Overview
This KB article discusses NRPE v3 and the ability to use a config file for command line arguments.
NRPE v3 has two major improvements over previous versions:
-
Increased packet size up to 64K (referred to as v3 packet)
- Previous versions were limited to 1K (referred to as v2 packet)
-
Increased SSL security
-
A 2048-bit DH key is used instead of a 512-bit key
-
Certificates can be used for security
-
In particular the ability to use certificates results in a a very long command line. The config file allows you to define check_nrpe arguments in the file and instead point to the config file.
Config File Details
The config file is specified with --config-file=<path/file> or -f <path/file> parameters.
/usr/local/nagios/libexec/check_nrpe --config-file=/usr/local/nagios/etc/check_nrpe.config -H 10.25.14.2
/usr/local/nagios/libexec/check_nrpe -f /usr/local/nagios/etc/check_nrpe.config -H 10.25.14.2
The config file must look like command line options, but the options can be on separate lines.
It MUST NOT include --config-file (-f), --command (-c) or --args (-a).
If any options are in both the config file and on the command line, the command line options are used.
Example One
Executing the check_nrpe plugin with the "-2" (Only use Version 2 packets) and "-P 8192" (payload size) arguments:
/usr/local/nagios/libexec/check_nrpe -2 -P 8192 -H 10.25.14.2
Creating a config file with the "-2" and "-P 8192" arguments:
echo "-2" >> /usr/local/nagios/etc/check_nrpe.config
echo "-P 8192" >> /usr/local/nagios/etc/check_nrpe.config
Executing the check_nrpe plugin with the config file:
/usr/local/nagios/libexec/check_nrpe -f /usr/local/nagios/etc/check_nrpe.config -H 10.25.14.2
Example Two
Executing the check_nrpe plugin with certificate arguments:
/usr/local/nagios/libexec/check_nrpe -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -H 10.25.14.2
Creating a config file with the certificate arguments:
echo "-C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem" >> /usr/local/nagios/etc/check_nrpe.config
echo "-K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key" >> /usr/local/nagios/etc/check_nrpe.config
echo "-A /usr/local/nagios/etc/ssl/ca/ca_cert.pem" >> /usr/local/nagios/etc/check_nrpe.config
Executing the check_nrpe plugin with the config file:
/usr/local/nagios/libexec/check_nrpe -f /usr/local/nagios/etc/check_nrpe.config -H 10.25.14.2
Final Thoughts
For any support related questions please visit the Nagios Support Forums at: