NCPA listener starts, but not listening
Re: NCPA listener starts, but not listening
From server with NCPA:
$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693
$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NCPA listener starts, but not listening
Can we set these back to the defaultsWhen I change the ncpa.cfg from ssl_version = TLSv1_1 to ssl_version = TLSv1 and restarted the NCPA_Listener. I still receive the same error.
Re: NCPA listener starts, but not listening
Reset back to the default of TLSv1_2
$ cat /usr/local/ncpa/etc/ncpa.cfg | grep TLS
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
ssl_version = TLSv1_2
$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693
$ cat /usr/local/ncpa/etc/ncpa.cfg | grep TLS
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
ssl_version = TLSv1_2
$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693
Re: NCPA listener starts, but not listening
Did you restart the listener after making the changes?
Could you send us your ncpa.cfg file? You can either post or PM it.
Can you try this?
Could you send us your ncpa.cfg file? You can either post or PM it.
Code: Select all
curl --tlsv1.2 -k https://xxxxx:5693
Code: Select all
curl --tlsv1 -k https://xxxx:5693
Re: NCPA listener starts, but not listening
Yes, the ncpa_listener was restarted.
$ curl --tlsv1.2 -k https://xxxxxxxx:5693
curl: (35) Unsupported SSL protocol version
$ curl --tlsv1 -k https://xxxxxxx:5693
curl: (35) Unknown SSL protocol error in connection to xxxxxxx:5693
$ curl -V
curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
PM sent with ncpa.cfg
$ curl --tlsv1.2 -k https://xxxxxxxx:5693
curl: (35) Unsupported SSL protocol version
$ curl --tlsv1 -k https://xxxxxxx:5693
curl: (35) Unknown SSL protocol error in connection to xxxxxxx:5693
$ curl -V
curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
PM sent with ncpa.cfg
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NCPA listener starts, but not listening
Can you run the following from the Nagios XI server replacing mytoken with the token in the ncpa config, and xxxxxxxx with the IP of the suse machine
Code: Select all
python /usr/local/nagios/libexec/check_ncpa.py -H xxxxxxxx -t mytoken -M 'cpu/percent'
Re: NCPA listener starts, but not listening
$ python /usr/local/nagios/libexec/check_ncpa.py -v -H XXXXXXX -t mytoken -M 'cpu/percent'
Connecting to: https://xxxxxxxx:5693/api/cpu/percent/? ... 79&check=1
An error occurred:<urlopen error [Errno 104] Connection reset by peer>
Connecting to: https://xxxxxxxx:5693/api/cpu/percent/? ... 79&check=1
An error occurred:<urlopen error [Errno 104] Connection reset by peer>
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NCPA listener starts, but not listening
Are you sure you don't have a firewall on the suse machine blocking connections to port 5693?hbouma wrote:$ python /usr/local/nagios/libexec/check_ncpa.py -v -H XXXXXXX -t mytoken -M 'cpu/percent'
Connecting to: https://xxxxxxxx:5693/api/cpu/percent/? ... 79&check=1
An error occurred:<urlopen error [Errno 104] Connection reset by peer>
Re: NCPA listener starts, but not listening
Not that I can find.
$ rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 unused
I did inherit these servers with some unusual configuration management settings. I have disabled the configuration management, so the agent install should have changed the settings as needed.
I am reaching back out to the team that did the original setup and will report back what we can find.
$ rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 unused
I did inherit these servers with some unusual configuration management settings. I have disabled the configuration management, so the agent install should have changed the settings as needed.
I am reaching back out to the team that did the original setup and will report back what we can find.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NCPA listener starts, but not listening
thanks!hbouma wrote:Not that I can find.
$ rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 unused
I did inherit these servers with some unusual configuration management settings. I have disabled the configuration management, so the agent install should have changed the settings as needed.
I am reaching back out to the team that did the original setup and will report back what we can find.