Error: Could not complete SSL handshake. 5

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Error: Could not complete SSL handshake. 5

Postby chimborah » Thu May 18, 2017 6:54 am

Hi All,

Below error message is getting written to /var/log/messages every min. All the services are in ok state. The requirement is how to avoid these messages or not to log any of the error messages generated by nrpe in any of the log file. Could you please let me how I can achieve this.
Error message : Error: Could not complete SSL handshake. 5
Nagios core 4.0.8
Code: Select all
#############################################################################


# LOG FACILITY
# The syslog facility that should be used for logging purposes.

log_facility=daemon



# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number.  The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.

pid_file=/var/run/nrpe.pid



# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666



# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd



# NRPE USER
# This determines the effective user that the NRPE daemon should run as. 
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as. 
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios



# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd


allowed_hosts=127.0.0.1,nagios server ip


# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option. 
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1



# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...).  This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
#         1=allow bash command substitutions

allow_bash_command_substitution=0



# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password.  If you do this, make sure you don't give
# random users write access to that directory or its contents!

# command_prefix=/usr/bin/sudo



# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=1



# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.

command_timeout=900



# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.

connection_timeout=300



# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness

#allow_weak_random_seed=1



# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>



# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>



# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/lib64/nagios/plugins
# directory.  Also note that you will have to modify the definitions below
# to match the argument format the plugins expect.  Remember, these are
# examples only!


# The following examples use hardcoded command arguments...

command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_disk_root]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w 20% -c 10%


# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'.  This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.

#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$
#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ -m $ARG4$
command[check_procs_cpu]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$
command[check_z_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ -s $ARG4$
command[check_pro_ssh_inetd_syslog]=/usr/lib64/nagios/plugins/check_pro_ssh_inetd_syslog
command[check_linux_fs]=/usr/lib64/nagios/plugins/check_linux_fs
command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$
command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_cpu1]=/usr/lib64/nagios/plugins/check_cpu1 -w $ARG1$ -c $ARG2$
command[check_log]=/usr/lib64/nagios/plugins/check_log -F $ARG1$ -O $ARG2$ -q $ARG3$
command[check_ram]=/usr/lib64/nagios/plugins/check_ram -w $ARG1$ -c $ARG2$
command[check_iostat]=/usr/lib64/nagios/plugins/check_iostat -d $ARG1$ -c $ARG2$ -w $ARG3$
command[check_paging_usage]=/usr/lib64/nagios/plugins/check_linux_stats.pl -W -w $ARG1$ -c $ARG2$ -s $ARG3$
command[check_oracle]=/usr/lib64/nagios/plugins/check_oracle --db $ARG1$
command[check_tns_status]=/usr/lib64/nagios/plugins/check_oracle --tns $ARG1$
command[check_login_status]=/usr/lib64/nagios/plugins/check_oracle --login $ARG1$
command[check_tablespace]=/usr/lib64/nagios/plugins/check_oracle --tablespace $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$
command[check_oracle_cache]=/usr/lib64/nagios/plugins/check_oracle --cache $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
command[check_disk1]=/usr/lib64/nagios/plugins/check_disk1 -w $ARG1$ -c $ARG2$ -d $ARG3$
#command[check_all_tablespace]=/usr/lib64/nagios/plugins/check_oracle_health --connect=orcl --username=nagios --password=nagios  --warning=90 --critical=95 --mode=tablespace-usage
#command[check_all_tablespace]=/usr/lib64/nagios/plugins/check_oracle_health --connect=$ARG1$--username=$ARG2$ --password=$ARG3$ --warning=$ARG4$ --critical=$ARG5$ --mode $ARG6$
command[tablespace-usage]=/usr/lib64/nagios/plugins/check_oracle_health --connect=orcl --user=nagios --password=nagios --mode=tablespace-usage
command[check_DB_App_critical_log]=/usr/lib64/nagios/plugins/check_logfiles --logfile=/u01/app/diag/rdbms/orcl/orcl/trace/alert_orcl.log --criticalpattern="ORA-0204;ORA-0206;ORA-02010;ORA-0257;ORA-0333;ORA-0345;ORA-0440;ORA-0600;ORA-1114;ORA-1115;ORA-1116;ORA-1118;ORA-1578"
command[check_DB_App_Warning_log]=/usr/lib64/nagios/plugins/check_logfiles --logfile=/u01/app/diag/rdbms/orcl/orcl/trace/alert_orcl.log  --warningpattern="ORA-1135;ORA-1547;ORA-1555;ORA-1562;ORA-1628;ORA-1650;ORA-4031;ORA-3113;ORA-6501"
########################################
#                                      #
# New commands added recently -  #
#                                      #
########################################

command[check_fs_space]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -e
command[check_fs_inodes]=/usr/lib64/nagios/plugins/check_disk -W $ARG1$ -K $ARG2$ -e
command[check_z_procs_crit]=/usr/lib64/nagios/plugins/check_procs -c $ARG2$ -m $ARG3$ -s $ARG4$
command[check_cpu_util]=/usr/lib64/nagios/plugins/check_cpu_util.sh -w $ARG1$ -c $ARG2$ -i $ARG3$
command[check_system_procs]=/usr/lib64/nagios/plugins/check_system_procs
command[check_messages]=/usr/lib64/nagios/plugins/check_logfiles -f /etc/nagios/config



Thank you
Chim
chimborah
 
Posts: 30
Joined: Tue Oct 02, 2012 7:55 am

Re: Error: Could not complete SSL handshake. 5

Postby dwhitfield » Thu May 18, 2017 3:07 pm

Well, if you want less logging, here's one thing that will help:

Code: Select all
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=1


Change that to 0 in the config file you sent.

You'll need to restart nrpe for the changes to apply. service nrpe restart will probably getting you going. If it doesn't, please post the new nrpe.cfg as well as the output of find / -name *nrpe*. Please put the output in a code block. The button is the fifth from the left on the post input screen (between Quote and List).
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
dwhitfield
The Doctor
 
Posts: 3963
Joined: Wed Sep 21, 2016 10:29 am
Location: Nagios Enterprises, LLC

Re: Error: Could not complete SSL handshake. 5

Postby chimborah » Fri May 19, 2017 9:26 am

Thanks for your reply.
I have disabled debug mode but still there are error message getting logged into /var/log/messages.
Please find the details below
Output of find / -name *nrpe
Code: Select all
server#find / -name "nrpe"
/etc/rc.d/init.d/nrpe
/etc/xinetd.d/nrpe
/var/lock/subsys/nrpe
/usr/sbin/nrpe


nrpe.cfg post modification
Code: Select all
#############################################################################


# LOG FACILITY
# The syslog facility that should be used for logging purposes.

log_facility=daemon



# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number.  The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.

pid_file=/var/run/nrpe.pid



# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666



# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd



# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios



# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd


allowed_hosts=127.0.0.1,nagios server ip


# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1



# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...).  This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
#         1=allow bash command substitutions

allow_bash_command_substitution=0



# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password.  If you do this, make sure you don't give
# random users write access to that directory or its contents!

# command_prefix=/usr/bin/sudo



# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=0



# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.

command_timeout=900



# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.

connection_timeout=300



# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness

#allow_weak_random_seed=1



# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>



# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>



# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/lib64/nagios/plugins
# directory.  Also note that you will have to modify the definitions below
# to match the argument format the plugins expect.  Remember, these are
# examples only!


# The following examples use hardcoded command arguments...

command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_disk_root]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w 20% -c 10%


# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'.  This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.

#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$
#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ -m $ARG4$
command[check_procs_cpu]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$
command[check_z_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ -s $ARG4$
command[check_pro_ssh_inetd_syslog]=/usr/lib64/nagios/plugins/check_pro_ssh_inetd_syslog
command[check_linux_fs]=/usr/lib64/nagios/plugins/check_linux_fs
command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$
command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_cpu1]=/usr/lib64/nagios/plugins/check_cpu1 -w $ARG1$ -c $ARG2$
command[check_log]=/usr/lib64/nagios/plugins/check_log -F $ARG1$ -O $ARG2$ -q $ARG3$
command[check_ram]=/usr/lib64/nagios/plugins/check_ram -w $ARG1$ -c $ARG2$
command[check_iostat]=/usr/lib64/nagios/plugins/check_iostat -d $ARG1$ -c $ARG2$ -w $ARG3$
command[check_paging_usage]=/usr/lib64/nagios/plugins/check_linux_stats.pl -W -w $ARG1$ -c $ARG2$ -s $ARG3$
command[check_oracle]=/usr/lib64/nagios/plugins/check_oracle --db $ARG1$
command[check_tns_status]=/usr/lib64/nagios/plugins/check_oracle --tns $ARG1$
command[check_login_status]=/usr/lib64/nagios/plugins/check_oracle --login $ARG1$
command[check_tablespace]=/usr/lib64/nagios/plugins/check_oracle --tablespace $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$
command[check_oracle_cache]=/usr/lib64/nagios/plugins/check_oracle --cache $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
command[check_disk1]=/usr/lib64/nagios/plugins/check_disk1 -w $ARG1$ -c $ARG2$ -d $ARG3$
#command[check_all_tablespace]=/usr/lib64/nagios/plugins/check_oracle_health --connect=orcl --username=nagios --password=nagios  --warning=90 --critical=95 --mode=tablespace-usage
#command[check_all_tablespace]=/usr/lib64/nagios/plugins/check_oracle_health --connect=$ARG1$--username=$ARG2$ --password=$ARG3$ --warning=$ARG4$ --critical=$ARG5$ --mode $ARG6$
command[tablespace-usage]=/usr/lib64/nagios/plugins/check_oracle_health --connect=orcl --user=nagios --password=nagios --mode=tablespace-usage
command[check_DB_App_critical_log]=/usr/lib64/nagios/plugins/check_logfiles --logfile=/u01/app/diag/rdbms/orcl/orcl/trace/alert_orcl.log --criticalpattern="ORA-0204;ORA-0206;ORA-02010;ORA-0257;ORA-0333;ORA-0345;ORA-0440;ORA-0600;ORA-1114;ORA-1115;ORA-1116;ORA-1118;ORA-1578"
command[check_DB_App_Warning_log]=/usr/lib64/nagios/plugins/check_logfiles --logfile=/u01/app/diag/rdbms/orcl/orcl/trace/alert_orcl.log  --warningpattern="ORA-1135;ORA-1547;ORA-1555;ORA-1562;ORA-1628;ORA-1650;ORA-4031;ORA-3113;ORA-6501"
########################################
#                                      #
# New commands added recently -  #
#                                      #
########################################

command[check_fs_space]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -e
command[check_fs_inodes]=/usr/lib64/nagios/plugins/check_disk -W $ARG1$ -K $ARG2$ -e
command[check_z_procs_crit]=/usr/lib64/nagios/plugins/check_procs -c $ARG2$ -m $ARG3$ -s $ARG4$
command[check_cpu_util]=/usr/lib64/nagios/plugins/check_cpu_util.sh -w $ARG1$ -c $ARG2$ -i $ARG3$
command[check_system_procs]=/usr/lib64/nagios/plugins/check_system_procs
command[check_messages]=/usr/lib64/nagios/plugins/check_logfiles -f /etc/nagios/config
chimborah
 
Posts: 30
Joined: Tue Oct 02, 2012 7:55 am

Re: Error: Could not complete SSL handshake. 5

Postby ssax » Fri May 19, 2017 1:46 pm

Please post the output of this command:

Code: Select all
ps aux | grep nrpe


That will tell us if NRPE is running under xinetd or not (if nrpe is not listed it's running under XINETD).

Then you'll likely need to edit:

Code: Select all
/etc/xinetd.d/nrpe


The set:

Code: Select all
log_on_success=
log_on_failure=


And restart the XINETD service:

Code: Select all
service xinetd restart


You can read what other XINETD options you can set in this documentation:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-xinetd-config.html
Be sure to check out our Knowledgebase for helpful articles and solutions!
ssax
Dreams In Code
 
Posts: 2973
Joined: Wed Feb 11, 2015 12:54 pm

Re: Error: Could not complete SSL handshake. 5

Postby chimborah » Tue May 23, 2017 4:08 am

Please find the output of command

Code: Select all
ps aux | grep nrpe


Code: Select all
nagios    5118  0.0  0.0 103316   884 pts/0    S+   08:52   0:00 grep nrpe
nagios   22833  0.0  0.0  48312  1672 ?        Ss   07:41   0:00 nrpe -c /etc/nagios/nrpe.cfg -d


I see nrpe is not running under xinetd. Could you please suggest further.
chimborah
 
Posts: 30
Joined: Tue Oct 02, 2012 7:55 am

Re: Error: Could not complete SSL handshake. 5

Postby tgriep » Tue May 23, 2017 2:51 pm

The older version of the NRPE agent has those messages hard coded as syslog info messages so the only way to stop those message is to disable sending all of the info syslog message.

If you do not want to disable all of the syslog info messages, you would have to upgrade to the latest NRPE agent at the link below.
https://support.nagios.com/kb/article/nrpe-how-to-install-nrpe-v3-from-source.html

Then you will have to edit your syslog settings to stop logging all of the nrpe messages using the example below for the syslog config file.
Code: Select all
*.info;mail.none;authpriv.none;cron.none;nrpe.none                /var/log/messages

If you have any questions, let us know.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tgriep
Madmin
 
Posts: 6164
Joined: Thu Oct 30, 2014 9:02 am

Re: Error: Could not complete SSL handshake. 5

Postby chimborah » Thu May 25, 2017 7:37 am

I will have the latest version of NRPE agent implemented along with syslog settings in couple of days and let you know the status.
chimborah
 
Posts: 30
Joined: Tue Oct 02, 2012 7:55 am

Re: Error: Could not complete SSL handshake. 5

Postby dwhitfield » Thu May 25, 2017 11:11 am

chimborah wrote:let you know the status.


Fantastic! Please be aware that Monday is a US Holiday, and we close early on Fridays, so if you want to get a response before Tuesday, it will need to be todayish.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
dwhitfield
The Doctor
 
Posts: 3963
Joined: Wed Sep 21, 2016 10:29 am
Location: Nagios Enterprises, LLC


Return to Nagios Core

Who is online

Users browsing this forum: Bing [Bot] and 5 guests