I couldn't run the script locally because I had xinetd configured to only allow nrpe commands from our nagios box. Once I commented that out in the xinetd config and restarted xinetd, it let me run it.
both my monitored hosts, and my nagios server have NRPE v2.12
I was just told that there is something called NRPE+ that is newer than NRPE. Is that what I should be running? I installed the version of NRPE that is linked to in the Nagios admin guide.
CHECK_NRPE: Error - Could not complete SSL handshake
Re: CHECK_NRPE: Error - Could not complete SSL handshake
I am unaware of a NRPE+, and a quick Google search didn't reveal much. Perhaps the source of the information was thinking of NSClient++. Did the/var/log/messages give any revealing information?
Nicholas Scott
Former Nagios employee
Former Nagios employee
Re: CHECK_NRPE: Error - Could not complete SSL handshake
The only thing that I'm seeing in /var/log/messages is this:
xinetd[3333]: FAIL: nrpe per_source_limit from=IP address of our Nagios server
The log mainly just contains a ton of nrpe starts/exits:
xinetd[3333]: START: nrpe pid=22906 from=IP address of our Nagios server
xinetd[3333]: EXIT: nrpe status=0 pid=22906 duration=0(sec)
xinetd[3333]: FAIL: nrpe per_source_limit from=IP address of our Nagios server
The log mainly just contains a ton of nrpe starts/exits:
xinetd[3333]: START: nrpe pid=22906 from=IP address of our Nagios server
xinetd[3333]: EXIT: nrpe status=0 pid=22906 duration=0(sec)
Re: CHECK_NRPE: Error - Could not complete SSL handshake
It may be possible that there are an absurd amount of Nagios processes that were zombified. Juding from the FAIL: nrpe per_source_limit from source. Are you seeing any zombie processes?
Nicholas Scott
Former Nagios employee
Former Nagios employee
Re: CHECK_NRPE: Error - Could not complete SSL handshake
How would I check for zombie processes?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Code: Select all
ps -el | grep ' Z 'Nicholas Scott
Former Nagios employee
Former Nagios employee
Re: CHECK_NRPE: Error - Could not complete SSL handshake
So far, no zombie procs have been found.
I've set a check to look for zombie procs every 5 minutes.
I just got the SSL handshake error on one server and checked for zombies as quickly as I could. There were none.
I've set a check to look for zombie procs every 5 minutes.
I just got the SSL handshake error on one server and checked for zombies as quickly as I could. There were none.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
This is the default nrpe command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
What happens when you increase the timeout to say, 45 seconds?
$USER1$/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
What happens when you increase the timeout to say, 45 seconds?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Changed the timeout setting to 45 seconds this morning.
Just a few minutes ago I got the CHECK_NRPE: Error - Could not complete SSL handshake. alert from one of the servers.
Just a few minutes ago I got the CHECK_NRPE: Error - Could not complete SSL handshake. alert from one of the servers.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Do you use NTP on your servers? It seems far-fetched, but theoretically this could an issue with improper times set that are varying 'just enough' to cause SSL to fail.
Do you have multiple boxes checking each individual server? How many checks total would you say you're running on these servers per minute?
Do you have multiple boxes checking each individual server? How many checks total would you say you're running on these servers per minute?
Nicholas Scott
Former Nagios employee
Former Nagios employee