Page 1 of 2
Nagios EventLog Service Monitor
Posted: Wed May 11, 2016 9:58 am
by snchestnut01
Hello again guys, sorry to bug you. I'm trying to setup a capture for event logs on two of our servers and seem to be failing pretty hard at this. I've followed all the steps in the documentation provided on the link below, but I'm still receiving the error... Error: Coud not connect to host ***.***.***.*** on port 5667 (2). I've setup nsclient++ to send these to the server, but it seems that the clients I've setup cannot connect.
Thanks ahead of time,
Sean
This is the documentation to setup the EventLog Control Manager.
https://assets.nagios.com/downloads/nag ... 1461777754
Re: Nagios EventLog Service Monitor
Posted: Wed May 11, 2016 10:05 am
by lmiltchev
Is port 5667 blocked by your firewall?
Did you add the client's IP address to the "/etc/xinetd.d/nsca" file? If not, add the remote machine's IP on the "only_from" line:
and restart xinetd:
Let us know if this helped.
Re: Nagios EventLog Service Monitor
Posted: Wed May 11, 2016 11:07 am
by snchestnut01
Firewall on the server is turned off so that shouldn't be an issue.
I setup the only_from to match my subnet as I'm going to be monitoring several boxes using this method and I have restarted the xinetd service on the nagios xi server.
Re: Nagios EventLog Service Monitor
Posted: Wed May 11, 2016 2:33 pm
by lmiltchev
Do you find any clues about the issue you are having in the "
/usr/local/nagios/var/nagios.log" or "
/var/log/messages"?
Does it help if you comment out the "only_from" line in the "/etc/xinetd.d/nsca" file:
and restart xinetd:
Did you verify that you are using a correct password, and the same encryption/decryption method?
Re: Nagios EventLog Service Monitor
Posted: Thu May 12, 2016 8:13 am
by snchestnut01
I have not checked the logs on the server because I was unaware of the pathing to the logs. Sorry, I'm a bit of a nagios xi Noob. However, Encryption/decryption method should not be an issue and passwords are the same.
Re: Nagios EventLog Service Monitor
Posted: Thu May 12, 2016 9:11 am
by snchestnut01
Okay, so... this method was causing a lot of issues and network traffic and my director wanted me to use the following method:
http://www.thedailyadmin.com/2010/08/ch ... agios.html
So I made the switch and now I'm getting the following errors:
From nsclient log on the server:
2016-05-12 10:08:51: message:modules\NRPEListener\NRPEListener.cpp:370: Could not read a full NRPE packet from socket, only got: 127
I've looked for the NRPE.cfg and it's all gibberish in the nagios xi server I'm not finding it in the nsclient++ files.
Re: Nagios EventLog Service Monitor
Posted: Thu May 12, 2016 9:49 am
by rkennedy
What command are you running on the Nagios side that produces that error? It might be a timeout issue with either command_timeout, or socket_timeout.
Re: Nagios EventLog Service Monitor
Posted: Thu May 12, 2016 10:38 am
by snchestnut01
Code: Select all
./usr/local/nagios/libexec/check_nrpe -H 192.168.100.10 -p 5667 -c CheckEventLog -a filter=new file="system" MaxWarn=1 MaxCrit=1 filter-generated=\<1h filter-eventType==error filter=in filter=all
Re: Nagios EventLog Service Monitor
Posted: Thu May 12, 2016 1:05 pm
by lmiltchev
For starters, check_nrpe uses port 5666, not 5667. Run the command from the CLI using the correct port, and show the output (in case it errors out).
Re: Nagios EventLog Service Monitor
Posted: Fri May 13, 2016 7:35 am
by snchestnut01
connect to address 192.168.100.10 port 5666: Connection refused