Home » Categories » Multiple Categories

NRPE - v3 Compatibility With Previous Versions

Overview

This KB article discusses NRPE v3 and it's compatibility with previous versions of NRPE and clients that use NRPE such as NSClient++.

NRPE v3 has two major improvements over previous versions:

  • Increased packet size up to 64K (referred to as v3 packet)

    • Previous versions were limited to 1K (referred to as v2 packet)
  • Increased SSL security

    • A 2048-bit DH key is used instead of a 512-bit key

    • Certificates can be used for security

Issues that may arise from these enhancements will be covered in this KB article.

 

 

Nomenclature

The following explains the terms used in this document.

  • Client / Agent

    • This is what is listening for NRPE requests

    • "NRPE Client" refers to the Unix/Linux based client, provided by Nagios Enterprises

    • NSClient++ is the Windows client that has an NRPE listening module, developed externally by a third party

  • Plugin

    • This is what sends the request off to the client / agent

    • check_nrpe is the name of the binary

    • This is what is installed on the Nagios server, but is also installed on the NRPE client by default (not NSClient++)

 

 

Increased Packet Size

Previous versions of NRPE were limited to 1K in the response sent back to the plugin. In NRPE v3 this has been increased up to 64K. This affects some combinations of the plugin and client as per the following.

 

Plugin v3 > NRPE v2 Client 

In this scenario you have upgraded the plugin on the Nagios server but the client has not been upgraded (centos12 in this example).

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H centos12

 

This is the result from running the command:

NRPE v2.15

 

On the NRPE v2 Client you will see the following logged per connection attempt:

Jun 24 16:35:14 centos12 xinetd[1533]: START: nrpe pid=1682 from=::ffff:10.25.13.2
Jun 24 16:35:14 centos12 nrpe[1682]: Error: Request packet type/version was invalid!
Jun 24 16:35:14 centos12 nrpe[1682]: Client request was invalid, bailing out...
Jun 24 16:35:14 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1682 duration=0(sec)
Jun 24 16:35:16 centos12 xinetd[1533]: START: nrpe pid=1683 from=::ffff:10.25.13.2
Jun 24 16:35:16 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1683 duration=0(sec)

 

On the Nagios server with the Plugin v3 will see the following logged per connection attempt:

Jun 24 16:42:04 fbsd01 check_nrpe: Remote 10.25.13.30 does not support Version 3 Packets
Jun 24 16:42:06 fbsd01 check_nrpe: Remote 10.25.13.30 accepted a Version 2 Packet

 

When the NRPE v3 client first establishes a connection, it tries with the v3 packet. This results in the older client rejecting the request. Upon receiving the rejected request the plugin will then attempt to connect with the v2 packet. This request will succeed however errors are produced in the log on the client and the Nagios server.

The options you have to stop the errors are:

  • Upgrade the client to v3

    • This will stop the errors
  • Force the plugin to send v2 packets

    • Using the -2 argument will force the plugin to connect with v2 packets

    • /usr/local/nagios/libexec/check_nrpe -2 -H centos12

 

Plugin v3 > NSClient++

In this scenario you have upgraded the plugin on the Nagios server and your agents are using NSClient++.

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H 10.25.14.2

 

This is the result from running the command:

CHECK_NRPE: Socket timeout

 

In the NSClient++ log you will see the following logged per connection attempt:

2016-06-24 16:52:16: error:c:\source\master\include\socket/connection.hpp:143: Failed to read data: short read

 

This problem usually arises when NSClient++ has the payload length setting defined at a value other than 1024 (default).

When NSClient++ has the payload length setting defined, the check_nrpe plugin requires the arguments -2 -P xxxx where xxxx is the value defined for payload length.

/usr/local/nagios/libexec/check_nrpe -2 -P 65536 -H 10.25.14.2 

 

For more information on using NSClient++ with the payload length setting please read this KB article:

Documentation - Packet Size Explained

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

2.5 (4)
Article Rating (4 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Monitoring Linux Using NRPE and Linux Server Monitoring Wizard
Viewed 958 times since Mon, Oct 16, 2017
NRPE - Error While Loading Shared Libraries: libssl.so
Viewed 1570 times since Mon, Jul 17, 2017
NRPE - Return Code Of 127 Is Out Of Bounds - Plugin May Be Missing
Viewed 2957 times since Fri, Jul 14, 2017
NRPE - Connection Refused By Host
Viewed 3934 times since Mon, Jul 17, 2017
NRPE - How To Install NRPE v3 From Source
Viewed 57277 times since Fri, Jun 3, 2016
CHECK_NRPE: Error - Could not connect to xxx.xxx.xxx.xxx: Connection reset by peer
Viewed 5942 times since Fri, Jul 14, 2017
NRPE - Upgrading To NRPE v3 From Source
Viewed 2018 times since Mon, Jul 11, 2016
NRPE - Agent and Plugin Explained
Viewed 10719 times since Fri, Jul 14, 2017
NRPE - v3 check_nrpe Config File
Viewed 4091 times since Fri, Jun 24, 2016
NRPE - No Output Returned From Plugin
Viewed 3504 times since Mon, Jul 17, 2017