Checking NRPE certificate expiry without flooding logs

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Post Reply
xmasbofh
Posts: 2
Joined: Wed Apr 01, 2020 1:36 pm

Checking NRPE certificate expiry without flooding logs

Post by xmasbofh »

For a while I've been using check_http to check the expiry of the TLS certificate and general health of my NRPE daemon with the command:

/usr/lib/nagios/plugins/check_http --ssl -H '$HOSTADDRESS$' -I '$HOSTADDRESS$' -p 5666 -C 30,7

This largely works fine, although has the mildly annoying side effect of generating the following in the log file:

Could not read request from client 192.168.0.116, bailing out...
INFO: SSL Socket Shutdown.

I guess this is because check_http doesn't speak NRPE and that upsets it. I Googled the protocol and it looks like it's not terribly easy to configure an existing tool to play nicely. That said, I thought I'd ask the question: Anyone know how to check the cert expiry without causing the log file noise?

It occures to me that I could create two checks and use check_nrpe to check the health of NRPE and check_http every 12 hours or so to check the cert. Alternatively I could just learn to live with the log noise. Does anyone have any other suggestions, please?
Top
User avatar
lgute
Posts: 415
Joined: Mon Apr 06, 2020 2:49 pm

Re: Checking NRPE certificate expiry without flooding logs

Post by lgute »

Hi @xmasbofh, thanks for reaching out.

Which log file has these messages?
Please let us know if you have any other questions or concerns.

-Laura
Top
xmasbofh
Posts: 2
Joined: Wed Apr 01, 2020 1:36 pm

Re: Checking NRPE certificate expiry without flooding logs

Post by xmasbofh »

Sorry for the delay, I neglected to enable notifications.

The logs are written to syslog, which I have filtered off into /var/log/nrpe/nrpe.log
Top
Post Reply

Return to “Open Source Nagios Projects”