Home » Categories » Multiple Categories

NRPE - v3/v4 Compatibility With Previous Versions

Overview

This KB article discusses NRPE v3/v4 and it's compatibility with previous versions of NRPE and clients that use NRPE such as NSClient++.

NRPE v3 has two major improvements over previous versions:

  • Increased packet size up to 64K (referred to as v3 packet)

    • Previous versions were limited to 1K (referred to as v2 packet)
  • Increased SSL security

    • A 2048-bit DH key is used instead of a 512-bit key

    • Certificates can be used for security

NRPE v4 includes the following improvements:

  • Added TLSv1.3 and TLSv1.3+ support for systems that have it
  • Added IPv6 ip address to list of default allow_from hosts
  • Added -D option to disable logging to syslog
  • Added -3 option to force check_nrpe to use NRPE v3 packets

Issues that may arise from these enhancements will be covered in this KB article.

 

Nomenclature

The following explains the terms used in this document.

  • Client / Agent

    • This is what is listening for NRPE requests

    • "NRPE Client" refers to the Unix/Linux based client, provided by Nagios Enterprises

    • NSClient++ is the Windows client that has an NRPE listening module, developed externally by a third party

  • Plugin

    • This is what sends the request off to the client / agent

    • check_nrpe is the name of the binary

    • This is what is installed on the Nagios server, but is also installed on the NRPE client by default (not NSClient++)

 

 

Increased Packet Size

Previous versions of NRPE were limited to 1K in the response sent back to the plugin. In NRPE v3/v4 this has been increased up to 64K. This affects some combinations of the plugin and client as per the following.

 

Plugin v3/v4 > NRPE v2 Client 

In this scenario you have upgraded the plugin on the Nagios server but the client has not been upgraded (centos12 in this example).

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H centos12

 

This is the result from running the command:

NRPE v2.15

 

On the NRPE v2 Client you will see the following logged per connection attempt:

Jun 24 16:35:14 centos12 xinetd[1533]: START: nrpe pid=1682 from=::ffff:10.25.13.2
Jun 24 16:35:14 centos12 nrpe[1682]: Error: Request packet type/version was invalid!
Jun 24 16:35:14 centos12 nrpe[1682]: Client request was invalid, bailing out...
Jun 24 16:35:14 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1682 duration=0(sec)
Jun 24 16:35:16 centos12 xinetd[1533]: START: nrpe pid=1683 from=::ffff:10.25.13.2
Jun 24 16:35:16 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1683 duration=0(sec)

 

On the Nagios server with the Plugin v3/v4 will see the following logged per connection attempt:

Jun 24 16:42:04 fbsd01 check_nrpe: Remote 10.25.13.30 does not support Version 3 Packets
Jun 24 16:42:06 fbsd01 check_nrpe: Remote 10.25.13.30 accepted a Version 2 Packet

 

When the NRPE v3/v4 client first establishes a connection, it tries with the v3/v4 packet. This results in the older client rejecting the request. Upon receiving the rejected request the plugin will then attempt to connect with the v2 packet. This request will succeed however errors are produced in the log on the client and the Nagios server.

The options you have to stop the errors are:

  • Upgrade the client to v3/v4

    • This will stop the errors
  • Force the plugin to send v2 packets

    • Using the -2 argument will force the plugin to connect with v2 packets

    • /usr/local/nagios/libexec/check_nrpe -2 -H centos12

 

Plugin v3/v4 > NSClient++

In this scenario you have upgraded the plugin on the Nagios server and your agents are using NSClient++.

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H 10.25.14.2

 

This is the result from running the command:

CHECK_NRPE: Socket timeout

 

In the NSClient++ log you will see the following logged per connection attempt:

2016-06-24 16:52:16: error:c:\source\master\include\socket/connection.hpp:143: Failed to read data: short read

 

This problem usually arises when NSClient++ has the payload length setting defined at a value other than 1024 (default).

When NSClient++ has the payload length setting defined, the check_nrpe plugin requires the arguments -2 -P xxxx where xxxx is the value defined for payload length.

/usr/local/nagios/libexec/check_nrpe -2 -P 65536 -H 10.25.14.2 

 

For more information on using NSClient++ with the payload length setting please read this KB article:

Documentation - Packet Size Explained

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/



-

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

2.5 (4)
Article Rating (4 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
NRPE - Agent and Plugin Explained
Viewed 63588 times since Fri, Jul 14, 2017
NRPE - CHECK_NRPE: Error Receiving Data From Daemon
Viewed 10651 times since Mon, Jul 17, 2017
NRPE - Warning: This Plugin Must Be Either Run As Root Or Setuid
Viewed 10662 times since Mon, Jul 17, 2017
NRPE - Command ’[Your Plugin]’ Not Defined
Viewed 8775 times since Mon, Jul 17, 2017
NRPE - CHECK_NRPE: Error - Could Not Complete SSL Handshake
Viewed 119403 times since Fri, Jul 14, 2017
NRPE - How to install NRPE from source without xinetd on CentOS 6.
Viewed 15550 times since Wed, Apr 15, 2015
NRPE - CHECK_NRPE: Received 0 Bytes From Daemon. Check The Remote Server Logs For Error Messages
Viewed 10115 times since Mon, Jul 17, 2017
NRPE - How to install NRPE
Viewed 127193 times since Wed, Dec 17, 2014
Disabling Port 113 IDENT Requests
Viewed 5476 times since Tue, Mar 12, 2019
NRPE - CHECK_NRPE: Socket Timeout After n Seconds
Viewed 95911 times since Sun, Jul 16, 2017