Page 2 of 2
Re: Not able to monitor Apache and SSH services
Posted: Mon Feb 12, 2018 12:27 pm
by kyang
Have you tried doing nmap 10.167.176.43 -Pn?
Any firewall issues on the Ubuntu server? Have you opened port 22 and 80?
Did you try starting NRPE? What documentation did you following for install NRPE?
Re: Not able to monitor Apache and SSH services
Posted: Wed Feb 14, 2018 1:07 pm
by shamrozkadiwal
nmap looks good to me and ports 20 nad 80 are opened. I followed this documentation to install NRPE
https://support.nagios.com/kb/article.php?id=515#Ubuntu. I couldn't able to bring up NRPE plugin in ubuntu box and seeing this errors in nrpe.log.
Code: Select all
ubuntuadmin@iusa-lin-db01:~$ nmap 10.167.176.43 -Pn
Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-14 12:01 CST
Nmap scan report for iusa-lin-db01.lan.ismailiusa.org (10.167.176.43)
Host is up (0.00028s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
ubuntuadmin@iusa-lin-db01:~$ ^C
ubuntuadmin@iusa-lin-db01:~$ sudo systemctl status nrpe.service
[sudo] password for ubuntuadmin:
● nrpe.service - Nagios Remote Plugin Executor
Loaded: loaded (/lib/systemd/system/nrpe.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2018-02-09 19:41:40 CST; 4 days ago
Docs: http://www.nagios.org/documentation
Process: 25027 ExecStopPost=/bin/rm -f /usr/local/nagios/var/nrpe.pid (code=exited, status=0/SU
Process: 25022 ExecStart=/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f (code=
Main PID: 25022 (code=exited, status=2)
Feb 09 19:41:40 iusa-lin-db01 systemd[1]: Started Nagios Remote Plugin Executor.
Feb 09 19:41:40 iusa-lin-db01 systemd[1]: nrpe.service: Main process exited, code=exited, status=
Feb 09 19:41:40 iusa-lin-db01 systemd[1]: nrpe.service: Unit entered failed state.
Feb 09 19:41:40 iusa-lin-db01 systemd[1]: nrpe.service: Failed with result 'exit-code'.
lines 1-12/12 (END)
NRPE Logs
Code: Select all
[1518631360] parse_allowed_hosts: parsing the allowed host string >127.0.0.1,::1,45.55.251.117< to add to ACL list
[1518631360] parse_allowed_hosts: ADDING this record (127.0.0.1) to ACL list!
[1518631360] add_ipv4_to_acl: checking ip-address >127.0.0.1<
[1518631360] add_ipv4_to_acl: ip-address >127.0.0.1< correct, adding.
[1518631360] parse_allowed_hosts: Record added to ACL list!
[1518631360] parse_allowed_hosts: ADDING this record (::1) to ACL list!
[1518631360] parse_allowed_hosts: Record added to ACL list!
[1518631360] parse_allowed_hosts: ADDING this record (45.55.251.117) to ACL list!
[1518631360] add_ipv4_to_acl: checking ip-address >45.55.251.117<
[1518631360] add_ipv4_to_acl: ip-address >45.55.251.117< correct, adding.
[1518631360] parse_allowed_hosts: Record added to ACL list!
[1518631360] Showing ACL lists for both IP and DOMAIN acl's:
[1518631360] IP ACL: 127.0.0.1/32 16777343
[1518631360] IP ACL: 0.0.0.0/20 0
[1518631360] IP ACL: 45.55.251.117/32 1979397933
[1518631360] Added command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
[1518631360] Added command[check_load]=/usr/local/nagios/libexec/check_load -r -w .15,.10,.05 -c .30,.25,.20
[1518631360] Added command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
[1518631360] Added command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
[1518631360] Added command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
[1518631360] Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:02001002:system library:fopen:No such file or directory
[1518631360] Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:20074002:BIO routines:FILE_CTRL:system lib
[1518631360] Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Re: Not able to monitor Apache and SSH services
Posted: Thu Feb 15, 2018 11:12 am
by kyang
NRPE runs through port 5666.
Have you opened this port if you are going to use NRPE?
Please run the iptables command if you have it or run the firewalld command and post the output.
OR
This seems to be a different issue from your original topic? Are you using NRPE to check these services or are you using
check_http &
check_ssh?