nrpe 1024 bytes limit

[erkanerturk]

I have a problem with nrpe packet size. I use check_nrpe version 4 in Nagios SERVER.
When I talk to v3 client, output is truncated to 1024 bytes.If I force v3 packet, output is retrieved without 1024 byte limitation.
When I talk to v4 client, output is retrieved without 1024 byte limitation.If I force v3 packet, output is truncated to 1024 bytes

What I expect is that; Without any switch, it will correctly retireve packets exceedng 1024 bytes. 1024 byte limitation only belongs to v2 packets..
How can I retrieve my packets without 1024 byte limitation? and what is the reason for this unexpected behaviour

Code: Select all

#here Nagios Server
[root@nagios libexec]# ./check_nrpe -V
NRPE Plugin for Nagios
Version: 4.0.3


#Here CLIENT1
[root@nagios libexec]# check_nrpe  -H Client1
NRPE v3.2.1

[root@nagios libexec]# check_nrpe  -H Client1 -c check_disk -a '-e -w 20% -c 10% -W 3% -K 2% -X tmpfs -X devtmpfs -X tracefs -X iso9660 -X nsfs -X overlay -X fuse.gvfs-fuse-daemon -x /boot/efi -C -w 10% -c 5% -p / -C -w 3% -c 2% -p /boot -L' | wc -c
1024
[root@nagios libexec]# check_nrpe -3  -H Client1 -c check_disk -a '-e -w 20% -c 10% -W 3% -K 2% -X tmpfs -X devtmpfs -X tracefs -X iso9660 -X nsfs -X overlay -X fuse.gvfs-fuse-daemon -x /boot/efi -C -w 10% -c 5% -p / -C -w 3% -c 2% -p /boot -L' | wc -c
1241

#Here CLIENT2
[root@nagios libexec]# check_nrpe  -H Client2
NRPE v4.0.2

[root@nagios libexec]# check_nrpe  -H Client2 -c check_disk -a '-e -w 20% -c 10% -W 3% -K 2% -X tmpfs -X devtmpfs -X tracefs -X iso9660 -X nsfs -X overlay -X fuse.gvfs-fuse-daemon -x /boot/efi -C -w 10% -c 5% -p / -C -w 3% -c 2% -p /boot -L' | wc -c
1175
[root@nagios libexec]# check_nrpe -3 -H Client2 -c check_disk -a '-e -w 20% -c 10% -W 3% -K 2% -X tmpfs -X devtmpfs -X tracefs -X iso9660 -X nsfs -X overlay -X fuse.gvfs-fuse-daemon -x /boot/efi -C -w 10% -c 5% -p / -C -w 3% -c 2% -p /boot -L' | wc -c
1024

[swolf]

Hi @erkanerturk,

It looks like there are two separate (but similar) behaviors that you weren't expecting:

a) when using check_nrpe version 4 against nrpe server version 3, output is truncated to 1024 bytes.

In this case, this is the expected behavior - NRPE server version 3 won't recognize the protocol that check_nrpe v4 uses, so it will fall back to using v2.

b) when using check_nrpe version 4 against nrpe server version 4, forcing a version 3 packet causes output to be truncated to 1024 bytes.

The main reason that NRPE version 4 was released is because NRPE version 3's protocol had potential vulnerabilities. We don't want to expose any vulnerabilities by letting the client choose a bad protocol version, so the NRPE server will downgrade directly to version 2 if a client tries to connect using version 3.

As for what you should do - if it's critical that you have plugin output longer than 1024 bytes, I would recommend you use protocol version 3 with any servers using the NRPE v3 daemon, and protocol version 4 with any servers using NRPE v4. I would also recommend upgrading any NRPE v3 daemons to v4 as soon as you're able to do so.

[erkanerturk]

Hi

when i read your answer, i see the following:

"we have introduced nrpe agent v3 to solve length problem. but we did someting so bad that, when there is a version mismatch, we directly jump to v2."

which is really absurd!

anyway.

one more question.i can we prevent logs mentioning version problem in the clients messages log by setting -D flag in the server nrpe check?
nrpe logs made noise itne client' s messages file and we want to stop this..

thanks

[vtrac]

Hi erkanerturk,
If you use option "-D", you are "Disable logging to syslog facilities" completely.

You could also try configure rsyslog to discard these messages, preventing them from being logged:
https://support.nagios.com/kb/article/n ... s-786.html


Regards,
Vinh