CHECK_NRPE: Error receiving data from daemon.

[tcicirello]

This is probably a case of missing the obvious but i have tried everything i could think of and also what the nrpe.pdf doc suggests.

I am installing nrpe on centOS box using yum. The package installs without error.
Verion info: nagios-nrpe x86_64 2.12-1.el5.rf

I've added the check_nrpe command to /etc/nagios/objects/commands.cfg
# 'check_nrpe' command definition
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

and the host IP address to nrpe.cfg

nrpe is configured to run as a daemon and shows as running:
ps auxw | grep nrpe
root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe
nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d

nrpe is listening on the correct port:
netstat -at | grep nrpe
tcp 0 0 mail.panoston.com:nrpe *:* LISTEN

The problem(s) arise when I run check_nrpe on the remote host.
Running without ssl yields
/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n
CHECK_NRPE: Error receiving data from daemon.

Running with ssl yields:
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231
CHECK_NRPE: Error - Could not complete SSL handshake.

The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation.

Any suggestions would be appreciated.

[tonyyarusso]

It's probably iptables blocking connections to the running daemon. Try adding a firewall rule to allow state new traffic on NRPE's port.

[tcicirello]

IPtables have been set correctly. result of
iptables -L
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe

[tonyyarusso]

Is that ACCEPT listed before any REJECTS?

Do you have allowed_hosts set correctly in the NRPE config file?

[tcicirello]

The only reject is the last line in the table - reject all.
The ouput is below.

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.21.0/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.2.31 anywhere state NEW
ACCEPT all -- IP Address anywhere state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp spt:6277
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

The allowd_hosts line from nrpe.cfg

allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1

[tonyyarusso]

I'm not certain if this is your issue, but there should not be any spaces in the value for allowed_hosts, neither after the = or between hosts. Multiple hosts should be separated by commas only.

[tcicirello]

I made the changes you suggested but it made no difference.

allowed_hosts=96.37.142.40,192.168.2.231,127.0.0.1

/usr/lib64/nagios/plugins/check_nrpe -H localhost
Connection refused by host

[tonyyarusso]

Are you running NRPE as a service directly or via xinetd?

[tonyyarusso]

Also take a look at the five notes on http://support.nagios.com/knowledgebase ... faq_id=191 and see if any of those could apply to you.

[tcicirello]

Found two errors. File permissions on the remote host. Reset them to nagios:nagios and the remote host is functioning. Firewall issues on our side. Corrected those and the system is monitoring correctly.

Thanks very much for your help!