check_tcp question

[lindigo]

i have to monitor some ports at a remote site.
Normally you can do this with check_tcp. Only incoming port 5666 is allowed at the remote site.
So I try to do this with nrpe:
I define a service at nagios-server

Code: Select all

define service{
        use                             service-prod
        host_name                       web01
        service_description             Port 2222
        check_command                   check_nrpe!check_tcp_2222
}

I put the following line to nrpe.conf on client-side

Code: Select all

command[check_tcp_2222]=/usr/local/nagios/libexec/check_tcp -H 127.0.0.1 -p 2222

The check is working. But I see there's still traffic between nagios-server and client for port 2222.
Is there an explenation for ?
(At this moment I'm testing without a firewall.)

[dwhitfield]

If there's no firewall, then why wouldn't you expect port 2222 to be open? check_tcp doesn't test if there's traffic going from the two servers, just that there could be. Are you using some other method to see traffic, like a tcpdump? I'm not familiar with anything on that port.

[lindigo]

I am testing this at our infrastructure. Between the server and the client there is no firewall.
The client is running a service on port 2222. I am trying to check this by only using nrpe (port 5666). At the customers site I can only connect to 5666. They don't want to open other ports for the nagios connection.
I am using tcpdump.

[lindigo]

Very strange, when I run this command manually:

[root@zabbix objects]# ../../libexec/check_nrpe -H 192.168.0.10 -c check_tcp_2222
TCP OK - 0.001 second response time on 127.0.0.1 port 2222|time=0.000717s;;;0.000000;10.000000

I see the following output from tcpdump (client):

[root@web01 etc]# tcpdump -i lo -nn port 2222
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes

16:05:25.792934 IP 127.0.0.1.35210 > 127.0.0.1.2222: Flags , seq 77083913, win 43690, options [mss 65495,sackOK,TS val 3615450035 ecr 0,nop,wscale 7], length 0
06:48:06.620043 IP 127.0.0.1.2222 > 127.0.0.1.35210: Flags [S.], seq 703240960, ack 77083914, win 43690, options [mss 65495,sackOK,TS val 3615450035 ecr 3615450035,nop,wscale 7], length 0

So it works by hand.
Running from nagios config :
16:03:10.555702 IP 192.168.0.1.50358 > 192.168.0.10.2222: Flags , seq 75373147, win 29200, options [mss 1460,sackOK,TS val 1219216694 ecr 0,nop,wscale 7], length 0
16:03:10.555792 IP 192.168.0.10.2222 > 192.168.0.1.50358: Flags [S.], seq 2993261616, ack 75373148, win 28960, options [mss 1460,sackOK,TS val 3615314798 ecr 1219216694,nop,wscale 7], length 0

[tgriep]

It sounds like there could be another check that is defined on the Nagios server that could be checking for port 2222.
Make sure there is not another service check defined.

[cdienger]

Please provide the definition for the check_nrpe command. The default location is /usr/local/nagios/etc/objects/commands.cfg