NEMS – Nagios Enterprise Monitoring Server for Raspberry Pi

NEMS – Nagios Enterprise Monitoring Server for Raspberry Pi

Nagios doesn’t need a big fancy supercomputer to offer exceptional enterprise monitoring of network assets and resources, so our temptation is to re-purpose older servers to perform this reasonably lightweight task.

If you ask me, that’s not only overkill, but the attempt to save money by reusing older hardware will actually cost more due to higher electricity usage vs. a tiny Raspberry Pi 3 Microcomputer… which ironically may in fact have more modern system specifications than that old beast of a server you’ve been using.

It can be a wee bit daunting to setup a Raspberry Pi Nagios server from scratch, and there were no projects I found which were actively maintained at a level adequate for professional use. So I decided to start a new project–called NEMS: Nagios Enterprise Monitoring Server (for Raspberry Pi).

This project uses freely available applications such as Debian Linux, Nagios Core and a variety of other goodies, and I too release a fully ready-to-use image for you to use within yours or your customer’s network environments.

System Requirements

  • Raspberry Pi 3 Micro Computer
  • 4GB+ Micro SD Card
  • Network Connection (will obtain IP address via DHCP)

Instructions

  • Purchase and assemble your Raspberry Pi 3.
  • Download the most current version of NEMS below.
  • Unzip and “Burn” the image to your Micro SD card.
  • Boot your NEMS server.
  • Login to NEMS console by either connecting a monitor and keyboard, or using ssh (Username: pi / Password: raspberry)
  • Type: sudo raspi-config
  • Expand the filesystem and exit raspi-config.
  • Reboot your Pi and enjoy NEMS when it comes online (see below for further details).

Buy The Needed Hardware

Raspberry Pi 3 Nagios ServerRaspberry Pi 3 are very affordable, and using our Micro SD image, you simply buy the device, “burn” the image to the Micro SD card, and boot it up.

Here’s our link to buy the device you’ll need, complete with the Micro SD card, a power adapter, a good solid case, and more: http://shop.category5.tv/?product=raspberry-pi-3-1-2ghz-1gb-complete-starter-kit

Please buy it through that link, or let me know if you need a customized link to a different model. We get a small percentage of the sale, and it helps to make it possible to offer this as a free download.

Download NEMS

NEMS 1.0 Image File (zipped) – 861 MB

The Out-Of-The-Box NEMS Experience:

NEMS 1.0 Bash MOTDNEMS 1.0 Main Menu ScreenNEMS 1.0 NConf (Configure Nagios) ScreenNEMS 1.0 Nagios 3.5.1 Tactical OverviewNEMS 1.0 Nagios Overview of ServerNEMS 1.0 NagVis (Reports) Opening ScreenNEMS 1.0 Server Overview in NagVis

This is meant to be a full-featured, up to date drop in Nagios Enterprise Monitoring Server for Raspberry Pi 3. It has all the bells and whistles while being optimized for solid stability and fast performance.
Based (with big thanks to Ryan Siegel) on NagiosPi, with most of the settings reflective of the NagiosPi Wheezy distro. See the original post here: http://everyday-tech.com/nagiospi-server-monitoring-with-the-power-of-pi/

Configuring Your NEMS Server:
Browse to: http://nems/nconf (or http://IPADDRESS/nconf)
Make changes to the config as needed for your environment (eg., add a host, service, edit a setting)
Click: “Generate Nagios Config”
If there are no errors, you will have the option to Deploy the new Nagios Config.

Using Your NEMS Server:
Browse to: http://nems  (or http://IPADDRESS)
Choose Nagios for a customized Nagios system (easy), or use the Reports to create sophisticated reports and custom dashboards (advanced).
To add hosts or configure your environment, use the built in “Configure Nagios” feature.

Passwords:
NOTE: You should change these defaults when setting up your NEMS server.
Nagios – U: nagiosadmin / P: nagiosadmin
Reports – U: admin / P: admin

Changelog:

Version 1.0 – May 8 2016
– Initial release. Built and tested on Raspberry Pi 3. Based on Raspbian Jessie. Inspired by NagiosPi, which in April 2016 was still running on the old Raspbian Wheezy. I started this new distro since NagiosPi seems to be out of date, and I want to have an easy drop-in Nagios img for the Raspberry Pi. Figured I’d share it with the world while I’m at it since there are probably others (possibly less tech savvy) who might want the same thing. I decided to leave most of the settings the same as NagiosPi (eg., usernames, passwords) so those coming from that distro can seamlessly transition, or so if NagiosPi wants to use our build to bring things up to date, they may do so with minimal effort.
– This initial build is using default repositories in a lot of cases and is meant to be rock-solid, not bleeding edge (eg., Nagios 3.5.1 instead of Nagios 4.1.1.
– Using the rpi-4.4.y Linux kernel tree (Currently 4.4.7-v7+ #876 SMP), firmware updated to 1e84c2891c1853a3628aed59c06de0315d13c4f1. Use rpi-update to check for upgrades, if needed.
– Includes rpi-update tool – an easier way to update the firmware on the Raspberry Pi – See https://github.com/Hexxeh/rpi-update
– On-board Bluetooth disabled due to potential stability issues. Use rpi-update to check for kernel updates and see if it is fixed, and then edit /boot/config.txt to re-enable. Until they fix it, use USB Bluetooth dongle if needed.
– Installed and configured: mysql-server mysql-client phpmyadmin apache2 nagios3 nagios-nrpe-plugin
– To keep things consistent for those coming from NagiosPi, I have used the same passwords. MySQL is: User: root Pass: nagiosadmin
– Installed w3m web browser to allow local testing in terminal: w3m localhost/phpmyadmin
– Manually installed NConf 1.3.0-0 “Final”, an Enterprise Nagios configuration tool. This tool was broken on NagiosPi’s instructions due to a missing symlink at /var/www/nconf, so I fixed that in my version. Access NConf via the “Configure Nagios” link on the main menu.
– Includes NagVis 1.7 – See https://sourceforge.net/projects/nagvis/?source=navbar – want to do 1.9 but not until out of beta.
– Built and integrated the first version of our menu system, which includes the first version of a custom Nagios skin to begin integrating a more modern interface. Menu accessible at http://nems/ (or http://IPADDRESS if that doesn’t work for you)
– Added a nice little MOTD with http://www.mewbies.com/how_to_customize_your_console_login_message_tutorial.htm
– Added a simple cronjob to check our web site for the currently available version and warn you if yours is out of date.

Known Issues:

  • None at this time. If you encounter an issue, please report it in the comments below so I can work on a fix (or please post your fix to help others and possibly to have it integrated into the next build).

TO DO:
– Improve the mobile responsive layout for tablets and smartphones (It’s really rudimentary at the moment due to the nature of Nagios’ interface… frames? C’mon now.)
– Investigate getting NEMS working on Raspberry Pi 2 devices – at present it probably breaks (untested)
– Upgrade Nagios to Nagios Core 4
– Upgrade NagVis to 1.9
– Create a migration / config export tool to ease migration to newer versions of NEMS as they release, and also to allow you to backup or import your config easily in case your MicroSD card fails.
– I’m open to suggestions! Please post your comments at http://baldnerd.com/nems

Support What We Do:
This project is a part of something much bigger than itself, and we’re all volunteers. Please see our Patreon page for information about our network.
– Please support us by simply purchasing your Raspberry Pi at https://cat5.tv/pi
– We have some support links on the NEMS menu, such as buying from Amazon using our partner link. Please use these every time you use those stores. A small percentage of your purchase will go toward our projects.
– Your donations are VERY MUCH appreciated – https://donate.category5.tv – Please consider how many hours (and hours) of work this project has saved you, and how much you’ll save on hardware and even electrical costs as you consider contributing
– Our network also has a Patreon page – Please consider becoming a patron – https://patreon.com/Category5

Convert Minecraft 1.8+ Skin to 1.6/1.7/Minetest Skin in PHP

RobbieF's Minetest SkinAs we build up #ThePixelShadow on Category5 TV, and introduce a creative Minetest server specifically for playing Minetest (the free Minecraft alternative), it became apparent that our users/viewers would like to be able to have their own custom skins.

We’re making it easy with a nice little interface to upload your own skins, but part of the process requires making a skin which is compatible with sdzen’s/PilzAdam’s player_textures mod … basically, these skins are Minecraft 1.6/1.7 skins… 64×32. Great Minecraft skin creator sites such as minecraftskins.com now generate Minecraft 1.8 skin files, which are 64×64.

The difference is essentially that the skins now support overlays (eg., removable headphones or glasses) and your left and right arms and legs can have different textures. Not the case with 1.6/1.7/Minetest… so we must convert the skin file to make it compatible.

Since we’re building a web interface to do this all automatically for you and place your player skin on our server automatically, I’m building the program in PHP. Since there are a lot of tutorials out there that simply instruct you to change your canvas size to 64×32 (which is wrong – you will lose your overlays!) I thought I would share my method with you in case it comes in handy.

And hey, it’s a fun exercise in PHP/GD anyways  🙂

If you find a good use for it in your project, please comment below. If you really love what I do, please consider supporting my Patreon profile, or throw a little something in the tip jar.

Hope to see you on #ThePixelShadow Minetest server soon, custom skin and all!

-Robbie

Make it so mountpoint can’t be written to if not mounted.

Have you ever accidentally saved files to a Linux mountpoint when the drive wasn’t mounted, and then couldn’t mount the drive thereafter? Or worse, had a backup run when the backup drive wasn’t mounted, only to fill your filesystem and crash the server?

These problems can be avoided by simply making your mountpoint immutable! What this means is, your mountpoint (the folder itself) cannot be written to. However, even as an immutable folder, it can be mounted to, and the filesystem of the mounted drive then controls the permissions of the folders therein.

It’s a simple Linux command. We’ll pretend our mountpoint is simply /mountpoint. Here’s all you have to do:

Brilliant! And oh, so simple.

Here’s a sample of what happens when I do this as root. Note that ‘mymountpoint’ is setup for me in my /etc/fstab file so it normally auto-mounts.

Enjoy that little tidbit!

As a side note, you might want to also get a notification if your drive isn’t mounted… so you could use the mountpoint command to send you an email if there’s a problem. Just add something like this to your backup script:

That simply checks if /mountpoint is a mounted mountpoint. If yes, it does nothing. If no, it will send you an email.

-Robbie

WordPress 4.3 is here!

WordPress 4.3 has been released, and our Managed WordPress subscribers are already enjoying the benefits of this major release. The rollout to 4.3 to all our subscribers has begun and will be complete within 24 hours. The next time you login, you will benefit from these great new features.

If you are not yet experiencing the benefits of our Managed WordPress 4.3 Deployment and Hosting service, make sure you contact us today.

Here’s an overview of what’s new in WordPress 4.3

Easier In-line Text Formatting

WordPress 4.3 Editor

One of the key focuses of this upgrade has been on simplifying the process of formatting your content. This means the improved ability to format your text as you type, without ever having to stop and click with the mouse. A hyphenated list intelligently becomes a bullet list, a blockquote can be created with a > and ## lets you enter a heading. These are just a couple of examples how WordPress 4.3 is improving your workflow, helping you get things done quickly and easily.

Improved Customize Feature

Another way WordPress 4.3 improves the user experience is to enhance the “Customize” feature, allowing you to take control of your site or blog.

Site Icon CustomizerSite Icons / favicon

Upload your logo and let WordPress do the rest. Your site icons and favicon will be automatically generated and included in browser tabs, bookmark menus, and even on the home screen of mobile devices as the icon for your site. You no longer have to add a special module or hack up your theme code only to lose the settings after an update. Site Icons are now part of WordPress 4.3.

Customizer Menu FeatureMenus With Live Preview in Customizer

Now, you can preview your menu in Customizer as you add or edit items. The streamlined interface allows menu revision to easily take place on either desktop or mobile devices. Navigation creation continues to get easier and faster with WordPress 4.3.

Improved Security

WordPress 4.3: Better PasswordsPassword System Enhancements

A feature that has been sorely lacking from WordPress is password strength enforcement. WordPress 4.3 now generates strong passwords, and gives visual feedback to the user when they change their password as to whether their choice is weak or strong. In addition to this, plain-text passwords are no longer emailed to users, further protecting you. Now, if you forget your password, WordPress 4.3 will instead send you a password reset link. The password itself will not be revealed.

And That’s Not All

This is only an overview. Further refinements have been made to provide a smoother admin experience across all your devices, and overall the intuitiveness of WordPress 4.3 is a step in the right direction. From a more technical perspective, 180 bugs were fixed, and a final point worth mentioning is that WordPress 4.3 makes way for the upcoming PHP7 release by deprecating some old PHP4 style constructors. WordPress is now ready for the upgrade when it arrives later this year.

All in all, WordPress 4.3 is another great update from the WordPress team. Positive E Solutions Inc. keeps our customers current and protected through our Managed WordPress services.

Enjoy the new version! We look forward to hearing your feedback.

-Robbie

— Update Wednesday August 19, 2015 4:43pm —
All customer web sites on our Managed WordPress service have been upgraded to WordPress 4.3.

Convert numbers to words the easy way with PHP

Sometimes we want words rather than numbers, but it used to be a very onerous task to do this. Since PHP 5.3.0 however, the NumberFormatter Class was introduced, allowing us to do this conversion quickly, with a single line of code.

A good example of the need for a this would be a business web site that says “We’ve been in business for 18 years.” To keep the site current, they’re doing echo ‘We\’ve been in business for ‘ . (date(‘Y’) – 1997) . ‘ years.’; It would look much better to say “We’ve been in business for eighteen years. This bit of code will do that for you.

Search Goblin Number to Words in PHP Screenshot

With the new Number to Words in PHP system at Search Goblin (my little helper script site), you can enter any number and the script will be demonstrated for you, converting your number to plain text. The code is provided there so you can start using this technique on your own site.

Check it out: https://searchgoblin.com/php-numbertowords/

How pastimes have changed over the years

Although changes in society are part and parcel with technological progress, the 21st Century has seen a radical transformation in how we are able to enjoy our favourite past-times. You just have to look back to your childhood memories and remember what was popular at the time as a reminder of just how far the world has evolved. Playing marbles, having fun with a yoyo and watching television when there were just three terrestrial channels to choose from are now a thing of the past, and while you are more than entitled to continue to enjoy traditional pastimes that some may consider out-dated and obsolete, it is difficult to ignore the digital-age alternatives. Significant advancements in technology have created a new wave of activities and interests that keep us occupied when we have time to ourselves away from work – it is amazing how so much has changed in so little time. Continue reading

Our mailing address has change: Why we switched to Pak Mail

One of the difficult decisions I rarely have to make is changing something that is seemingly set in stone.

It happened once when we got our vanity phone number. 254-5-CAT5TV is a pretty cool phone number for us. But for the first two seasons of my show, we had the old local number in the lower third. I feel bad for whoever ended up with that number and years later is still getting calls from Category5 viewers who are watching back episodes.

Now, we’ve been promoting our PO Box for years. We rent the box because we have to have a place to receive mail. Our hours of operation are not that of a regular business, so we can’t accept mail at the studio without risking having to constantly miss deliveries. But having promoted our PO Box for so long, I was really hesitant to ever change it.

Here’s are the facts. Our PO Box, with Canada Post, is way over-priced. $73 every 3 months. Almost $300 per year to be able to accept mail. They do not discount if you prepay for the year, and they only accept parcel deliveries from their own carriers. Shipping via UPS? Too bad, our Canada Post post office will reject it.

Well, our postal box is once again up for renewal, and with last year’s bills fresh in my mind having just completed our Category5 taxes for 2014, I really felt we were paying too much. I asked Canada Post if there was any way to reduce the fee. Take into account my years of being a faithful customer. We prepay every year, we pay on time every time, and we have the smallest box possible. Why are we paying $300 per year? They said there is nothing they can do, and in fact in my time with Canada Post, the price only ever goes up.

So, I made some calls.

Pak Mail is the one alternative in Barrie who really impressed me. Pak Mail offers mailboxes for $140 per year plus tax (plus refundable deposit). What? That’s about half what I’m paying! Okay, I’m already interested.

I called them up and turns out they have 24 hour access, and they accept courier deliveries from all courier companies! That means our DHL shipments from China can go directly to our mailbox at Pak Mail.

They’re able to achieve this because it’s not a “PO Box” per se. It’s a “Suite”. So our Suite at their street address is 166. It just makes sense.

They’ll even keep my credit card number on file so if there are any import fees, the bill gets paid and my package gets delivered (this happens almost every time we get a product from China to review).

Also, the woman who works there said they will email me if a parcel arrives. Excuse me? Canada Post be darned, I’m sold ten times over!

This is when I fist bumped her.

So with 2 weeks to go before our annual renewal of the PO Box, I decided to suck up the fact that some people will bounce mail (but I’m doing my best to let you know in advance while we have the 2 week overlap!) in order to save money and add better service to the mix. There’s nothing I can do about old videos that mention the old PO Box, but hopefully people know to go to our web site for current information.

Here’s our new address. Please send us your postcard today!

Category5 TV
336 Yonge Street, Suite 166
Barrie, Ontario
Canada L4N 4C8

-Robbie

The Secure Connection Trap: Why Emailing Your Credit Card Number is Never Safe

“We’ll err on the side of caution and suggest that you never trust email with confidential information.”

A surefire way to make tech-savvy people shudder is to email them your credit card number to pay a bill.

It’s not that they don’t appreciate the transfer of funds to their account, but they understand that with email, you’re not just sending it to them. Any number of people in between (or computers, called “bots” in this context) can intercept, read, store, and potentially use that data.

When you send an email directly to a person, it’s not going directly to them.

We tend to think in terms of “sender” and “recipient” but forget to consider all the points in between. When you send an email, it has to go from your computer to your Internet Service Provider, and then from there, it is passed through possibly several other servers before it reaches the sending server. Once at the sending server, it is passed through the world wide web until it arrives at the recipient’s computer. Because it happens so quickly, we’re tempted to think it’s a direct connection, but let’s think about the origins of the term “world wide web” for a moment and consider what that might look like visually: many thousands of computers all connected together, passing data amongst each other. When you send an email, it is passed through many systems before it reaches the recipient.

Email is not encrypted.

Here’s the trap: when you login to your email, be it through an installed application or webmail service (Gmail for example), you’ll likely see that they are “secure.” Email applications typically require encrypted authentication, and webmail services are actually secure sites themselves, much like online banking.

Email is transmitted in plain text, and can be read, analyzed and stored by any one of the computers it touches along the way.

With your email application, encryption happens during authentication. This means your username and password are encrypted (generally not readable by the systems it passes through), but the email itself is not (because email is not encrypted).

When you login to a webmail service, you may see the “secure connection” notifier–usually a little “lock” icon in your address bar–which may present the illusion that your email itself is secure, but it is not. Only the current browser session is secure. Your username and password are encrypted, and the data being shown on your screen is also encrypted for that session (the connection between the receiving server and your computer). However, all that email in your inbox had to be delivered to your service provider, meaning it went from the sender out to the world wide web in plain text through many computers before reaching your inbox. Similarly any email you send through that service leaves the secure session through email and enters the world wide web to be delivered to the recipient. Since your connection to the service itself is encrypted, what you see on the screen cannot be read directly by someone intercepting the data, however as soon as you hit “send,” it’s anyone’s guess how many people could potentially see it as it shoots out over the web in its unencrypted form.

Regardless of your trust for the recipient, there is no way to know whose servers the email is passing through, nor whether you can trust them. We’ll err on the side of caution and suggest that you never trust email with confidential information.

It’s not necessarily the service providers.

We like to believe service providers are honest and not skimming through emails to find people’s credit card numbers, and hopefully the bulk majority are. But the compromise doesn’t need to come from the provider themselves.

Viruses on infected servers could be monitoring email traffic passing through the server, software tools can be used by “hackers” to sniff unencrypted data as it passes through the coffee shop wifi, and shady “companies” have even been known to setup servers on the web specifically to collect this type of data as it passes through, which they may either use or sell.

The safe alternatives…

I can’t speak for all companies, but I would expect most connected companies offer some way to pay a bill electronically in a safe fashion.

Picking up the phone and calling in your card number is much safer than email, because it is a much more “direct” connection to the recipient.

For our customers, we offer a secure payment gateway at secure.positiveesolutions.com — this can be accessed via the “Pay Online” button on our web site. It is secure, encrypted, and no confidential data is transmitted or stored in an unencrypted form.

Regardless of the how or why, the simple fact remains: email is not secure.

Write your credit card number on a piece of paper and pass it around a full room of strangers. Surely, you would never do such a thing. That’s essentially what you do when you type it into an email and press “send.”

Be educated, be safe.

-Robbie

Convert video to several JPG images on Linux without ffmpeg.

I admit… I do love PHP in the command line. Does that make me a bad person? 😉

Here’s a tiny little script that I wrote to create many JPG screenshots of a video file. I use this each week to create a bunch of stills from our broadcast so I can use them as thumbnails and so-on. I didn’t want it to depend on ffmpeg since I don’t have that on any of my modern systems.

It requires just three packages: mplayer mediainfo php-5

Save it as whatever.php and run it like this: php whatever.php file.wmv

It will create a folder called file-Screenshots/ and will save one picture per 10 seconds for any video source. Just change “file.wmv” to the name of your video. Include the path if it’s not in the current folder.

Hope it helps you out.

-Robbie

Clean Fullscreen Live HDMI from a Nikon D5100

Please Note: A full video tutorial on how to do this will be presented on an upcoming episode of Category5 Technology TV.

Boxing week saw some great sales, but also, a lot of liquidation of refurb stock. For example, Henry’s had Nikon D5100 cameras with the 18-55mm kit lens on for just $350. You can probably find a similar deal on a used Nikon D5100 at B&H, but also keep in mind that this is a previous-generation DSLR (replaced with the D5200) so you should be able to find it pretty cheap. Please also try our Amazon links at http://shop.category5.tv/?product=nikon-d5100-dslr-camera-with-720p1080i-clean-hdmi-output since purchasing through them helps support the show, or of course, check B&H for used stock too: http://www.bhphotovideo.com/c/buy/0/Ntt/Nikon+D5100+Digital+SLR+Camera+With+18-55mm/usedSearch/1

So, what can this bad-boy do, beyond reasonably decent photography and better-than-entry-level 1080p recorded video? Why, HD clean video over HDMI … with a little know-how.

Tonight is our first test: to see if the D5100 could be used as an A camera for Category5 Technology TV while we continue to save up for the 4K option (which we just can’t afford yet).

Our AC adapter (a clever “battery pack” power unit) arrived today, and so I’m finally able to test if 1 hour of live video is possible… since the batteries it relies on typically only last about 30 minutes when rolling video.

40 minutes in, and the hacked camera continues to feed brilliant, crystal clear video to my TV. I’m running it at 720p since that’s the resolution of the show, but the live view will do up to 1080i.

The color saturation is incredible. Really, really impressive. My maroon shirt look exactly the same on screen as it does when I look at my arm.

So far, it’s looking good. I think we’re going to hit that 1 hour mark. If we do, this is revolutionary. A very affordable stop-gap solution… maybe not even that, since it really does look great. Consumer 1080p cameras have nothing on the D5100 as far as video goes.

The biggest failing of the DSLR form factor is its auto-focus. Fine for shooting nature shots, but useless for video. So if all goes well with this test, the next step will be to find a reasonably priced follow focus rig.

My goal is to be able to secure all we need to put together a decent camera rig and have spent only about $1,000… the cost of an entry level prosumer camcorder. This way, we’ll have the follow focus rig already on hand, and when the money is in the bank to buy a 4K DSLR, we will only have to sub out the D5100, which will make a great stills camera at that point, or could be used for B-Roll.

45 minutes in now… fingers crossed 🙂

Update: an hour has passed (now about 1 hour 15 minutes) and still running flawlessly. This means we will begin testing the camera on-air, and then will offer a full tutorial on how to hack and use a Nikon D5100 as a live camera source on Telestream Wirecast.

Hacked Nikon D5100 Clean Fullscreen Live View over HDMI

That’s the DSLR sitting on the shelf next to the TV.