Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
I am not able to monitor nagios client servers. However, I have already check networking side and everything looks good to me.
When I google, I found that there is an SSL issue. I already checked that SSL got enabled while installation. Not sure what else should I look into.
ubuntuadmin@iusa-lin-db01:/etc/default$ sudo systemctl status nrpe.service
● nrpe.service - Nagios Remote Plugin Executor
Loaded: loaded (/lib/systemd/system/nrpe.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-01-26 00:20:03 CST; 4 days ago
Docs: http://www.nagios.org/documentation
Main PID: 1285 (nrpe)
Tasks: 1
Memory: 3.2M
CPU: 76ms
CGroup: /system.slice/nrpe.service
└─1285 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
Jan 26 00:20:03 iusa-lin-db01 systemd[1]: Started Nagios Remote Plugin Executor.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Starting up daemon
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Server listening on 0.0.0.0 port 5666.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Server listening on :: port 5666.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Warning: Daemon is configured to accept command arguments from clients!
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Listening for connections on port 5666
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Allowing connections from: 127.0.0.1,45.55.251.117
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$ telnet 45.55.251.117 5666
Trying 45.55.251.117...
Connected to 45.55.251.117.
Escape character is '^]'.
Connection closed by foreign host.
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1
ubuntuadmin@iusa-lin-db01:/etc/default$ /usr/local/nagios/libexec/check_nrpe -H 45.55.251.117
CHECK_NRPE: Error - Could not connect to 45.55.251.117: Connection reset by peer
ubuntuadmin@iusa-lin-db01:/etc/default$
so this is what I found in /var/log/syslog...
/etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem --> this cert is located on the Nagios server (not client)
Jan 30 10:51:45 iusa-lin-db01 systemd[1]: Started Session 334 of user ubuntuadmin.
Jan 30 10:54:10 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 10:54:25 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 10:55:41 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=0 SSL-error=5
Jan 30 10:58:33 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:09:01 iusa-lin-db01 CRON[16180]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
Jan 30 11:12:38 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:12:54 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:17:01 iusa-lin-db01 CRON[16252]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 30 11:19:58 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:39:01 iusa-lin-db01 CRON[16335]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Stopping Nagios Remote Plugin Executor...
Jan 30 11:41:41 iusa-lin-db01 nrpe[1285]: Caught SIGTERM - shutting down...
Jan 30 11:41:41 iusa-lin-db01 nrpe[1285]: Daemon shutdown
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Stopped Nagios Remote Plugin Executor.
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Started Nagios Remote Plugin Executor.
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file [b]/etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem[/b] : error:02001002:system library:fopen:No such file or directory
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:20074002:BIO routines:FILE_CTRL:system lib
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Unit entered failed state.
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Failed with result 'exit-code'.
Jan 30 11:42:07 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-erro
Please provide the nrpe.cfg and any included configs from the remote host. Also, please provide the command and service definitions from the nagios side. On what OS/version is Core running?
I see you are running NRPE 3.2.1. What version of check_nrpe are you running?
Does the check run if you add -n to the end of it?