Nagios EventLog Service Monitor

[snchestnut01]

Hello again guys, sorry to bug you. I'm trying to setup a capture for event logs on two of our servers and seem to be failing pretty hard at this. I've followed all the steps in the documentation provided on the link below, but I'm still receiving the error... Error: Coud not connect to host ***.***.***.*** on port 5667 (2). I've setup nsclient++ to send these to the server, but it seems that the clients I've setup cannot connect.

Thanks ahead of time,
Sean

This is the documentation to setup the EventLog Control Manager.

https://assets.nagios.com/downloads/nag ... 1461777754

[lmiltchev]

Is port 5667 blocked by your firewall?

Did you add the client's IP address to the "/etc/xinetd.d/nsca" file? If not, add the remote machine's IP on the "only_from" line:

Code: Select all

 only_from       =  x.x.x.x

and restart xinetd:

Code: Select all

service xinetd restart

Let us know if this helped.

[snchestnut01]

Firewall on the server is turned off so that shouldn't be an issue.

I setup the only_from to match my subnet as I'm going to be monitoring several boxes using this method and I have restarted the xinetd service on the nagios xi server.

[lmiltchev]

Do you find any clues about the issue you are having in the "/usr/local/nagios/var/nagios.log" or "/var/log/messages"?

Does it help if you comment out the "only_from" line in the "/etc/xinetd.d/nsca" file:

Code: Select all

 # only_from       = x.x.x.x

and restart xinetd:

Code: Select all

service xinetd restart

Did you verify that you are using a correct password, and the same encryption/decryption method?

[snchestnut01]

I have not checked the logs on the server because I was unaware of the pathing to the logs. Sorry, I'm a bit of a nagios xi Noob. However, Encryption/decryption method should not be an issue and passwords are the same.

[snchestnut01]

Okay, so... this method was causing a lot of issues and network traffic and my director wanted me to use the following method:

http://www.thedailyadmin.com/2010/08/ch ... agios.html

So I made the switch and now I'm getting the following errors:

From nsclient log on the server:
2016-05-12 10:08:51: message:modules\NRPEListener\NRPEListener.cpp:370: Could not read a full NRPE packet from socket, only got: 127

I've looked for the NRPE.cfg and it's all gibberish in the nagios xi server I'm not finding it in the nsclient++ files.

[rkennedy]

What command are you running on the Nagios side that produces that error? It might be a timeout issue with either command_timeout, or socket_timeout.

[snchestnut01]

Code: Select all

./usr/local/nagios/libexec/check_nrpe -H 192.168.100.10 -p 5667 -c CheckEventLog -a filter=new file="system" MaxWarn=1 MaxCrit=1 filter-generated=\<1h filter-eventType==error filter=in filter=all

[lmiltchev]

For starters, check_nrpe uses port 5666, not 5667. Run the command from the CLI using the correct port, and show the output (in case it errors out).

[snchestnut01]

connect to address 192.168.100.10 port 5666: Connection refused