CHECK_NRPE: Receive header underflow - only -1 bytes receive

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
miniclip22
Posts: 1
Joined: Tue Apr 18, 2017 6:55 pm

CHECK_NRPE: Receive header underflow - only -1 bytes receive

Post by miniclip22 »

Hello,
I am having a serious problem with check_nrpe... I followed the Arch Wiki's instructions (https://wiki.archlinux.org/index.php/nagios) on how to setup nrpe, nagios and monitoring-plugins, on both my laptop and my desktop. I intend to monitor my laptop using nagios and nrpe on both machines. On my desktop machine, I try to use the check_nrpe plugin, and I get this:

zsh/3 745 [3] # ./check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
CHECK_NRPE: Error - Could not complete SSL handshake with 127.0.0.1: 1


If I try without SSL, -n option:
zsh/3 744 # ./check_nrpe -H localhost -n /usr/lib/monitoring-plugins
connect to address ::1 port 5666: Connection refused
connect to address ::1 port 5666: Connection refused
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).


Here's part of my nrpe config:

Code: Select all

zsh/3 746 [130] # cat /etc/nrpe/nrpe.cfg                                                                                                                                                                         /usr/lib/monitoring-plugins
(...)
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nrpe

# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nrpe

# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=127.0.0.1

(...)

Using nmap:zsh/3 749 # nmap localhost /usr/lib/monitoring-plugins

Starting Nmap 7.40
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000010s latency).
Other addresses for localhost (not scanned): ::1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 996 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
3306/tcp open mysql
5666/tcp open nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds


When using systemctl:
zsh/3 751 # systemctl status nrpe /usr/lib/monitoring-plugins
● nrpe.service - Nagios Remote Program Executor
Loaded: loaded (/usr/lib/systemd/system/nrpe.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-04-19 00:28:29 BST; 39min ago
Docs: http://www.nagios.org/documentation
Main PID: 8760 (nrpe)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/nrpe.service
└─8760 /usr/bin/nrpe -c /etc/nrpe/nrpe.cfg -f

Apr 19 00[/code]:28:38 DESKTOP_ARCH-LINUX nrpe[8809]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 00:31:51 DESKTOP_ARCH-LINUX nrpe[8979]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 00:31:51 DESKTOP_ARCH-LINUX nrpe[8981]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 00:40:05 DESKTOP_ARCH-LINUX nrpe[9250]: Error: Could not complete SSL handshake with 127.0.0.1: 5
Apr 19 00:40:13 DESKTOP_ARCH-LINUX nrpe[9272]: Error: Could not complete SSL handshake with 127.0.0.1: 5
Apr 19 00:43:38 DESKTOP_ARCH-LINUX nrpe[9732]: Error: Could not complete SSL handshake with 127.0.0.1: 5
Apr 19 00:50:56 DESKTOP_ARCH-LINUX nrpe[15751]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 00:52:36 DESKTOP_ARCH-LINUX nrpe[15933]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 00:52:36 DESKTOP_ARCH-LINUX nrpe[15935]: Error: Could not complete SSL handshake with 127.0.0.1: 1
Apr 19 01:02:24 DESKTOP_ARCH-LINUX nrpe[16915]: Error: Could not complete SSL handshake with 127.0.0.1: 1
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: CHECK_NRPE: Receive header underflow - only -1 bytes rec

Post by dwhitfield »

We can certainly troubleshoot what you have installed now, but it might make sense to use our instructions since you're just getting started: https://assets.nagios.com/downloads/nag ... ios-XI.pdf. I suppose to be fair, we don't have an Arch instructions on the KB.

You'll likely find https://assets.nagios.com/downloads/nag ... utions.pdf useful going forward (particularly for the SSL issues)

Lastly, we did not make the monitoring plugins, so if we aren't able to get it going you may need to use http://nagios-plugins.org/ instead.
User avatar
tacolover101
Posts: 432
Joined: Mon Apr 10, 2017 11:55 am

Re: CHECK_NRPE: Receive header underflow - only -1 bytes rec

Post by tacolover101 »

there really isn't a point in checking nrpe against localhost / 127.0.0.1 - just execute the script. i would run your testing against each other, and not just themselves. netstat -nap is handy to see if you're listening properly on 5666
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: CHECK_NRPE: Receive header underflow - only -1 bytes rec

Post by dwhitfield »

Thanks @tacolover101!

He's definitely right about NRPE against localhost. I assumed you were just doing that for testing purposes. Is that correct?
Last edited by dwhitfield on Wed Apr 19, 2017 3:17 pm, edited 1 time in total.
Reason: tacolover101 is a user, not code...
Locked