check_http socket timeout

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
dwasswa

Re: check_http socket timeout

Post by dwasswa »

Hi

edit your service definition

Code: Select all

define service{
use local-service
host_name this-host
service_description Web Site
check_command check_http! -H domain.com
contact_groups ADMINS
}
by adding -t 60 on to increase socket timeout

Code: Select all

check_command check_http! -H domain.com  -t  60
so it should look like

Code: Select all

define service{
use local-service
host_name this-host
service_description Web Site
check_command check_http! -H domain.com -t 60
contact_groups ADMINS
}
Then restart nagios and test the command
ctwhyexit123
Posts: 9
Joined: Wed Oct 11, 2017 12:26 pm

Re: check_http socket timeout

Post by ctwhyexit123 »

Thank you.
I changed it to match as per your code below but it doesn't work. The dashboard still says Service check timed out after 60.01 seconds

I restarted the services after making the change.
dwasswa

Re: check_http socket timeout

Post by dwasswa »

Hi @ctwhyexit123

You may receive this error if the NRPE daemon is not running on the remote host. If you are using xinetd, you can check the status of the service by logging onto the remote host as root and running the following command:

Code: Select all

service xinetd status


You should see output similar to the following:

Code: Select all

xinetd (pid  1260) is running...


If you are using the init-script method, or if your distribution does not use the "service" command, you can always grep a process listing:

Code: Select all

ps -aef | grep nrpe


You should see output similar to the following (important bits in bold):

Code: Select all

nagios   53213     1  0 Feb26 ?    00:00:07 /usr/libexec/nrpe -c /etc/nagios/nrpe.cfg --daemon


If NRPE/xinetd is not running, start it with the following command:

Code: Select all

service xinetd start


Or if you are not using xinetd:

Code: Select all

/path/to/init/script start

The last of the probable causes of this error is associated with firewalls and ports. If the NRPE traffic is not traversing a firewall, you will see the checks timeout. Additionally, if port 5666 is not open on the remote host's firewall, you may receive a timeout error as well. Usually xinetd will open the ports automatically, as long as the /etc/xinetd.d/nrpe file is configured correctly, and NRPE's port settings have been added to /etc/services.

First, you should make sure that port 5666 is open on the remote host. The easiest way to do this, is to just run check_nrpefrom the remote host to itself. This will also double as a good way to check that NRPE is functioning as expected. Log into the remote host as root and execute:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost


You should get something similar to the following output:

NRPE v2.15



If not, make sure the that port 5666 is open on the remote host's firewall. If you are using xinetd go back to previous step (check the NRPE service status) as it should automatically open the port for you.

Checking Remote Host's Ports and Configuring iptables:
You may have to

Code: Select all

open port 5666
on your firewall, which in the case of most Linux distributions, is iptables. To get a listing of the current iptables rules, run the following on the remote host as root:

Code: Select all

iptables -L


The expected output is similar to:

Code: Select all

ACCEPT - tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 
OR

Code: Select all

ACCEPT     tcp  –  anywhere             anywhere            state NEW tcp dpt:nrpe


If the port is not open, you will have to add an iptables rule for it using the following commands:

Code: Select all

iptables -I INPUT -p tcp --destination-port 5666 -j ACCEPT
service iptables save


Those commands were for TCP/IP v4. If you need TCP/IP v6 the commands are similar:

Code: Select all

ip6tables -L

Code: Select all

ip6tables -I INPUT -p tcp --destination-port 5666 -j ACCEPT
service ip6tables save
ctwhyexit123
Posts: 9
Joined: Wed Oct 11, 2017 12:26 pm

Re: check_http socket timeout

Post by ctwhyexit123 »

Thank you for these detailed instructions.

Wouldn't check_http -H www.domain.com traverse the internet from the Nagios host rather than go to the remote host and then go to the internet from that host.

There are no firewalls in between so the network is wide open for Nagios traffic.

[root@nagioshost libexec]# ./check_nrpe -H host
NRPE v3.0.1

Other services are in the 'green' except for Website checks failing. I know you basically covered everything and I was wondering if we are missing something very basic.

Thanks again!
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: check_http socket timeout

Post by dwhitfield »

ctwhyexit123 wrote: Wouldn't check_http -H http://www.domain.com traverse the internet from the Nagios host rather than go to the remote host and then go to the internet from that host.
Yes. That said, I think there might be some confusion about an intermediate host because the variable name for the domain has been at least three things.

There's a second thing I'd like to clear up in this thread. You mention -f works, but I don't see -f in you command or service. Are you saying you added the -f to the command but did not post that version, and it still don't work.

Is the host set up properly? @kyang got the domain, but not your actual host config, correct?

I'm also a bit confused about the template change. Do you actually have a template called local-service? Can we see that template?
ctwhyexit123
Posts: 9
Joined: Wed Oct 11, 2017 12:26 pm

Re: check_http socket timeout

Post by ctwhyexit123 »

The -f flag was used on the CLI as a test to get the 200 response. I used it once on the config file but didn't see a change in response.

All the other checks pass (Disk/CPU/Users/Memory/Process) except this check.

I don't know if we have the local-service template but I used it as a check to see if this resolved our issue. I have reverted back to using generic-service template which exists.
Appreciate your help!
dwasswa

Re: check_http socket timeout

Post by dwasswa »

Hi @ ctwhyexit123,

Did that your get your issue resolved?
ctwhyexit123
Posts: 9
Joined: Wed Oct 11, 2017 12:26 pm

Re: check_http socket timeout

Post by ctwhyexit123 »

Unfortunately no.
I'm going to do a run through of all settings again and will post back if I see something different.

Thanks!
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_http socket timeout

Post by npolovenko »

@ctwhyexit123, Can you modify the check_http command as follows:

Code: Select all

# 'check_http' command definition
define command{
        command_name    check_http
        command_line    $USER1$/check_http -4 -I $HOSTADDRESS$ $ARG1$
        }[/quote]
After that please run

Code: Select all

service nagios restart
Let us know if http started working.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
acefreakz
Posts: 9
Joined: Mon Dec 26, 2016 6:20 am

Re: check_http socket timeout

Post by acefreakz »

I know you're using -H in your CLI testing, but in your command.cfg the definition is -I. Maybe that's the issue?

Code: Select all

command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
Hope this helps.
Locked