xinetd[1994]: START: nsca pid=2518 from=::ffff <IP Address>

[phreedom68]

Greetings everyone,

I installed nagios 3.5 with NSCA on Centos 6 and everything was working fine. I decided to upgrade nagios to version 4 on the same machine. I also reinstalled NSCA. While the upgrade itself on both Nagios and NSCA went okay the NSCA part is filling up the logs with

Aug 26 15:59:34 emswebserver2 xinetd[2518]: FAIL: nsca address from=::ffff:<IP address of the sender>
Aug 26 15:59:34 emswebserver2 xinetd[1994]: EXIT: nsca status=0 pid=2518 duration=0(sec)

I made sure that the "only_from" var in "/etc/xinetd.d/nsca" has the host's IP address (i.e. the IP address of the machine that nagios is running on). I also did restarted the daemon ("/etc/rc.d/init.d/xinetd restart").

When I run "netstat -planet | grep 5667 " I get 176 lines that have 5667 port in it.

I'm able to telnet to <IP>:5667 and the connection holds (doesn't disconnect right away). Nagios Dashboard shows the hosts that I defined but all are in the pending status (except for the localhost of course).

The following URL is the tutorials that I'm going by:

https://sachinsharm.wordpress.com/2013/ ... srhel-6-3/

A few observations:

1) Nagios 3.5 was installed in /etc/nagios. However, Nagios 4 is installed /usr/local/nagios
2) I didn't uninstall anything before any upgrade. Everything is piled up on each other. I'm not a unix guy at all. So I wonder when I run "service nsca restart" command which version of nsca is starting ..the old one or the new one? Can it be a conflict between the two versions?
3) When I do a "ps -ef | grep nsca" i get nothing. No daemon is running.

Any help is appreciated. Thanks in advance

[jolson]

2) I didn't uninstall anything before any upgrade. Everything is piled up on each other. I'm not a unix guy at all. So I wonder when I run "service nsca restart" command which version of nsca is starting ..the old one or the new one? Can it be a conflict between the two versions?

nsca should be started on-demand by the xinetd process. Is xinetd running properly?

Code: Select all

service xinetd status

Let's see your nsca configuration:

Code: Select all

cat /etc/xinetd.d/nsca

3) When I do a "ps -ef | grep nsca" i get nothing. No daemon is running.

That is normal. Xinetd will start and stop nsca as necessary, meaning that you'll unlikely see nsca running.

I'm interested mostly in seeing the nsca config file under your xinetd.d directory. Let us know what you find out!

[phreedom68]

Thanks for the help. Requested information below.

Here's the status of xinetd

[root@<somewhere>]# service xinetd status
xinetd (pid 1994) is running...

NSCA config

[root@<somewhere> checkresults]# cat /etc/xinetd.d/nsca
# default: on
# description: NSCA (Nagios Service Check Acceptor)
service nsca
{
flags = REUSE
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nsca
server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 162.242.xxx.xxx
}

"xxx" were blanked out by me otherwise the original has full iP address.

[Box293]

What version of NSCA did you install?

What type of client is the remote client? Is it NSClient++? If yes, what version is it?

If you want to send NSCA checks using NSClient++ 0.3.9 and below your NSCA server MUST use NSCA version 2.7.2.

[phreedom68]

NSCA - Nagios Service Check Acceptor
Copyright (c) 2000-2007 Ethan Galstad (www.nagios.org)
Version: 2.7.2
Last Modified: 07-03-2007


NSclient++ is 0.4 (the latest one)

Thanks

[Box293]

Can you please post this file: /usr/local/nagios/etc/nsca.cfg

[phreedom68]

[root@emswebserver2 ~]# cat /usr/local/nagios/etc/nsca.cfg
####################################################
# Sample NSCA Daemon Config File
# Written by: Ethan Galstad ([email protected])
#
# Last Modified: 11-23-2007
####################################################


# LOG FACILITY
# The syslog facility that should be used for logging purposes.

log_facility=daemon

# Check Result directory. If passed, skip command pipe and submit
# directly into the checkresult directory. Requires Nagios 3+
# For best results, mount dir on ramdisk.

#check_result_path=/usr/local/nagios/var/spool/checkresults


# PID FILE
# The name of the file in which the NSCA daemon should write it's process ID
# number. The file is only written if the NSCA daemon is started by the root
# user as a single- or multi-process daemon.

pid_file=/var/run/nsca.pid



# PORT NUMBER
# Port number we should wait for connections on.
# This must be a non-priveledged port (i.e. > 1024).

server_port=5667



# SERVER ADDRESS
# Address that NSCA has to bind to in case there are
# more as one interface and we do not want NSCA to bind
# (thus listen) on all interfaces.

#server_address=192.168.1.1



# NSCA USER
# This determines the effective user that the NSCA daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd

nsca_user=nagios



# NSCA GROUP
# This determines the effective group that the NSCA daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NSCA is running under either inetd or xinetd

nsca_group=nagios



# NSCA CHROOT
# If specified, determines a directory into which the nsca daemon
# will perform a chroot(2) operation before dropping its privileges.
# for the security conscious this can add a layer of protection in
# the event that the nagios daemon is compromised.
#
# NOTE: if you specify this option, the command file will be opened
# relative to this directory.

#nsca_chroot=/var/run/nagios/rw



# DEBUGGING OPTION
# This option determines whether or not debugging
# messages are logged to the syslog facility.
# Values: 0 = debugging off, 1 = debugging on

debug=1



# COMMAND FILE
# This is the location of the Nagios command file that the daemon
# should write all service check results that it receives.

command_file=/usr/local/nagios/var/rw/nagios.cmd

# ALTERNATE DUMP FILE
# This is used to specify an alternate file the daemon should
# write service check results to in the event the command file
# does not exist. It is important to note that the command file
# is implemented as a named pipe and only exists when Nagios is
# running. You may want to modify the startup script for Nagios
# to dump the contents of this file into the command file after
# it starts Nagios. Or you may simply choose to ignore any
# check results received while Nagios was not running...

alternate_dump_file=/usr/local/nagios/var/rw/nsca.dump



# AGGREGATED WRITES OPTION
# This option determines whether or not the nsca daemon will
# aggregate writes to the external command file for client
# connections that contain multiple check results. If you
# are queueing service check results on remote hosts and
# sending them to the nsca daemon in bulk, you will probably
# want to enable bulk writes, as this will be a bit more
# efficient.
# Values: 0 = do not aggregate writes, 1 = aggregate writes

aggregate_writes=0



# APPEND TO FILE OPTION
# This option determines whether or not the nsca daemon will
# will open the external command file for writing or appending.
# This option should almost *always* be set to 0!
# Values: 0 = open file for writing, 1 = open file for appending

append_to_file=0



# MAX PACKET AGE OPTION
# This option is used by the nsca daemon to determine when client
# data is too old to be valid. Keeping this value as small as
# possible is recommended, as it helps prevent the possibility of
# "replay" attacks. This value needs to be at least as long as
# the time it takes your clients to send their data to the server.
# Values are in seconds. The max packet age cannot exceed 15
# minutes (900 seconds). If this variable is set to zero (0), no
# packets will be rejected based on their age.

max_packet_age=30



# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets. Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!

#password=



# DECRYPTION METHOD
# This option determines the method by which the nsca daemon will
# decrypt the packets it receives from the clients. The decryption
# method you choose will be a balance between security and performance,
# as strong encryption methods consume more processor resources.
# You should evaluate your security needs when choosing a decryption
# method.
#
# Note: The decryption method you specify here must match the
# encryption method the nsca clients use (as specified in
# the send_nsca.cfg file)!!
# Values:
#
# 0 = None (Do NOT use this option)
# 1 = Simple XOR (No security, just obfuscation, but very fast)
#
# 2 = DES
# 3 = 3DES (Triple DES)
# 4 = CAST-128
# 5 = CAST-256
# 6 = xTEA
# 7 = 3WAY
# 8 = BLOWFISH
# 9 = TWOFISH
# 10 = LOKI97
# 11 = RC2
# 12 = ARCFOUR
#
# 14 = RIJNDAEL-128
# 15 = RIJNDAEL-192
# 16 = RIJNDAEL-256
#
# 19 = WAKE
# 20 = SERPENT
#
# 22 = ENIGMA (Unix crypt)
# 23 = GOST
# 24 = SAFER64
# 25 = SAFER128
# 26 = SAFER+
#

decryption_method=0

[Box293]

Can you please post the nsclient.ini file from the windows machine.

Also, I see that debugging is enabled, you also need to enable this in syslog for it to appear in /var/log/messages:

Edit the file:
/etc/rsyslogd.conf
Find /var/log/messages
The line in the config file will look like:
*.info;mail.none;authpriv.none;cron.none /var/log/messages

We need to add the following to the line:
*.info;mail.none;authpriv.none;cron.none;daemon.debug /var/log/messages

Save the file and

Code: Select all

service rsyslog restart

Now there should be more information logged in /var/log/messages

[phreedom68]

Below is the ini file. I also included daemon.debug to the rsyslog. Please note that this was working with nagios 3.5 and previous nsca.
Thanks again for all your help!

Code: Select all

# If you want to fill this file with all avalible options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; Undocumented section
[/settings/default]

; INBOX - The default channel to post incoming messages on
inbox = inbox

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
;allowed hosts = 162.242.xxx.xxx

; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to = 

; Undocumented key
allowed hosts = 127.0.0.1


; PASSWORD - Password used to authenticate against server
;password = foobar


; Undocumented section
[/modules]

; SimpleFileWriter - Write status updates to a text file (A bit like the NSCA server does)
SimpleFileWriter = 0

; PythonScript - Loads and processes internal Python scripts
PythonScript = 0

; NSCAServer - A server that listens for incoming NSCA connection and processes incoming requests.
NSCAServer = 0

; SyslogClient - Forward information as syslog messages to a syslog server
SyslogClient = 0

; GraphiteClient - Graphite client can be used to submit graph data to a graphite graphing system
GraphiteClient = 0

; SMTPClient - SMTP client can be used both from command line and from queries to check remote systes via SMTP
SMTPClient = 0

; CheckWMI - Check status via WMI
CheckWMI = 0

; NSCAClient - NSCA client can be used both from command line and from queries to submit passive checks via NSCA
NSCAClient = 1

; SimpleCache - Stores status updates and allows for active checks to retrieve them
SimpleCache = 0

; Scheduler - Use this to schedule check commands and jobs in conjunction with for instance passive monitoring through NSCA
Scheduler = 1

; NRDPClient - NRDP client can be used both from command line and from queries to check remote systes via NRDP
NRDPClient = 1

; DotnetPlugin - Plugin to load and manage plugins written in dot net.
DotnetPlugins = 1

; CheckTaskSched - Check status of your scheduled jobs.
CheckTaskSched = enabled

; NRPEClient - NRPE client can be used both from command line and from queries to check remote systes via NRPE as well as configure the NRPE server
NRPEClient = 1

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckLogFile - File for checking log files and various other forms of updating text files
CheckLogFile = enabled

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1

; CommandClient - A command line client, generally not used except with "nscp test".
CommandClient = enabled

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = enabled

; WEBServer - A server that listens for incoming HTTP connection and processes incoming requests. It provides both a WEB UI as well as a REST API in addition to simplifying configuration of WEB Server module.
WEBServer = enabled


[/settings/external scripts/scripts]

; SCRIPT - For more configuration options add a dedicated section (if you add a new section you can customize the user and various other advanced features)
default = 

; SCRIPT - For more configuration options add a dedicated section (if you add a new section you can customize the user and various other advanced features)
POS_Monitor = scripts\\POS_Monitoring.exe


; A list of available remote target systems
[/settings/targets]


; Configure which services has to be in which state
[/settings/system/windows/service mapping]


; A set of options to configure the real time checks
[/settings/system/windows/real-time]


; Section for system checks and system settings
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h


; Section for configuring the shared session.
[/settings/shared session]

; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false


; Section for the PythonScripts module.
[/settings/python]


; A set of options to configure the real time checks
[/settings/logfile/real-time]

; REAL TIME CHECKING - Spawns a background thread which waits for file changes.
enabled = false


; Configure log file properties.
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0


; A list of scripts available to run from the PythonScript module.
[/settings/python/scripts]


; Section for configuring the log handling.
[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log


; Section for simple file writer module (SimpleFileWriter.dll).
[/settings/writers/file]

; MESSAGE SYNTAX - The syntax of the message to write to the line. Can be any arbitrary string as well as include any of the following special keywords:${command} = The command name, ${host} the host, ${channel} the recieving channel, ${alias} the alias for the command, ${alias-or-command} = alias if set otherweise command, ${message} = the message data (no escape), ${result} = The result status (number).
syntax = ${alias-or-command} ${result} ${message}

; FILE TO WRITE TO - The filename to write output to.
file = output.txt

; CHANNEL - The channel to listen to.
channel = FILE


; Section for graphite passive check module.
[/settings/graphite/client]

; CHANNEL - The channel to listen to.
channel = GRAPHITE

; HOSTNAME - The host name of this host if set to blank (default) the windows name of the computer will be used.
hostname = auto


; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]


; Target definition for: default
[/settings/syslog/client/targets/default]

; TODO - 
warning severity = warning

; TODO - 
tag_syntax = NSCA

; TODO - 
severity = error

; TODO - 
ok severity = informational

; TODO - 
message_syntax = %message%

; TODO - 
facility = kernel

; TODO - 
critical severity = critical

; TODO - 
unknown severity = emergency

; TARGET ADDRESS - Target host address
address = 


; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path = 

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60


; Section for SYSLOG passive check module.
[/settings/syslog/client]

; CHANNEL - The channel to listen to.
channel = syslog

; HOSTNAME - The host name of this host if set to blank (default) the windows name of the computer will be used.
hostname = 


; A set of options to configure the real time checks
[/settings/eventlog/real-time]

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = true

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m


; Section for configuring the crash handler.
[/settings/crash]

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps


; Section for log file checker
[/settings/logfile]


; Section for SMTP passive check module.
[/settings/SMTP/client]

; CHANNEL - The channel to listen to.
channel = SMTP


; Section for NSCA (NSCAServer) (check_nsca) protocol options.
[/settings/NSCA/server]

; PORT NUMBER - Port to use for NSCA.
port = 5667

; PERFORMANCE DATA - Send performance data back to nagios (set this to false to remove all performance data).
performance data = 0

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your agent i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = none

; PAYLOAD LENGTH - Length of payload to/from the NSCA agent. This is a hard specific value so you have to "configure" (read recompile) your NSCA agent to use the same value for it to work.
payload length = 512


[/settings/NSCA/client]
hostname = auto

; CHANNEL - The channel to listen to.
channel = NSCA


; Target definition for: default
[/settings/NSCA/client/targets/default]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30

; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = none

; SSL CERTIFICATE - 
certificate = 

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = ADH

; VERIFY MODE - 
verify mode = none

; PASSWORD - The password to use. Again has to be the same as the server or it wont work at all.
;password = foobar

; TARGET ADDRESS - Target host address
address = 162.242.xxx.xxx


; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true

; PORT NUMBER - Port to use for check_nt.
port = 12489


; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]


; Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]

; Undocumented key
ssl = true

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; PAYLOAD LENGTH - Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
payload length = 1024

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = false

; ALLOWED CIPHERS - The chipers which are allowed to be used. The default here will differ is used in "insecure" mode or not. check_nrpe uses a very old chipers and should preferably not be used. For details of chipers please see the OPEN ssl documentation: https://www.openssl.org/docs/apps/ciphers.html
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

; SSL CERTIFICATE - 
certificate key = 

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  default-workarounds	Various workarounds for what I understand to be broken ssl implementations no-sslv2	Do not use the SSLv2 protocol. no-sslv3	Do not use the SSLv3 protocol. no-tlsv1	Do not use the TLSv1 protocol. single-dh-use	Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).   
ssl options = no-sslv2,no-sslv3

; SSL CERTIFICATE - 
certificate = ${certificate-path}/certificate.pem

; PORT NUMBER - Port to use for NRPE.
port = 5666

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true


[NRPE Handlers]
command[POS_Monitor] = "C:\\Program Files\\NSClient++\\scripts\\POS_Monitoring.exe"


; Target definition for: default
[/settings/NRDP/client/targets/default]

; RECIPIENT - Recipient of email message
recipient = nscp@localhost

; SENDER - Sender of email message
sender = nscp@localhost

; TARGET ADDRESS - Target host address
address = 

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30

; TEMPLATE - Template for message data
template = Hello, this is %source% reporting %message%!


; Section for SMTP passive check module.
[/settings/NRDP/client]

; HOSTNAME - The host name of this host if set to blank (default) the windows name of the computer will be used.
hostname = auto

; CHANNEL - The channel to listen to.
channel = NRDP


; Target definition for: default
[/settings/NRPE/client/targets/default]

; TARGET ADDRESS - Target host address
address = 

; Insecure legacy mode - Use insecure legacy mode to connect to old NRPE server
insecure = 1

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false

; VERIFY MODE - What to verify default is non, to validate remote certificate use remote-peer
verify mode = none

; PAYLOAD LENGTH - Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
payload length = 1024

; SSL CERTIFICATE - The ssl certificate to use to encrypt the communication
certificate = 

; SSL CERTIFICATE KEY - Key for the SSL certificate
certificate key = 

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30


; Section for WEB (WEBServer.dll) (check_WEB) protocol options.
[/settings/WEB/server]

; Undocumented key
certificate key = 

; PORT NUMBER - Port to use for WEB server.
port = 8443s

; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem

; PASSWORD - Password used to authenticate against server parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.
password = xxxxxxxx


; Target definition for: default
[/settings/SMTP/client/targets/default]

; SENDER - Sender of email message
sender = nscp@localhost

; TARGET ADDRESS - Target host address
address = 

; TEMPLATE - Template for message data
template = Hello, this is %source% reporting %message%!

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30

; RECIPIENT - Recipient of email message
recipient = nscp@localhost


; Files to be included in the configuration
[/includes]


; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax = 

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false


; Section for NRPE active/passive check module.
[/settings/NRPE/client]

; CHANNEL - The channel to listen to.
channel = NRPE


[/settings/scheduler/schedules/default]
interval = 1m


; Section for the Scheduler module.
[/settings/scheduler/schedules]
cpu = alias_cpu
mem = alias_mem
disk = alias_disk
service = alias_service
posmonitor = alias_POS_Monitor
Vol = alias_volumes
ServiceEx = alias_service_ex
Sched_Task = alias_sched_task
Sched_Long = alias_sched_long
Sched_All = alias_sched_all
File_Size = alias_file_size
Event_Log = alias_event_log
Volumes_Loose = alias_volumes_loose
Process = alias_process
Up = alias_up
Process_Count = alias_process_count
Process_Stopped = alias_process_stopped
Process_Hung = alias_process_hung
Disk_Loose = alias_disk_loose
File_Age = alias_file_age
report = check_warning


; A list of aliases available.
;An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
[/settings/external scripts/alias]
alias_POS_Monitor = POS_Monitor

; ALIAS - Query alias
alias_volumes = check_drivesize

; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc

; ALIAS - Query alias
alias_service = check_service

; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"

; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10

; ALIAS - Query alias
alias_event_log = check_eventlog

; ALIAS - Query alias
alias_cpu = check_cpu

; ALIAS - Query alias
alias_volumes_loose = check_drivesize

; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"

; ALIAS - Query alias
alias_up = check_uptime

; ALIAS - Query alias
alias_mem = check_memory

; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"

; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"

; ALIAS - Query alias
default = 

; ALIAS - Query alias
alias_disk_loose = check_drivesize

; ALIAS - Query alias
alias_disk = check_drivesize

; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"

; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s

; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10


; Target definition for: default
[/settings/graphite/client/targets/default]

; PATH FOR VALUES - Path mapping for metrics
path = system.${hostname}.${check_alias}.${perf_alias}

; TARGET ADDRESS - Target host address
address = 


; Modules written in dotnet/CLR
[/modules/dotnet]


; Add counters to check
[/settings/system/windows/counters]


; A set of filters to use in real-time mode
[/settings/logfile/real-time/checks]


; Section for simple cache module (SimpleCache.dll).
[/settings/cache]

; CHANNEL - The channel to listen to.
channel = CACHE

; PRIMARY CACHE INDEX - Set this to the value you want to use as unique key for the cache. Can be any arbitrary string as well as include any of the following special keywords:${command} = The command name, ${host} the host, ${channel} the recieving channel, ${alias} the alias for the command, ${alias-or-command} = alias if set otherweise command, ${message} = the message data (no escape), ${result} = The result status (number).
primary index = ${alias-or-command}


; Section for the Scheduler module.
[/settings/scheduler]

; THREAD COUNT - Number of threads to use.
threads = 5


; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]

; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]

; FILTER DEFENITION - For more configuration options add a dedicated section
default = 


[/paths]

; Path for crash-folder - 
crash-folder = c:\Program Files\NSClient++

; Path for base-path - 
base-path = c:\Program Files\NSClient++

; Path for certificate-path - 
certificate-path = ${shared-path}/security

; Path for module-path - 
module-path = ${shared-path}/modules

; Path for shared-path - 
shared-path = c:\Program Files\NSClient++

; Path for exe-path - 
exe-path = c:\Program Files\NSClient++

[phreedom68]

Now there should be more information logged in /var/log/messages

There isn't. The /var/log/message still getting spam at a high rate with errors. The high rate I guess stems from the fact that I have the check very minute (about 6 services). But other than the lines below, no new messages.
Thanks

Aug 26 18:38:56 emswebserver2 xinetd[8011]: FAIL: nsca address from=::ffff:71.6.xx.x
Aug 26 18:38:56 emswebserver2 xinetd[20138]: EXIT: nsca status=0 pid=8011 duration=0(sec)
Aug 26 18:38:56 emswebserver2 xinetd[20138]: START: nsca pid=8012 from=::ffff:173.8.xxx.xxx
Aug 26 18:38:56 emswebserver2 xinetd[8012]: FAIL: nsca address from=::ffff:173.8.xxx.xxx
Aug 26 18:38:56 emswebserver2 xinetd[20138]: EXIT: nsca status=0 pid=8012 duration=0(sec)