Hi
I use
Nagios Core 4.2.1 on Red Hat Enterprise Linux Server release 6.7 (Santiago)
and I testing check_nrpe 3.2.0 client and NSCLIENT++ installed by package NSCP-0.5.0.62-x64.exe
on windows 2008 environment
in the nsclient.ini I configured
[/settings/default]
password = PWD
allowed_hosts = 10.XX.XX.XXX
[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3
verify mode = peer-cert
insecure = true
[/modules]
CheckExternalScripts = 1
CheckHelpers = 1
CheckNSCP = 1
CheckDisk = 1
CheckSystem = 1
CheckEventLog = 1
NSCAClient = 1
WEBSErver = 1
NRPEServer = 1
from my server nagios I did
./check_nrpe -H 10.209.12.176 -g log.txt
CHECK_NRPE: Error - Could not connect to 10.209.12.176: Connection reset by peer
and in the log I found
[1498732950] Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 10.209.12.176: rc=-1 SSL-error=5
Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake problem
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
Edit the nsclient.ini file and change the following lines under the [/settings/NRPE/server] section from
to
Also, add the following lines in that section if you are going to use arguments with the check_nrpe plugin and another ssl setting that is needed.
Save the file and restart the NSClient++ service.
Those changes should allow the check_nrpe to connect to the Windows system.
Code: Select all
ssl options = no-sslv2,no-sslv3
verify mode = peer-cert
Code: Select all
ssl options =
verify mode = none
Code: Select all
use ssl = 1
allow arguments = true
allow nasty characters = true
Those changes should allow the check_nrpe to connect to the Windows system.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
I set up your suggestion in nsclient.ini file (and then I restarted in nscliet service)
but nothing is change
[/settings/default]
password = password
allowed_hosts = NAGIO IP
[/settings/NRPE/server]
ssl options =
verify mode = none
[/modules]
CheckExternalScripts = 1
CheckHelpers = 1
CheckNSCP = 1
CheckDisk = 1
CheckSystem = 1
CheckEventLog = 1
NSCAClient = 1
WEBSErver = 1
NRPEServer = 1
./check_nrpe -H 10.209.12.176 -g log.txt
CHECK_NRPE: Error - Could not connect to 10.209.12.176: Connection reset by peer
and in the log I found
[1498739822] Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 10.209.12.176: rc=0 SSL-error=5
I did another command
./check_nrpe -H 10.209.12.176 -n -g log.txt
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
and in the log I found
[1498808648] Remote 10.209.12.176 does not support Version 3 Packets
[1498808648] Remote 10.209.12.176 accepted a Version 2 Packet
-n, --no-ssl Do no use SSL
If I did
./check_nrpe -H 10.209.12.176 -n --v2-packets-only
I got the same message ....CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
-2, --v2-packets-only Only use version 2 packets, not version 3
Do you have any other suggestions ?
Thanks
Emilio
but nothing is change
[/settings/default]
password = password
allowed_hosts = NAGIO IP
[/settings/NRPE/server]
ssl options =
verify mode = none
[/modules]
CheckExternalScripts = 1
CheckHelpers = 1
CheckNSCP = 1
CheckDisk = 1
CheckSystem = 1
CheckEventLog = 1
NSCAClient = 1
WEBSErver = 1
NRPEServer = 1
./check_nrpe -H 10.209.12.176 -g log.txt
CHECK_NRPE: Error - Could not connect to 10.209.12.176: Connection reset by peer
and in the log I found
[1498739822] Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 10.209.12.176: rc=0 SSL-error=5
I did another command
./check_nrpe -H 10.209.12.176 -n -g log.txt
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
and in the log I found
[1498808648] Remote 10.209.12.176 does not support Version 3 Packets
[1498808648] Remote 10.209.12.176 accepted a Version 2 Packet
-n, --no-ssl Do no use SSL
If I did
./check_nrpe -H 10.209.12.176 -n --v2-packets-only
I got the same message ....CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
-2, --v2-packets-only Only use version 2 packets, not version 3
Do you have any other suggestions ?
Thanks
Emilio
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
It looks like too many options in the nsclient.ini file were removed from the [/settings/NRPE/server] section.
Edit the nsclient.ini file again and make sure it has all of the settings like the example below.
Save the file and restart NSCLient++ on the Windows System
Edit the nsclient.ini file again and make sure it has all of the settings like the example below.
Code: Select all
[/settings/NRPE/server]
ssl options =
verify mode = none
insecure = true
use ssl = 1
allow arguments = true
allow nasty characters = true
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
Here the only information inside the nsclient.ini
[/settings/default]
password = nagios
allowed_hosts = 127.0.0.1,10.209.50.128
[/settings/NRPE/server]
ssl options =
verify mode = none
insecure = true
use ssl = 1
allow arguments = true
allow nasty characters = true
[/modules]
NRPEServer = enabled
command from nagios unix system
./check_nrpe -H 10.209.12.176 -n -g emi.log
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
here what I found in the emi.log file
[1499067167] Remote 10.209.12.176 does not support Version 3 Packets
[1499067167] Remote 10.209.12.176 accepted a Version 2 Packet
[/settings/default]
password = nagios
allowed_hosts = 127.0.0.1,10.209.50.128
[/settings/NRPE/server]
ssl options =
verify mode = none
insecure = true
use ssl = 1
allow arguments = true
allow nasty characters = true
[/modules]
NRPEServer = enabled
command from nagios unix system
./check_nrpe -H 10.209.12.176 -n -g emi.log
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
here what I found in the emi.log file
[1499067167] Remote 10.209.12.176 does not support Version 3 Packets
[1499067167] Remote 10.209.12.176 accepted a Version 2 Packet
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
SOLVE
I found an error in nsclient.ini
I modified
allowed_hosts = 127.0.0.1,10.209.50.128
to
allowed hosts = 127.0.0.1,10.209.50.128
without "_"
thanks for the help
Emilio
I found an error in nsclient.ini
I modified
allowed_hosts = 127.0.0.1,10.209.50.128
to
allowed hosts = 127.0.0.1,10.209.50.128
without "_"
thanks for the help
Emilio
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
Did you have any further (related) questions or are we okay to close this thread?
Former Nagios employee
Re: Check_nrpe 3.2.0 and NSCP-0.5.0.62-x64 SSL handshake pro
You can close it !!!
thanks a lot
thanks a lot