OpenSuSE Linux 10.3 - SNMP patch update monitoring with Nagios

Monitoring the OpenSUSE Linux 10.3 online patch updates with Nagios through SNMP

by Frank4DD, @2009

This quick tutorial is an update based on the tutorial for monitoring patch updates on SUSE Enterprise Linux Server 10, which can be found here.
The main difference is the OS updater: in SLES10, we use rug, the command line interface for the Novell ZENworks Linux Management Agent. With OpenSuse 10.3, I found rum. No, not the drinkable solution to all our problems including patching, but a rug-like command line interface for YUM. YUM, which stands for YellowDog Update Modified, is an automatic update and package manager for rpm systems. It is available as a optional installable package in OpenSuse.

Check the 'yum' update service repositories are set up

susie3:~ # yum repolist
opensuse-nonoss           100% |=========================|  951 B    00:00
primary.xml.gz             31% |=======                  |  24 kB  
primary.xml.gz            100% |=========================|  77 kB    00:00
opensuse-n:                                                    1/14
...
opensuse-n: ################################################## 140/140
repo id              repo name                                 status
opensuse             openSUSE-10.3-FTP                         enabled
opensuse-nonoss      openSUSE-10.3-FTP-NonOSS                  enabled
opensuse-updates     openSUSE-10.3 Updates                     enabled

susie3:~ # rum repos

ID               | Name                     | Enabled
-----------------+--------------------------+--------
opensuse         | openSUSE-10.3-FTP        | Yes
opensuse-nonoss  | openSUSE-10.3-FTP-NonOSS | Yes
opensuse-updates | openSUSE-10.3 Updates    | Yes

Now we chan check if there are any outstanding patches available for our system:

susie3:/srv/app/nagios/libexec # rum lu

Repository       | Name        | Current Version | Updated Version
-----------------+-------------+-----------------+-----------------
opensuse-updates | ipsec-tools | 0.6.5-104       | 0.6.5-104.3.i586

Place the script check-rum-update.pl on the OpenSuse system to produce Nagios-usable output

susie3: ~ # /usr/local/bin/check-rum-update.pl --run-rum
WARNING - 1 update(s) available: ipsec-tools Version 0.6.5-104.3.i586

susie3: ~ # rum update

Resolving dependencies...
The following packages will be upgraded:
  ipsec-tools-0.6.5-104.3.i586 (opensuse-updates)
Running Transaction Test
Transaction Test Succeeded

100% ####################, (1/2) Updating: ipsec-tools
100% ####################, (2/2) Cleanup: ipsec-tools

Transaction Finished

susie3: ~ # rum lu

--- No updates found ---

Enable the 'check-rum-update.pl' script to report results through snmpd and the NET-SNMP Extend MIB

susie3:/etc/snmp # echo "extend nagiosupdate /usr/local/bin/check-rum-update.pl --run-rum"
 >> snmpd.conf
susie3:/etc/snmp # /etc/init.d/snmpd restart
Shutting down snmpd: done
Starting snmpd 

susie3:/etc/snmp # snmpwalk -t 30 -v 2c -c myread 127.0.0.1 NET-SNMP-EXTEND-MIB::
nsExtendOutputFull.\"nagiosupdate\"
NET-SNMP-EXTEND-MIB::nsExtendOutputFull."nagiosupdate" = STRING: OK - system is up to date

Get, install and configure the check_snmp_extend.sh Nagios plugin on the Nagios server

m08460:/srv/app/nagios/libexec # ls -l check_snmp_extend.sh
-rwxr-x--- 1 nagios nagios 1979 2008-10-02 16:50 check_snmp_extend.sh

m08460:/srv/app/nagios/libexec # ./check_snmp_extend.sh
 Syntax: check_snmp_extend.sh ipaddr community extend-name

m08460:/srv/app/nagios/libexec # ./check_snmp_extend.sh 192.168.11.99 myread 
nagiosupdate
OK - system is up to date

m08460:/srv/app/nagios/etc/objects # vi commands.cfg
# 'check_snmp_extend' command definition
# check_snmp_extend hostip community extend-name
define command{
  command_name check_snmp_extend
  command_line $USER1$/check_snmp_extend.sh $HOSTADDRESS$ $ARG1$ $ARG2$
}

Configure the Nagios service, i.e. via patch-services.cfg

m08460:/srv/app/nagios/etc/objects # vi patch-services.cfg
###############################################################################
# Define a servicegroup for Linux patch update service checks
# check_patch_opensuse service checks will be member of this group
###############################################################################
define servicegroup{
  servicegroup_name             patch-checks     ; The name of the servicegroup
  alias                         OS Update Checks ; Long name of the group
}
###############################################################################
# Define the patch update check service template
###############################################################################
define service{
  name generic-patch
  active_checks_enabled         1
  passive_checks_enabled        1
  parallelize_check             1
  obsess_over_service           1
  check_freshness               0
  notifications_enabled         1
  event_handler_enabled         1
  flap_detection_enabled        1 
  failure_prediction_enabled    1
  process_perf_data             1
  retain_status_information     1
  retain_nonstatus_information  1
  is_volatile                   0
  check_period                  24x7
  max_check_attempts            3
  normal_check_interval         240                      ; check every 4 hours
  retry_check_interval          1
  contact_groups                frankonly
  notification_options          u,w,c,r
  notification_interval         1440                     ; notify only once a day
  notification_period           24x7
  register                      0
  servicegroups                 patch-checks
}
###############################################################################
# SLES10 OS Patch Update Check via SNMP extend scripts
###############################################################################
define service {
  use                           generic-patch
  host_name                     susie3
  name                          check_snmp_extend
  service_description           check_patch_suse
  check_command                 check_snmp_extend!myread!nagiosupdate
}
###############################################################################

m08460:/srv/app/nagios/etc/objects # echo "cfg_file=/srv/app/nagios/etc/objects/
patch-services.cfg" >> /srv/app/nagios/etc/nagios.cfg

m08460:/srv/app/nagios/etc/objects # /etc/init.d/nagios restart
Running configuration check...done.
Stopping nagios: .done.
Starting nagios: done.

Enjoy the Nagios patch update monitoring (example screenshots)

Please let me know if you happen to set it up on OpenSuse 11.x so I can add a confirmation line here. Just shoot an e-mail to public[at]frank4dd[dot]com - thanks!

Credits, copyrights original scripts etc

First, Many thanks go to Karsten Schumann for his example installation on Debian, showing the possibility and benefit.
Michal Ludvig for his excellent documentation and original scripts at http://www.logix.cz/michal/devel/nagios/
YUM, the YellowDog Updater Modified can be found at http://yum.baseurl.org/
RUM, the rug-like interface for yum is here: http://code.google.com/p/rum/ and not here: http://www.rum.com/
Nagios and the Nagios community at http://www.nagios.org/

SUSE Linux and SLES10 are products and trademarks of Novell, Inc. http://www.suse.com/

Thanks also to OpenSuSE community at http://www.opensuse.org/