Nagios Support Forum

Hi,

We have check_nrpe 2.15 on our Nagios XI install. I am using nsclient 0.3.9 on a Windows host I want to monitor. I have use_ssl=1 set in NSC.ini but everytime Wireshark the test command I send from Nagios, I see the alias_cpu and the results passed in plaintext. I haven't been able to find any good walkthrough/tutorials on what I'm trying to do. Can anyone point me in the right direction?

Thanks

What is the full check_nrpe command that you are running?

This what you're looking for? Its from the XI side of the house...
Its just a test command that does work but works in plaintext

Did you restart your nsclient on your windows?

also, here is a good resource for NRPE/nsclient:

http://nsclient.org/nscp/wiki/doc/usage/nagios/nrpe

In addition to this, I found the following info on enabling SSL in NSClient++:

https://www.nsclient.org/forums/topic/old-1342/

Hi,

is there an nrpe.cfg file for nrpe on the nagios server? I wasn't the one who installed it but I can check it out. I know there is one for the client side of nrpe. Would I get any type of error if one side has ssl=1 but the other doesn't? I guess it would just pass right on through, not using ssl though.

It's just a little confusing because Michael Medin's forum post: https://www.nsclient.org/forums/topic/old-1342/ goes into installing certificates and such. Is his forum post about a different version of the nsclient? Is his forum post more on topic with the nscp client? I've fiddled with nscp a little trying to get ssl to work but not much.

Thanks so far!

The nrpe.cfg on the nagios server has nothing to do with this. You need to configure nrpe.cfg on the client (remote box) when you monitor a Linux host. With Windows and NSClient++, you need to modify NSC.ini or nsclient.ini (depending on the version that you are running).
It seems like Michael Medin's forum post refers to NSClient++ ver. 4.x. I don't think certificate options could be set in the NSC.ini (0.3.9), but I could be wrong. I am going to install ver. 0.3.9 and will try to recreate the issue in house.
Meanwhile, I would recommend posting a question on the NSClient++ support site. Hopefully, the developer of NSClient++ can shed some light on the issue.

Hi lmiltchev,

yeah I wasn't sure if the nagios side nrpe config had anything to do with it. thought id throw it out there. I did get a check between our server and a Linux host going and I wiresharked the command and as I recall, none of it was in plaintext. I was thinking that since both the nagios server and the Linux client had libmcrypt (or something similar) installed that having that package on both machines made the successful ssl tunnel between them. So with that train of thought, I wasn't sure how a windows server would handle an ssl connection without installing another piece of software.

I also remember posting this question over at nsclient.org but ill be damned if I can find my post. That site seems like a graveyard, with the last forum post being a week ago with no responses ><

Thanks for all your help! I'm curious to see what you find with your in-house test!

ah found it!
http://www.nsclient.org/answers/nrpe-2-15-ssl/
I forgot I had to make a twitter account to post on those forums. They only allowed facebook, twitter, other types of social media logins.

Thanks for all your help! I'm curious to see what you find with your in-house test!

Sure.
Can you tell us what is the Windows flavor/architecture on the client (Windows 7, Server 2003, 2008, etc./32 or 64 bit)? Also, post a screenshot of the "clear text output" in Wireshark and the NSC.ini file (hide sensitive into).
Thanks!