NRPE on Amazon Linux
NRPE on Amazon Linux
I'm trying to get this working and I'm getting this error
CHECK_NRPE: Error - Could not connect to xx.xx.xx.xxx: Connection reset by peer
on Nagios Web.
The command I run is /usr/local/nagios/libexec/check_uptime 100 300
It works well on the remote itself but it seems there is a connection error between the remote and Nagios Core.
I tried to resolve it as in this document https://assets.nagios.com/downloads/nag ... utions.pdf and I recompiled it with enabling SSl.
I'm running it without xinetd, and already modified the allowed_hosts, made port 5666 open and I can ping it too.
Any help is appreciated,
Thanks!
CHECK_NRPE: Error - Could not connect to xx.xx.xx.xxx: Connection reset by peer
on Nagios Web.
The command I run is /usr/local/nagios/libexec/check_uptime 100 300
It works well on the remote itself but it seems there is a connection error between the remote and Nagios Core.
I tried to resolve it as in this document https://assets.nagios.com/downloads/nag ... utions.pdf and I recompiled it with enabling SSl.
I'm running it without xinetd, and already modified the allowed_hosts, made port 5666 open and I can ping it too.
Any help is appreciated,
Thanks!
Re: NRPE on Amazon Linux
Can you share the full contents of the nrpe.cfg being leveraged on this machine? The full path should be presented by:
Code: Select all
ps aux | grep nrpe.cfg
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: NRPE on Amazon Linux
Here,
nrpe 21816 0.0 0.0 41676 1456 ? Ss 14:31 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
ec2-user 22104 0.0 0.0 110404 884 pts/0 S+ 14:46 0:00 grep nrpe.cfg
I solved the issue by installing this:
yum install nagios-plugins-all nagios-plugins-nrpe nrpe
As the NRPE package for AWS EC2 Linux.
But I don't like this since it installs NRPE v 2.15 and I'm not sure how to update it to V 3.0 and beyond. It might start generating packet version errors between the remote host and Nagios core.
Do you know why the NRPE doesn't work on Amazon Linux as usual?
nrpe 21816 0.0 0.0 41676 1456 ? Ss 14:31 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
ec2-user 22104 0.0 0.0 110404 884 pts/0 S+ 14:46 0:00 grep nrpe.cfg
I solved the issue by installing this:
yum install nagios-plugins-all nagios-plugins-nrpe nrpe
As the NRPE package for AWS EC2 Linux.
But I don't like this since it installs NRPE v 2.15 and I'm not sure how to update it to V 3.0 and beyond. It might start generating packet version errors between the remote host and Nagios core.
Do you know why the NRPE doesn't work on Amazon Linux as usual?
Re: NRPE on Amazon Linux
We don't have direct control over any particular repository's distribution of NRPE, which is to say that we don't have any control over whether or not those packages handle the NRPE v3 upgrade gracefully when they choose to update the package(s).
If you could tell me how you installed NRPE on this machine previously (specific guides, documentation, etc), I might be able to discern what caused the problems. However, since you've got things working using the package installation it'd be purely for informational purposes.
If you could tell me how you installed NRPE on this machine previously (specific guides, documentation, etc), I might be able to discern what caused the problems. However, since you've got things working using the package installation it'd be purely for informational purposes.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: NRPE on Amazon Linux
These are the steps that I usually use to install NRPE on Linux, mind you; the one I'm having problems with is an Amazon Linux.
https://support.nagios.com/kb/article.php?id=92
Download the tarball and extract it in your /tmp directory:
cd /tmp
wget http://sourceforge.net/projects/nagios/ ... z/download
tar xfz download
cd nrpe*
Setup the nagios user:
useradd nagios
passwd nagios
Install NRPE pre-requisites:
yum install mod_ssl openssl-devel gcc make openssl perl
Configure and make NRPE. This will create the /usr/local/nagios directory, which is where NRPE will be located:
./configure
make all
make install
Make the NRPE config directory, and setup the example config file:
mkdir /usr/local/nagios/etc
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg
chown -R nagios:nagios /usr/local/nagios/etc
Open port 5666 in your firewall to allow your Nagios server through. The rule below limits access to a particular source IP:
iptables -A INPUT -s <nagiosserverip> -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save
At this point, NRPE is ready to start:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
##############################################
##############################################
Test:
I tried to upgrade through those steps: https://support.nagios.com/kb/article.php?id=515
and the result is:
/usr/local/nagios/libexec/check_nrpe -V
NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required
Now what worked with V 2.15 and the package installer fails:
No output on stdout) stderr: connect to address xx.xx.xx.xxx port 5666: Connection refused
connect to host xx.xx.xx.xxx port 5666: Connection refused
I'm not sure what is making it to fail....
https://support.nagios.com/kb/article.php?id=92
Download the tarball and extract it in your /tmp directory:
cd /tmp
wget http://sourceforge.net/projects/nagios/ ... z/download
tar xfz download
cd nrpe*
Setup the nagios user:
useradd nagios
passwd nagios
Install NRPE pre-requisites:
yum install mod_ssl openssl-devel gcc make openssl perl
Configure and make NRPE. This will create the /usr/local/nagios directory, which is where NRPE will be located:
./configure
make all
make install
Make the NRPE config directory, and setup the example config file:
mkdir /usr/local/nagios/etc
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg
chown -R nagios:nagios /usr/local/nagios/etc
Open port 5666 in your firewall to allow your Nagios server through. The rule below limits access to a particular source IP:
iptables -A INPUT -s <nagiosserverip> -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save
At this point, NRPE is ready to start:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
##############################################
##############################################
Test:
I tried to upgrade through those steps: https://support.nagios.com/kb/article.php?id=515
and the result is:
/usr/local/nagios/libexec/check_nrpe -V
NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required
Now what worked with V 2.15 and the package installer fails:
No output on stdout) stderr: connect to address xx.xx.xx.xxx port 5666: Connection refused
connect to host xx.xx.xx.xxx port 5666: Connection refused
I'm not sure what is making it to fail....
Re: NRPE on Amazon Linux
Can you share the service and command definitions from the Nagios Core machine being leveraged for your checks? As well as the nrpe.cfg from the remote machine?
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: NRPE on Amazon Linux
Here you go:
Service Definition:
No command definition, the check_nrpe will do the job.
nrpe.cfg file
Service Definition:
Code: Select all
define service{
use generic-service
host_name remote_host
service_description Uptime
check_command check_nrpe!check_uptime
contacts contact_name
}
nrpe.cfg file
Code: Select all
log_facility=daemon
debug=0
pid_file=/usr/local/nagios/var/nrpe.pid
server_port=5666
#listen_queue_size=5
nrpe_user=nagios
nrpe_group=nagios
# ALLOWED HOST ADDRESSES
allowed_hosts=127.0.0.1,xx.x.x.x,xxx.xx.x.x
# COMMAND ARGUMENT PROCESSING
dont_blame_nrpe=1
# BASH COMMAND SUBTITUTION
allow_bash_command_substitution=0
# COMMAND PREFIX
# command_prefix=/usr/bin/sudo
# COMMAND TIMEOUT
command_timeout=60
# CONNECTION TIMEOUT
connection_timeout=300
# WEAK RANDOM SEED OPTION
#allow_weak_random_seed=1
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
#ssl_version=SSLv2+
# SSL USE ADH
#ssl_use_adh=1
# SSL USE CLIENT CERTS
#ssl_client_certs=0
# SSL LOGGING
#ssl_logging=0x00
# INCLUDE CONFIG FILE
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# COMMAND DEFINITIONS
# The following examples use hardcoded command arguments...
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
#command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
###################################################
###### Currently used Command for NRPE ############
##################################################
#check_disk
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 25% -c 10% -p /home
#check_load Average
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
# Check memory
command[check_mem1]=/usr/local/nagios/libexec/check_memory -f -w 20 -c 10
# Check cpu usage
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 75 -c 90
# Check uptime
command[check_uptime]=/usr/local/nagios/libexec/check_uptime 100 300
Re: NRPE on Amazon Linux
Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?
You may want to look at this article for NRPE - v3 Compatibility With Previous Versions
You may want to look at this article for NRPE - v3 Compatibility With Previous Versions
Code: Select all
https://support.nagios.com/kb/article.php?id=516
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: NRPE on Amazon Linux
That is what I meant with the Packet error in the first post.tgriep wrote:Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?
You may want to look at this article for NRPE - v3 Compatibility With Previous VersionsCode: Select all
https://support.nagios.com/kb/article.php?id=516
If I force NRPE to send V 2 packets, it will solve the issue until I upgrade.
No, Port 5666 is not reset. I can Ping the server and it is alive.
Re: NRPE on Amazon Linux
If you are using the version 3.x of the check_nrpe plugin it should try using version 3 of the packet and switch over to version 2 if it cannot use 3.
In the remote server, can you run the following and post the output
Add this on the Nagios server
Adjust the paths if necessary.
In the remote server, can you run the following and post the output
Code: Select all
/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe -V
Code: Select all
/usr/local/nagios/libexec/check_nrpe -V
Be sure to check out our Knowledgebase for helpful articles and solutions!