as follows. I’m assuming that you have built Nagios yourself. I have tested this with the most recent version of Nagios 3.2.3

Before you begin, cd to the cgi folder inside your Nagios source download folder, e.g. ~/downloads/nagios-3.2.3/cgi

curl "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1807&cf_id=24" > statusmap.diff
patch statusmap.c statusmap.diff
make statusmap.cgi
cp statusmap.cgi /usr/local/nagios/sbin/
cd /usr/local/nagios/sbin/
chmod g+w statusmap.cgi
chown nagios:nagios statusmap.cgi

Redirect Wildcard- or Sub-Domains to Main Site with Apache

March 18, 2011 in Apache | No comments

If you want to re-direct users from your subdomain(s) to your main site you can use a virtual host configuration like this:

<VirtualHost *:80>
  ServerName www.ten-fingers-and-a-brain.com
  ServerAlias *.ten-fingers-and-a-brain.com
  Redirect permanent / http://ten-fingers-and-a-brain.com/
</VirtualHost>

If you want to have the main site under the www name you should change the configuration like this:

<VirtualHost *:80>
  ServerName ten-fingers-and-a-brain.com
  ServerAlias *.ten-fingers-and-a-brain.com
  Redirect permanent / http://www.ten-fingers-and-a-brain.com/
</VirtualHost>

Please make sure that your main site comes before this one in the configuration, e.g. by placing it at the top of the same file.

You thought WordPress does this without additional configuration? Well, you’re generally right, but if you let WordPress do the work that’s one extra round of loading PHP and connecting to the database. My approach is much faster and causes less server load.

Why bother? For instance because Google or Bing will not see duplicate content, both under the main site and the www subdomain. Avoiding duplicate content has a positive effect on your ranking in search results.

bug in function wp_count_comments in wp-includes/comment.php (with patch for WordPress 3.1)

March 17, 2011 | No comments

WordPress plugin updated: Comment E-Mail Verification (0.4-beta)

March 8, 2011 in E-Mail, WordPress Plugins | No comments

The newest version (0.4-beta) of my Comment E-Mail Verification plugin now has an option to hold comments for moderation even after the authors have verified their E-mail addresses.

Download it directly from the wordpress.org plugin directory

This update was inspired by user comments. Thanks for all your input.

This is a beta version because the entire moderation/verification process requires some more streamlining and new default messages, but I felt there would be an audience for an early update anyway. If you have any suggestions or spotted an error: please share!

Just updated to Reinhardt.

February 24, 2011 | No comments

Trying out the Nagios V-Shell

February 20, 2011 in BlackBerry, Nagios | No comments

I use Nagios to monitor my own servers (and clients’ servers and my employers’ servers, too) and I am giving the new Nagios V-Shell a test-run.

Why? I don’t actually care much about the fact that it’s written in PHP and generates valid XHTML. I am rather interested in the fact that it doesn’t use frames. My hopes are that the interface works nicely on BlackBerries and other smartphones. – Yes, there are frontends which were designed with small screens in mind, but they are either too focused on iPhones or Android with heavy use of JavaScript, or lack some important features such as the ability to acknowledge host or service states etc.

I have yet to test the V-Shell with multiple users, or other users than “nagiosadmin”… but this is the bottom line for today:

  • Installation is very easy and straight forward
  • V-Shell works fairly well on the BlackBerry – slow, but easy to use and intuitive; the views and controls are very close to the original Nagios Core web interface
  • Two things weren’t working well in the beginning, but I managed to fix them…

Host icons

I use host icons. They’re mainly just pleasing to the eye in the HTML parts of the web interface, but very useful when you look at the status map. I maintain my own set of icon files in the Nagios Core web interface, but unfortunately the V-Shell doesn’t automatically link the host icons to that location (whereas it relies on the Core interface for service and host commands). My solution is:

  1. Remove the logos that shipped with V-Shell: rm -rf /usr/local/vshell/views/images/logos
  2. Create a symbolic link to the Core logos folder: cd /usr/local/vshell/views/images ; ln -s /usr/local/nagios/share/images/logos
  3. Append the following lines in the vshell_apache.conf files right before the line that says </Directory>
### for the logos
Options +FollowSymLinks

NagiosGrapher

I still use the old NagiosGrapher. I know I should move to something newer, but I love my historical data and there are just so many other things on my todo-lists at the moment. The links to the graphs are not working from V-Shell, but this time the blame is not on V-Shell but on the NagiosGrapher. Anyway, I wanted a solution and here it is:

  1. Copy the NagiosGrapher CGIs (graphs.cgi, rrd2-graph.cgi, and rrd2-system.cgi) from your Nagios Core CGI folder to the V-Shell folder
  2. Append the following lines in the vshell_apache.conf files right before the line that says </Directory>
### for the nagios_grapher
Options +ExecCGI
AddHandler cgi-script cgi

Securing WordPress for BlackBerry access with BlackBerry Enterprise Server

February 13, 2011 in BlackBerry, WordPress for BlackBerry | No comments

I had always been a bit reluctant to enable the XML-RPC publishing feature on my blogs because this can be just an extra attack vector to a site. It is, however, required when you want to manage a WordPress blog using WordPress for BlackBerry. When your BlackBerry is connected to a corporate network using BlackBerry Enterprise Server, and your organization’s admins are OK with you using your mobile device and the corporate server to manage your blog (or if it’s a company website anyway), you can add the following lines to your .htaccess file to block any XML-RPC access to your blog which is not coming from your corporate server:

<Files xmlrpc.php>
Order allow,deny
allow from 198.51.100.27
</Files>

You will have to replace 198.51.100.27 with the IP address of your BlackBerry Enterprise Server.

Now you will also need to setup the WordPress app on your mobile device to use the BlackBerry Enterprise Server to connect to your blogs. In the app hit the BlackBerry key and click on “Setup”:

In the setup screen disable all other Connection Options and enable only “BlackBerry Enterprise Server” (this appears to be off by default):

Now Apache will allow only your BlackBerry (well, and any other BlackBerry in the same organization) to connect to your blog.

Add StartSSL to trusted CA store in OpenSSL

February 6, 2011 in SSL | No comments

A number of Unix/Linux tools, e.g. Subversion (svn) and wget, use OpenSSL when they access HTTPS sites. While I found updating the trusted CA store in curl (which does not use OpenSSL) very easy (I just downloaded their weekly CA bundle), OpenSSL isn’t as self-explaining. You may need this with older Linux distributions like openSUSE 10.3 running on “old” webservers, e.g. when you use svn to track changes of a web-application and keep the repository on encrypted webspace (highly recommended!) and the CA is not trusted in your distribution’s OpenSSL package. I use StartSSL Free Class 1 certificates for some of my private servers and their CA certificate is not included in many older distributions.

First you need to determine where OpenSSL keeps its files on your system. With the aforementioned openSUSE 10.3 this is

cd /etc/ssl/certs

Download your CA’s root certificate

wget http://www.startssl.com/certs/ca.pem -O startssl.pem

Determine the certificate’s hash

openssl x509 -noout -hash -in startssl.pem

For StartSSL this is “33815e15″. Now create a symlink to the certificate file with the hash as the filename and with the filename extension “.0″

ln -s startssl.pem 33815e15.0

Done.

If you prefer to know the backgrounds, read this OpenSSL Command-Line Howto!

When Windows activation fails with error code 0x8004FE33, you probably have a proxy with authentication. Instead of activating over the Internet you should use a phone, or use a different proxy (one that does not require authentication), or configure your proxy to allow a few URLs without authentication (list of URLs in KB 921471).

January 20, 2011 | No comments

Facebook Puzzles Submissions

January 1, 2011 in E-Mail, Facebook Puzzles | No comments

Quite a few people have reported issues with submitting solutions to the Facebook Puzzle Master. I hated the idea of installing and configuring a MUA to make things work, so I wrote a bash script. This should work on any Unix/Linux server with Postfix or Sendmail that is otherwise capable of sending Internet E-mail.

So far I have not been using any compiled languages. The script will have to be edited to be able to send compressed submissions with a Makefile etc.

The script should be in the same directory as your executable file and you should have a folder named “.archived-submissions” to hold your sent items, or edit the script accordingly. Then just call $ ./submit.sh <keyword> e.g. $ ./submit.sh meepmeep

You must edit line 2 (FROMADDRESS) to hold the address linked to your Facebook account (Google Mail, Yahoo!, university accounts, etc.) and line3 (SENDERADDRESS) to hold an address regularly used for sending on your server (to make sure you make it around any spam filters). Both lines may be set to the same address, but this didn’t seem to work in my case with Facebook linked to my Google Mail address.

#!/bin/bash
FROMADDRESS="youraddress@gmail.com"
SENDERADDRESS="yourotheraddress"
SUBMITTO="1051962371@fb.com"

NOW=`date +%Y-%m-%d-%H-%M-%S`
BOUNDARY=_`date | md5sum | cut -d\  -f1`_

MSGFILENAME=.archived-submissions/$NOW-$1.msg

cat > $MSGFILENAME <<TFNAB-27-End-of-File
Content-Type: multipart/mixed;
        boundary="_001$BOUNDARY"
Sender: $SENDERADDRESS
From: $FROMADDRESS
To: $SUBMITTO
Subject: $1
Date: `date -R`
MIME-Version: 1.0

--_001$BOUNDARY
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This text should be ignored by the robot

--_001$BOUNDARY
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="$1"

`base64 $1`

--_001$BOUNDARY--
TFNAB-27-End-of-File

/usr/sbin/sendmail -f $SENDERADDRESS $SUBMITTO < $MSGFILENAME

Note: it seems that using the address linked to your account is only of interest if you want to use the Facebook Puzzles App to post your successful submissions to your profile.

« Older entries § Newer entries »