CHECK_NRPE: Socket timeout after 20 seconds.

[kakaluru]

Hi,

Nagios server

[abrist]

We need the logs from the remote host. Try to run another check through nrpe to the remote host. After it fails, get a large tail of the system messages on the remote host and post it here in code wraps:

Code: Select all

tail -50 /var/log/messages  

[josnavch]

Hi Kakaluru

Before testing the execution from the Nagios server you can try running the command locally on the remote machine something like / check_nrpe -c -H 127.0.0.1 check_load

With this you're eliminating potential points of failure.

If it works you can validate as the NRPE is configured with SSL or without?

Also reviewing the files you posted should be included in the nrpe.cfg where it says Server IP allowed_hosts Nagios if you have not posted yet.

[abrist]

Also reviewing the files you posted should be included in the nrpe.cfg where it says Server IP allowed_hosts Nagios if you have not posted yet.

Good point. OP, if you could also post the the remote host's nrpe.cfg and/or it's xinetd config, we could check to make sure that the allow hosts directive to configured correctly.

[josnavch]

One option you could evaluate not use xinetd nrpe but as a service / process thus can not depend on another process to verify that the NRPE is functioning properly on the remote computer.

recommend additional long as you include a host with an agent to perform monitoring agent and the port through which it communicates this helps in tracking problems.

[sreinhardt]

This is also another good possibility. Xinetd covers up a few things and makes daemonizing nrpe easy, but it most definitely is not mandatory. There is always the service nrpe start too!

[kakaluru]

Hi All,

Find below remote host logs.

Last login: Mon Oct 20 21:15:08 2014 from 10.33.129.155
[root@BUGZILLABCK ~]# /usr/local/nagios/libexec/check_nrpe -H 10.174.16.11
CHECK_NRPE: Error - Could not complete SSL handshake.

[root@BUGZILLABCK ~]# /usr/local/nagios/libexec/check_nrpe -H 10.174.16.11 -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake.

[root@BUGZILLABCK ~]# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load
OK - load average: 0.00, 0.01, 0.00|load1=0.000;15.000;30.000;0; load5=0.010;10.000;25.000;0; load15=0.000;5.000;20.000;0;

[root@BUGZILLABCK ~]# tail -50 /var/log/messages
Nov 6 14:18:10 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:10 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:10 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:10 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:10 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:12 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:16 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:22 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:18:50 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:14 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:14 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:14 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:17 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:26 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:22:53 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:13 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:14 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:14 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:17 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:26 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:25:53 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:40:12 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:30 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:31 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:31 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:31 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:31 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:34 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:43:44 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 14:44:11 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:26 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:26 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:27 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:27 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:27 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:30 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:00:39 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:01:06 bugzillabck avahi-daemon[2775]: Invalid query packet.
Nov 6 15:25:37 bugzillabck xinetd[5197]: START: nrpe pid=23886 from=::ffff:10.174.16.11
Nov 6 15:25:37 bugzillabck xinetd[23886]: FAIL: nrpe address from=::ffff:10.174.16.11
Nov 6 15:25:37 bugzillabck xinetd[5197]: EXIT: nrpe status=0 pid=23886 duration=0(sec)
Nov 6 15:26:05 bugzillabck xinetd[5197]: START: nrpe pid=23896 from=::ffff:10.174.16.11
Nov 6 15:26:05 bugzillabck xinetd[23896]: FAIL: nrpe address from=::ffff:10.174.16.11
Nov 6 15:26:05 bugzillabck xinetd[5197]: EXIT: nrpe status=0 pid=23896 duration=0(sec)

[root@BUGZILLABCK ~]# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1 192.168.30.38

[josnavch]

Hello Kakaluru

IP is the same BUGZILLABCK 10.174.16.11?

The IP 192.168.30.38 is the Nagios Server?

You can try the following and post the results

/usr/local/nagios/libexec/check_nrpe -H 10.174.16.11 -n -c check_load

That line is you should try from the Nagios server not from the same BUGZILLABCK

You can put the cat in the /usr/local/nagios/etc/nrpe.cfg

[abrist]

Good questions josnavch. OP: Let us know the answers to his questions.

[kakaluru]

Hi,

I already posted below information in my earlier posts .

[root@son1840 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.174.16.11
CHECK_NRPE: Socket timeout after 10 seconds.

[root@BUGZILLABCK ~]# cat /usr/local/nagios/etc/nrpe.cfg
#############################################################################
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org)
#
# Last Modified: 11-23-2007
#
# NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################


# LOG FACILITY
# The syslog facility that should be used for logging purposes.

log_facility=daemon



# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.

pid_file=/var/run/nrpe.pid



# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666



# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

#server_address=127.0.0.1



# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios



# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=127.0.0.1



# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=0



# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions

allow_bash_command_substitution=0



# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!

# command_prefix=/usr/bin/sudo



# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=0



# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.

command_timeout=60



# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.

connection_timeout=300



# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/random, 1=also seed from weak randomness

#allow_weak_random_seed=1



# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>



# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>



# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!


# The following examples use hardcoded command arguments...

command[check_mem]=/usr/local/nagios/libexec/check_mem.py -w 15 -c 5
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20 -c 10
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/m apper/vg_bugzillabck-LogVol00
command[check_tmpfs]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/ shm
command[check_boot]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/s da1
command[check_usr]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/ma pper/vg_bugzillabck-LogVol02
command[check_var]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/ma pper/vg_bugzillabck-LogVol03
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 650 -c 700
command[check_http]=/usr/local/nagios/libexec/check_http -H 10.174.16.11 -S -u / query.cgi
command[check_url_status]=/usr/local/nagios/libexec/check_url_status -U https:// 10.174.16.11/query.cgi
command[check_bugdb]=/usr/local/nagios/libexec/check_tcp -H localhost -p 3306 -w 5 -c 10

# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.

#command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/local/nagios/libexec/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/local/nagios/libexec/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/local/nagios/libexec/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$