OK, Now you have a server being monitored over the WAN, you want to monitor the rest of the devices in that organisation; right? The problem here, is that you can only monitor whatever you forward port 12489 – wrong.

12489 is the port used by the default “check_nt!” command which is found in “commands.cfg” (towards the bottom).

# ‘check_nt’ command definition
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s securepassword -v $ARG1$ $ARG2$
}

You will see here, the -p 12489 which is the port your nagios server will try to get data from on the external ip, i.e. if ExternalIP:12489 is going to Server1, you can bet that Server1 will be sending data back, not Server2.

The way to change this, is in the Server2 config, instead of using “check_nt!check_cpu”, use a seperate command that specifies to use a different port which will be port forwarded to Server2, for example port 10001.

In commands.cfg, you will need to create a “check_nt2!” if you like, and change the port like so:

define command{
command_name check_nt2
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 10001 -s securepassword -v $ARG1$ $ARG2$
}

Now, on the firewall at the client site, forward port 10001 to the IP of Server2. Finally, in the Windows-server.cfg file (or Server2.cfg etc), instead of defining commands using check_nt!, use the newly created check_nt2! command, like so:

define service{
use generic-service
host_name Server2
service_description Avast Update Service
check_command check_nt2!PROCSTATE!-d SHOWALL -l aswUpdSv.exe
}

This is all you need to do on the Nagios Server. Now, on SERVER2, you must install NSClient++ and configure etc as mentioned in my earlier blog. However, in NSC.ini, you need to edit the port that NSclient.dll listens on to the new port, 10001, like so:

[NSClient] ;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are allowed to talk to NSClient deamon.
; If you leave this blank the global version will be used instead.
;allowed_hosts=
;
;# NSCLIENT PORT NUMBER
; This is the port the NSClientListener.dll will listen to.
port=10001

Restart the NSClient++ service and bingo you will now be able to monitor multiple servers behind a single external IP using port forwarding.

In my next blog, i will talk about the different services and things we can monitor, ranging from Exchange 03/07 through to BackupExec and other programs.

Enjoy!

sam