Nagios Support Forum

So I ran the following command on my RHEL remote host sever and saw the following.

[root@huey xinetd.d]# firewalld-cmd --zone=public --list-all
-bash: firewalld-cmd: command not found
[root@huey xinetd.d]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client ssh
ports: 2301/tcp 80/tcp 9102/tcp 10033/tcp 10032/tcp 10023/tcp 10022/tcp 10030/tcp 2381/tcp 10031/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

I don't see port 5666/tcp listed there however when I run the command:
[root@huey xinetd.d]# firewall-cmd --zone=public --add-port=5666/tcp
success
[root@huey xinetd.d]#

Now I see this here
[root@huey xinetd.d]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client ssh
ports: 5666/tcp 2301/tcp 80/tcp 9102/tcp 10033/tcp 10032/tcp 10030/tcp 10022/tcp 10023/tcp 2381/tcp 10031/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

From the Nag server I am now getting this. What does this mean?
[root@nag ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.42
CHECK_NRPE: Error - Could not connect to 192.168.1.42: Connection reset by peer

This is a different error message.

Remote host:

[root@huey xinetd.d]# netstat -at | egrep "nrpe|5666"
tcp 0 0 0.0.0.0:nrpe 0.0.0.0:* LISTEN
tcp6 0 0 [::]:nrpe [::]:* LISTEN

[root@huey xinetd.d]# ps -ef |grep nrpe
nagios 10247 1 0 13:06 ? 00:00:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
root 10800 21113 0 13:07 pts/1 00:00:00 grep --color=auto nrpe
[root@huey xinetd.d]#

From Nag Server
[root@nag ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.42
CHECK_NRPE: Error - Could not connect to 192.168.1.42: Connection reset by peer
[root@nag ~]#

Config /etc/xinetd.d/nrpe
"disable = no"

systemctl restart xinetd.service
systemctl restart nrpe

now I see a different message. Also, I have verified that the /etc/hosts.allow has the IP address of the Nagios server from the Remote Hosts.
[root@nag ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.42
CHECK_NRPE: Error - Could not connect to 192.168.1.42: Connection reset by peer

when running the following command from the nagios server:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.42

I am seeing the following in the /var/log/messages
Jun 19 08:08:02 nag check_nrpe: Error: Could not complete SSL handshake with 192.168.1.42: rc=-1 SSL-error=5

Here is my /etc/xinetd.d/nrpe

[root@huey ~]# cat /etc/xinetd.d/nrpe
# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = no
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
only_from = 192.168.1.186
log_on_success =
}

Here is my out put on remote host for nrpe port 5666

[root@huey ~]# netstat -at | egrep "nrpe|5666"
tcp 0 0 0.0.0.0:nrpe 0.0.0.0:* LISTEN
tcp6 0 0 [::]:nrpe [::]:* LISTEN

Here is a traceroute from nagios server to host
traceroute to 192.168.1.42 (192.168.1.42), 30 hops max, 60 byte packets
1 huey.sg1.allamericanasphalt.com (192.168.1.42) 2.597 ms !X 2.560 ms !X 2.540 ms !X

Here is a traceroute from host to nagios server
traceroute 192.168.1.186
traceroute to 192.168.1.186 (192.168.1.186), 30 hops max, 60 byte packets
1 nag.sg1.allameircanasphalt.com (192.168.1.186) 0.366 ms !X 0.353 ms !X 0.337 ms !X

I am not sure what I am missing here any help or ideas would be great. Thank you so much.

I think the issue now is that you are running the NRPE Agent as a daemon and also out of xinetd and that is causing a conflict.
If you want to run the Agent from xinetd, stop the service from running.
Then restart xinetd by running Then, if you run the following command as root on the remote server, It should show you that it being started by xinetd like the example below. Next, run the following on the Nagios server to test if it can connect to the Remote system If either of the command work, you should be able to monitor the remote system.
If they both fail, post the output.

You should take a look at this guide for possible fixes when using the NRPE Agent and you cannot connect to the remote host.
https://assets.nagios.com/downloads/nag ... utions.pdf

Actually I got this to work I have installed it now on 4 of my RHEL machines, I am now putting it on CentOS release 6.6 (Final) running into some issue I will post about it.

Thanks

Thanks for letting us know. Please open a new thread if you have any other issues