Where to start!?

[rkennedy]

What happens if you run it without the -n?

[Box293]

Client Machine

root@ip-:~# ps -ef | grep xinetd
root 6835 6594 0 04:55 pts/0 00:00:00 grep --color=auto xinetd
root 13886 1 0 Feb12 ? 00:00:00 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6

root@ip-:~# ps -ef | grep nrpe
nagios 5155 1 0 Feb12 ? 00:00:29 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
root 6837 6594 0 04:56 pts/0 00:00:00 grep --color=auto nrpe

This is your problem.

You have NRPE running as it's own daemon and also with xinetd.

Do this on the client machine:

Code: Select all

service xinetd stop
killall -9 xinetd
killall -9 nrpe
service xinetd start

And then this:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost

[trafalgargirl]

On the client machine did all - and then ran this:

root@ip-:~# /usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error - Could not complete SSL handshake.

[trafalgargirl]

What happens if you run it without the -n?

root@nagios:~# /usr/local/nagios/libexec/check_nrpe -H xx.xx.xxx.xxx
CHECK_NRPE: Socket timeout after 10 seconds.

[tgriep]

Login on the remote system as root and run the following and post the output.

Code: Select all

/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe

Edit the nrpe.cfg file on your remote server and add back the 127.0.0.1 IP address to this line (replace xxx.xxx.xxx.xxx with your Nagios XI server's IP).

Code: Select all

allowed_hosts=127.0.0.1,xxx.xxx.xxx.xxx

[trafalgargirl]

root@ip:~# /usr/local/nagios/bin/nrpe

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required

***************************************************************
** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE! **
** Read the NRPE SECURITY file for more information **
***************************************************************

Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>

Options:
-n = Do not use SSL
<config_file> = Name of config file to use
-4 = use ipv4 only
-6 = use ipv6 only
<mode> = One of the following operating modes:
-i = Run as a service under inetd or xinetd
-d = Run as a standalone daemon
-d -s = Run as a subsystem under AIX

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.

root@ip:~# /usr/local/nagios/libexec/check_nrpe
Incorrect command line arguments supplied

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required

Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]

Options:
-n = Do no use SSL
-u = Make socket timeouts return an UNKNOWN state instead of CRITICAL
<host> = The address of the host running the NRPE daemon
<bindaddr> = bind to local address
-4 = user ipv4 only
-6 = user ipv6 only
[port] = The port on which the daemon is running (default=5666)
[timeout] = Number of seconds before connection times out (default=10)
[command] = The name of the command that the remote daemon should run
[arglist] = Optional arguments that should be passed to the command. Multiple
arguments should be separated by a space. If provided, this must be
the last option supplied on the command line.

Note:
This plugin requires that you have the NRPE daemon running on the remote host.
You must also have configured the daemon to associate a specific plugin command
with the [command] option you are specifying here. Upon receipt of the
[command] argument, the NRPE daemon will run the appropriate plugin command and
send the plugin output and return code back to *this* plugin. This allows you
to execute plugins on remote hosts and 'fake' the results to make Nagios think
the plugin is being run locally.

edit done.

[trafalgargirl]

Is it possible we are a bit in the weeds about what I am trying to do? is there any other info I can provide?

Thank you!!!

[eloyd]

I'm coming late to this party and don't feel like reading nine pages of previous notes. Can you summarize what problem you are still having? Thanks.

[trafalgargirl]

Hi there

So I have successfully installed Nagios on it's on AWS machine. I have been trying to now add the first client machine to monitor and get up and running. Both servers are running Ubuntu 12.04.05.

I am not sure what other information I should provide - I have been asked to runt the following on the client machine with the following result:

/usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error - Could not complete SSL handshake.

Happy to run / post anything you would like me to try.

Thanks!!!

[eloyd]

Is the other machine an AWS machine as well? If so, you'll need to open up the AWS firewall (Security Group) to allow traffic between the two machines. The easiest way to do this is to add the security group to itself, which means any machine that is in that security group can communicate with any other machine in that security group. Otherwise, add the NRPE port (5666) to the inbound rules from your Nagios IP server.

Also, make sure you're using internal IPs or else you'll be paying for data transfers.