Page 1 of 2
CHECK_NRPE: Error receiving data from daemon.
Posted: Wed Feb 09, 2011 2:52 pm
by tcicirello
This is probably a case of missing the obvious but i have tried everything i could think of and also what the nrpe.pdf doc suggests.
I am installing nrpe on centOS box using yum. The package installs without error.
Verion info: nagios-nrpe x86_64 2.12-1.el5.rf
I've added the check_nrpe command to /etc/nagios/objects/commands.cfg
# 'check_nrpe' command definition
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
and the host IP address to nrpe.cfg
nrpe is configured to run as a daemon and shows as running:
ps auxw | grep nrpe
root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe
nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d
nrpe is listening on the correct port:
netstat -at | grep nrpe
tcp 0 0 mail.panoston.com:nrpe *:* LISTEN
The problem(s) arise when I run check_nrpe on the remote host.
Running without ssl yields
/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n
CHECK_NRPE: Error receiving data from daemon.
Running with ssl yields:
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231
CHECK_NRPE: Error - Could not complete SSL handshake.
The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation.
Any suggestions would be appreciated.
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Wed Feb 09, 2011 3:29 pm
by tonyyarusso
It's probably iptables blocking connections to the running daemon. Try adding a firewall rule to allow state new traffic on NRPE's port.
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Wed Feb 09, 2011 4:33 pm
by tcicirello
IPtables have been set correctly. result of
iptables -L
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Wed Feb 09, 2011 5:53 pm
by tonyyarusso
Is that ACCEPT listed before any REJECTS?
Do you have allowed_hosts set correctly in the NRPE config file?
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 11:27 am
by tcicirello
The only reject is the last line in the table - reject all.
The ouput is below.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.21.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.2.31 anywhere state NEW
ACCEPT all -- IP Address anywhere state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp spt:6277
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
The allowd_hosts line from nrpe.cfg
allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 1:42 pm
by tonyyarusso
I'm not certain if this is your issue, but there should not be any spaces in the value for allowed_hosts, neither after the = or between hosts. Multiple hosts should be separated by commas only.
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 2:51 pm
by tcicirello
I made the changes you suggested but it made no difference.
allowed_hosts=96.37.142.40,192.168.2.231,127.0.0.1
/usr/lib64/nagios/plugins/check_nrpe -H localhost
Connection refused by host
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 3:05 pm
by tonyyarusso
Are you running NRPE as a service directly or via xinetd?
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 3:11 pm
by tonyyarusso
Also take a look at the five notes on
http://support.nagios.com/knowledgebase ... faq_id=191 and see if any of those could apply to you.
Re: CHECK_NRPE: Error receiving data from daemon.
Posted: Thu Feb 10, 2011 4:35 pm
by tcicirello
Found two errors. File permissions on the remote host. Reset them to nagios:nagios and the remote host is functioning. Firewall issues on our side. Corrected those and the system is monitoring correctly.
Thanks very much for your help!