Frequently Asked Questions - nagwin

You need to increase the number of php-cgi processes (default is 1, parent process, terminates under heavy load)

  • run the following command from a command window (run as administrator):

setx PHP_FCGI_CHILDREN 2 /M

  • Restart Nagwin_Phpfcgi service
This will increase the number of working php-cgi processes to 2 (You may see up to three php-cgi processes in the task list as the one is parent process managing the others) and should be enough for most uses. You may increase it if your implementation still suffers.

Related background information FastCGI PHP:

There are a few tuning parameters that can be tweaked to control the
performance of FastCGI PHP. The following are environment variables that can
be set before running the PHP binary:

PHP_FCGI_CHILDREN  (default value: 0)

This controls how many child processes the PHP process spawns. When the
fastcgi starts, it creates a number of child processes which handle one
page request at a time. Value 0 means that PHP willnot start additional
processes and main process will handle FastCGI requests by itself. Note that
this process may die (because of PHP_FCGI_MAX_REQUESTS) and it willnot
respawned automatic. Values 1 and above force PHP start additioanl processes
those will handle requests. The main process will restart children in case of
their death. So by default, you will be able to handle 1 concurrent PHP page
requests. Further requests will be queued. Increasing this number will allow
for better concurrency, especially if you have pages that take a significant
time to create, or supply a lot of data (e.g. downloading huge files via PHP).
On the other hand, having more processes running will use more RAM, and letting
too many PHP pages be generated concurrently will mean that each request will
be slow.

PHP_FCGI_MAX_REQUESTS (default value: 500)

This controls how many requests each child process will handle before
exitting. When one process exits, another will be created. This tuning is
necessary because several PHP functions are known to have memory leaks. If the
PHP processes were left around forever, they would be become very inefficient.

As you use Nagwin to monitor other hosts, you may wonder how the Nagwin itself can be monitored. This can be achieved by checking status.dat file age and existence of key processes. Here is a recipe to establish an out-of-band monitoring of Nagwin:

  • Make sure that your Nagwin installation is configured to send notifications. See FAQ for instructions.
  • Create bin/check_nagwin.sh script with the content below (Unix-format):
#!/bin/bash
# customize - start
server=smtp.server
# customize - end
 
instroot=$(cygpath -m /)
logdir=/var/log/check_nagwin
mkdir -p $logdir
logfile=$logdir/$(date +"%d").log
echo "***" `date` >> $logfile
 
# Function to report failure, message body as argument
CheckFail ()
{
printf "$1" | /bin/blat - -to $to -f $from -subject "Nagwin is not operational" -server $server >> $logfile
exit 1
}
 
# Function to check a process, process name and expected number of instances as arguments
CheckProcess ()
{
/plugins/check_winprocess --filter "imagename eq $1.exe" --compare lt --critical $2 >> $logfile
if (($? > 0)); then
CheckFail "Must be at least $2 $1 process(es) running."
fi
}
 
# check status.dat age
/plugins/check_winfile --target "$instroot/var/opt/nagios/status.dat" --filter "age lt -15 minutes" --critical 1 --compare eq >> $logfile
if (($? > 0)); then
CheckFail "Nagios status.dat getting old."
fi

# check processes

CheckProcess nagios 4
CheckProcess nginx 2
CheckProcess php-cgi 1
CheckProcess cgi2fcgi-wrapper 1
printf "\n" >> $logfile

You need to customize mail configuration (red) according to your setup. The script above checks if status.dat is updated within the last 15 minutes and if key processes are running with an expected number of intances. It will send an e-mail if any of the criteria are not met. Results from checks will be logged in /var/log/check_nagwin directory in a rotating manner for days of a month.

  • Create a Windows scheduled task by using the following command:

schtasks /create /sc minute /mo 15 /tn check-nagwin /tr "nagwin-inst-dir\bin\bash.exe -c /bin/check_nagwin.sh"

This command will create the scheduled task check-nagwin running the script above each 15 minutes.

Nagwin Product Edition only.

As of version 2.4.0, Nagwin's Nginx web server has built-in support for LDAP authentication allowing you to use AD authentication. Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
  • Replace every occurence of
auth_basic "Restricted";
auth_basic_user_file htpasswd;
 
by
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
NB! if you want basic authentication still available, you can simply add the ldap directives above instead of replacement. It is also possible to use groups. Check example configuration link below for more details.
 
  • Make sure that contact information is defined in the Nagios configuration for each AD user
  • Restart Nagwin_Nginx service
 
Useful links:
 

Nagwin's Nginx web server has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         80;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri;
}
 
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart Nagwin_Nginx service
Useful links:
 

FAQ

 

That may happen if your account is not properly defined as a user recognizable by the Cygwin layer, which provides user/group facilities. Try steps below:

 

  • Open a bash prompt by clicking <inst. directory>/bin/bash.exe
  • Run following commands:

 

mkpasswd > /etc/passwd

mkgroup > /etc/group

 

 

  • Nagwin has blat smtp mailer included. The first step is to let blat save your smtp server settings for later use:

bin/blat -SaveSettings -f from-address -server your.smtp.server [ -u login -pw password ]

 

  • You need also to specify your e-mail address for the contact nagiosadmin in etc/nagios/nagwin/contacts.cfg:

define contact{
        contact_name   nagiosadmin ; .....
        use generic-contact ; .....
        alias  Nagios Admin ; .....

        email ******@******    ; << CHANGE THIS TO YOUR EMAIL ADDRESS
}

 

  • As a last step, You need to update smtp server information in two notification commands etc/nagios/nagwin/commands.cfg:

# 'notify-host-by-email' command definition
define command{
    command_name    notify-host-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/blat - -to $CONTACTEMAIL$ -subject "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -server smtp.server
    }

# 'notify-service-by-email' command definition
define command{
    command_name    notify-service-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /bin/blat - -to $CONTACTEMAIL$ -subject "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -server smtp.server
    }

Replace smtp.server by name/ip of your smtp server (your Exchange server for example). Make sure that your smtp server is configured to accept smtp requests from Nagwin machine.

  • Restart the Nagwin_Nagios service to apply changes.

 

You can issue the command below to test if your mail notification works:

echo "Test message" | bin\blat - -to mail@address -f from@address -subject "Test mail" -server smtp.server

 

You may observe that the Nagios web interface is not available directly via http://localhost, http://hostname or http://ip-address, because of the standard http port 80 is occupied by an other web server (IIS for example). The procedure below helps you to configure Nagwin web server to listen to an alternative port:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf:
....   
server {
 listen 80; <-- replace by a new port, 2080 for example
        server_name  localhost;
....

  • Restart Nagwin_Nginx service.

Default password for the nagiosadmin user is nagios. It is strongly recommended that you change the password by using the procedure below:

  • Open a DOS command prompt
  • Change working directory to the Nagwin installation directory\bin (C:\Program Files\ICW\bin by default)
  • Run the following command to update the password:

htpasswd2 -b /etc/nginx/htpasswd nagiosadmin new-password