Nagios Support Forum

sreinhardt wrote:I can't say I've seen this one before. Is this a current version of nrpe? Is it from ports or straight from source?

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
TCP Wrappers Available

tjay wrote:I have about 10 commands configured in NRPE but when i set the server live in the nagios config it will be hit and miss over if i get the result.

tjay wrote:

Code: Select all

Dec  4 15:43:41 client-1 kernel: sonewconn: pcb 0xfffff801af1457a8: Listen queue overflow: 8 already in queue awaiting acceptance

tjay wrote:It seems that the max queue length for NRPE is set at five, meaning i can only run five checks on NRPE at once
netstat -LAan

Code: Select all

Current listen queue sizes (qlen/incqlen/maxqlen)
Tcpcb            Proto Listen         Local Address
fffff80342156000 tcp4  0/0/5          *.5666
fffff801af7b5000 tcp6  0/0/5          *.5666
fffff801afaadc00 tcp4  0/0/50         127.0.0.1.8080
fffff801af7b6400 tcp4  0/0/128        *.8081
fffff8000e087400 tcp4  0/0/128        *.80
fffff8000e7cc000 tcp4  0/0/10         127.0.0.1.25
fffff8000e7b5000 tcp4  0/0/128        127.0.0.1.5432
fffff801f4b19c00 tcp6  0/0/128        ::1.5432
fffff8000e7c6800 tcp4  0/0/100        *.9090
fffff8000e7cc400 tcp4  0/0/128        *.22
fffff8000e7cc800 tcp6  0/0/128        *.22
unix  0/0/128        /tmp/.s.PGSQL.5432
unix  0/0/4          /var/run/devd.pipe

Does anyone have any suggestions on how i can get around this limitation, either through FreeBSD or NRPE

/usr/local/nagios/libexec/check_nrpe -H <problem host address>

emislivec wrote: What do you mean by "miss over if i get the result"? Do the check_nrpe checks timeout? Have you been able to test the check commands manually?

Are you running NRPE with xinetd or as a standalone daemon? NRPE's listen queue size only matters when run as a daemon.

CHECK_NRPE: Error - Could not complete SSL handshake.
(Return code of 141 is out of bounds) 

emislivec wrote: The kernel messages are for another process listening on a socket with a wait queue of size 8. What is the load like on the host?

emislivec wrote: NRPE has a default of 5 that can be changed with listen_queue_size in nrpe.cfg, but this has no effect under xinetd. Nagios shouldn't be running 10 checks on the same host at the same time, it should spread them out. Also, at least five connections should be able to be queued before the queue fills. I'm not sure if this is a problem with NRPE itself.

What is the output of this from your nagios server as root:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <problem host address>

tjay wrote:And what i mean by hit and miss is...

emislivec wrote:

tjay wrote:And what i mean by hit and miss is...

I had read that wrong ("..be hit, and miss over..."), this makes more sense.

I'm still unclear why you're seeing the errors you are. If the system load is low, nrpe should be able to accept the connections fast enough to avoid a backlog.

Increasing the listen queue size would consume a bit more system resources. 5 is fairly conservative, you should be able to increase this to the number of checks run against the host (this seems a good rule of thumb).

listen_queue_size=15

nrpe[76268]: Unknown option specified in config file '/usr/local/etc/nrpe.cfg' - Line 18

sreinhardt wrote:You are correct, that is the same version on Cent, although I cannot say that I have ever seen this issue in Cent. Are you able to compile from source? I think you are going to find either compilation of 2.16 or modification of 2.15 and compilation of that is needed to correct this.

netstat -LAan
Current listen queue sizes (qlen/incqlen/maxqlen)
Tcpcb            Proto Listen         Local Address
fffff8000e7b5c00 tcp4  0/0/15         *.5666
fffff8031a13f800 tcp6  0/0/15         *.5666