Page 1 of 1
check_tcp question
Posted: Tue Jan 02, 2018 7:38 am
by lindigo
i have to monitor some ports at a remote site.
Normally you can do this with check_tcp. Only incoming port 5666 is allowed at the remote site.
So I try to do this with nrpe:
I define a service at nagios-server
Code: Select all
define service{
use service-prod
host_name web01
service_description Port 2222
check_command check_nrpe!check_tcp_2222
}
I put the following line to nrpe.conf on client-side
Code: Select all
command[check_tcp_2222]=/usr/local/nagios/libexec/check_tcp -H 127.0.0.1 -p 2222
The check is working. But I see there's still traffic between nagios-server and client for port 2222.
Is there an explenation for ?
(At this moment I'm testing without a firewall.)
Re: check_tcp question
Posted: Tue Jan 02, 2018 10:20 am
by dwhitfield
If there's no firewall, then why wouldn't you expect port 2222 to be open? check_tcp doesn't test if there's traffic going from the two servers, just that there could be. Are you using some other method to see traffic, like a tcpdump? I'm not familiar with anything on that port.
Re: check_tcp question
Posted: Tue Jan 02, 2018 10:40 am
by lindigo
I am testing this at our infrastructure. Between the server and the client there is no firewall.
The client is running a service on port 2222. I am trying to check this by only using nrpe (port 5666). At the customers site I can only connect to 5666. They don't want to open other ports for the nagios connection.
I am using tcpdump.
Re: check_tcp question
Posted: Tue Jan 02, 2018 11:11 am
by lindigo
Very strange, when I run this command manually:
[root@zabbix objects]# ../../libexec/check_nrpe -H 192.168.0.10 -c check_tcp_2222
TCP OK - 0.001 second response time on 127.0.0.1 port 2222|time=0.000717s;;;0.000000;10.000000
I see the following output from tcpdump (client):
[root@web01 etc]# tcpdump -i lo -nn port 2222
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
16:05:25.792934 IP 127.0.0.1.35210 > 127.0.0.1.2222: Flags , seq 77083913, win 43690, options [mss 65495,sackOK,TS val 3615450035 ecr 0,nop,wscale 7], length 0
06:48:06.620043 IP 127.0.0.1.2222 > 127.0.0.1.35210: Flags [S.], seq 703240960, ack 77083914, win 43690, options [mss 65495,sackOK,TS val 3615450035 ecr 3615450035,nop,wscale 7], length 0
So it works by hand.
Running from nagios config :
16:03:10.555702 IP 192.168.0.1.50358 > 192.168.0.10.2222: Flags , seq 75373147, win 29200, options [mss 1460,sackOK,TS val 1219216694 ecr 0,nop,wscale 7], length 0
16:03:10.555792 IP 192.168.0.10.2222 > 192.168.0.1.50358: Flags [S.], seq 2993261616, ack 75373148, win 28960, options [mss 1460,sackOK,TS val 3615314798 ecr 1219216694,nop,wscale 7], length 0
Re: check_tcp question
Posted: Wed Jan 03, 2018 3:26 pm
by tgriep
It sounds like there could be another check that is defined on the Nagios server that could be checking for port 2222.
Make sure there is not another service check defined.
Re: check_tcp question
Posted: Wed Jan 03, 2018 3:33 pm
by cdienger
Please provide the definition for the check_nrpe command. The default location is /usr/local/nagios/etc/objects/commands.cfg