Wednesday, December 13, 2017

Setting up Telegram with NagiosXI or Nagios for notifications, the lazy admin’s guide


Hi all, been wayy way to long since i last updated and wrote in this blog. Been super busy and i hope you guys too have had a wonderful year as i had and super grateful for it :-)

Here’s a quick article for anyone wishing to integrate Telegram messaging to NagiosXI quick. Telegram is amazing, its free, its fast, its secure. Their API is also an official one (unlike Whatsapp)

CRITICAL NOTICE:
Take note, Telegram can sometimes go down, your internet can also go do, for some reason, Nagios server may not have access to internet, so it will not send Telegram messages, always use email or SMS as a backup.

What do you need? And what i assume..

  1. A NagiosXI installation that can access the internet at all times (as it sends to Telegram servers over the internet)
  2. Subscribe/register with Telegram (Mobile app Appstore, Play Store or Web - https://web.telegram.org/). A mobile number is required.
  3. I like to send to a group, so create a group called “NagiosAlerts” in your Telegram or any name that you like, do not use spaces or special characters please. Add at least one more person into that group (e.g. your team that has Telegram installed).  This guide assumes sending to that group “NagiosAlerts”, you can change that as per script (the send_telegram.sh script) below.
  4. This guide was based on Centos 7, i cannot imagine it too much different to Centos6 or RHEL6 / 7, modify the part of yum, that would be the only problematic one, if at all
  5. You have sufficient XI and linux commands know-how

Let’s begin, you’re a couple of steps away from Telegramming on NagiosXI!

This article assumes you’ve got XI installed already. So we can dive straight into the telegram setup bit. You can send messages many ways, you can use the bot method or use an actual Telegram user. I prefer to use the user way. Do it whichever way you’d like, this guide however is based on user and group.

Run from your Nagios CLI via SSH as root. Cut and paste where applicable. Italic items of course don’t cut and paste lah

  1. yum install lua-devel openssl-devel libconfig-devel readline-devel libevent-devel jansson-devel.x86_64 python-devel git -y
  2. cd /usr/src/
  3. git clone --recursive https://github.com/vysheng/tg.git
  4. mkdir /usr/local/nagios/telegram
  5. mv tg /usr/local/nagios/telegram
  6. cd /usr/local/nagios/telegram/tg
  7. ./configure
  8. make
  9. chown nagios.nagios /usr/local/nagios/telegram/ –R

Now, let’s test run it for the first time to perform registration as user nagios or whichever nagios user you have configured nagios for (usually “nagios”). Take note on the phone number format as explained below

  1. su nagios
  2. bin/telegram-cli -k tg-server.pub
  3. When asked for phone, enter your number e.g. +6012123456 (enter with country code and plus sign at the beginning). Try and use your company phone numbers so its “nothing personal”. You should receive a code via SMS or Telegram, enter the code correctly, then type quit to exit as mentioned below
  4. quit
  5. Type exit to go back as root (since you’re now user nagios@)

Now you’re done with telegram, time to setup send message script and let’s use a simple bash script to do that by copying and pasting items in the Courier New font (taken and modified from https://github.com/andy-partington/nagios-telegram/blob/master/telegram_message.sh). Once pasted, save and exit editor.

  1. vi /usr/local/nagios/libexec/send_telegram.sh .

  2. #!/bin/bash
    NAGMSG="$1"
    cd /usr/local/nagios/telegram/tg/
    (sleep 3; echo "msg NagiosAlerts '$NAGMSG'"; echo 'safe_quit';) | /usr/local/nagios/telegram/tg/bin/telegram-cli -W -k server.pub -v


  3. chmod +x /usr/local/nagios/libexec/send_telegram.sh && chown nagios:nagios /usr/local/nagios/libexec/send_telegram.sh

Test this now, by going in as user nagios

  1. su nagios
  2. /usr/local/nagios/libexec/send_telegram.sh 'Telegram With Nagios Rawks'
  3. exit

Now, access your XI Web UI, and its  time to configure telegram notification via XI. Paste items in bold when requested to, word for word! Only the ones in bold OK!

  1. In Core Configuration Manager, go to commands, create a new one, call it notify-host-by-telegramcli and the command paste this below
    $USER1$/send_telegram.sh "***** Nagios Monitor XI Alert *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n"
  2. As for the type set it to “Misc Command”
  3. Click Save
  4. In Core Configuration Manager again, go to commands, create a new one, call it notify-service-by-telegramcli and the command paste this below
    $USER1$/send_telegram.sh "***** Nagios Monitor XI Alert *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$"
  5. Again, type  is “Misc Command”
  6. Click Save
  7. Click Apply Configuration and now you’re ready to add the notification type to relevant users, eg. nagiosadmin
  8. Modify the contacts to include (or exclusively use) telegram, select host for host, select service for service. Below is example of host and followed by service
    imageThis is for host

    imageThis is for service

  9. Save and apply. Go ahead and test by sending custom notification for a host or service where your configured contact will get messages, of course, that contact must be part of the contact that will receive notification for the respective service or host. If you can’t get messages, then its likely notification for that user you enabled isn’t using telegram method or something else isn’t right within Nagios notification logic. Check the relevant logs. See if its even sending to begin with…you should see something like below;
    SERVICE NOTIFICATION: nagiosadmin;localhost;Current Users;CUSTOM (OK);notify-service-by-telegramcli;USERS OK - 2 users currently logged in;Nagios Administrator;did i get this on telegram?

  10. Check logs with;
    tail -100 /var/log/messages

So you’re done. Easy peasy innit?

MERRY CHRISTMAS and HAPPY NEW YEAR. Many cheers from Astiostech too!

Monday, April 3, 2017

Per User PIN for FreePBX 2.x

This article shows how to very easily add a per-user pin for outbound calls using FreePBX systems. Sometimes trunk level isn’t too fun. Also, if you don’t want to use a specially created  DB, you can use FreePBX’s pin module and “Refer” to that PIN when verifying. That’s something i am not covering here.

Steps

1) Create Database/Tables

2) Insert dialplan

3) Create users in table

READ THIS NOW

  • In the dialplan be sure to change sqluser and sqlpass to your MySQL user and password allowed to at minimum do a SELECT to the above DB/table
  • These dialplans uses the default sound files from Asterisk distribution, change were you see fit, where the  “Playback” and “Read”  app uses as below
  • Iteration for wrong pin is 3 times
  • PIN length is 4 digits, change if you need larger, the size of the int(4) in DB to int(6) for example, then at the dialplan change 5 in the readpin line
  • Hang up if wrong pin
  • If pin defined, will use usual routes set, if route has a pin, user has to key in twice
  • Valid and Invalid pin attempts  are stored in CDR as accountcode
  • ISSUE: Billing seconds in Asterisk is counted when this app executed. If you do billing, this might be a problem, otherwise, don’t bother

 

Create Database/Tables

Simply run this sql query and it will add the necessary table/data. If not, here’s the schema below that.

--WARNING, THIS WILL DROP EXISTING DB/TABLE

DROP DATABASE IF EXISTS `custom_pin`;
CREATE DATABASE `custom_pin` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `custom_pin`;

DROP TABLE IF EXISTS `tbl_custom_pins`;
CREATE TABLE `tbl_custom_pins` (
  `user` int(4) NOT NULL,
  `pin` int(8) NOT NULL,
  `comment` varchar(200) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 

Create a database called “custom_pin”, inside this DB, create a table called tbl_custom_pins

Add entries like below.

image

 

Insert dialplan

- Edit /etc/asterisk/extensions_custom.conf

- If you do not already or use macro [macro-dialout-trunk-predial-hook], create one like this, and add the following lines

[macro-dialout-trunk-predial-hook]

exten => s,1,Macro(custom-pins)

 

Now, we create the macro, custom-pins, copy paste the lines below

;; CUSTOM PIN START COPY HERE
[macro-custom-pins]
exten => s,1,NoOp(CUSTOM PIN MODULE - USE DATABASE TO DEFINE)
exten => s,n,Wait(1)
exten => s,n,Macro(app-custom-pin,s,1)
exten => s,n,MacroExit()

[macro-app-custom-pin]
exten => s,1,NoOp(CHECKING IF PIN ENABLED AND VERIFYING IF IT IS)
exten => s,n,Set(PINCOUNT=0)
exten => s,n,Set(ALLOWERROR=0)
exten => s,n,Gotoif($["${AMPUSER}"=""]?skip) ;;if not ampuser skip

exten => s,n,MYSQL(Connect connid localhost sqluser sqlpass  custom_pin)
exten => s,n,MYSQL(Query resultid ${connid} SELECT pin from tbl_custom_pins where user='${AMPUSER}' LIMIT 1)
exten => s,n,MYSQL(Fetch fetchid ${resultid} DBPIN)
exten => s,n,NoOp(DB Results spits out ${DBPIN} or ${VAR1})
exten => s,n,MYSQL(Clear ${resultid})
exten => s,n,MYSQL(Disconnect ${connid})
exten => s,n,GotoIf($["${DBPIN}"=""]?skip:readpin)

exten => s,n(readpin),Read(PIN,en/pin_number,,,1,5)
exten => s,n,Gotoif($["${PIN}"="${DBPIN}"]?pass)
exten => s,n,Playback(custom/invalid)
exten => s,n,Set(PINCOUNT=$[${PINCOUNT}+1])
exten => s,n,GotoIf($[${PINCOUNT}>2]?toomanyerros)
exten => s,n,Goto(readpin)

exten => s,n(skip),NoOp(NO PIN DEFINED)
exten => s,n,MacroExit()

exten => s,n(pass),NoOp(PIN IS OK)
exten => s,n,Playback(auth-thankyou)
exten => s,n,Set(CDR(accountcode)=${DBPIN})
exten => s,n,MacroExit()

exten => s,n(toomanyerros),Playback(en/an-error-has-occured)
exten => s,n,Playback(terminating)
exten => s,n,Set(CDR(accountcode)=PIN-ERR)
exten => s,n,Hangup(16)

;; END COPY HERE

Create Users

The app uses the variable {AMPUSER} which almost all the time is declared by FreePBX, it will not work if that’s missing! Meaning this could be from users detached from a device in device user mode. If {AMPUSER} is not found or not defined/zero value, the dialplan will also skip, allowing users to call out as usual. If defined, it will be checked against this {AMPUSER} variable and if match, it will ask for PIN, if there’s no DB match, it will proceed allowing users to call out like usual.

Remember, the user part in DB is the user defined as “User” in device user mode, but if its in (default) extensions mode, it will always be the same, meaning SIP/1000 will always be user 1000 as well.