Mail2Nagios, a Nagios status generator from mails

Submit review Recommend Print Contact Owner

Rating

2 votes

Favoured:

Current Version

1.0

Last Release Date

2016-09-01

Compatible With

Nagios 3.x

Owner

fledorze

Hits

6604

Files:

File	Description
Mail2Nagios.tar.gz	Mail2Nagios.tar.gz

Network Monitoring Software - Download Nagios XI

Log Management Software - Nagios Log Server - Download

Netflow Analysis Software - Nagios Network Analyzer - Download

This Perl tool can transform unformatted mails to NSCA messages or GED messages (EyesOf Network Generic Event Dispatcher).
It happens sometimes that the only way to monitor a system is to configure mail notification on it.
The idea is to transport this mails to a SMTP server that will compare them to rules based on regular expression (in the same way than Snort) and generate monitoring messages.
That is why you need to know Perl regular expressions.
The .forward file technique is used to forward the mail to Mail2Nagios script.
You may generate a mail to a administator email

# It requires on server on which Mail2Nagios is installed :
1- a properly MTA (postfix, exim, ..), able to accept mail to mail2nagios@yourdomain.com for example
2- the mailx MUA
3- a GED client if you want to use it
4- a send_nsca client.
5- Mail::Audit::Attach MIME::Base64 perl libraries
6- a local account mail2nagios with a .forward file in its home directory containing :
echo "|//Mail2Nagios/bin/mail2nagios.pl"

7- an adaptation of /etc/Mail2Nagios.cfg to your installation

8- your rules properly configured in /etc/Mail2Nagios.rules.
You will find the description of all fields ansd some examples in this file. You can use perl backreferences to configure the monitoring message. See examples.
Be careful : the first matching rule is used, no other rule is inspected.

# It requires too :
1- everything necessary to transport mails to the server above (especially, if mails are send from external, you may configure MX records, public SMTP servers, firewalls)

2- for NSCA messages, corresponding Nagios passive services on destination Nagios server

# A default monitoring message can be send if no matching rule was found, and eventually a mail notification, see /Mail2Nagios/etc/Mail2Nagios.cfg

# the logs are :
1- /home/mail2nagios/Mail2Nagios/log/mail2nagios.log : all what happened
2- /home/mail2nagios//Mail2Nagios/log/mail.number : the receiced mail.
You can replay them in debug or preview mode :
cat /Mail2Nagios/log/mail.number |/Mail2Nagios/bin/mail2nagios.pl -d
cat /Mail2Nagios/log/mail.number |/Mail2Nagios/bin/mail2nagios.pl -p

Or
cat /Mail2Nagios/log/mail.number |perl -d /Mail2Nagios/bin/mail2nagios.pl
3- /mail-audit.log : the logs generated by Mail::Audit perl module.

!! Don't forget to cleanup this logs. We use the following logrotate file :
/log/mail2nagios.log {
monthly
rotate 12
prerotate
find /log/ -name mail.* -ctime +30 |xargs rm -f
cat /dev/null > /mail-audit.log
endscript
}
# The rule syntax is the following :
#;;;;;;;;;;:
# Where :
# 1 - is the pattern to look for in the mail from address
# 2 - is the pattern to look for in the mail subject
# 3 - is the pattern to look for in the mail header
# 4 - is the pattern to look for in the mail body.
#
# 5- [([,])][|()]: methods and destinations.
# Method may be ged, nagios, redirect, ignore or external which may change alert parameters.
# Examples : - ged(veon2,p-veon2), redirect(toto@spie.com,titi@free.fr),external(/home/toto/myscript)
#
# The followings fields can be a character string or composed of extracted matches and mail parameters. Example :
# $From_$2 : means that this alert parameter is composed of the mail "From" and the the extracted match $2
# 6- that will appear as "EQUIPMENT" in GED and "Host" in Nagios
# 7- that will appear as "Service" in GED or Nagios
# 8- code (0 is OK, 1 is WARNING, 2 is CRITICAL) that will appear as "STATE" in GED and "Status" in Nagios
# 9- that will appear as "DESCRIPTION" in GED and "Status Information" in Nagios
# 10- that will appear as "COMMENTS " in GED when opening a alert detail
#
# NB : to a better lisibility of complex rules, you may split rules in several lines with '', insert comments or blank between these lines. In that case, the last field (details) should countain at least an alphabetic character (a bug not tyes fixed)

# The futur plan is to implement a better format for rules (XML on JSON)

Reviews (1)

LifeSaver

bydrvkumar81, September 30, 2016

We were able to configure the regex rules and setup alerts using this.
(had to use a online regex tester, as am not familiar with regexes)
Multiline output also works! just make sure you put
in description and use "echo -e" in .pm
We did the setup in same host where Nagios is installed and used the nsca binary in /usr/local/nagios.

Merci Fabrice!! :)

Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. The files and information on this site are the property of their respective owner(s). Nagios Enterprises makes no claims or warranties as to the fitness of any file or information on this website, for any purpose whatsoever. In fact, we officially disclaim all liability. We do, however, think these community contributions are pretty damn cool. Website Copyright © 2009-2024 Nagios Enterprises, LLC. All rights reserved.