Home Directory Addons Notifications Mail2Nagios, a Nagios status generator from mails

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me

Directory Tree

Mail2Nagios, a Nagios status generator from mails

2 votes
Current Version
Last Release Date
Compatible With
  • Nagios 3.x
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
This Perl tool can transform unformatted mails to NSCA messages or GED messages (EyesOf Network Generic Event Dispatcher).
It happens sometimes that the only way to monitor a system is to configure mail notification on it.
The idea is to transport this mails to a SMTP server that will compare them to rules based on regular expression (in the same way than Snort) and generate monitoring messages.
That is why you need to know Perl regular expressions.
The .forward file technique is used to forward the mail to Mail2Nagios script.
You may generate a mail to a administator email

# It requires on server on which Mail2Nagios is installed :
1- a properly MTA (postfix, exim, ..), able to accept mail to mail2nagios@yourdomain.com for example
2- the mailx MUA
3- a GED client if you want to use it
4- a send_nsca client.
5- Mail::Audit::Attach MIME::Base64 perl libraries
6- a local account mail2nagios with a .forward file in its home directory containing :
echo "|//Mail2Nagios/bin/mail2nagios.pl"

7- an adaptation of /etc/Mail2Nagios.cfg to your installation

8- your rules properly configured in /etc/Mail2Nagios.rules.
You will find the description of all fields ansd some examples in this file. You can use perl backreferences to configure the monitoring message. See examples.
Be careful : the first matching rule is used, no other rule is inspected.

# It requires too :
1- everything necessary to transport mails to the server above (especially, if mails are send from external, you may configure MX records, public SMTP servers, firewalls)

2- for NSCA messages, corresponding Nagios passive services on destination Nagios server

# A default monitoring message can be send if no matching rule was found, and eventually a mail notification, see /Mail2Nagios/etc/Mail2Nagios.cfg

# the logs are :
1- /home/mail2nagios/Mail2Nagios/log/mail2nagios.log : all what happened
2- /home/mail2nagios//Mail2Nagios/log/mail.number : the receiced mail.
You can replay them in debug or preview mode :
cat /Mail2Nagios/log/mail.number |/Mail2Nagios/bin/mail2nagios.pl -d
cat /Mail2Nagios/log/mail.number |/Mail2Nagios/bin/mail2nagios.pl -p

cat /Mail2Nagios/log/mail.number |perl -d /Mail2Nagios/bin/mail2nagios.pl
3- /mail-audit.log : the logs generated by Mail::Audit perl module.

!! Don't forget to cleanup this logs. We use the following logrotate file :
/log/mail2nagios.log {
rotate 12
find /log/ -name mail.* -ctime +30 |xargs rm -f
cat /dev/null > /mail-audit.log
# The rule syntax is the following :
# Where :
# 1 - is the pattern to look for in the mail from address
# 2 - is the pattern to look for in the mail subject
# 3 - is the pattern to look for in the mail header
# 4 - is the pattern to look for in the mail body.
# 5- [([,])][|()]: methods and destinations.
# Method may be ged, nagios, redirect, ignore or external which may change alert parameters.
# Examples : - ged(veon2,p-veon2), redirect(toto@spie.com,titi@free.fr),external(/home/toto/myscript)
# The followings fields can be a character string or composed of extracted matches and mail parameters. Example :
# $From_$2 : means that this alert parameter is composed of the mail "From" and the the extracted match $2
# 6- that will appear as "EQUIPMENT" in GED and "Host" in Nagios
# 7- that will appear as "Service" in GED or Nagios
# 8- code (0 is OK, 1 is WARNING, 2 is CRITICAL) that will appear as "STATE" in GED and "Status" in Nagios
# 9- that will appear as "DESCRIPTION" in GED and "Status Information" in Nagios
# 10- that will appear as "COMMENTS " in GED when opening a alert detail
# NB : to a better lisibility of complex rules, you may split rules in several lines with '', insert comments or blank between these lines. In that case, the last field (details) should countain at least an alphabetic character (a bug not tyes fixed)

# The futur plan is to implement a better format for rules (XML on JSON)
Reviews (1)
bydrvkumar81, September 30, 2016
We were able to configure the regex rules and setup alerts using this.
(had to use a online regex tester, as am not familiar with regexes)
Multiline output also works! just make sure you put
in description and use "echo -e" in .pm
We did the setup in same host where Nagios is installed and used the nsca binary in /usr/local/nagios.

Merci Fabrice!! :)