Page 1 of 1
Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrpe
Posted: Fri Jun 04, 2021 10:12 am
by dhorton
I just upgraded to Nagios XI 5.8.3 this morning, and after the upgrade every Windows host in our system has this error associated with check_nrpe. I masked the IP for security purposes. I only upgraded the server that houses the Nagios software. Upgrading the NSClient++ and/or nrpe agents on the endpoints is NOT an option at this point.
check_nrpe[12082]: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with xxx.xxx.xxx.xxx: rc=0 SSL-error=5
FYI the nrpe.cfg has both the localhost IP and the actual server IP in for the allowed_hosts section.
My question would be what happened with SSL during this upgrade?
Re: Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrp
Posted: Fri Jun 04, 2021 2:33 pm
by dchurch
Hi!
Try adding "-2" to the list of arguments to check_nrpe. For example:
Code: Select all
/usr/lib/nagios/plugins/check_nrpe -2 -H <IP address>
Also try adding "-n" to the list of arguments to check_nrpe. For example:
Code: Select all
/usr/lib/nagios/plugins/check_nrpe -2 -n -H <IP address>
/usr/lib/nagios/plugins/check_nrpe -n -H <IP address>
Re: Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrp
Posted: Mon Jun 07, 2021 12:22 pm
by dhorton
So adding that those flags results in the following messages to be displayed in an UNKNOWN status. For reference this is the command that was being used before. $USER1$/check_nrpe -u -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
I added what you suggested to turn it into $USER1$/check_nrpe -2 -n -u -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
I tried -n by itself before and it resulted in the same messages.
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
Re: Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrp
Posted: Tue Jun 08, 2021 12:59 pm
by ssax
What is the full output from this command on the XI server?
Code: Select all
/usr/lib/nagios/plugins/check_nrpe -2 -H <IP address> -s-1; tail -n30 /var/log/messages
What is the output of these commands from the XI server as well?
Code: Select all
/usr/lib/nagios/plugins/check_nrpe -V
/usr/local/nagios/libexec/check_nrpe -V
Re: Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrp
Posted: Thu Jul 08, 2021 12:33 pm
by dhorton
I apologize for the delayed response, but since my last post we upgraded to 5.8.4. We had the same errors. It seems that the new /usr/local/nagios/libexec/check_nrpe version was not compatible with our environment, so we needed update it use our previous version in addition to adding the -2 to the command itself. Currently everything is working normally. Previous version before the upgrade was 3.0.1. After the upgrade, this changed to 4.0.3. This version did not work, so we had to go back to 3.0.1. If there is a better way to address this issue, I am certainly willing to explore it.
Re: Upgrade to Nagios 5.8.3 Causing SSL errors for check_nrp
Posted: Fri Jul 09, 2021 10:15 am
by vtrac
Hi @dhorton,
Hope you are having a great Friday!! ...
I'm glad that reverting back to v3.0.1 worked for you.
Do you know what version of NSClient++ on your remote machines?
If you like, you could try building the check_nrpe binary from source your self.
Please follow the KB below to build NPRE v4 from source:
https://support.nagios.com/kb/article.php?id=515
If you prefer to stay with v3.0.1, then may I close this thread?
Best Regards,
Vinh