Page 3 of 4
Re: Agent On Oracle VM server release 3.2.3
Posted: Wed Oct 23, 2013 11:47 am
by abrist
Replace the line:
Code: Select all
only_from = 127.0.0.1 192.168.74.134
In /etc/xinetd.d/nrpe, with:
Code: Select all
only_from = 127.0.0.1 <your xi server ip>
Restart xinetd:
Now from the XI server, nmap the remote host:
Re: Agent On Oracle VM server release 3.2.3
Posted: Thu Oct 24, 2013 2:49 am
by cokj72
abrist wrote:Replace the line:
Code: Select all
only_from = 127.0.0.1 192.168.74.134
In /etc/xinetd.d/nrpe, with:
Code: Select all
only_from = 127.0.0.1 <your xi server ip>
Restart xinetd:
I had already changed this line
Code: Select all
only_from = 127.0.0.1 192.168.110.150
abrist wrote:Now from the XI server, nmap the remote host:
this is the result:
Code: Select all
[root@nagios ~]# nmap 192.168.110.218 -p 5666
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-24 09:45 CEST
Nmap scan report for ovmm.fpf.local (192.168.110.218)
Host is up (0.00031s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 00:21:F6:00:00:06 (Virtual Iron Software)
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
Re: Agent On Oracle VM server release 3.2.3
Posted: Thu Oct 24, 2013 10:54 am
by abrist
Is xinetd running on the remote host?
What firewall rules is the remote currently using?
Re: Agent On Oracle VM server release 3.2.3
Posted: Fri Oct 25, 2013 4:34 am
by cokj72
abrist wrote:Is xinetd running on the remote host?
Code: Select all
[root@ovmn ~]# service xinetd status
xinetd (pid 18802) is running...
abrist wrote:What firewall rules is the remote currently using?
[root@ovmn ~]# iptables -L
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54322
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54321
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:15901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:afs3-prserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54322
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54321
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:15901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:afs3-prserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nsca
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54322
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54321
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:15901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:afs3-prserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54322
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:54321
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:15901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:afs3-prserver
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Re: Agent On Oracle VM server release 3.2.3
Posted: Fri Oct 25, 2013 1:15 pm
by abrist
You will need to open up port 5666 on the iptables chain 'RH-Firewall-1-INPUT'.
Re: Agent On Oracle VM server release 3.2.3
Posted: Mon Oct 28, 2013 3:58 am
by cokj72
abrist wrote:You will need to open up port 5666 on the iptables chain 'RH-Firewall-1-INPUT'.
I've insert this line in the file "iptables":
Code: Select all
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5666 -j ACCEPT
Restart nrpe on the host (pag.5 NRPE Troubleshooting and Common Solutions), but:
Code: Select all
[root@ovmn sysconfig]# /etc/init.d/nrpe restart
-bash: /etc/init.d/nrpe: No such file or directory
[root@ovmn sysconfig]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
From CLI on the Nagios Server I' ve:
Code: Select all
[root@nagios ~]# nmap 192.168.110.218 -p 5666
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-28 10:13 CET
Nmap scan report for ovmm.fpf.local (192.168.110.218)
Host is up (0.00034s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 00:21:F6:00:00:06 (Virtual Iron Software)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
I've install nrpe, from "
http://exchange.nagios.org/directory/Pl ... pt/details".
Change the lines 21-25,
ORIGINAL:
Code: Select all
[ -f /etc/nrpe.cfg ] || exit 0
NRPE="/usr/sbin/nrpe"
PIDFILE="/var/run/nrpe.pid"
CFG="/etc/nrpe.cfg
"
NEW:
Code: Select all
[ -f /usr/local/nagios/etc/nrpe.cfg ] || exit 0
NRPE="/usr/local/nagios/etc/nrpe"
PIDFILE="/var/run/nrpe.pid"
CFG="/usr/local/nagios/etc/nrpe.cfg"
Copy the file in /etc/init.d
Start the Service
Code: Select all
[root@ovmn init.d]# service nrpe restart
Starting NRPE: /etc/init.d/nrpe: line 31: /usr/local/nagios/etc/nrpe: is a directory
OK
but:
Code: Select all
[root@ovmn init.d]# ps -ef |grep -i nrpe |grep -v grep
[root@ovmn init.d]#
and in the Nagios server:
Code: Select all
[root@nagios ~]# nmap 192.168.110.218 -p 5666
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-28 11:09 CET
Nmap scan report for ovmm.fpf.local (192.168.110.218)
Host is up (0.00030s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 00:21:F6:00:00:06 (Virtual Iron Software)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Modify line 23 to:
but:
Code: Select all
[root@ovmn /]# service nrpe start
Starting NRPE: /etc/xinetd.d/nrpe: line 5: flags: command not found
/etc/xinetd.d/nrpe: line 6: socket_type: command not found
/etc/xinetd.d/nrpe: line 7: port: command not found
/etc/xinetd.d/nrpe: line 8: wait: `=': not a pid or valid job spec
/etc/xinetd.d/nrpe: line 8: wait: `no': not a pid or valid job spec
/etc/xinetd.d/nrpe: line 9: user: command not found
/etc/xinetd.d/nrpe: line 10: group: command not found
/etc/xinetd.d/nrpe: line 11: server: command not found
/etc/xinetd.d/nrpe: line 12: server_args: command not found
/etc/xinetd.d/nrpe: line 13: log_on_failure: command not found
/etc/xinetd.d/nrpe: line 14: disable: command not found
/etc/xinetd.d/nrpe: line 15: only_from: command not found
/etc/xinetd.d/nrpe: line 16: per_source: command not found
/etc/xinetd.d/nrpe: line 17: instances: command not found
OK
Re: Agent On Oracle VM server release 3.2.3
Posted: Mon Oct 28, 2013 3:52 pm
by abrist
cokj72 wrote:Starting NRPE: /etc/init.d/nrpe: line 31: /usr/local/nagios/etc/nrpe: is a directory
This is not right. the config should be located at:
/usr/local/nagios/etc/nrpe.cfg
Re: Agent On Oracle VM server release 3.2.3
Posted: Tue Oct 29, 2013 5:59 am
by cokj72
OK.
I have modified the file
/etc/rc.d/init.d/nrpe on te lines 21-25
Code: Select all
NRPE="/usr/local/nagios/etc/nrpe.cfg"
PIDFILE="/var/run/nrpe.pid"
CFG="/usr/local/nagios/etc/nrpe.cfg"
Code: Select all
[root@ovmn init.d]# chkconfig --list
nrpe 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Start the service:
[root@ovmn init.d]# service nrpe restart
Starting NRPE: OK
[root@ovmn init.d]# ps -ef |grep -i nrpe
root 10849 9933 0 05:54 pts/0 00:00:00 grep -i nrpe
And from NagiosXI Server:
Code: Select all
[root@nagios ~]# nmap 192.168.110.253 -p 5666
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-29 11:51 CET
Nmap scan report for vtfi.fpf.local (192.168.110.253)
Host is up (0.00031s latency).
PORT STATE SERVICE
5666/tcp open nrpe
MAC Address: 00:0C:29:80:BE:70 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
But from consolle:
Re: Agent On Oracle VM server release 3.2.3
Posted: Tue Oct 29, 2013 2:16 pm
by abrist
We are getting closer. This current issue has to be due to the allowed_hosts or only_from directives. Are you now starting nrpe from its init script, or from xinetd?
Re: Agent On Oracle VM server release 3.2.3
Posted: Wed Oct 30, 2013 10:11 am
by cokj72
I made him start from inet.d (though not the 'I eliminated from xinet.d), but I see the active process ...
Code: Select all
[root@ovmn init.d]# ps -ef |grep -i nrpe |grep -v grep
[root@ovmn init.d]#