Windows Service Monitoring

[HBRMonitoring]

The OS Team replied as below:
Firewall is completely turned off from OS end . Hence OS level port block will not happen. check AWS security group / ACL status. Kindly share us the steps need to be perform from OS end if any.

[ssax]

This would not be an OS end issue if you have the firewall turned off unless you have some other security software on there, it's likely being blocked by a firewall in-between. Do you have any host/network intrusion prevention/security software that could be impacting it?

If nmap says filtered, something in the path is blocking it, I've never seen nmap be wrong on a TCP connection. You'll need to have your network/security team investigate the path to determine where it is occurring.

What is the output of this command from your XI server?
- Change X.X.X.X to the IP of the NCPA host

Code: Select all

sudo tcptraceroute X.X.X.X 5693

[HBRMonitoring]

HI,

Port 12489 (TCP), 5666-5667 (TCP), ICMP ALL opened from AWS Security Group to Nagios IP.

THis is the message I got from AWS. Is there anything else I need to check?

[ssax]

You're missing the NCPA port 5693 TCP in that list, that needs to be allowed if you're using NCPA.

[HBRMonitoring]

its now open,

on deploying the template, I am getting following error:

(Service check timed out after 60.01 seconds)

[ssax]

What does this command output from your XI server:

Code: Select all

/usr/local/nagios/libexec/check_ncpa.py -H X.X.X.X -t 'yourtoken' -P 5693 -M system/agent_version

Does this still show filtered?

Code: Select all

nmap -Pn -p5693 X.X.X.X

[HBRMonitoring]

-bash-4.1$ /usr/local/nagios/libexec/check_ncpa.py -H <My Host> -t '<My Token>' -P 5693 -M system/agent_version
OK: Agent_version was ['2.2.2']
-bash-4.1$
-bash-4.1$
-bash-4.1$ nmap -Pn -p5693 <My Host>

Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-28 08:45 GMT
Nmap scan report for <My Host>
Host is up (0.024s latency).
PORT STATE SERVICE
5693/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

[ssax]

Ok so that's working from the CLI.

Please PM me a FRESH copy of your profile, you can download it from Admin > System Profile by clicking the Download Profile button.

In the PM, include the exact host name this is failing on so I can look at the configs.

[ssax]

I need to know this:

In the PM, include the exact host name this is failing on so I can look at the configs.

For whatever service is receiving this:

[cpde](Service check timed out after 60.01 seconds)[/code]

[HBRMonitoring]

I suppose wahbloys03c01 is the hostname.