> > On 5 May 2009, at 19:29, Dennison Williams wrote: >> > Hello all, >> > >> > I am converting a vanilla nagios system to opsview. A large part of >> > my previous setup was done through passive service checks via >> > send_nsca. My monitored hosts are on completly seperate networks >> > then my monitoring server and I would like a way to collect passive >> > host check results in a secure way. Earlier today I was advised >> > against using send_nsca with opsview and I was wondering how other >> > opsviewers out there are managing their passive service checks? >> > > Opening up the use of send_nsca can introduce insecurities into your > system - you can do it if you can protect you server in other ways, > such as allow a limited set of clients send data via nsca and > encryption on the link with a common password. We use nsca to get > data between the slaves and the master, so you have to be careful not > to break that set up to (if you use slaves). > > However, this is outside of our recommended use so currently you'd be > on your own doing it this way and any changes you make to code would > likely be undone on the next upgrade. > >
OK. When you say upgrade do you mean actually upgrade of opsview revision? Or do you mean when opsview overwrites the nsca config file? I have implemented security both with hosts.allow and with a password for nsca. I noticed that the /usr/loca/nagios/etc/nsca.cfg file got overwritten after I had made changes. I think this is realted to my earlier post about /usr/loca/nagios/etc/htpasswd* files getting thier permissions changed. > You could set up your own nsca daemon on a different port (perhaps > using our nsca daemon binary with your own config file) so that > upgrades would not affect it, but again its up to you to keep secure. > > Running a totally separate nsca process here with a config file in a location that does not get overwritten by opsview seems like the way to go. But I am curious. Why does this file get overwritten and is this configurable? Sincerely, Dennison Williams > Duncs > > -- Duncan Ferguson Senior Developer _______________________________________________ Opsview-users mailing list [email protected] http://lists.opsview.org/listinfo/opsview-users
