NagiosXI running on AWS AMI, connection refused by host

[rniziak]

I am hosted in the AWS cloud, my nagiosxi server is a NagiosXI CentOS AMI:

Appliance: nagiosxi appliance 2.1
Hostname: ip-10-251-189-60
IP Address: 10.251.189.60

(located in us-east-1a region. The client is a generic AWS linux (RH 5/6), located in us-east-1b region, I have installed the nrpe agents (running under xinetd) and all dependencies.... If I do a telnet on port 5666, from the xi server to the client, I receive connection refused. If I telnet from the client to nagiosxi, I get a quick connection and then dropped.

If I do a netstat -lun | grep 5666, I receive nothing back.

If I execute a check_nrpe from client to to nagiosxi, I receive:
# /usr/local/nagios/libexec/check_nrpe -H 10.251.189.60
CHECK_NRPE: Error - Could not complete SSL handshake.

No, I am stuck in the water.... port 5666 is open on both the client and the server, and AWS should not be blocking anything.

In the monitor, all I can get a success is for pings, the other monitors are showing up as critical, with Connection refused by host.

Thanks for all your help in this matter..

BTW, the nrpe client is 2-13

Regards,

Richard.

[scottwilkerson]

I would re-verify you opened port 5666 in Amazon's firewall for the client? Also make sure iptables on either machine isn't blocking the request.

Finally, you are making the connection attempt backwards...

If I execute a check_nrpe from client to to nagiosxi, I receive:
# /usr/local/nagios/libexec/check_nrpe -H 10.251.189.60
CHECK_NRPE: Error - Could not complete SSL handshake.

You should run this FROM the XI server entering the IP of the client..

[lmiltchev]

Run the following command on the client and show us the output:

Code: Select all

netstat -at | grep nrpe

[rniziak]

[root@domU-12-31-39-14-11-6B xinetd.d]# netstat -at | grep nrpe
[root@domU-12-31-39-14-11-6B xinetd.d]#

Nothing, nada..

[rniziak]

[root@domU-12-31-39-14-11-6B xinetd.d]# iptables -L | grep nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe


[root@ip-10-251-189-60 ~]# iptables -L | grep nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe

How do I verify that the AWS firewall is allowing access between the regions ??

[rniziak]

[root@ip-10-251-189-60 ~]# ^cd ^^
/usr/local/nagios/libexec/check_nrpe -H 10.206.18.153
Connection refused by host

[scottwilkerson]

[root@domU-12-31-39-14-11-6B xinetd.d]# netstat -at | grep nrpe
[root@domU-12-31-39-14-11-6B xinetd.d]#

Nothing, nada..

Ok, this is indicating that NRPE is not running on the client, try service xinetd restart

if this doesn't work you may not have the service name defined, can you run the following to see if something is listening on 5666

Code: Select all

 netstat -l

Finally if that isn't the case, can you post your /etc/xinetd.d/nrpe file

Thanks

[rniziak]

[root@domU-12-31-39-14-11-6B nrpe-2.13]# netstat -l | more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:ssh *:* LIST
EN
tcp 0 0 localhost:smtp *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
udp 0 0 *:bootpc *:*

udp 0 0 domU-12-31-39-14-11-6B.c:ntp *:*

udp 0 0 localhost:ntp *:*

udp 0 0 *:ntp *:*

udp 0 0 fe80:39ff:fe14:116:ntp *:*

udp 0 0 localhost:ntp *:*

udp 0 0 *:ntp *:*

Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 3120 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 1139 @/com/ubuntu/upstart
unix 2 [ ACC ] SEQPACKET LISTENING 1205 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 2118 /var/run/dbus/system_bu
s_socket
[root@domU-12-31-39-14-11-6B nrpe-2.13]# cd /etc/xinetd.d
[root@domU-12-31-39-14-11-6B xinetd.d]# ls
chargen-dgram daytime-stream echo-dgram rsync time-stream
chargen-stream discard-dgram echo-stream tcpmux-server
daytime-dgram discard-stream nrpe time-dgram
[root@domU-12-31-39-14-11-6B xinetd.d]# cat nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.251.189.60,127.0.0.1
}
[root@domU-12-31-39-14-11-6B xinetd.d]#

[scottwilkerson]

Ok, edit your /etc/xinetd.d/nrpe

change this line

Code: Select all

only_from = 10.251.189.60,127.0.0.1

to

Code: Select all

only_from = 10.251.189.60 127.0.0.1

Then

Code: Select all

service xinetd restart

[rniziak]

Fixed one issue and started another.... Now instead of Critical I Unknown with this message: "CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages."

And the logs state:

Jul 2 16:25:53 domU-12-31-39-14-11-6B xinetd[1287]: START: nrpe pid=1304 from=::ffff:10.251.189.60
Jul 2 16:25:53 domU-12-31-39-14-11-6B nrpe[1304]: Error: Request contained command arguments!
Jul 2 16:25:53 domU-12-31-39-14-11-6B nrpe[1304]: Client request was invalid, bailing out...
Jul 2 16:25:53 domU-12-31-39-14-11-6B xinetd[1287]: EXIT: nrpe status=0 pid=1304 duration=0(sec)