Hi guays
I have mounted a Nagios Core 4.3.4 in a fully virtualized infrastructure, where we perform different checks on all the machines that are installed in the environment.
We have also mounted a WAF (web application firewall) and since we check with Nagios the different servers, we have a very high number of alerts of type "SSL.Anonymous.Ciphers.Negotiation" and are all requests from the Nagios server to the rest of servers to monitor.
How could this problem that we are having solve be solved?
Thank you very much in advance.
Alert SSL.Anonymous.Ciphers.Negotiation
Re: Alert SSL.Anonymous.Ciphers.Negotiation
You can configure the client and check_nrpe to not use a secure channel(see the end of https://support.nagios.com/forum/viewto ... =7&t=50342) or if you're using our nrpe agent you can configure it to use certificates that you generate(see https://support.nagios.com/kb/article/n ... y-519.html).
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 34
- Joined: Wed Sep 19, 2018 3:20 am
Re: Alert SSL.Anonymous.Ciphers.Negotiation
Thank you very much for the reply
One of the options that you have indicated to me is the configuration so that check_nrpe does not use a secure channel, which for what I understand is making the call by passing the -n parameter. This is what I get when I launch check_nrpe from nagios to a monitored server with the -n parameter
[root @ GESNAG00 ~] # / usr / local / nagios / libexec / check_nrpe -H 10.200.3.13 -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
Thanks in advance.
One of the options that you have indicated to me is the configuration so that check_nrpe does not use a secure channel, which for what I understand is making the call by passing the -n parameter. This is what I get when I launch check_nrpe from nagios to a monitored server with the -n parameter
[root @ GESNAG00 ~] # / usr / local / nagios / libexec / check_nrpe -H 10.200.3.13 -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
Thanks in advance.
Re: Alert SSL.Anonymous.Ciphers.Negotiation
Is the agent started with the same "-n" option? This is necessary before you can run check_nrpe with -n On the side with the agent it'd be run like:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg --inetd -n
If you're using xinetd you can edit /etc/xinetd.d/nrpe and modify the server_args line like so:
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd -n
and restart xinetd:
service xinetd restart
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg --inetd -n
If you're using xinetd you can edit /etc/xinetd.d/nrpe and modify the server_args line like so:
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd -n
and restart xinetd:
service xinetd restart
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 34
- Joined: Wed Sep 19, 2018 3:20 am
Re: Alert SSL.Anonymous.Ciphers.Negotiation
Hi again
Sorry for the delay in answering you. I tell you what I've been watching. I'm in one of the servers that I monitor with NAGIOS, and by doing a ps-fea | grep nrpe returns the following:
nagios 14348 1 0 sep12? 00:04:21 / usr / sbin / nrpe -c /etc/nagios/nrpe.cfg -d
So I'm not using the xinetd service.
Thanks!
Sorry for the delay in answering you. I tell you what I've been watching. I'm in one of the servers that I monitor with NAGIOS, and by doing a ps-fea | grep nrpe returns the following:
nagios 14348 1 0 sep12? 00:04:21 / usr / sbin / nrpe -c /etc/nagios/nrpe.cfg -d
So I'm not using the xinetd service.
Thanks!
Re: Alert SSL.Anonymous.Ciphers.Negotiation
You'll need to add "-n" to the startup script so that it starts with that option. Try looking under /usr/lib/systemd/system/nrpe.service or /etc/init.d/nrpe.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.