Nagios Support Forum

So I have made some changes to the configuration of the Nagios client on my OSX server. How exactly do I restart the process/service for it? Don't seem to see anything usable by launchd?

Also does the install process open up the firewall the way it needs or is there something I need to add as far as trusted applications?

Here are the commands to stop and start NRPE on OSX. The firewall should be open. The NRPE client uses port 5666 TCP.

Okay that worked but now I have having issues getting the server to work. I have setup the checks on the nagios side and see the traffic making it through our firewall the server. I haven't done a tcpdump yet but I am pretty sure the 5666 TCP traffic is making it all the way there. I do see the process as running and I have the nagios server set as an allow server in the configuration. Any ideas what might be wrong / steps I should take / Information you need? Unfortunately I do not have a copy of the output from the install but it seems to go okay.

Also apparently the firewall is turned off at the moment. At least the application based one is.

What types of errors are you receiving when attempting to run your NRPE check from Nagios?

CHECK_NRPE: Error - Could not complete SSL handshake.

I followed the steps in these documents:

https://assets.nagios.com/downloads/nag ... ios_XI.pdf
https://assets.nagios.com/downloads/nag ... _Agent.pdf


However while looking through a troubleshooting document for NRPE it mentioned restarting xinetd and trying to re-compile with SSL. Both options of which I haven't figured out how to do on the mac side of things versus linux.

I'm not an OSX expert - this makes me think xinetd isn't involved though:

tgriep wrote:Here are the commands to stop and start NRPE on OSX.

Code: Select all

launchctl stop org.nagios.nrpe
launchctl start org.nagios.nrpe

The firewall should be open. The NRPE client uses port 5666 TCP.

The error you're seeing is often caused by the Nagios server not being listed in allowed_hosts under nrpe.cfg. Can you verify that? Also make sure that nrpe isn't being called by xinetd as well as running in daemon mode. That wouldn't do you any favors.

It sounds like the SSL library isn't installed on the OSX system. But to be sure, can you upload the log file that should be in the folder that you compiled NRPE in?

Lets test a few things too.
In the XI system, run the following and replace <IP> with the IP address of the OSX system. Post the output here.

Yeah the server is entered into the allow list and I have restarted the service after that.


allowed_hosts=127.0.0.1,140.225.8.240


8.240 is indeed our nagios server.

However oddly enough the launchctl command doesn't seem to be doing anything anything or giving any feedback when I run it

Marcomm-Server-MM-0487:etc admin$ cd /bin/
Marcomm-Server-MM-0487:bin admin$ sudo launchctl stop org.nagios.nrpe
Marcomm-Server-MM-0487:bin admin$ sudo launchctl stop org.nagios.nrpe
Marcomm-Server-MM-0487:bin admin$ launchctl stop org.nagios.nrpe
Marcomm-Server-MM-0487:bin admin$ launchctl stop org.nagios.nrpe
Marcomm-Server-MM-0487:bin admin$ launchctl start org.nagios.nrpe
Marcomm-Server-MM-0487:bin admin$ sudo launchctl start org.nagios.nrpe

Maybe I just need to restart it and it has not restarted yet? The command I used yesterday that I seem to remember working also doesn't seem to work anymore:


Marcomm-Server-MM-0487:bin admin$ sudo launchctl load org.nagios.nrpe.plist
/bin/org.nagios.nrpe.plist: No such file or directory
Marcomm-Server-MM-0487:bin admin$ cd /usr/local/nagios/etc/
Marcomm-Server-MM-0487:etc admin$ sudo launchctl unload org.nagios.nrpe.plist
/usr/local/nagios/etc/org.nagios.nrpe.plist: No such file or directory
Marcomm-Server-MM-0487:etc admin$ launchctl start org.nagios.nrpe



Here is the results of the check commands run from the nagios server:

[cfgriffith@nagiosxi0 ~]$ /usr/local/nagios/libexec/check_nrpe -H 140.225.12.28
CHECK_NRPE: Error - Could not complete SSL handshake.
[cfgriffith@nagiosxi0 ~]$ /usr/local/nagios/libexec/check_nrpe -H 140.225.12.28 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.


Seems like same thing if I run it from the server itself:

Marcomm-Server-MM-0487:etc admin$ /usr/local/nagios/libexec/check_nrpe -H 140.225.12.28 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
Marcomm-Server-MM-0487:etc admin$ /usr/local/nagios/libexec/check_nrpe -H 140.225.12.28
CHECK_NRPE: Error - Could not complete SSL handshake.
Marcomm-Server-MM-0487:etc admin$


Marcomm-Server-MM-0487:etc admin$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v2.15
Marcomm-Server-MM-0487:etc admin$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
Marcomm-Server-MM-0487:etc admin$

As I mentioned earlier, I think you need to sort out the xinetd vs running in daemon mode.

If in daemon mode the allowed_hosts in nrpe.cfg matters
If in xinetd mode the only_from in xinetd.conf (or nrpe in xinetd.d) is what matters