08 November 2012

Get an SSL certificate and install it on your Nagios server. This is well documented in various places - a starting point is the Apache Web site.

Create a new directory called “nsubmit” in your Web server (depending on your distribution, you will probably have to create a new directory under /var/www/html or under /srv/www/htdocs or maybe some other location, especially if you are using a virtual host - check your Apache configuration for the correct location). Make sure the permissions are set correctly for Apache to serve this directory.

Place the following PHP script in this directory:

<?php
/*
Copyright (c) 2008-2012, North County Tech Center, LLC - all rights reserved.

Released under the GPL v3 or later versions.

This script will accept submissions from our script in the same format as
send_nsca produces them, but over an HTTP post.

We then submit it to send_nsca for processing. This gets around SELinux
restrictions on accessing the Nagios command file.
*/
header("Content-Type: text/plain");

$timestamp=time();

function send_nsca($data)
{
    $send_nsca_cmd="/usr/sbin/send_nsca -H localhost";

    $descriptorspec = array(
       0 => array("pipe", "r"),
       1 => array("pipe", "w"),
       2 => array("pipe", "w")
    );

    $process = proc_open($send_nsca_cmd, $descriptorspec, $pipes);

    if (is_resource($process)) {

        fwrite($pipes[0], $data."\n");

        fclose($pipes[0]);
        fclose($pipes[1]);
        fclose($pipes[2]);
        $return_value = proc_close($process);
    }
}

$raw_result=file('php://input');

foreach ($raw_result as $raw_line) {
    $raw_line=trim($raw_line);
    if (strlen($raw_line) > 0) {
        # Splitline will contain the individual elements of the line:
        # [0] = host
        # [1] = service
        # [2] = status
        # [3] = message
        $splitline=split("\t", $raw_line);
        $hostname=$splitline[0];
        # skip any "bogus" lines that don't contain actual data
        # Actually, 4 entries are required, but if the fourth
        # is missing, we can fill that in
        if (count($splitline) < 3)
            continue;
        if (count($splitline) < 4)
            $splitline[3] = "No output provided by plugin";

        if ($splitline[2] < 0) {
           $nagiosresultcode= -$splitline[2];
        } else {
           $nagiosresultcode= $splitline[2];
        }
        $raw_line=$splitline[0]."\t".$splitline[1]."\t".$nagiosresultcode."\t".$splitline[3];
        # $outputstring="[".$timestamp."] PROCESS_SERVICE_CHECK_RESULT;".$raw_line."\n";
        send_nsca($raw_line);
    }
}

# manufacture an additional entry that tells us where the IP address came from
if (strlen($hostname) > 0) {
    # get the IP address of the client if this is behind a proxy server.
    # If not, of course the standard REMOTE_ADDR will work
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
        $ip=$_SERVER["REMOTE_ADDR"];
    $remotehost=gethostbyaddr($ip);
    if ($remotehost==$ip || $remotehost=="") {
        $remotehost="---unknown---";
    }
    $raw_line=$hostname."\t0\t".$ip." - ".$remotehost;
    # $outputstring="[".$timestamp."] PROCESS_HOST_CHECK_RESULT\t".$raw_line."\n";
    send_nsca($raw_line);
}

?>
submit.php - Completed processing submitted check results.