(!log_opts) Could not complete SSL handshake with IP: 5
-
- Posts: 8
- Joined: Wed Oct 25, 2017 6:03 pm
(!log_opts) Could not complete SSL handshake with IP: 5
Hello,
I have the latest version of Nagios Core running on Ubuntu that I have compiled from the source and latest NRPE client running on FreeBSD installed from the package manager. Everything is running fine (checks, statuses) But I see this error in the NRPE log file. I haven't modified any default configs.
Thanks
I have the latest version of Nagios Core running on Ubuntu that I have compiled from the source and latest NRPE client running on FreeBSD installed from the package manager. Everything is running fine (checks, statuses) But I see this error in the NRPE log file. I haven't modified any default configs.
Thanks
Last edited by AnudeepReddy on Fri Oct 27, 2017 8:38 pm, edited 1 time in total.
-
- Posts: 8
- Joined: Wed Oct 25, 2017 6:03 pm
Re: (!log_opts) Could not complete SSL handshake with ...
I see a similar issue when running Nagios 4 on FreeBSD (installed from package manager) and NRPE3 (installed from package manager) on FreeBSD. I am not sure if SSL is configured in the Nagios 4 package by default.
Re: (!log_opts) Could not complete SSL handshake with ...
Hi @AnudeepReddy,
I suggest that you follow this kb article: https://support.nagios.com/kb/article/n ... shake.html
However, you may need to adjust file and directory paths, or commands, to suit your environment.
Please let me know if your problem persists after following the steps in the kb article above.
I suggest that you follow this kb article: https://support.nagios.com/kb/article/n ... shake.html
However, you may need to adjust file and directory paths, or commands, to suit your environment.
Please let me know if your problem persists after following the steps in the kb article above.
-
- Posts: 8
- Joined: Wed Oct 25, 2017 6:03 pm
Re: (!log_opts) Could not complete SSL handshake with ...
Hello @dwasswa,
I am not using xinetd. SSL is compiled in the NRPE package. And I do have server_ip in the allowed_hosts in nrpe. I will try compiling both Nagios, NRPE from source and see if the error persists.
Is it true that './configure' enables SSL for the latest NRPE 3.2.1 ? It does generate a 2048 bit DH prime. And we don't have to do './configure --enable-ssl' on the Nagios Core right?
Thanks,
Anudeep
I am not using xinetd. SSL is compiled in the NRPE package. And I do have server_ip in the allowed_hosts in nrpe. I will try compiling both Nagios, NRPE from source and see if the error persists.
Is it true that './configure' enables SSL for the latest NRPE 3.2.1 ? It does generate a 2048 bit DH prime. And we don't have to do './configure --enable-ssl' on the Nagios Core right?
Thanks,
Anudeep
Re: (!log_opts) Could not complete SSL handshake with ...
Hi @AnudeepReddy ,
The check_nrpe command on the Nagios needs to have the --enable-SSL option when being built. Both sides have to have SSL enabled.
Here is also some extra information on NRPE v3 for more effective use: nrpe-v3-check_nrpe-config-file and nrpe-v3-enhanced-security
Please let me know if you have any questions.
The check_nrpe command on the Nagios needs to have the --enable-SSL option when being built. Both sides have to have SSL enabled.
Here is also some extra information on NRPE v3 for more effective use: nrpe-v3-check_nrpe-config-file and nrpe-v3-enhanced-security
Please let me know if you have any questions.
-
- Posts: 8
- Joined: Wed Oct 25, 2017 6:03 pm
Re: (!log_opts) Could not complete SSL handshake with IP: 5
Hi,
I modified the default check-host-live to a TCP ping on port 5666 instead of an ICMP Ping. Modifying this back to ICMP Ping resolved the issue. Not sure why this is throwing an SSL Handshake error though. Does the error code 5 have any meaning here?
I modified the default check-host-live to a TCP ping on port 5666 instead of an ICMP Ping. Modifying this back to ICMP Ping resolved the issue. Not sure why this is throwing an SSL Handshake error though. Does the error code 5 have any meaning here?
Re: (!log_opts) Could not complete SSL handshake with IP: 5
Hi @ AnudeepReddy,
Before you made this change
Please, attach your commands.cfg file located in /usr/local/nagios/etc/objects.
Before you made this change
What did you have check-host-live command defined as?I modified the default check-host-live to a TCP ping on port 5666 instead of an ICMP Ping. Modifying this back to ICMP Ping resolved the issue
Please, attach your commands.cfg file located in /usr/local/nagios/etc/objects.
-
- Posts: 8
- Joined: Wed Oct 25, 2017 6:03 pm
Re: (!log_opts) Could not complete SSL handshake with IP: 5
This was how it was previously.
Code: Select all
define command{
command_name check-client-alive
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 5666
}
define command{
command_name check-server-alive
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 80
}
Re: (!log_opts) Could not complete SSL handshake with IP: 5
Could you clarify a few things for me:
What are you trying to achieve?
Are you trying to check if a host (server or client) is alive?
The check-host-alive command is what you need. It is already defined for you by default.
Example (This is how its defined by default):
You are free to change your arguments, however you want under service definitions or when you run the command on the command line.
For details about check_ping please read usage...https://www.monitoring-plugins.org/doc/ ... _ping.html
The check_tcp command does something different. This plugin tests TCP connections with the specified host.
The host may be alive but the port specified with argument -p could be closed which wouldn't necessarily mean the host is not alive.
The check-host-alive is a default check and if you edit it, all of the hosts that you have applied this to would have to be set up to respond correctly.
That means every system needs to be set up to respond to port 5666
Example (check_tcp defined by default):
For details about check_tcp please read usage...https://search.yahoo.com/yhs/search?p=c ... mp=yhs-002
Please send me the commands.cfg located at /usr/local/nagios/etc/objects.
What are you trying to achieve?
Are you trying to check if a host (server or client) is alive?
The check-host-alive command is what you need. It is already defined for you by default.
Example (This is how its defined by default):
Code: Select all
define command{
command_name check-host-alive
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
}
For details about check_ping please read usage...https://www.monitoring-plugins.org/doc/ ... _ping.html
The check_tcp command does something different. This plugin tests TCP connections with the specified host.
The host may be alive but the port specified with argument -p could be closed which wouldn't necessarily mean the host is not alive.
The check-host-alive is a default check and if you edit it, all of the hosts that you have applied this to would have to be set up to respond correctly.
That means every system needs to be set up to respond to port 5666
Example (check_tcp defined by default):
Code: Select all
# 'check_tcp' command definition
define command{
command_name check_tcp
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
}
Please send me the commands.cfg located at /usr/local/nagios/etc/objects.
- tacolover101
- Posts: 432
- Joined: Mon Apr 10, 2017 11:55 am
Re: (!log_opts) Could not complete SSL handshake with IP: 5
are you are using check_tcp against 5666 (and NRPE expects a SSL handshake), you are technically sending a packet to NRPE on port 5666. thus, NRPE on the client side will log this as a failed handshake.AnudeepReddy wrote:This was how it was previously.
Code: Select all
define command{ command_name check-client-alive command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 5666 } define command{ command_name check-server-alive command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 80 }