CHECK_NRPE: Error receiving data from daemon.
-
- Posts: 7
- Joined: Thu Jan 20, 2011 5:36 pm
CHECK_NRPE: Error receiving data from daemon.
This is probably a case of missing the obvious but i have tried everything i could think of and also what the nrpe.pdf doc suggests.
I am installing nrpe on centOS box using yum. The package installs without error.
Verion info: nagios-nrpe x86_64 2.12-1.el5.rf
I've added the check_nrpe command to /etc/nagios/objects/commands.cfg
# 'check_nrpe' command definition
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
and the host IP address to nrpe.cfg
nrpe is configured to run as a daemon and shows as running:
ps auxw | grep nrpe
root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe
nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d
nrpe is listening on the correct port:
netstat -at | grep nrpe
tcp 0 0 mail.panoston.com:nrpe *:* LISTEN
The problem(s) arise when I run check_nrpe on the remote host.
Running without ssl yields
/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n
CHECK_NRPE: Error receiving data from daemon.
Running with ssl yields:
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231
CHECK_NRPE: Error - Could not complete SSL handshake.
The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation.
Any suggestions would be appreciated.
I am installing nrpe on centOS box using yum. The package installs without error.
Verion info: nagios-nrpe x86_64 2.12-1.el5.rf
I've added the check_nrpe command to /etc/nagios/objects/commands.cfg
# 'check_nrpe' command definition
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
and the host IP address to nrpe.cfg
nrpe is configured to run as a daemon and shows as running:
ps auxw | grep nrpe
root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe
nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d
nrpe is listening on the correct port:
netstat -at | grep nrpe
tcp 0 0 mail.panoston.com:nrpe *:* LISTEN
The problem(s) arise when I run check_nrpe on the remote host.
Running without ssl yields
/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n
CHECK_NRPE: Error receiving data from daemon.
Running with ssl yields:
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231
CHECK_NRPE: Error - Could not complete SSL handshake.
The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation.
Any suggestions would be appreciated.
-
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: CHECK_NRPE: Error receiving data from daemon.
It's probably iptables blocking connections to the running daemon. Try adding a firewall rule to allow state new traffic on NRPE's port.
-
- Posts: 7
- Joined: Thu Jan 20, 2011 5:36 pm
Re: CHECK_NRPE: Error receiving data from daemon.
IPtables have been set correctly. result of
iptables -L
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
iptables -L
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
-
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: CHECK_NRPE: Error receiving data from daemon.
Is that ACCEPT listed before any REJECTS?
Do you have allowed_hosts set correctly in the NRPE config file?
Do you have allowed_hosts set correctly in the NRPE config file?
-
- Posts: 7
- Joined: Thu Jan 20, 2011 5:36 pm
Re: CHECK_NRPE: Error receiving data from daemon.
The only reject is the last line in the table - reject all.
The ouput is below.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.21.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.2.31 anywhere state NEW
ACCEPT all -- IP Address anywhere state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp spt:6277
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
The allowd_hosts line from nrpe.cfg
allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1
The ouput is below.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.21.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.2.31 anywhere state NEW
ACCEPT all -- IP Address anywhere state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp spt:6277
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
The allowd_hosts line from nrpe.cfg
allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1
-
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: CHECK_NRPE: Error receiving data from daemon.
I'm not certain if this is your issue, but there should not be any spaces in the value for allowed_hosts, neither after the = or between hosts. Multiple hosts should be separated by commas only.
-
- Posts: 7
- Joined: Thu Jan 20, 2011 5:36 pm
Re: CHECK_NRPE: Error receiving data from daemon.
I made the changes you suggested but it made no difference.
allowed_hosts=96.37.142.40,192.168.2.231,127.0.0.1
/usr/lib64/nagios/plugins/check_nrpe -H localhost
Connection refused by host
allowed_hosts=96.37.142.40,192.168.2.231,127.0.0.1
/usr/lib64/nagios/plugins/check_nrpe -H localhost
Connection refused by host
-
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: CHECK_NRPE: Error receiving data from daemon.
Are you running NRPE as a service directly or via xinetd?
-
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: CHECK_NRPE: Error receiving data from daemon.
Also take a look at the five notes on http://support.nagios.com/knowledgebase ... faq_id=191 and see if any of those could apply to you.
-
- Posts: 7
- Joined: Thu Jan 20, 2011 5:36 pm
Re: CHECK_NRPE: Error receiving data from daemon.
Found two errors. File permissions on the remote host. Reset them to nagios:nagios and the remote host is functioning. Firewall issues on our side. Corrected those and the system is monitoring correctly.
Thanks very much for your help!
Thanks very much for your help!