NRPE issue

[raamardhani7]

Hi Team,

I have installed Nagios Linux plugin on one of the servers and configured the nrpe.cfg file with the relevant parameters. When trying to execute the commands remotely from Nagios XI, I am getting the below error.

[root@abclibexec]# /usr/local/nagios/libexec/check_nrpe -H xyz -t 30 -c check_disk -a '-p / -w 20 -c 10'
connect to address 10.10.xx.xx port 5666: Connection refused.

Could someone help me with this error please.

[raamardhani7]

I have checked with the client on the network part, he says nothing is blocking here on the server.

/usr/local/nagios/libexec/check_nrpe -H xxx
connect to address 10.10.xx.xx port 5666: Connection refused

[BanditBBS]

That error happens most often when NRPE is not actually running. Also, check IPTables to make sure it allows 5666.

You say you installed "nagios Linux plugin" but thats just the plugins, did you actually install NRPE as well?

[raamardhani7]

Hi...

[root@xxx libexec]# ps -ef | grep -i xinetd
root 16070 14986 0 10:18 pts/0 00:00:00 grep -i xinetd
root 25883 1 0 Aug03 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
[root@xxxlibexec]# ps -ef | grep -i nrpe
root 16092 14986 0 10:18 pts/0 00:00:00 grep -i nrpe

Could you please let me know how can I check other things.

[lmiltchev]

What document did you follow while installing the linux agent? Did you follow this document?

Is NRPE running under xinetd or as a "standalone" daemon? Did you add the Nagios XI server's IP to "/etc/xinetd.d/nrpe" (or "/usr/local/nagios/etc/nrpe.cfg") file? Is NRPE running on the client?

Code: Select all

ps axuw | grep nrpe
netstat -at | grep nrpe

Is port 5666 open?

Code: Select all

iptables -nL | grep 5666

Run the following command on the Nagios XI server and show the output:

Code: Select all

nmap <client ip> -p 5666

[raamardhani7]

Hi.. please find the output.


[root@xxx libexec]# ps -ef | grep -i nrpe
root 16092 14986 0 10:18 pts/0 00:00:00 grep -i nrpe
[root@xxx libexec]# ps axuw | grep nrpe
root 16723 0.0 0.0 103252 844 pts/0 S+ 10:23 0:00 grep nrpe
[root@xxx libexec]# netstat -at | grep nrpe
[root@xxx libexec]# iptables -nL | grep 5666



[root@xxx libexec]# nmap 10.10.83.90 -p 5666

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 10:28 CDT
Nmap scan report for NAGIOSXI00 (10.10.xx.xx)
Host is up (0.00033s latency).
PORT STATE SERVICE
5666/tcp filtered nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

[raamardhani7]

What document did you follow while installing the linux agent? Did you follow this document?

Is NRPE running under xinetd or as a "standalone" daemon? Did you add the Nagios XI server's IP to "/etc/xinetd.d/nrpe" (or "/usr/local/nagios/etc/nrpe.cfg") file? Is NRPE running on the client?

Code: Select all

ps axuw | grep nrpe
netstat -at | grep nrpe

Is port 5666 open?

Code: Select all

iptables -nL | grep 5666

Run the following command on the Nagios XI server and show the output:

Code: Select all

nmap <client ip> -p 5666

Hi..

I have installed as per the document which you have shared. NRPE is under xinted. Please find the output.

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.10.83.90
nrpe 5666/tcp

And also I have configured, the same ip in the nrpe.cfg file.

[ssax]

[root@xxx libexec]# nmap 10.10.83.90 -p 5666

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 10:28 CDT
Nmap scan report for NAGIOSXI00 (10.10.xx.xx)
Host is up (0.00033s latency).
PORT STATE SERVICE
5666/tcp filtered nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Looks like it's probably being blocking by a firewall/acl in between or from the remote server.

What is the full output of these commands on the remote host?

Code: Select all

netstat -ano | grep 5666
iptables -L -v

[raamardhani7]

[root@xxx libexec]# nmap 10.10.83.90 -p 5666

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 10:28 CDT
Nmap scan report for NAGIOSXI00 (10.10.xx.xx)
Host is up (0.00033s latency).
PORT STATE SERVICE
5666/tcp filtered nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Looks like it's probably being blocking by a firewall/acl in between or from the remote server.

What is the full output of these commands on the remote host?

Code: Select all

netstat -ano | grep 5666
iptables -L -v

Hi ssax,

Please find the output for the commands asked for:

[email protected]]# netstat -ano | grep 5666
[root@xxx inetd.d]# iptables -L -v
Chain INPUT (policy ACCEPT 2884K packets, 523M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere
0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere
0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 1153K packets, 106M bytes)
pkts bytes target prot opt in out source destination

[lmiltchev]

Run the following commands on the client:

Code: Select all

iptables -I INPUT -p tcp --dport 5666 -j ACCEPT
service iptables save

and test it from the XI server:

Code: Select all

nmap 10.10.83.90 -p 5666
/usr/local/nagios/libexec/check_nrpe -H 10.10.83.90