NRDP: Could not connect to NRDP server

[shifty]

Hi its me again

I am currently trying to get NRDP up and running.

Brief description of the situation:
I have an NLS with version 2.1.8 running on an Ubuntu 20.04.1 LTS.
I have a Nagios Core Server with version 4.3.4 & NRDP with version 2.0.4 on an Ubuntu 16.04.3 LTS (Ubuntu cannot be updated at the moment for various reasons).

I installed and tested the NRDP server according to the following instructions. Everything worked perfectly.
https://support.nagios.com/kb/article/n ... e-602.html

Then I tried to add the NRDP server in the Nagios LogServer with the following error:

nrdp.PNG

So I tried to run the script "send_nrdp.sh" on the logserver.

Code: Select all

./send_nrdp.sh -u "https://nagioscoredomain.net/nrdp/" -t "tlIbbKj6yXgxmoVd9mTy" -H "senderhost" -S "statetoshow" -o "messagetoshow." > nrdp.log

Message in nrdp.log

Code: Select all

Sent 1 checks to https://nagioscoredomain.net/nrdp/

Message in nagios.log on the Nagios server:

Code: Select all

[1621495272] Error: Got host checkresult for 'senderhost', but no such host can be found

Since I have not yet defined a host, the message is logical BUT the transfer worked.

The question arises why I cannot get a connection from the web interface of the Nagios log server?

I'm thankful for any help !

Shifty

[ssax]

Are you accessing the Log Server interface with http or https? Use https in the LS URL in your browser (if you're not) since your XI URL is using https, it could be the browser blocking mixed content.

Try opening the page in firefox, hit the F12 key, click on Console, then replicate the issue again and post any Console errors you see.

[shifty]

Hi,

I access the web interface via https. The console shows these warnings (in german):

Code: Select all

Diese Seite verwendet die nicht standardisierte Eigenschaft "zoom". Stattdessen sollte calc() in den entsprechenden Eigenschaftswerten oder "transform" zusammen mit "transform-origin: 0 0" verwendet werden. nrdp

Einige Cookies verwenden das empfohlene "SameSite"-Attribut inkorrekt. 11

Das Cookie "csrf_ls" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. nrdp

Das Cookie "csrf_ls" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. get_nrdp

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. get_nrdp

Das Cookie "csrf_ls" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. get_nrdp

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. get_nrdp

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 status

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 nrdp

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 status

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 status

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 status

Das Cookie "ls_session" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 2 status

Layout-Darstellung wurde erzwungen, bevor die Seite vollständig geladen war. Falls Stylesheet noch nicht geladen sind, kann dies zu einem kurzzeitigen Darstellung des Inhalts ohne Formatierung führen. jquery-1.12.4.min.js:3:26890

nrdp1.PNG

[ssax]

If you go to the Network tab in firefox inspector and then replicate it again, what is the response that it's getting for the GET for the https://XXXXXX/nagioslogserver/api/check/get_nrdp?

[shifty]

Hi,

thats what i get from the network tab:

1.PNG

When i click on the "get_nrdp" it shows me this:

view-source:https://xxxxx.net/nagioslogserver/api/check/get_nrdp

Code: Select all

[]

[gsmith]

hi Shifty,

From looking at your screenshot it looks like it is using a POST method, so lets
start with that, but also do a GET to cover all the bases.

On the LS server as root run these 4 commands and send us the output:

Code: Select all

curl -X POST -v https://xxxxx.zad-northeim.net/nagioslogserver/api/check/get_nrdp
curl -X POST -vk https://xxxxx.zad-northeim.net/nagioslogserver/api/check/get_nrdp
curl -v https://xxxxx.zad-northeim.net/nagioslogserver/api/check/get_nrdp
curl -vk https://xxxxx.zad-northeim.net/nagioslogserver/api/check/get_nrdp

Thanks

[shifty]

Hi gsmith,

here is the output from the commands

1: curl -X POST -v https://xxxxxxxxx.net/nagioslogserver/a ... k/get_nrdp

Code: Select all

*   Trying xxx.xxx.xxx.xxx:443...
* TCP_NODELAY set
* Connected to xxxxxxxxxxx.net (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=xxxxxxxxxx; L=xxxxxxxx; O=xxxxxxxxx; CN=xxxxxxxxxxxx.net
*  start date: May 20 07:19:00 2021 GMT
*  expire date: May 19 07:19:00 2026 GMT
*  subjectAltName: host "xxxxxxxxxxxxx.net" matched cert's "xxxxxxxxxxxxx.net"
*  issuer: C=DE; ST=xxxxxxxxxxx; L=xxxxxxxxxxx; O=xxxxxxxxxx; CN=xxxxxxxx Intermediate CA1
*  SSL certificate verify ok.
> POST /nagioslogserver/api/check/get_nrdp HTTP/1.1
> Host: xxxxxxxxxxxxxxx.net
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 21 May 2021 16:52:15 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: ls_session=5v0qune5gugm8rcf9bglrgj3og2jfbt6; expires=Fri, 21-May-2021 18:52:15 GMT; Max-Age=7200; path                                                                                                                         =/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Content-Length: 95
< Content-Type: application/json; charset=utf-8
<
* Connection #0 to host xxxxxxxxxxxxxxxxx.net left intact
{"error":true,"type":"authentication","message":"Could not authenticate. Invalid token given."}

2: curl -X POST -vk https://xxxxxxx.net/nagioslogserver/api/check/get_nrdp

Code: Select all

*Trying xxx.xxx.xxx.xxx:443...
* TCP_NODELAY set
* Connected to xxxxxxx.net (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=xxxxxx; L=xxxxx; O=xxxxx; CN=xxxxxxx.net
*  start date: May 20 07:19:00 2021 GMT
*  expire date: May 19 07:19:00 2026 GMT
*  issuer: C=DE; ST=xxxxxxx; L=xxxxxxxxx; O=xxxxxxxx; CN=xxxxxxx Intermediate CA1
*  SSL certificate verify ok.
> POST /nagioslogserver/api/check/get_nrdp HTTP/1.1
> Host: xxxxxxxxxxx.net
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 21 May 2021 16:53:06 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: ls_session=tmrtrm0e0t4ar81n2ofvkl0vu79dij14; expires=Fri, 21-May-2021 18:53:06 GMT; Max-Age=7200; pat                                                                                                                          h=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Content-Length: 95
< Content-Type: application/json; charset=utf-8
<
* Connection #0 to host xxxxxxxxxxxxx.net left intact
{"error":true,"type":"authentication","message":"Could not authenticate. Invalid token given."}

3. curl -v https://xxxxxxxxxxx.net/nagioslogserver ... k/get_nrdp

Code: Select all

*   Trying xxx.xxx.xxx.xxx:443...
* TCP_NODELAY set
* Connected to xxxxxxxxxx.net (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=xxxxxxxxxx; L=xxxxxxxxx; O=xxxxxxxxx; CN=xxxxxxxxxxxx.net
*  start date: May 20 07:19:00 2021 GMT
*  expire date: May 19 07:19:00 2026 GMT
*  subjectAltName: host "xxxxxxxxxxxxx.net" matched cert's "xxxxxxxxxxxx.net"
*  issuer: C=DE; ST=xxxxxxxxxxxxxx; L=xxxxxxxxxx; O=xxxxxxxxxx; CN=xxxxxxxx Intermediate CA1
*  SSL certificate verify ok.
> GET /nagioslogserver/api/check/get_nrdp HTTP/1.1
> Host: xxxxxxxxxxxxxx.net
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 21 May 2021 16:53:49 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: csrf_ls=385524e9df5e4f4d4ddb1dc79e392ea6; expires=Fri, 21-May-2021 18:53:49 GMT; Max-Age=7200; path=/
< Set-Cookie: ls_session=kd4aaccbvtm50vkr0gnj6pujr425cv6e; expires=Fri, 21-May-2021 18:53:49 GMT; Max-Age=7200; path=/;                                                                                                                      HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Content-Length: 95
< Content-Type: application/json; charset=utf-8
<
* Connection #0 to host xxxxxxxxxxx.net left intact
{"error":true,"type":"authentication","message":"Could not authenticate. Invalid token given."}

4: curl -vk https://xxxxxxxxx.net/nagioslogserver/a ... k/get_nrdp

Code: Select all

*   Trying xxx.xxx.xxx.xxx:443...
* TCP_NODELAY set
* Connected to xxxxxxxxxxxxx.net (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=xxxxxxxxxxxx; L=xxxxxxxxxxxxx; O=xxxxxxxxx; CN=xxxxxxxxxxxxx.net
*  start date: May 20 07:19:00 2021 GMT
*  expire date: May 19 07:19:00 2026 GMT
*  issuer: C=DE; ST=xxxxxxxxxx; L=xxxxxxxxxxxxxx; O=xxxxxxxxxxxxxxx; CN=xxxxxxxxx Intermediate CA1
*  SSL certificate verify ok.
> GET /nagioslogserver/api/check/get_nrdp HTTP/1.1
> Host: xxxxxxxxxxxxxxx.net
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 21 May 2021 16:55:32 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: csrf_ls=43152624cb8724838fc861e5a7f2b8dd; expires=Fri, 21-May-2021 18:55:32 GMT; Max-Age=7200; path=/
< Set-Cookie: ls_session=s3ms57tvm7ed1ns3n3m3sr7g5096kb8c; expires=Fri, 21-May-2021 18:55:32 GMT; Max-Age=7200; path=/; H                                                                                                                    ttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Content-Length: 95
< Content-Type: application/json; charset=utf-8
<
* Connection #0 to host xxxxxxxxxxxxxxxxxxxxx.net left intact
{"error":true,"type":"authentication","message":"Could not authenticate. Invalid token given."}

[gsmith]

hey,

Looks like they are all coming back with:
{"error":true,"type":"authentication","message":"Could not authenticate. Invalid token given."}

I am assuming the token is the NRDP token. Can you make sure the token you are entering in the
"Add NRDP Server" dialog box matches the NRDP token on the XI server please?

Thanks

[shifty]

Hi gsmith,

im not using XI, im using nagios core. I checked the "/usr/local/nrdp/server/config.inc.php". The Token in the config file is exactly the same as in the nagios log server:

config.inc.php (on the nagios core server)

Code: Select all

$cfg["authorized_tokens"] = array(
     "tlIbbKj6yXgxmoVd9mTy",  // <-- not a good token
    // "90dfs7jwn3",     // <-- a better token (don't use this exact one, make your own)
);

nagios logserver NRDP config

nrdp.PNG

manual command from the command line on the nagios log server to the nagios core server (works perfectly with the exact same token)

Code: Select all

./send_nrdp.sh -u "https://nagioscoredomain.net/nrdp/" -t "tlIbbKj6yXgxmoVd9mTy" -H "senderhost" -S "statetoshow" -o "messagetoshow." > nrdp.log

[gsmith]

Hi

on your logserver run:

Code: Select all

 ./send_nrdp.sh -u "https://192.168.23.81/nrdp/" -t "token1" -H "192.168.23.89" -S "statetoshow" -o "messagetoshow."

but change 192.168.23.81 to your nrdp server's hostname
and 192.168.23.89 to your logserver's hostname,
and adjust the value for the "-t" option to your token.

On your nrdp server go to Admin, Monitoring Config, Unconfigured Objects. You may see one there
called "senderhost" - delete him. You should also now see one with your logserver's hostname. Hit the
blue arrow to configure it.

Let me know how this works for you.