本文分享Splunk透過「Splunk for Nagios」App與Nagios進行整合之實作經驗
[Lab Information]
此實作範例已事先安裝Nagios及Splunk forwarder於同一台主機上，其相關方式可參閱下列文章：
・[Day02 - Nagios] Install Nagios on RHEL platform
・[Day17 - Splunk] Install Forwarder on RHEL platform
主機資訊如下：
OS: Rat Hat Enterprise Linux 6.2 64 bit
Linux Kernel: 2.6.32
CPU Type: Intel Xeon CPU E5-2620 2.00GHz
CPU Core: 8
Memory: 16GB
Universal Forwarder version: 5.0.4
OS root password: 12345678
IP: 192.168.0.102
Splunk Forwarder admin password: changeme
Package directory: /root/plugin
Splunk Forwarder directory: /opt/splunkforwarder

[Configure Nagios]
Splunk是透過「Splunk for Nagios」App與Nagios進行整合，故前置作業需於Nagios Server進行組態設定，可參閱下列步驟：

1. 編輯檔案：/usr/local/nagios/etc/nagios.cfg，並新增下列資訊：

   vim /usr/local/nagios/etc/nagios.cfg
   #Add or amend the following lines in "/usr/local/nagios/etc/nagios.cfg" file.
   perfdata_timeout=5
   process_performance_data=1
   host_perfdata_command=nagios-process-host-perfdata
   service_perfdata_command=nagios-process-service-perfdata
   host_perfdata_file_mode=a
   service_perfdata_file_mode=a
   host_perfdata_file_processing_interval=86400
   service_perfdata_file_processing_interval=86400
   host_perfdata_file_processing_command=nagios-process-host-perfdata-file
   service_perfdata_file_processing_command=nagios-process-service-perfdata-file

2. 編輯檔案：/usr/local/nagios/etc/objects/commands.cfg，並新增下列資訊：

   vim /usr/local/nagios/etc/objects/commands.cfg
   #Add or amend the following lines in "/usr/local/nagios/etc/objects/commands.cfg" file.

   'nagios-process-host-perfdata' command definition

   define command{
   command_name nagios-process-host-perfdata
   command_line /usr/bin/printf "%b" "$TIMET$ src_host="$HOSTNAME$" perfdata="HOSTPERFDATA" hoststate="$HOSTSTATE$" attempt="$HOSTATTEMPT$" statetype="$HOSTSTATETYPE$" executiontime="$HOSTEXECUTIONTIME$" reason="$HOSTOUTPUT$" result="$HOSTPERFDATA$"\n" >> /usr/local/nagios/var/host-perfdata
   }

   'nagios-process-service-perfdata' command definition

   define command{
   command_name nagios-process-service-perfdata
   command_line /usr/bin/printf "%b" "$TIMET$ src_host="$HOSTNAME$" perfdata="SERVICEPERFDATA" name="$SERVICEDESC$" severity="$SERVICESTATE$" attempt="$SERVICEATTEMPT$" statetype="$SERVICESTATETYPE$" executiontime="$SERVICEEXECUTIONTIME$" latency="$SERVICELATENCY$" reason="$SERVICEOUTPUT$" result="$SERVICEPERFDATA$"\n" >> /usr/local/nagios/var/service-perfdata
   }

   'nagios-process-host-perfdata-file' command definition

   define command{
   command_name nagios-process-host-perfdata-file
   command_line /bin/cat /dev/null > /usr/local/nagios/var/host-perfdata
   }

   'nagios-process-service-perfdata-file' command definition

   define command{
   command_name nagios-process-service-perfdata-file
   command_line /bin/cat /dev/null > /usr/local/nagios/var/service-perfdata
   }

3. 編輯檔案：/usr/local/nagios/etc/objects/templates.cfg，並新增下列資訊：

   vim /usr/local/nagios/etc/objects/templates.cfg
   #Add or amend the following lines in "/usr/local/nagios/etc/objects/templates.cfg" file.
   process_perf_data 1 ; Process performance data

4. 透過下列指令檢查Nagios設定檔是否正確：

   /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

5. 重新載入Nagios設定檔即可

   /etc/init.d/nagios reload

以上步驟執行完畢將於目錄：/usr/local/nagios/var下新增檔案：host-perfdata及service-perfdata，如下列紅框處示：

下一篇文章將延續此議題，分享於Nagios Server安裝mk-livestatus套件

[Reference]
Nagios integration
Main Configuration File Options
Performance Data
Host Definition
Service Definition