NRPE client on nagiosxi server

mroter · Post by **mroter** » Sun Jan 27, 2013 11:14 am

We want to monitor the disk space and the number of files in the checkresults dir of a nagiosxi server from another nagiosxi server.
It seems we need NRPE client on the monitored nagiosxi server but one is not properly configured. We updated the nrpe.cfg and xinet.d/nrpe allow_from servers.
Looks like the server is not listening on port 5666.

scottwilkerson · Post by **scottwilkerson** » Sun Jan 27, 2013 12:18 pm

iptables may not be allowing connections

run

Code: Select all

iptables -L

mroter · Post by **mroter** » Tue Jan 29, 2013 8:25 am

Please see below. Looks to me like NRPE is enabled

[root@nagiosxi2-uk ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:6557 state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

yancy · Post by **yancy** » Tue Jan 29, 2013 10:23 am

mroter,

can you verify that port 5666 is accepting requets

Code: Select all

 netstat -a | grep 'LISTEN'

also, what response do your receive when you run check_nrpe against the client machine?

Code: Select all

 /usr/local/nagios/libexec/check_nrpe -H xx.xx.xx.xx

-Yancy

mroter · Post by **mroter** » Mon Feb 04, 2013 2:50 am

The "client" machine is a Nagios XI server in this case.

[root@nagiosxi2-uk ~]# netstat -a | grep 'LISTEN'
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 localhost:oa-system *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:postgres *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:postgres *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 *:nsca *:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 6789 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 9556 /usr/local/nagios/var/ndo.sock
unix 2 [ ACC ] STREAM LISTENING 9041 private/bounce
unix 2 [ ACC ] STREAM LISTENING 9045 private/defer
unix 2 [ ACC ] STREAM LISTENING 9049 private/trace
unix 2 [ ACC ] STREAM LISTENING 9053 private/verify
unix 2 [ ACC ] STREAM LISTENING 9057 public/flush
unix 2 [ ACC ] STREAM LISTENING 9061 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 9065 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 9069 private/smtp
unix 2 [ ACC ] STREAM LISTENING 9073 private/relay
unix 2 [ ACC ] STREAM LISTENING 9077 public/showq
unix 2 [ ACC ] STREAM LISTENING 9081 private/error
unix 2 [ ACC ] STREAM LISTENING 9085 private/retry
unix 2 [ ACC ] STREAM LISTENING 9089 private/discard
unix 2 [ ACC ] STREAM LISTENING 9093 private/local
unix 2 [ ACC ] STREAM LISTENING 9097 private/virtual
unix 2 [ ACC ] STREAM LISTENING 9101 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 9105 private/anvil
unix 2 [ ACC ] STREAM LISTENING 9109 private/scache
unix 2 [ ACC ] STREAM LISTENING 8715 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 633384 /tmp/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 9026 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 10358941 /usr/local/nagios/var/rw/live
unix 2 [ ACC ] STREAM LISTENING 9033 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 9037 private/rewrite

Looks like the server is NOT listening on port 5666. Probably a configuration issue. Please advise.

scottwilkerson · Post by **scottwilkerson** » Mon Feb 04, 2013 8:53 am

try

Code: Select all

service xinetd restart

If it doesn't come up I would take a look at the syslog while running the command above again

Code: Select all

tail -f /var/log/messages

mroter · Post by **mroter** » Mon Feb 04, 2013 1:38 pm

I reverted my changes to nrpe.cfg and /etc/xinet.d/nrpe and retsrted inet.d

/etc/init.d/xinetd restart

I now can see nrpe running

[root@localhost ~]# netstat -a | grep 'LISTEN'
tcp 0 0 *:nrpe *:* LISTEN
tcp 0 0 *:nsca *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 localhost:oa-system *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:postgres *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:https *:* LISTEN

When trying to connect from remote server I get:

os/libexec/check_nrpe -H 172.20.1.71
Connection refused or timed out

In the syslog I found:

Feb 4 18:31:20 localhost xinetd[27388]: Exiting...
Feb 4 18:31:20 localhost xinetd[29278]: IPv6 socket creation failed for service nrpe, trying IPv4
Feb 4 18:31:20 localhost xinetd[29278]: IPv6 socket creation failed for service nsca, trying IPv4
Feb 4 18:31:20 localhost xinetd[29278]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in.
Feb 4 18:31:20 localhost xinetd[29278]: Started working: 2 available services

Post by **lmiltchev** » Mon Feb 04, 2013 2:05 pm

On the client machine (172.20.1.71), open the nrpe file and see if the Nagios XI IP address is added to the "only_from = " line.

Code: Select all

vi /etc/xinetd.d/nrpe

If it is not listed, add it. For example:

Code: Select all

only_from       = 127.0.0.1 192.168.0.100

and restart the daemon:

Code: Select all

service xinetd restart

Try your check again from the Nagios XI server (libexec directory):

Code: Select all

./check_nrpe -H 172.20.1.71

Make sure you can connect to port 5666. From your XI machine, try running:

Code: Select all

telnet 172.20.1.71 5666

or if you have nc installed, you can try:

Code: Select all

nc -zv 172.20.1.71 5666

mroter · Post by **mroter** » Tue Feb 05, 2013 3:38 am

I followed the steps but it is still not working

From the server itself (172.20.1.71) I get:

[root@localhost ~]# telnet 172.20.1.71 5666
Trying 172.20.1.71...
Connected to 172.20.1.71.
Escape character is '^]'.
Connection closed by foreign host.

In the messages log I get:

Feb 5 08:31:02 localhost xinetd[18178]: START: nrpe pid=18924 from=172.20.1.71
Feb 5 08:31:02 localhost xinetd[18924]: FAIL: nrpe address from=172.20.1.71
Feb 5 08:31:02 localhost xinetd[18178]: EXIT: nrpe status=0 pid=18924 duration=0(sec)

From the remote server (172.20.1.106) I get:

[root@localhost libexec]# telnet 172.20.1.71 5666
Trying 172.20.1.71...
telnet: connect to address 172.20.1.71: No route to host

yancy · Post by **yancy** » Tue Feb 05, 2013 9:50 am

mroter,

What does xinetd file look like?

if your using xinetd to accept connections, your xinetd file should look something like this:

Code: Select all

# default: on
# description: NRPE
service nrpe {
	flags = REUSE
	socket_type = stream
	wait = no
	user = nagios
	server = /usr/local/nagios/libexec/nrpe
	server_args = -c /usr/local/nagios/libexec/nrpe.cfg --inetd
	log_on_failure += USERID
	disable = no
	# Change this to your primary Nagios server
	only_from = 127.0.0.1
}

also, add the following to /etc/services

Code: Select all

 nrpe 5666/tcp # NRPE

-Yancy

Nagios Support Forum

NRPE client on nagiosxi server

NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server

Re: NRPE client on nagiosxi server