Page 2 of 3
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 2:44 pm
by psyllex
I made the changes "abrist" suggested. I turned off xinetd on the nagios server. I actually reconfigured using:
That seemed to do the trick. But then I would add into nrpe.cfg:
Code: Select all
command[check_ping]=/usr/local/nagios/libexec/check_ping -H <ip address> -w 750.0,80% -c 1500.0,90%
which would work fine. But then I add in:
Code: Select all
command[check_udp]=/usr/local/nagios/libexec/check_udp -H <ipaddress> -p 200 -s 'send' -e ''
Then it goes back to the "
NRPE: Could not complete SSL handshake".
How can that one command be causing all commands to not handshake correctly?
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 2:48 pm
by abrist
Are you checking a remote network segment? I ask because both of those checks (ping/udp) can be run from the nagios server against the remote host ip, you do not need nrpe unless you are using a remote nrpe enabled box to check other machines on the segment. (we call this an nrpe server)
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 2:56 pm
by psyllex
abrist wrote:Are you checking a remote network segment? I ask because both of those checks (ping/udp) can be run from the nagios server against the remote host ip, you do not need nrpe unless you are using a remote nrpe enabled box to check other machines on the segment. (we call this an nrpe server)
I am checking udp,ping of a NRPE remote host, on my Nagios server. Should I just be using localhost?
The interesting thing was when I used:
Code: Select all
command[check_udp]=/usr/local/nagios/libexec/check_udp -H 10.10.0.102 -p 200 -s 'send' -e ''
It worked fine. But that was me checking the address 10.10.0.102 (which is server A) from Server B (10.10.0.103). I think I'm missing some fundamental networking knowledge here.
Just to be concise: I'm sitting on a Nagios Server, trying to ping both Server A and Server B. In the remote.cfg file on the Nagios server I have the command definitions. But from the nrpe.cfg files on the remote servers (A & B), should the command be to ping 'localhost' ? Which I thought was just the name instead of the ip address.
Thanks for the help by the way.
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 2:58 pm
by psyllex
I should also state that I installed NRPE server on the same box as the Nagios server. which is how I thought I was supposed to do it. Nagios core, then Nagios Plugins, then NRPE Server on a single machine. Then Nagios Plugins and NRPE on the two remote hosts.
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 3:05 pm
by abrist
NRPE is a remote daemon for executing commands remotely (binaries scripts on the remote box). This is usually only used for check that must happen locally - things like disk and memory checks, or scripts that must be run locally on the host. check_ping and check_udp both can be passed a hostname (-H) and check services that can be accessed externally (icmp and udp). This means these checks could and should be run by the nagios server.
The nagios server needs:
nagios core
nagios plugins
check_nrpe binary in the plugins directory
The remote hosts need:
nrpe installed with xinetd
nagios plugins
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 3:50 pm
by psyllex
Alright...maybe I should just ditch the current installation and start over. It'll probably be easier than trying to fix it as is.
So I will re install nagio core, nagios plugins on the intended server machine.
I will then install nagios plugins and nrpe daemon on the remote hosts I wish to monitor.
So where would I set up the command to check the tcp and udp? Assuming it's on the nagios server machine, which directory, folder, file would I put the check_udp, tcp, etc?
Thanks as always.
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 4:01 pm
by abrist
psyllex wrote:
So I will re install nagio core, nagios plugins on the intended server machine.
I will then install nagios plugins and nrpe daemon on the remote hosts I wish to monitor.
Do not forget that you need the check_nrpe plugin in the plugins directory on the nagios server.
So where would I set up the command to check the tcp and udp? Assuming it's on the nagios server machine, which directory, folder, file would I put the check_udp, tcp, etc?
You would add those commands to commands.cfg, and the actual service checks for the commands to what every file you are configuring your remote host in.
If you have not read the NRPE documentation, I highly suggest you do as it has a very good overview of how NRPE works with nagios.
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 4:52 pm
by psyllex
abrist wrote:psyllex wrote:
So I will re install nagio core, nagios plugins on the intended server machine.
I will then install nagios plugins and nrpe daemon on the remote hosts I wish to monitor.
Do not forget that you need the check_nrpe plugin in the plugins directory on the nagios server.
So where would I set up the command to check the tcp and udp? Assuming it's on the nagios server machine, which directory, folder, file would I put the check_udp, tcp, etc?
You would add those commands to commands.cfg, and the actual service checks for the commands to what every file you are configuring your remote host in.
If you have not read the NRPE documentation, I highly suggest you do as it has a very good overview of how NRPE works with nagios.
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
so I should still put the
on the remote hosts? Because that's what I had going on currently.
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 5:33 pm
by abrist
psyllex wrote:
so I should still put the
on the remote hosts? Because that's what I had going on currently.
No. You would define the command in your commands.cfg file on the nagios server:
Code: Select all
define command{
command_name check_udp
command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ -s $ARG2$ -e $ARG3$
}
And then define a service check for the host in the host's config on the nagios server:
Code: Select all
define service{
use local-service,
host_name [your remote host's name/ip]
service_description check_udp
check_command check_udp!200!'send'!''
}
Again, all configuration for these 2 checks should be done on the nagios server in the nagios configuration files. You do not need nrpe for these unless you are trying to proxy them through a remote nrpe server (usually to access a firewalled remote network segment).
Re: Check_NRPE: Error - Could not complete SSL handshake
Posted: Fri Feb 22, 2013 5:55 pm
by psyllex
I understand that now, after reading the complete NRPE instructions. Sadly I still have the "CHECK_NRPE: Error - Could not complete SSL handshake" after installng. I used:
./configure --enable-ssl
and
/usr/local/nagios/libexec/check_nrpe -H localhost
I am also using nagios-plugins-1.4.15 and nrpe-2.13. Are they compatible with each other? I was reading, that it might be causing a SSL issue, in the docs someplace. I'm at a loss at this point. I've reinstalled the plugins and nrpe 3-4 times now. I actually had to do that with nagios-core until I found a system that worked, which was merely splitting a command in 3 but all of the other instructions were the same.