NRPE issue
- sebastiaopburnay
- Posts: 105
- Joined: Sun Oct 31, 2010 1:40 pm
- Location: Lisbon, Portugal
NRPE issue
Hi!
Thank you for managing this great portal.
I have a distributed monitoring infrastructure with a central nagios server (working with NDOUtils to write in a MySQL DB) receiving passive service and host checks from a remote nagios instance/server via nsca. It was quite tricky to learn nagios and configure it to work the way it does.
Now I'm trying to configure the system so that the central server actively uses nrpe_checks on the remote one, when the passive checks' results aren't fresh enough.
I've istalled the nagios-nrpe-server_2.8.1-1_i386.deb on the remote host and that installation created the /etc/nagios/nrpe.cfg and the /usr/sbin/nrpe files (which is normal) and also registered the service nagios-nrpe-server (which is cool).
I added the central server's IP address to the allowed_hosts directive on the nrpe.cfg file.
Problem is I can only do local checks (on the remote host to -H localhost || -H 127.0.0.1), so I tried changing the server_address directive on the nrpe.cfg file to reflect the remote server's IP address and restarted the nagios-nrpe-server service. That change made impossible for the remote nagios to check on itself with nrpe.
Please give me a light on this.
With my best regards,
sebastiaopburnay
Thank you for managing this great portal.
I have a distributed monitoring infrastructure with a central nagios server (working with NDOUtils to write in a MySQL DB) receiving passive service and host checks from a remote nagios instance/server via nsca. It was quite tricky to learn nagios and configure it to work the way it does.
Now I'm trying to configure the system so that the central server actively uses nrpe_checks on the remote one, when the passive checks' results aren't fresh enough.
I've istalled the nagios-nrpe-server_2.8.1-1_i386.deb on the remote host and that installation created the /etc/nagios/nrpe.cfg and the /usr/sbin/nrpe files (which is normal) and also registered the service nagios-nrpe-server (which is cool).
I added the central server's IP address to the allowed_hosts directive on the nrpe.cfg file.
Problem is I can only do local checks (on the remote host to -H localhost || -H 127.0.0.1), so I tried changing the server_address directive on the nrpe.cfg file to reflect the remote server's IP address and restarted the nagios-nrpe-server service. That change made impossible for the remote nagios to check on itself with nrpe.
Please give me a light on this.
With my best regards,
sebastiaopburnay
Re: NRPE issue
Scroll down in the config file a bit further and look for the "allowed hosts" directive. Leave the 'server address' as your localhost, and then add your central server to the list of allowed hosts (you can have many addresses separated by spaces). Make sure your firewall has port 5666 open as well. Once the nrpe is running on the remote system, you can type "netstat -aunt" to make sure it's listening on port 5666 for requests.
- sebastiaopburnay
- Posts: 105
- Joined: Sun Oct 31, 2010 1:40 pm
- Location: Lisbon, Portugal
Re: NRPE issue
Hi!
Thank you for replying and sorry for taking so long to review this (I'm dealing with a lot of other issues that appear as I fix the preceding ones)
I have done what you suggested and verified the netstat:
Then I ran the check_nrpe
And without the '-n' option
Strangely, when I target the l0 interface (127.0.0.1) and run check_nrpe I get the nrpe version as expected.
Could it be an SSL error or just a misconfiguration issue?
With my best regards,
sebastiaopburnay
Thank you for replying and sorry for taking so long to review this (I'm dealing with a lot of other issues that appear as I fix the preceding ones)
I have done what you suggested and verified the netstat:
Code: Select all
netstat -aunt | grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN
Code: Select all
root@nagios-virtual-machine:/usr/lib/nagios/plugins# ./check_nrpe -H <IP@eth0> -n
CHECK_NRPE: Error receiving data from daemon.
Code: Select all
root@nagios-virtual-machine:/usr/lib/nagios/plugins# ./check_nrpe -H <IP@eth0>
CHECK_NRPE: Error - Could not complete SSL handshake.
Could it be an SSL error or just a misconfiguration issue?
With my best regards,
sebastiaopburnay
Re: NRPE issue
I've run into this issue before, and I'm sorry to say I don't remember exactly what I did to fix it, but I think the issue was related to an SSL package not being installed on one of the machiens. I think both machines either needed libssl or openssl (depending on the distro). Sorry that's a little vague, but hopefully it will point you in the right direction.
Re: NRPE issue
Please check on the /etc/xinetd.d/nrpe as following.
You need to make sure the only_from ip is the IP for nagios monitoring server.
If the only_from IP is not correct, rectify it and then restart xinetd.d by using the following command.
If the nrpe setting is already correct, then you need to check in /var/log/messages in the remote host. You might see the following error.
[codeJul 29 13:36:56 remotehost xinetd[7336]: FAIL: nrpe address from=10.1.2.2
Jul 29 13:36:56 remotehost xinetd[6595]: START: nrpe pid=7336 from=10.1.2.2
Jul 29 13:36:56 remotehost xinetd[6595]: EXIT: nrpe status=0 pid=7336 duration=0(sec)[/code]
Try to restart xinetd daemon using the command above and then check on /var/log/messages again. If you see the following error, it might mean that xinetd had problem to start up nrpe becuase of its bug to release the address.
In this case, you cannot start nrpe as embeded service in xinetd since this is a bug in xinetd. To fix this, you can start nrpe as standalone daemon. Before you started nrpe as standalone daemon, you need to verify the configuration in /usr/local/nagios/etc/nrpe.cfg. The following are two parameters that you need to take care of. The value for allowed_hosts should be the ip of nagios monitoring host and the server_port is 5666.
You need to make sure xinetd is not running or you need to remove /etc/xinetd.d/nrpe and restart xinetd daemon.
Then, you can issue the following command to start nrpe as standalone daemon.
You should see the following log in /var/log/messages.
In this case, you can now verify the nrpe connection by running check_nrpe from nagios monitoring host as following.
'CHECK_NRPE: Error - Could not complete SSL handshake.' should now be resolved.
Code: Select all
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.1.2.2
}
If the only_from IP is not correct, rectify it and then restart xinetd.d by using the following command.
Code: Select all
[admin@remotehost ~]$ sudo /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[codeJul 29 13:36:56 remotehost xinetd[7336]: FAIL: nrpe address from=10.1.2.2
Jul 29 13:36:56 remotehost xinetd[6595]: START: nrpe pid=7336 from=10.1.2.2
Jul 29 13:36:56 remotehost xinetd[6595]: EXIT: nrpe status=0 pid=7336 duration=0(sec)[/code]
Try to restart xinetd daemon using the command above and then check on /var/log/messages again. If you see the following error, it might mean that xinetd had problem to start up nrpe becuase of its bug to release the address.
Code: Select all
Jul 29 13:35:54 remotehost xinetd[6595]: bind failed (Address already in use (errno = 98)). service = nrpe
Jul 29 13:35:54 remotehost xinetd[6595]: Service nrpe failed to start and is deactivated.
Jul 29 13:35:54 remotehost xinetd[6595]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in.
Code: Select all
allowed_hosts=10.1.8.2
server_port=5666
Then, you can issue the following command to start nrpe as standalone daemon.
Code: Select all
[admin@remotehost]$ /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Code: Select all
Jul 29 14:18:31 remotehost nrpe[5947]: Starting up daemon
Jul 29 14:18:31 remotehost nrpe[5947]: Listening for connections on port 5666
Jul 29 14:18:31 remotehost nrpe[5947]: Allowing connections from: 10.1.2.2
Code: Select all
[admin@monitoringhost ~]$ /usr/local/nagios/libexec/check_nrpe -H 10.1.2.12
NRPE v2.12
- sebastiaopburnay
- Posts: 105
- Joined: Sun Oct 31, 2010 1:40 pm
- Location: Lisbon, Portugal
Re: NRPE issue
Hey!
Sorry for the latency in my reply. There have been a lot of other issues.
I took your advice, but somehow those actions were ineffective.
So, I used a fresh Virtual Machine and followed the instructions on the NRPE manual.
It worked fine. Thank you for your support.
With my best regards,
sebastiaopburnay
Sorry for the latency in my reply. There have been a lot of other issues.
I took your advice, but somehow those actions were ineffective.
So, I used a fresh Virtual Machine and followed the instructions on the NRPE manual.
It worked fine. Thank you for your support.
With my best regards,
sebastiaopburnay
Re: NRPE issue
I was just skimming through the posts and so thought I would put what I did when I had a similar issue. Sorry if I am on a tangent since I have to run. I used nrpe to query a nsclient++ on a windows machine and I found that the reason I was getting the ssl handshake issue was because I had ssl turned on. I disabled it and it started working. I hate having non ssl but then that was the only way to go for me
;# USE SSL SOCKET
; This option controls if SSL should be used on the socket.
use_ssl=0
;# USE SSL SOCKET
; This option controls if SSL should be used on the socket.
use_ssl=0