NEMS Linux – Nagios Enterprise Monitoring Server for Raspberry Pi 3

NEMS Linux – Nagios Enterprise Monitoring Server for Raspberry Pi

Important Note: NEMS started as a small project here on my blog, but since has grown into a full-fledged distro! The blog therefore is here for historical purposes, but for the most current information, please visit the NEMS Linux web site: nemslinux.com


NEMS is a modern pre-configured, customized and ready-to-deploy Nagios Core image designed to run on the Raspberry Pi 3 micro computer. At its core it is a lightweight Debian Stretch deployment optimized for performance, reliability and ease of use.

NEMS is free to download, deploy, and use. Its development however is supported by its community of users. Please consider contributing if you can.

Please Note: NEMS is a very ambitious project, and I’m just one guy. Please consider throwing a little gift in my Tip Jar if you find NEMS saves you time or money. Thanks!

Support
[NEMS Documentation]
[NEMS Community Forum]
[NEMS User Comments]

Index

NEMS 1.1 Featured on Category5 Technology TV

 

If you like NEMS, please donate: donate.category5.tv

The Out-Of-The-Box NEMS Experience:

Buy The Needed Hardware

Raspberry Pi 3 Nagios ServerRaspberry Pi 3 are very affordable, and using our Micro SD image, you simply buy the device, “burn” the image to the Micro SD card, and boot it up.

Here’s our link to buy the device you’ll need, complete with the Micro SD card, a power adapter, a good solid case, and more: shop.category5.tv

Please buy it through that link, or let me know if you need a customized link to a different model. We get a small percentage of the sale, and it helps to make it possible to offer this as a free download.

Who Creates NEMS:
Robbie Ferguson is the host of Category5 Technology TV. He’s the kind of guy who when he figures stuff out, he likes to share it with others. That’s part of what makes his show so popular, but also what makes NEMS possible.

Support What I Do:
This project is a part of something much bigger than itself, and we’re all volunteers. Please see our Patreon page for information about our network.
– Please support us by simply purchasing your Raspberry Pi at https://cat5.tv/pi
– We have some support links on the NEMS menu, such as buying from Amazon using our partner link. Please use these every time you use those stores. A small percentage of your purchase will go toward our projects.
– Your donations are VERY MUCH appreciated – https://donate.category5.tv – Please consider how many hours (and hours) of work this project has saved you, and how much you’ll save on hardware and even electrical costs as you consider contributing
– Our network also has a Patreon page – Please consider becoming a patron – https://patreon.com/Category5

5 1 vote
Article Rating
Subscribe
Notify of
guest
456 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Daniel Cheah
Daniel Cheah
4 years ago

Hi Robbie,
Is there a way to upload custom image files for different OS ? As I would like to add CentOS logo via NConf. Many thanks in advance.

Daniel Cheah
Daniel Cheah
4 years ago

Thanks for the prompt reply & noted, will post it there. Many thanks again.

Nspc
Nspc
5 years ago

How too add monitoring router or switch?

Alin
Alin
5 years ago

Hi Robbie,`works fine but I can not access http://192.168.33.10/Check_MK -“The requested URL /Check_MK was not found on this server.”

Omar
Omar
6 years ago

Hi Robbie, I get the same messages here. I was running 1.2.3 for a couple weeks, backed up configs, created a new sd with NEMS 1.3 and walked throug the nems-init side, no errors. I can access the MOTD page and can log in into Nagios but any attempt to go into config ends with SSL errors. Can i help more to track this issue?

Richard
Richard
6 years ago

I have the same problem as Dave. I cannot access NEMS 1.3 with Chrome, Edge or IE. I have had NEMS installed before but this is a new install with new IP.

Dave
Dave
6 years ago

I cannot access the System settings tool, SSL config was filled out completely. Is it possible to disable SSL for the page somehow?

Dave
Dave
6 years ago

Robbie,

This is a new deployment.
New IP, since it’s a new install
Your connection is not private

Attackers might be trying to steal your information from nems (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_INVALID
Subject: *.nems.local
Issuer: *.nems.local
Expires on: Sep 16, 2027
Current date: Nov 8, 2017

It looks like all pages fail with a similar error.
then only cert creation entry I’m not sure about is state, should it be PA or Pennsylvania?

Thanks,
Dave

Dave
Dave
6 years ago

Robbie,

I have tried Vivaldi, Chrome and MS Edge, none of the browsers offer to add an exception when you click advanced.

Full Text from Chrome and Vivaldi:

Your connection is not private

Attackers might be trying to steal your information from nems (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_INVALID
ReloadHIDE ADVANCED
nems normally uses encryption to protect your information. When Vivaldi tried to connect to nems this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be nems, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Vivaldi stopped the connection before any data was exchanged.

You cannot visit nems right now because the website sent scrambled credentials that Vivaldi cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

What browser are you using that you are able to add an exception? I can also provide screenshots if that will help.

Thanks,
Dave

baggins
baggins
6 years ago

Hi,
I wanted to try out NEMS, so I got myself a Kingston 64GB micro SDXC card and installed the image on it.
After booting I ran top and saw that the cpu load average was over 8. This slowly decreased and after a day(!) it was down to 1.8. The system behaved extremely sluggish when I ran nems-init. The web interface was almost unusable.
I had another 8GB card lying around and installed NEMS on that one. The system worked flawlessly with that card (cpu load around 0.2).
So I wonder if the rpi and NEMS can cope with large SD cards?
Is there anything I can check to find out what is going on?
Thanks.

baggins
baggins
6 years ago

OK, Ill get me a 32GB card.
Thanks Robbie.

steve
steve
6 years ago

Robbie,

Thanks so much for this open source project! I haven’t spent much time with it yet, but I do have a lot of experience with nagios and system administrator and am looking forward to getting my hands dirty with this. Here is some initial feedback I have from my first 24 hours with NEMS:
1) PLEASE include a configuration step in the documentation or add it to the nems-init script, an option to set the locale / keyboard. After I set my passwords, I couldn’t login from my workstation to anything (nconf, webmin, ssh, etc.) except for nagvis (obviously because that password isn’t set during nems-init), but I could login to the pi using a directly connected keyboard. Come to find out, the locale/keyboard is set to GB! Not a big deal, so long as you give the option to change it during setup is all. I didn’t even think to check that at first.
2) Alllll of the login pages except for webmin are over http. Please change everything to be using https by default and have any http requests redirected to https (using mod_rewrite, as an example). It doesn’t matter if people need to generate their own certificates afterwards or maybe you could even have “let’s encrypt” be a part of the configuration process. Logins shouldn’t happen over http *ever*, even if it’s on your local network.
3) Please change the line in your nems-init script where you’re using htpasswd to add the switch “-B”. By not specifying the algorithm, you are allowing the default of MD5 to be used, which is insecure.

That’s all for now. Thanks again!
-Steve

Joern
Joern
6 years ago

How can I change the call NEMS.local to a DynDNS name, so that I can access the web front end from remote ?
Thx in advacne for your help and your great support.

Joern
Joern
6 years ago

Dear Robbie, thx for the quick reply. I‘m quite a bit savvy, but not a deep expert… 😉

Joern
Joern
6 years ago

good idea. will give it a try

xXAzazelXx
xXAzazelXx
6 years ago

Hey Robbie,

Sorry but how do i go about monitoring another RaspberryPi on the network with NEMS?
I googled and installed SNMP on RaspberryPi but the advanced services like CPU Load , / Disk Space , Uptime SNMP
do not work 🙁

xXAzazelXx
xXAzazelXx
6 years ago

Thank you for the reply,

I’ve followed those, but I still get errors in NEMS

CPU Load, connect to address 192.168.2.17 and port 12489: Connection refused

Memory Usage, connect to address 192.168.2.17 and port 12489: Connection refused

Uptime,CRITICAL – Plugin timed out while executing system call .

Both Pis have been restarted

xXAzazelXx
xXAzazelXx
6 years ago

As a test I have installed “nagios-nrpe-server nagios-plugins” and edited “allowed_hosts” with 192.168.2.0/24 on another pi with same result.

I assume that CPU Load, Check the root filesystem disk space, Uptime inbuilt NEMS services should work with no modifications? I’m very green at the Nagios, I’ve just went in to hosts in NConf –> Show –> Show Services –> Advanced Services (directly linked) and moved “/ Deisk Space, CPU Load, Memory Usage, Swap Usage, Uptime SNMP (up time)”

The 2nd test pi has fail2ban but all nothing special in iptables to block.

Yeha i’m sorry i dont really want to give out SSH access to my pi, I would prefer the quick test tool. Thank you so much!!

Linux RaspberryPi 4.9.35-v7+ #1014 SMP Fri Jun 30 14:47:43 BST 2017 armv7l GNU/Linux

xXAzazelXx
xXAzazelXx
6 years ago
Reply to  xXAzazelXx

Any luck mate 🙂 ?

Nick Arellano
Nick Arellano
6 years ago

I’ve never used Nagios for monitoring before, of all the tools bundled in NEMS, how much of it is accessible with a REST api?

Nick Arellano
Nick Arellano
6 years ago

Is there any information about how many hosts or clients that NEMS is designed to manage?

Nick Arellano
Nick Arellano
6 years ago

I might just have to try it out and see what it can do 🙂 in our network infrastructure we could potentially hit that higher range of hosts.

Carl
Carl
6 years ago

I have several different vlans on my network. I setup NEMS on my 10.10.60.x server vlan and I can’t access it from my 10.10.50.x workstation vlan. If I start a ping from my workstation to my NEMS server it will reply once eth0 enables for about 5 ping then it starts dropping. Is there a internal firewall that I need to disable on the system so all my networks can talk to it?

Kevin
Kevin
6 years ago

Really think we need a forum and/or wiki…

Anyways, I used Webmin to set static IPs, IPv4 and IPv6 addresses.. They don’t take…

Mind you I had this same issue on Raspbian, I was hoping I didn’t with NEMS.. What am I missing?

Hesh
Hesh
6 years ago
Reply to  Kevin

Here’s how i resolved the ‘secondary eth0’ concern…

Using PuTTY, I ran the ‘ip -4 addr show dev eth0 | grep inet’ command and it initially displayed…

@NEMS:~# ip -4 addr show dev eth0 | grep inet
inet 192.168.xxx.xxx/24 brd 192.168.1.255 scope global eth0
inet 192.168.xxx.xxx/24 brd 192.168.1.255 scope global secondary eth0

Afterwhich I ran the ‘sudo nano /etc/network/interfaces’ command and COMMENTed out all STATIC IP Interface references.

# auto eth0
# iface eth0 inet static
# address 192.168.xxx.xxx
# netmask 255.255.255.0
# gateway 192.168.xxx.xxx

… then SAVEd that file, and proceeded to do a ‘sudo nano /etc/dhcpcd.conf’ and add the entries at the bottom of that file…

interface eth0
static ip_address=192.168.xxx.xxx/24
static routers=192.168.1.1
static domain_name_servers=192.168.xxx.xxx 8.8.8.8

… then SAVEd the file, ran a ‘sudo shutdown -r now’.

When NEMS rebooted, I re-ran the ‘ip -4 addr show dev eth0 | grep inet’ command from PuTTY once more, and it then displayed, minus the ‘secondary eth0’ reference …

@NEMS:~# ip -4 addr show dev eth0 | grep inet
inet 192.168.xxx.xxx/24 brd 192.168.1.255 scope global eth0

The reference material used to come to this conclusion was…
https://raspberrypi.stackexchange.com/questions/37920/how-do-i-set-up-networking-wifi-static-ip-address

… and

https://raspberrypi.stackexchange.com/questions/32516/multiple-ip-addresses-being-assigned

ChorleyCake
ChorleyCake
6 years ago

How can I check a non standard port using check_http?

ChorleyCake
ChorleyCake
6 years ago

Thanks robbie, its very hard going on the old brain. I’v had a manual install of nagios 4.something on a rpi for probably a year mainly to monitor my cctv system. I did the usual, ammend the windows.cfg with my pc & same with the printer…couldn’t get to grips with it. updated it to 4.3.2 the other day, struggled with lilac-reloaded..doesn’t work. Found your distro, wow.. within a few hours practically every device configured!
I’m still learning linux in general but i find the nagios help pages very difficult to digest.
In my nagios4 (can’t remember location, think /usr/local/nagios/??) like the printers.cfg, windows.cfg and the files in in the folder above.. Where are they now? Can nconf create new commands? Otherwise where are the services.cfg?
Thankyou.