Nagios EventLog Service Monitor
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Nagios EventLog Service Monitor
Hello again guys, sorry to bug you. I'm trying to setup a capture for event logs on two of our servers and seem to be failing pretty hard at this. I've followed all the steps in the documentation provided on the link below, but I'm still receiving the error... Error: Coud not connect to host ***.***.***.*** on port 5667 (2). I've setup nsclient++ to send these to the server, but it seems that the clients I've setup cannot connect.
Thanks ahead of time,
Sean
This is the documentation to setup the EventLog Control Manager.
https://assets.nagios.com/downloads/nag ... 1461777754
Thanks ahead of time,
Sean
This is the documentation to setup the EventLog Control Manager.
https://assets.nagios.com/downloads/nag ... 1461777754
Re: Nagios EventLog Service Monitor
Is port 5667 blocked by your firewall?
Did you add the client's IP address to the "/etc/xinetd.d/nsca" file? If not, add the remote machine's IP on the "only_from" line:
and restart xinetd:
Let us know if this helped.
Did you add the client's IP address to the "/etc/xinetd.d/nsca" file? If not, add the remote machine's IP on the "only_from" line:
Code: Select all
only_from = x.x.x.x
Code: Select all
service xinetd restart
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Re: Nagios EventLog Service Monitor
Firewall on the server is turned off so that shouldn't be an issue.
I setup the only_from to match my subnet as I'm going to be monitoring several boxes using this method and I have restarted the xinetd service on the nagios xi server.
I setup the only_from to match my subnet as I'm going to be monitoring several boxes using this method and I have restarted the xinetd service on the nagios xi server.
Re: Nagios EventLog Service Monitor
Do you find any clues about the issue you are having in the "/usr/local/nagios/var/nagios.log" or "/var/log/messages"?
Does it help if you comment out the "only_from" line in the "/etc/xinetd.d/nsca" file:
and restart xinetd:
Did you verify that you are using a correct password, and the same encryption/decryption method?
Does it help if you comment out the "only_from" line in the "/etc/xinetd.d/nsca" file:
Code: Select all
# only_from = x.x.x.x
Code: Select all
service xinetd restart
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Re: Nagios EventLog Service Monitor
I have not checked the logs on the server because I was unaware of the pathing to the logs. Sorry, I'm a bit of a nagios xi Noob. However, Encryption/decryption method should not be an issue and passwords are the same.
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Re: Nagios EventLog Service Monitor
Okay, so... this method was causing a lot of issues and network traffic and my director wanted me to use the following method:
http://www.thedailyadmin.com/2010/08/ch ... agios.html
So I made the switch and now I'm getting the following errors:
From nsclient log on the server:
2016-05-12 10:08:51: message:modules\NRPEListener\NRPEListener.cpp:370: Could not read a full NRPE packet from socket, only got: 127
I've looked for the NRPE.cfg and it's all gibberish in the nagios xi server I'm not finding it in the nsclient++ files.
http://www.thedailyadmin.com/2010/08/ch ... agios.html
So I made the switch and now I'm getting the following errors:
From nsclient log on the server:
2016-05-12 10:08:51: message:modules\NRPEListener\NRPEListener.cpp:370: Could not read a full NRPE packet from socket, only got: 127
I've looked for the NRPE.cfg and it's all gibberish in the nagios xi server I'm not finding it in the nsclient++ files.
Re: Nagios EventLog Service Monitor
What command are you running on the Nagios side that produces that error? It might be a timeout issue with either command_timeout, or socket_timeout.
Former Nagios Employee
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Re: Nagios EventLog Service Monitor
Code: Select all
./usr/local/nagios/libexec/check_nrpe -H 192.168.100.10 -p 5667 -c CheckEventLog -a filter=new file="system" MaxWarn=1 MaxCrit=1 filter-generated=\<1h filter-eventType==error filter=in filter=all
Last edited by tmcdonald on Thu May 12, 2016 1:15 pm, edited 1 time in total.
Reason: Please use [code][/code] tags around terminal output
Reason: Please use [code][/code] tags around terminal output
Re: Nagios EventLog Service Monitor
For starters, check_nrpe uses port 5666, not 5667. Run the command from the CLI using the correct port, and show the output (in case it errors out).
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 25
- Joined: Mon Feb 29, 2016 2:46 pm
Re: Nagios EventLog Service Monitor
connect to address 192.168.100.10 port 5666: Connection refused