Nagios Support Forum

Hi,

I am monitoring a set of equipments with NAGIOS XI and NCPA Agent.
The thing I liked a lot ABOUT NCPA is the deployment of SSL/TLS encryption. However I really would like to know how the communication is performed (packets level). Which protocols are used and how the checks are performed ?

My questions are as follow :
- Using Wireshark, How can I decrypt those SSL sessions between Nagios Server and one of my Supervised host (Client)? what do I need ( private key or certificate or both or ....)
- What is the exact Client directory (Ubunto host) can I find these information to upload into Wireshark in order to have decrypted data to read ? I know that all SSL information are stored in /etc/ssl directory, but I wanna know exactly where inside this directory.

Any help !! I would appreciate.

Thank you

I believe the certificate that NCPA uses is in the following directory. If you can't find it in that location, you could search for it using find.

You can decrypt an SSl/TLS connection with an RSA key or key log file.
Wireshark supports TLS decryption when appropriate secrets are provided. The two available methods are:

• Key log file using per-session secrets (#Using_the_.28Pre.29-Master-Secret).
  Decryption using an RSA private key.

Wireshark TLS

Hi,

Thank you for your answer,
But where can I find the keylogfile on my linux client.

Thank you

I don't know if such a thing exists on our systems. You could try the following commands to see if that helps you locate it. It could be one of the following files.