Hi
@ctwhyexit123
You may receive this error if the NRPE daemon is not running on the remote host. If you are using xinetd, you can check the status of the service by logging onto the remote host as root and running the following command:
You should see output similar to the following:
If you are using the init-script method, or if your distribution does not use the "service" command, you can always grep a process listing:
You should see output similar to the following (important bits in bold):
Code: Select all
nagios 53213 1 0 Feb26 ? 00:00:07 /usr/libexec/nrpe -c /etc/nagios/nrpe.cfg --daemon
If NRPE/xinetd is not running, start it with the following command:
Or if you are not using xinetd:
The last of the probable causes of this error is associated with firewalls and ports. If the NRPE traffic is not traversing a firewall, you will see the checks timeout. Additionally, if port 5666 is not open on the remote host's firewall, you may receive a timeout error as well. Usually xinetd will open the ports automatically, as long as the /etc/xinetd.d/nrpe file is configured correctly, and NRPE's port settings have been added to /etc/services.
First, you should make sure that port 5666 is open on the remote host. The easiest way to do this, is to just run check_nrpefrom the remote host to itself. This will also double as a good way to check that NRPE is functioning as expected. Log into the remote host as root and execute:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H localhost
You should get something similar to the following output:
NRPE v2.15
If not, make sure the that port 5666 is open on the remote host's firewall. If you are using xinetd go back to previous step (check the NRPE service status) as it should automatically open the port for you.
Checking Remote Host's Ports and Configuring iptables:
You may have to
on your firewall, which in the case of most Linux distributions, is iptables. To get a listing of the current iptables rules, run the following on the remote host as root:
The expected output is similar to:
Code: Select all
ACCEPT - tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666
OR
Code: Select all
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:nrpe
If the port is not open, you will have to add an iptables rule for it using the following commands:
Code: Select all
iptables -I INPUT -p tcp --destination-port 5666 -j ACCEPT
service iptables save
Those commands were for TCP/IP v4. If you need TCP/IP v6 the commands are similar:
Code: Select all
ip6tables -I INPUT -p tcp --destination-port 5666 -j ACCEPT
service ip6tables save