Page 2 of 3
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 06, 2011 2:58 pm
by dsdonut
I couldn't run the script locally because I had xinetd configured to only allow nrpe commands from our nagios box. Once I commented that out in the xinetd config and restarted xinetd, it let me run it.
both my monitored hosts, and my nagios server have NRPE v2.12
I was just told that there is something called NRPE+ that is newer than NRPE. Is that what I should be running? I installed the version of NRPE that is linked to in the Nagios admin guide.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Thu Jul 07, 2011 9:33 am
by nscott
I am unaware of a NRPE+, and a quick Google search didn't reveal much. Perhaps the source of the information was thinking of NSClient++. Did the/var/log/messages give any revealing information?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 13, 2011 12:48 pm
by dsdonut
The only thing that I'm seeing in /var/log/messages is this:
xinetd[3333]: FAIL: nrpe per_source_limit from=IP address of our Nagios server
The log mainly just contains a ton of nrpe starts/exits:
xinetd[3333]: START: nrpe pid=22906 from=IP address of our Nagios server
xinetd[3333]: EXIT: nrpe status=0 pid=22906 duration=0(sec)
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 13, 2011 1:30 pm
by nscott
It may be possible that there are an absurd amount of Nagios processes that were zombified. Juding from the FAIL: nrpe per_source_limit from source. Are you seeing any zombie processes?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 13, 2011 1:54 pm
by dsdonut
How would I check for zombie processes?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 13, 2011 3:05 pm
by nscott
Note quotes and spacing are important.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Mon Jul 18, 2011 12:54 pm
by dsdonut
So far, no zombie procs have been found.
I've set a check to look for zombie procs every 5 minutes.
I just got the SSL handshake error on one server and checked for zombies as quickly as I could. There were none.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Tue Jul 19, 2011 9:21 am
by mguthrie
This is the default nrpe command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
What happens when you increase the timeout to say, 45 seconds?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 20, 2011 3:38 pm
by dsdonut
Changed the timeout setting to 45 seconds this morning.
Just a few minutes ago I got the CHECK_NRPE: Error - Could not complete SSL handshake. alert from one of the servers.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 20, 2011 5:09 pm
by nscott
Do you use NTP on your servers? It seems far-fetched, but theoretically this could an issue with improper times set that are varying 'just enough' to cause SSL to fail.
Do you have multiple boxes checking each individual server? How many checks total would you say you're running on these servers per minute?