Monitoring Tool: Amazon EC2 plugins for Nagios

SecludIT has published two plugins for monitoring Amazon EC2 with the Nagios Open Source monitoring solution. These plugins are available on Nagios Exchange under the Apache2 License . Both Nagios plugins are written in Ruby on top of the Amazon EC2 Ruby Gem library and use HTTP Query API calls to Amazon API endpoints.

Nagios Plugins for Amazon EC2

Nagios Open Source monitoring solution consists of various Nagios projects as follows:

  • Nagios Core: the open source monitoring engine and multiple APIs for extending core functionality
  • Nagios Plugins: efficient, standalone extensions that provide low-level intelligence for monitoring everything with Nagios Core

Contrarily to traditional IT infrastructures, Cloud Computing stacks (such as Amazon EC2) allow server monitoring through their programming interfaces (APIs), meaning that:

  • you do not need to install and maintain agents on the servers (for example, no need for SNMP agents installation and configuration)
  • you do not need to configure and protect a privileged access to the servers (for example, no remote SSH tunnels)

The plugins we provide illustrate these advantages. Without agents, you can:

  • know the status of your servers (running, stopped, starting, stopping)
  • get metrics of your servers (CPU, Network traffic and disk usage)

Check Amazon EC2 Instance status plugin

The Check AWS EC2 Instance Status plugin allows to retrieve the status of Amazon EC2 Instances. This is a Nagios active check that takes the Amazon API endpoint and an Amazon EC2 Instance ID as input parameters, connects to the Amazon API endpoint through HTTP Query API calls and retrieve the status of an Amazon EC2 Instance.

Get Amazon CloudWatch metrics plugin

The Get Amazon CloudWatch metrics plugins allows to retrieve metrics from Amazon CloudWatch. This is a Nagios active check that takes the Amazon API endpoint, an Amazon EC2 Instance ID and the CloudWatch metric as input parameters, connects to the Amazon API endpoint through HTTP Query API calls and retrieve the value of the metric for the Amazon EC2 Instance.

Security

As these two Nagios Plugins requires Amazon Credentials (Access Key ID and Secret Access Key) to connect to Amazon APIs endpoints we must ensure that the Amazon Credentials are encrypted (that is, not stored in clear on the disk) and permissions for the encryption key and the encrypted credentials must be restricted to the user or daemon running the plugins. Moreover, our plugins only require a read-only access to the Amazon APIs endpoints, therefore we highly recommend the use of AWS Identity and Access Management (IAM) to generate read-only Amazon Credentials. We have written a blogpost on how to generate read-only Amazon EC2 Credentials.

Amazon EC2 security monitoring using SecludIT’s Elastic Detector

SecludIT uses Nagios on Elastic Detector, a Security and Monitoring Tool for Amazon EC2. The two Nagios Plugins (that we gave to the community) are used in Elastic Detector to get the status and metrics of Amazon EC2 instances. This information is one of the inputs to our detection engine, and is complemented by other security related information such as Amazon EC2 Security Groups analysis and open ports. Therefore, Elastic Detector is agentless and detects Amazon EC2 security related events.

Feel free to try out our Nagios plugins and Elastic Detector and let us know what do you think.

/fred

About these ads

7 thoughts on “Monitoring Tool: Amazon EC2 plugins for Nagios

      • Hi Scott,

        Of course Elastic Detector contains the plugin we gave to the community. Everything is automatically discovered and configured in less than 5 minutes.

        Last time I tried the Nagios XI virtual machine, the plugins were not included and I had to manually add and configure everything.

        Hope this helps.

  1. It looks like the nagios monitor for cloudwatch is linked to the instance check plugin. Can anyone direct me to the cloudwatch check? Thanks for writing this!

  2. I have tried to retrive cloud watch metrics in nagios using the plugin provided by you. For EC2 instance its works grt, but for RDS am getting below error. Please look into it

    Error occured while trying to retrieve CloudWatch metrics statistics: undefined method `elements’ for nil:NilClass

    • Hi,

      Could you please, tell me more on your issue?
      What is the exact command line you used and which RDS metric you tried to retrieve?

      Feel free to contact me on my professional email: fred@secludit.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s