Icinga integration with Opensearch

Hello Team,

We would like to integrate Icinga with Opensearch for alerting and monitoring purpose.

Would be really appreciate if any documentation provided for the same.

  • Icinga Web 2 version
  • Used modules and their versions (System - About)
  • Web browser used
  • Icinga 2 version used (icinga2 --version) (version: r2.11.2-1)
  • PHP version used (php --version) PHP 7.4.3
  • Server operating system and version Ubuntu 20.04.4
  • Opensearch and Opensearch-dashbaord version 1.3.0

Thank you so much in advance!

That’s cool since we are working on exact the same topic. We’re using this python modul to write our own plugins. I’ve already managed to successfully create a first plugin that sends a query to opensearch to get metrics sent by metricbeat.

Hello Team / @rsx,

Thank you for your inputs… Just wanted to know do we have any documentation which can help to integrate opensearch with Icinga…

Just to compare with Elasticsearch, I found one document which guides step by step on how to integration Icinga with Elasticsearch…

About - Icinga Module for Elasticsearch

Just wanted to know can I follow the similar steps to do the integration or can I get another document on how to setup a integration with opensearch.

Thanks.
Sabil.

Hi Sabil,

Sorry for being late. Due to my companies’ rules I’m not allowed to offer code to the public. We could get in contact privately to give you more details.

Hello @rsx,

Thank you for your response…

I am not asking for code, can you just please provide me the document with steps to configure the integration between Icinga and Opensearch…

Please do let me know how and when can we connect.

Thanks,
SAbil.

I’ve started here.

Guideline for developing check plugins can be found here and here.

Thank you so much for the information.

Actually I found Integration with ElasticSearch is very nice and simple.
Need to copy the module.
Enable the module using icingacli module enable elasticsearch
then once it is enable we can go to the Icingaweb from there we can create an instance of elasticsearch by providing the name and URI
Then we can create an event type. Once you are done with these steps you can go ahead and run the following command to get the events.

icingacli elasticsearch check --instance elasticsearch --crit 5 --warn 3 --index logstash* --filter "beat.hostname=www.example.com AND severity=critical" --from -1h 

This will give you events/hits count…

I am just expecting anything similar to this can give us the instruction on how to do the integration between ICINGA and Opensearch.

Thank you in advance!

Hello Roland,

Thank you for the information. I have referred the document unable to do the integration.

I am unable to integrate the ICINGA with opensearch. Can you please give me the little insight on how to enable the module and create a connection between ICINGA and Opensearch…?

Any help would highly appreciate.

Thanks,
Sabil.

You could try this very simply (and more or less useless) example:

apply Service "opensearch_indexes" {
    display_name = "OpenSearch Indexes"
    check_command = "opensearch-query"

    assign where host.name == NodeName
}
object CheckCommand "opensearch-query" {
   command = [ PluginDir + "/check_opensearch_query" ]

   arguments = {
      "-H" = "$address$"
      "-p" = "9200"
      "-u" = "admin"
      "-p" = "*****"
   }
}

check_opensearch_query:

#!/usr/bin/python3 -u
import argparse
from opensearchpy import OpenSearch

def get_args():
    parser = argparse.ArgumentParser(description='Process args for retrieving OpenSearch data')

    parser.add_argument('-H', '--host',
                        required=True,
                        help='OpenSearch Host')

    parser.add_argument('-o', '--port',
                        type=int,
                        default=9200,
                        help='TCP Port')

    parser.add_argument('-u', '--username',
                        required=True,
                        help='User name to use when connecting to host')

    parser.add_argument('-p', '--password',
                        required=True,
                        help='Password to use when connecting to host')

    return parser.parse_args()


args = get_args()

osc = OpenSearch(
    hosts = [args.host],
    port = args.port,
    http_auth = (args.username, args.password),
    http_compress = True,
    use_ssl = True,
    verify_certs = False,
    ssl_show_warn = False
)

if not osc.ping():
    print("UNKOWN: Cannot connect to OpenSearch")
    exit(3)

for index in osc.indices.get('*'):
    print(index)

Hello @rsx,

Thank you so much for your support.

Yes, I am able to integrate opensearch with ICINGA.

Thank you again.

Hello @rsx,

Thank you so much for your solution.

The issue I am facing now is, I have enabled security of opensearch and I have to connect to opensearch using https (SSL) certificate.

This is how I have configure.

    client = OpenSearch(
    hosts = [{'host': args.host, 'port': args.port}],
    http_compress = True, # enables gzip compression for request bodies
    http_auth = ('admin', 'admin'),
      client_cert = "/xyz/certificate.crt.pem",
      client_key = "/xyz/certificate.key",
    use_ssl = True,
    verify_certs = False,
    ssl_assert_hostname = False,

Just wanted to know is this the correct way to use the certificate. Because I am getting an error for the same.

open(key_file, "r") as f: urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/nagios/plugins/check_opensearch.py", line 75, in main() File "/usr/lib/nagios/plugins/check_opensearch.py", line 57, in main response = client.search( body = query, index = args.index ) File "/usr/local/lib/python3.8/dist-packages/opensearchpy/client/utils.py", line 178, in _wrapped return func(*args, params=params, headers=headers, **kwargs) File "/usr/local/lib/python3.8/dist-packages/opensearchpy/client/__init__.py", line 1551, in search return self.transport.perform_request( File "/usr/local/lib/python3.8/dist-packages/opensearchpy/transport.py", line 406, in perform_request raise e File "/usr/local/lib/python3.8/dist-packages/opensearchpy/transport.py", line 369, in perform_request status, headers_response, data = connection.perform_request( File "/usr/local/lib/python3.8/dist-packages/opensearchpy/connection/http_urllib3.py", line 255, in perform_request raise ConnectionError("N/A", str(e), e) opensearchpy.exceptions.ConnectionError: ConnectionError(('Connection aborted.', PermissionError(13, 'Permission denied'))) caused by: ProtocolError(('Connection aborted.', PermissionError(13, 'Permission denied')))

can you please suggest here?

Thank you.