Hostalive on windows agent with satellite behind firewall - best practice question

Hello icinga community,

I am new to the icinga monitoring subject but I managed to successfully set up a clustered system in the past week.

My system consists of two master (master-a and master -b) nodes setup on ubuntu 18.04 LTS with icingaweb2 and director running, config is shared over a SMB share. (Setup like this webinar:

Then I added another ubuntu 18.04 LTS only running icinga2 (and the packets for checks). This node is behind a NAT and Firewall which I cant open. Therefore the satellite connects to the master nodes.

Behind the satellite is an additional windows host, which I want to monitor hostalive and some services like windows_check_disk.

Everything seems to work fine. I am able to check hostalive and services on the windows hosts itself, if configured on my master with icinga director. But there is one thing which bothers me.

If I add the windows host in icinga director with check_command hostalive and set the check_zone to the zone of the windows agent (e.g. windowshost.localdomain) the services are checked correctly hostalive sends results, too.
But if I shut down the machine the hostalive check is shown pending, due to lack of new passive check results. This makes completely sense, because there is no agent anymore which can send new results, the machine is shutdown. The machine is shown in status Up and check is pending.

Is there a way to get a hostalive result from the satellite (to get the information that the machine is down), without to add an additional host (actually same host) where the check_zone is set to the satellite? I don’t want to duplicate the same host only for a simple hostalive check from my satellite.

Maybe something like:
Hostalive of windows host with check_zone on satellite and services checked on zone windowshost.localdomain. How do I configure such a behaviour with director? (I think I saw a similar configuration in the docs, but it was an manual configuration without the use of icinga director)

I hope you understand what I mean and you can help me.

Thank you for your time and answers,

Hi @dmartini,

You could set the zone of the (agent) host to the satellite zone so that the host check commands are executed by the satellite. For the service checks to be executed on the agent, you can set Run on Agent to true in the service definition.

Is this what you were looking for?

Kind regards,

Hi ritzgu,

that is one thing I have tried before, but it seems not working. The check_disk command is then executed on the satellite itself:

check on satellite

Check source for the service is shown as the name of the satellite (not the satellite zone).

Or did miss something?

Thank you for your fast reply.
Kind regards,

Hi @dmartini

did you set Run on Agent in the service definition? This has to be set in a service template.

Kind regards,

Thank you, no I did not configured the check on agent in the service template.

Now it is running like I intended…

Thank you, have a nice day :slight_smile:
Best regards,

1 Like