There are three normal ways to do this.
1) Use NSCA. Install NSCA on your Nagios server, and send passive alerts from the machines in question. Obviously this is a problem if the machines go down as they won't be able to send alerts. This is the simplest, and secure, but unreliable.
2) Use an NRPE (or ssh) relay host. Install NRPE on a separate host behind the firewall, and set up access inbound through the firewall (with port forwarding if necessary) to allow only your Nagios server to talk to the NRPE port on this relay server. Then, have the Nagios server run the tests on the relay server via NRPE. This is the most reliable, but is a bit more complex and requires an inbound connection.
3) Use a forwarding Nagios server. Install a small instance of Nagios on a server behind the firewall to monitor the firewalled hosts. This server uses the ocsp_handler to forward all results via NSCA to the real Nagios host, which has a freshness check set to set these passive services to Unknown if no status is received for (eg) 10 minutes. This is the most complex, but is the accepted way of achieving this in a secure and reliable method.
|