Page 2 of 4
Re: Encrypt data between client and server nagios xi
Posted: Wed Jun 08, 2016 12:31 pm
by Naveed
Sure! My bad I miss it.
I am looking by using Check_nt
NSClient version is 0.4.3
You may ask for anything which is needed to fulfil this request.
Thank you very much!
Re: Encrypt data between client and server nagios xi
Posted: Wed Jun 08, 2016 3:45 pm
by lmiltchev
I don't see any options in the check_nt plugin's usage for SSL... Also, according to the NSClient++ documentation:
Check_nt is NOT a good protocol and is considerd abandoneware. NSClient++ supports it only for legacy reasons. There is generally no reason to use check_nt
https://docs.nsclient.org/0.4.4/faq/index.html?
I would recommend using check_nrpe instead.
Re: Encrypt data between client and server nagios xi
Posted: Thu Jun 09, 2016 5:29 am
by Naveed
Thank you very much lmiltchev
Can you please suggest the way that how I can achieve secure communication between client and server using check_nrpe?
Much appreciated.
Thank you!
Re: Encrypt data between client and server nagios xi
Posted: Thu Jun 09, 2016 8:28 am
by Naveed
One more thing which need to add.
I am following nagios xi documentation for nsclient++ for secure communication between naigos and client.
after implementing all suggested parameters in nsclient.ini file on windows client.
NSCA server which listens on port 5667 is still down.
I am having logs as entries as follows:
17:44:00: error:c:\source\nscp\include\socket/connection.hpp:243: Failed to establish secure connection: short read: 219
Need your help to figure out what goes wrong?
Thank you in advance.
Re: Encrypt data between client and server nagios xi
Posted: Thu Jun 09, 2016 10:31 am
by rkennedy
The document you posted is how to configure SSL with Nagios in regards to https on the web GUI.
Can you please show us what you've done? If you're using NRPE with NSClient++, it should encrypt it all by default. What commands are you running from the XI machine, and what is your current configuration in NSClient++?
Re: Encrypt data between client and server nagios xi
Posted: Thu Jun 09, 2016 11:15 am
by Naveed
I want to achieve secure communication between my nagios xi (Linux) and hosts (Windows 2012 r2).
I have installed nsclient++ with check_nt command and all is working fine.
Someone tell me on this thread that check_nt do not support secure communication, so try to use check_nrpe.
I have reinstalled nsclient++ with check_nrpe, but this time few services are not up,because of port 12489 is no more on listening state.
I need your help to make secure communication (Encrypt data) between nagios xi and hosts using check_nrpe.
I have attached my nscliet.ini and screenshot of monitoring screen.
please see and suggest me the best suitable way to achieve this.
nsclient.ini
*********************************************************
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; Undocumented key
password = 12345678
; Undocumented key
allowed hosts =
; Undocumented section
[/settings/NRPE/server]
; Undocumented key
verify mode = none
; Undocumented key
insecure = true
; Undocumented section
[/modules]
; Undocumented key
CheckExternalScripts = 1
; Undocumented key
CheckHelpers = 1
; Undocumented key
CheckNSCP = 1
; Undocumented key
CheckDisk = 1
; Undocumented key
CheckSystem = 1
; Undocumented key
CheckEventLog = 1
; Undocumented key
NSCAClient = 1
; Undocumented key
NRPEServer = 1
*********************************************************
Thank you very much in advance.
Re: Encrypt data between client and server nagios xi
Posted: Thu Jun 09, 2016 11:56 am
by rkennedy
Below this -
add this -
Code: Select all
NSClientServer = 1
; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = 1
; PORT NUMBER - Port to use for check_nt.
port = 12489
Then restart the NSClient++ service. As mentioned, you will probably want to use check_nrpe though, and not check_nt -- as @lmiltchev mentioned -
lmiltchev wrote:I don't see any options in the check_nt plugin's usage for SSL... Also, according to the NSClient++ documentation:
Check_nt is NOT a good protocol and is considerd abandoneware. NSClient++ supports it only for legacy reasons. There is generally no reason to use check_nt
https://docs.nsclient.org/0.4.4/faq/index.html?
I would recommend using check_nrpe instead.
Re: Encrypt data between client and server nagios xi
Posted: Fri Jun 10, 2016 2:47 am
by Naveed
Thank you very much rkennedy
Its working fine now.
The parameter you suggested are added and my monitoring screen starts showing all services in Ok state.
One last question is as follows:
I am using check_nrpe now rather than check_net, so the communication between client server is secured(Encrypted) now or not?
I much appreciate all of your efforts.
Thank you!
Re: Encrypt data between client and server nagios xi
Posted: Fri Jun 10, 2016 2:49 am
by Naveed
Adding it to that,
Following log entry in recorded in nsclient++ log files
error:c:\source\nscp\include\nrpe/server/protocol.hpp:80: Rejected connection from nagios server IP
Please explain this as well.
Thank you!
Re: Encrypt data between client and server nagios xi
Posted: Fri Jun 10, 2016 9:49 am
by rkennedy
You need to specify something with your allowed hosts field, for example you have -
Code: Select all
; Undocumented key
allowed hosts =
My configuration is set to this -
Code: Select all
; Undocumented key
allowed hosts = 192.168.4.179
Depending on what you're using, you may need to enter this in multiple places.