RT-Nagios gateway

RT_Nagios_gateway

The main function of our RT-Nagios gateway is to transform specific alerts from Nagios (Nagios Enterprises) into an Help Desk ticket in Request Tracker

(RT, from Best Practical Solutions) to help your compliance efforts for incident responses (and other items) under ISO27001, SOX and others.

There is a ton of benefits in generating tickets from alerts, from better reporting to resources management and more.

Our interface has several characteristics such as:

  • Nagios configuration determines which incidents will generate tickets in RT
  • A URL of the ticket is inserted in the comment field of the corresponding Nagios service

    The interface is bi-directional: when a user is "taking" charge of the ticket in RT, an acknowledgement for that service is sent to Nagios, stopping the alerts.

    Multiple alerts from a specific incident are "merged" within the original ticket.

    This software is under the Gnu General Public License v3.

Installation

Pre-requisite

To install the RT/Nagios gateway, you need the following:

  • A working installation of Nagios 3.x
    • Having external command enabled is mandatory
  • A working installation of RT 3.x
    • You must know the location of the RT CLI (usually /opt/rt3/bin/rt)
  • Nagios and RT must reside on the same system for bi-directional communications
  • Knowing which alerting mode you would like to use. See "Mode of operation" below for more details
  • Knowing which RT authentication method you are using. See "RT Authentication method" below for more details

Mode of operation

Two mode exist for Cedval Info RT/Nagios link. You need to choose one or the other.

  • Single queue mode

Using this mode, all Nagios alerts sent to RT will be create in a single queue (i.e. Alerts, Nagios, Monitoring, etc...). Using this mode is easier if you have a dedicated team to monitor and dispatch alerts.

  • Multiple queue mode

Using this mode, one RT contact per queue will exist in Nagios. You need to associate the appropriate contact/queue with each hosts/services. With this mode, it is easier to separate alerts, between let say, IT teams (i.e. Network, System Admins, Helpdesk, etc...).

RT Authentication method

Two authentication method exist for RT:

  • Internal RT authentication

This mode simply use the RT authentication. A simple way to verify if the internal RT authentication is used is to check if the $WebExternalAuth variable is set to 0. You can find this variable either in RT_Config.pm or RT_SiteConfig.pm. Another indication that this mode is used is if your RT login is done through a web page intead of a web server popup. Also note that if you use LDAP but still having $WebExternalAuth set to 0, this is considered Internal.

  • External Web server authentication

This mode using the web server authentication to log you into RT. A way to verify if this mode is used is to check if the $WebExternalAuth variable is set to 0. You can find this variable either in RT_Config.pm or RT_SiteConfig.pm. Another indication that this mode is used is if your RT login is done through a web server popup instead of a web page.

Installation

Follow those instructions to install the RT/Nagios gateway.

  1. Uncompress the tarball and change directory using:

    tar -xzvfu rt-nagios-gateway-0.1.tar.gz cd rt-nagios-gateway-0.1

  2. Copy submit_host_rt.sh and submit_service_rt.sh to your Nagios plugin directory

    cp submit_*_rt.sh /usr/local/nagios/libexec

(Change /usr/local/nagios/libexec to your Nagios installation directory)

Edit both files (submit_host_rt.sh and submit_service_rt.sh) and modify the following variables to meet your environment configuration:

The Nagios command file

NAGIOSCMD="/usr/local/nagios/var/rw/nagios.cmd"

The URL for RT, WITHOUT the tailing slash

RTURL="/rt"

The RT command

RTCMD=/opt/rt3/bin/rt

Automatically resolve the ticket no: Don't close the ticket at any time onrecovery: Close the ticket on recovery

RESOLVE="no"

Log errors there

LOG="/usr/local/nagios/var/rt/submit_service_rt.log"
  1. Execute the path-helper.sh to modify the Nagios configuration and RT scripts. Nothing will be changed in your environment, rather, what you will need to add later will already be tailored to your system.

    ./path-helper.sh

  2. Login to RT and do the following steps depending on your mode of operation:

    • Single queue mode

      • Create a queue called Alerts for Nagios
      • Create two global custom fields for Nagios:
        • Hostname: Enter one value
        • Service: Enter one value
        • Current_status: Select one value Values: UP, DOWN, UNREACHABLE, OK, WARNING, CRITICAL, UNKNOWN
      • Assign the appropriate staff to the watchers list
      • Create a Nagios user and set a password to it (see Note 1 below)
      • Create a Nagios group and add the Nagios user to it (optional)
      • Set the following permissions to the Nagios user or group:
        • On the Alerts queue:
          • CommentOnTicket
          • CreateTicket
          • ModifyTicket
          • ReplyToTicket
          • ShowTicket
        • On the Hostname/Service custom fields:
          • ModifyCustomField
          • SeeCustomField
    • Multi-queue mode

      • Create a Nagios user and set a password to it (see Note 1 below)
      • Create two global custom fields for Nagios:
        • Hostname: Enter one value
        • Service: Enter one value
        • Current_status: Select one value Values: UP, DOWN, UNREACHABLE, OK, WARNING, CRITICAL, UNKNOWN
      • Create a Nagios group and add the Nagios user to it (optional)
      • Set the following permissions to the Nagios user or group:
        • On all appropriate queues (see Note 2 below):
          • CommentOnTicket
          • CreateTicket
          • ModifyTicket
          • ReplyToTicket
          • ShowTicket
        • On the Hostname/Service custom fields:
          • ModifyCustomField
          • SeeCustomField

    Note 1: Even if you are using external web authentication (i.e. via Apache), you still need to create a Nagios user internal to RT. You will then need to add an Apache entry for RT. This entry won't use external web authentication and will be restricted to localhost. See next step for details.

    Note 2: Appropriate queues mean each queue you want Nagios to send notifications to.

  3. If you are using the External Web server authentication, you need to modify your Apache config to create a authenticationless URL for the localhost.

    Add the following to the appropriate file/VirtualHost in Apache (this is assuming you are using FastCGI and not mod_perl):

    ScriptAlias /localrt /opt/rt3/bin/mason_handler.fcgi/

    Options -Indexes FollowSymLinks ExecCGI
    Order allow,deny
    Allow from 127.0.0.1
    AddDefaultCharset UTF-8
    AddHandler fastcgi-script .fcgi
  4. Take the Nagios user and password from step 5 and create /etc/rt.conf using the following format:

    server YOUR_RT_URL user YOUR_NAGIOS_USER passwd YOUR_NAGIOS_PASSWORD

    In the case of the Internal RT authentication, you can use your normal RT URL. However, if you are using External Web server authentication, you need to use the location URL created in the previous step.

  5. Take all the scrips in RT-SCRIPS.txt and add them to the Nagios queue (single queue mode) or to all appropriate queues (multi-queue mode). If path-helper.sh was executed, no modification should be necessary.

  6. Take the configuration from NAGIOS-CONFIG.txt and add it to your actual Nagios configuration. If path-helper.sh was executed, no modification should be necessary.

  7. In Nagios, add the RT contact to the host/services/contact groups you want tickets to be created when a problem occure.

  8. You are done configuring the RT/Nagios gateway, enjoy your new alert system.

Help?

Altough this software is under the GNU General Public License version 3 and comes with no warranty, if you ever need help, please feel free to contact us. We will do our best effort to try to help you.

Contact: Cedval Info Inc. 15-101 Boul. Don Quichotte, Suite 508 Ile-Perrot, Qc, Canada J7V 7X4

1-888-344-8281

info@cedvalinfo.com

[http://www.cedvalinfo.com]