1

We're running icinga 1.11.6, and have been receiving updates from many computers in our network via the NSCA protocol.

Due to customer limitations we have to set up a network behind a socks and http proxy, but would still like to monitor this network on our central icinga hub.

How do we get checks from this internal network to the outside via the socks or http proxy?

isaaclw
  • 123
  • 7
  • You need to establish a secure tunnel connection, so you can use TCP connections. I think stunnel can offer tcp connections through socks. BTW: Have a look on Icinga 2... – lazyfrosch Aug 09 '17 at 07:02
  • 1
    I'm excited about icinga2, and I experimented with it, but I haven't been able to justify switching yet. Does it help with this? – isaaclw Aug 09 '17 at 14:53
  • Icinga 2 can't tunnel through HTTP or Socks, we still need TCP. But it would help you with clustering stuff over multiple locations, no NSCA or such needed – lazyfrosch Aug 09 '17 at 19:53
  • Well, one thing at a time. I still need to figure out how to get this to work. So far the only thing I can think of is some mess involving openvpn to connect the icinga instances. – isaaclw Aug 10 '17 at 20:22

1 Answers1

0

Our solution was to set up an SSH tunnel via the http proxy:

ssh -o "ProxyCommand connect-proxy -5 -S proxy-server:port %h %p" user@server -fNL localhost:5668:localhost:5667

Then I locally push data to localhost:5668 and it ends up on the other side through the http proxy.

isaaclw
  • 123
  • 7