Page 1 of 2
Issue with Check_nrpe
Posted: Mon Nov 16, 2015 11:08 pm
by druid
I have an old nagios v3.5 server that I'm replacing with a new CentOS 7 server to run nagios v4.1.1. I tried copying over a windows and linux host config files to the new Nagios server and started to get errors. When using the Nagios web client to view the windows host, which previously was running check_nt instead of check_nrpe, the checks are giving the error "Check_nrpe error: Unable to complete SSL handsake". When viewing the linux host the checks are giving the error "Return code 255 is out of bounds".
On the new Nagios server, running
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H localhost
returns: CHECK_NRPE: Error - Could not complete SSL handshake.
Running without SSL
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H localhost -n
returns: CHECK_NRPE Error: Error receiving data from daemon.
I'd be happy to provide any config or log files necessary. Thank you.
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 12:27 am
by Box293
While this guide is for Nagios XI, most of the troubleshooting applies to your problem.
https://assets.nagios.com/downloads/nag ... utions.pdf
Let us know what you've tried and the output you get.
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 2:17 pm
by druid
Looking at that article's explanation of the "Could not complete SSL Handshake" error:
I added my new nagios server IP to allowed hosts in both /usr/local/nagios/etc/nrpe.cfg and /etc/xinetd.d/nrpe
I also added the "per_source" and "instances" lines to /etc/xinetd.d/nrpe
I also made sure SSL is compiled into nrpe.
I then restarted the xinetd service and ran
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H localhost
and still received the "Could not complete SSL Handshake" error.
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 2:23 pm
by rkennedy
When you compiled the plugins, did you compile with SSL?
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 2:24 pm
by hsmith
Does the new server have firewalld running? If so, you may need write a firewall rule / stop it. I would stop it for troubleshooting purposes.
systemctl firewalld status
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 3:35 pm
by druid
The new server does not have firewalld running. It uses iptables.
I just recompiled the plugins and ran make and make install.
Code: Select all
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
When running the ./configure part, I do see "with-openssl = yes"
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 4:50 pm
by jrdalrymple
druid wrote:I then restarted the xinetd service and ran
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H localhost
and still received the "Could not complete SSL Handshake" error.
On EL7 this is commonly because you specified IP addresses in your /etc/xinet.d/nrpe and/or nrpe.cfg file of 127.0.0.1 and 'localhost' resolves to ::1. Try doing
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
Also - just so that there is no question let's get
ps -ef | grep nrpe so that we know if we're coming from inetd or daemonizing.
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 6:20 pm
by druid
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
Re: Issue with Check_nrpe
Posted: Tue Nov 17, 2015 7:02 pm
by Box293
So we've confirmed check_nrpe is correctly compiled on the Nagios host.
What happens when you query your Windows server?
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H windows_server_ip
Re: Issue with Check_nrpe
Posted: Wed Nov 18, 2015 4:47 am
by druid
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H windows_server_ip
On the Windows server, the nsclient.log has:
error:D:\source\nscp\include\socket/connection.hpp:243: Failed to establish secure connections: sslv3 alert unexpected message: 1010