Hi,
We have check_nrpe 2.15 on our Nagios XI install. I am using nsclient 0.3.9 on a Windows host I want to monitor. I have use_ssl=1 set in NSC.ini but everytime Wireshark the test command I send from Nagios, I see the alias_cpu and the results passed in plaintext. I haven't been able to find any good walkthrough/tutorials on what I'm trying to do. Can anyone point me in the right direction?
Thanks
nrpe ssl
Re: nrpe ssl
This what you're looking for? Its from the XI side of the house...
Its just a test command that does work but works in plaintext
Its just a test command that does work but works in plaintext
You do not have the required permissions to view the files attached to this post.
Re: nrpe ssl
Did you restart your nsclient on your windows?
also, here is a good resource for NRPE/nsclient:
http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe
also, here is a good resource for NRPE/nsclient:
http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe
Re: nrpe ssl
In addition to this, I found the following info on enabling SSL in NSClient++:
https://www.nsclient.org/forums/topic/old-1342/
https://www.nsclient.org/forums/topic/old-1342/
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: nrpe ssl
Hi,
is there an nrpe.cfg file for nrpe on the nagios server? I wasn't the one who installed it but I can check it out. I know there is one for the client side of nrpe. Would I get any type of error if one side has ssl=1 but the other doesn't? I guess it would just pass right on through, not using ssl though.
It's just a little confusing because Michael Medin's forum post: https://www.nsclient.org/forums/topic/old-1342/ goes into installing certificates and such. Is his forum post about a different version of the nsclient? Is his forum post more on topic with the nscp client? I've fiddled with nscp a little trying to get ssl to work but not much.
Thanks so far!
is there an nrpe.cfg file for nrpe on the nagios server? I wasn't the one who installed it but I can check it out. I know there is one for the client side of nrpe. Would I get any type of error if one side has ssl=1 but the other doesn't? I guess it would just pass right on through, not using ssl though.
It's just a little confusing because Michael Medin's forum post: https://www.nsclient.org/forums/topic/old-1342/ goes into installing certificates and such. Is his forum post about a different version of the nsclient? Is his forum post more on topic with the nscp client? I've fiddled with nscp a little trying to get ssl to work but not much.
Thanks so far!
Re: nrpe ssl
The nrpe.cfg on the nagios server has nothing to do with this. You need to configure nrpe.cfg on the client (remote box) when you monitor a Linux host. With Windows and NSClient++, you need to modify NSC.ini or nsclient.ini (depending on the version that you are running).
It seems like Michael Medin's forum post refers to NSClient++ ver. 4.x. I don't think certificate options could be set in the NSC.ini (0.3.9), but I could be wrong. I am going to install ver. 0.3.9 and will try to recreate the issue in house.
Meanwhile, I would recommend posting a question on the NSClient++ support site. Hopefully, the developer of NSClient++ can shed some light on the issue.
It seems like Michael Medin's forum post refers to NSClient++ ver. 4.x. I don't think certificate options could be set in the NSC.ini (0.3.9), but I could be wrong. I am going to install ver. 0.3.9 and will try to recreate the issue in house.
Meanwhile, I would recommend posting a question on the NSClient++ support site. Hopefully, the developer of NSClient++ can shed some light on the issue.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: nrpe ssl
Hi lmiltchev,
yeah I wasn't sure if the nagios side nrpe config had anything to do with it. thought id throw it out there. I did get a check between our server and a Linux host going and I wiresharked the command and as I recall, none of it was in plaintext. I was thinking that since both the nagios server and the Linux client had libmcrypt (or something similar) installed that having that package on both machines made the successful ssl tunnel between them. So with that train of thought, I wasn't sure how a windows server would handle an ssl connection without installing another piece of software.
I also remember posting this question over at nsclient.org but ill be damned if I can find my post. That site seems like a graveyard, with the last forum post being a week ago with no responses ><
Thanks for all your help! I'm curious to see what you find with your in-house test!
yeah I wasn't sure if the nagios side nrpe config had anything to do with it. thought id throw it out there. I did get a check between our server and a Linux host going and I wiresharked the command and as I recall, none of it was in plaintext. I was thinking that since both the nagios server and the Linux client had libmcrypt (or something similar) installed that having that package on both machines made the successful ssl tunnel between them. So with that train of thought, I wasn't sure how a windows server would handle an ssl connection without installing another piece of software.
I also remember posting this question over at nsclient.org but ill be damned if I can find my post. That site seems like a graveyard, with the last forum post being a week ago with no responses ><
Thanks for all your help! I'm curious to see what you find with your in-house test!
Re: nrpe ssl
ah found it!
http://www.nsclient.org/answers/nrpe-2-15-ssl/
I forgot I had to make a twitter account to post on those forums. They only allowed facebook, twitter, other types of social media logins.
http://www.nsclient.org/answers/nrpe-2-15-ssl/
I forgot I had to make a twitter account to post on those forums. They only allowed facebook, twitter, other types of social media logins.
Re: nrpe ssl
Sure.Thanks for all your help! I'm curious to see what you find with your in-house test!
Can you tell us what is the Windows flavor/architecture on the client (Windows 7, Server 2003, 2008, etc./32 or 64 bit)? Also, post a screenshot of the "clear text output" in Wireshark and the NSC.ini file (hide sensitive into).
Thanks!
Be sure to check out our Knowledgebase for helpful articles and solutions!