Error while checking NRPE remotely
Posted: Tue Oct 08, 2024 6:25 am
Hello everyone,
I am new to the Nagios environment, and I've recently discovered about NRPE to execute external scripts on my windows machine.
This is my nsclient.ini confoguration:
I want to launch the powershell scripts from my UNIX PC on the same LAN as the NRPE Client. To do so, I am launching as reported here: https://nsclient.org/docs/howto/external_scripts/
This is the cmd I am launching:
By looking at the log file created in the tmp folder I can see:
When doing:
Same error in the trial2.txt log file.
However, check_nt plugin seems to work fine as I get:
I am forced to use this specific version for compatibility with other programs.
What I am supposed to do to resolve this issue?
Many thanks
I am new to the Nagios environment, and I've recently discovered about NRPE to execute external scripts on my windows machine.
This is my nsclient.ini confoguration:
Code: Select all
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; PASSWORD - Password used to authenticate against server
password = REDACTED
; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 0.0.0.0/0
; Undocumented section
[/settings/NRPE/server]
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-s
slv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the
DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options =
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a
client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used togethe
r with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL ha
ndshake. This flag must be used together with verify-peer
verify mode = none
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true
; Undocumented section
[/modules]
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1
; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1
; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; A list of templates for wrapped scripts.
%SCRIPT% will be replaced by the actual script an %ARGS% will be replaced by any given arguments.
[/settings/external scripts/wrappings]
; POWERSHELL WRAPPING -
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
; BATCH FILE WRAPPING -
bat = scripts\\%SCRIPT% %ARGS%
; VISUAL BASIC WRAPPING -
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; A list of aliases available.
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
[/settings/external scripts/alias]
; alias_volumes_loose - Alias for alias_volumes_loose. To configure this item add a section called: /settings/external scripts/alias/alias_volumes_loose
alias_volumes_loose = check_drivesize
; alias_volumes - Alias for alias_volumes. To configure this item add a section called: /settings/external scripts/alias/alias_volumes
alias_volumes = check_drivesize
; alias_sched_all - Alias for alias_sched_all. To configure this item add a section called: /settings/external scripts/alias/alias_sched_all
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"
; alias_process_stopped - Alias for alias_process_stopped. To configure this item add a section called: /settings/external scripts/alias/alias_process_stopped
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"
; alias_service - Alias for alias_service. To configure this item add a section called: /settings/external scripts/alias/alias_service
alias_service = check_service
; alias_process_hung - Alias for alias_process_hung. To configure this item add a section called: /settings/external scripts/alias/alias_process_hung
alias_process_hung = check_process "filter=is_hung" "crit=count>0"
; alias_process_count - Alias for alias_process_count. To configure this item add a section called: /settings/external scripts/alias/alias_process_count
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"
; alias_process - Alias for alias_process. To configure this item add a section called: /settings/external scripts/alias/alias_process
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"
; alias_mem - Alias for alias_mem. To configure this item add a section called: /settings/external scripts/alias/alias_mem
alias_mem = check_memory
; alias_file_size - Alias for alias_file_size. To configure this item add a section called: /settings/external scripts/alias/alias_file_size
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10
; alias_disk - Alias for alias_disk. To configure this item add a section called: /settings/external scripts/alias/alias_disk
alias_disk = check_drivesize
; alias_cpu_ex - Alias for alias_cpu_ex. To configure this item add a section called: /settings/external scripts/alias/alias_cpu_ex
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s
; alias_file_age - Alias for alias_file_age. To configure this item add a section called: /settings/external scripts/alias/alias_file_age
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10
; alias_cpu - Alias for alias_cpu. To configure this item add a section called: /settings/external scripts/alias/alias_cpu
alias_cpu = check_cpu
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = check_eventlog
; alias_service_ex - Alias for alias_service_ex. To configure this item add a section called: /settings/external scripts/alias/alias_service_ex
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc
; alias_up - Alias for alias_up. To configure this item add a section called: /settings/external scripts/alias/alias_up
alias_up = check_uptime
; alias_disk_loose - Alias for alias_disk_loose. To configure this item add a section called: /settings/external scripts/alias/alias_disk_loose
alias_disk_loose = check_drivesize
; alias_sched_task - Alias for alias_sched_task. To configure this item add a section called: /settings/external scripts/alias/alias_sched_task
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"
; alias_sched_long - Alias for alias_sched_long. To configure this item add a section called: /settings/external scripts/alias/alias_sched_long
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"Code: Select all
check_nrpeThis is the cmd I am launching:
Code: Select all
$ ./check_nrpe -H 192.168.XX.XX -2 -t 50 -g /tmp/trial2.txt -n
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
Code: Select all
[1728383864] Error: (!log_opts) Could not complete SSL handshake with 192.168.XX.XX: unknown security bits
[1728383864] Error: (!log_opts) Could not complete SSL handshake with 192.168.XX.XX: dh key too small
Code: Select all
$ ./check_nrpe -H 192.168.XX.XX -g /tmp/trial3.txt
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 192.168.XX.XX: 1
However, check_nt plugin seems to work fine as I get:
Code: Select all
$ ./check_nt -H 192.168.XX.XX -p 12489 -v CLIENTVERSION -s REDACTED
NSClient++ 0.5.2.39 2018-02-04
What I am supposed to do to resolve this issue?
Many thanks