All Categories
Home » Categories » Multiple Categories

NRPE - v3/v4 Compatibility With Previous Versions
Article Number: 516 | Rating: 2.5/5 from 4 votes | Last Updated by rspielman on Tue, Nov 16, 2021 at 1:58 PM

Overview

This KB article discusses NRPE v3/v4 and it's compatibility with previous versions of NRPE and clients that use NRPE such as NSClient++.

NRPE v3 has two major improvements over previous versions:

  • Increased packet size up to 64K (referred to as v3 packet)

    • Previous versions were limited to 1K (referred to as v2 packet)

  • Increased SSL security

    • A 2048-bit DH key is used instead of a 512-bit key

    • Certificates can be used for security

NRPE v4 includes the following improvements:

  • Added TLSv1.3 and TLSv1.3+ support for systems that have it
  • Added IPv6 ip address to list of default allow_from hosts
  • Added -D option to disable logging to syslog
  • Added -3 option to force check_nrpe to use NRPE v3 packets

Issues that may arise from these enhancements will be covered in this KB article.

 

Nomenclature

The following explains the terms used in this document.

  • Client / Agent

    • This is what is listening for NRPE requests

    • "NRPE Client" refers to the Unix/Linux based client, provided by Nagios Enterprises

    • NSClient++ is the Windows client that has an NRPE listening module, developed externally by a third party

  • Plugin

    • This is what sends the request off to the client / agent

    • check_nrpe is the name of the binary

    • This is what is installed on the Nagios server, but is also installed on the NRPE client by default (not NSClient++)

 

 

Increased Packet Size

Previous versions of NRPE were limited to 1K in the response sent back to the plugin. In NRPE v3/v4 this has been increased up to 64K. This affects some combinations of the plugin and client as per the following.

 

Plugin v3/v4 > NRPE v2 Client 

In this scenario you have upgraded the plugin on the Nagios server but the client has not been upgraded (centos12 in this example).

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H centos12

 

This is the result from running the command:

NRPE v2.15

 

On the NRPE v2 Client you will see the following logged per connection attempt:

Jun 24 16:35:14 centos12 xinetd[1533]: START: nrpe pid=1682 from=::ffff:10.25.13.2
Jun 24 16:35:14 centos12 nrpe[1682]: Error: Request packet type/version was invalid!
Jun 24 16:35:14 centos12 nrpe[1682]: Client request was invalid, bailing out...
Jun 24 16:35:14 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1682 duration=0(sec)
Jun 24 16:35:16 centos12 xinetd[1533]: START: nrpe pid=1683 from=::ffff:10.25.13.2
Jun 24 16:35:16 centos12 xinetd[1533]: EXIT: nrpe status=0 pid=1683 duration=0(sec)

 

On the Nagios server with the Plugin v3/v4 will see the following logged per connection attempt:

Jun 24 16:42:04 fbsd01 check_nrpe: Remote 10.25.13.30 does not support Version 3 Packets
Jun 24 16:42:06 fbsd01 check_nrpe: Remote 10.25.13.30 accepted a Version 2 Packet

 

When the NRPE v3/v4 client first establishes a connection, it tries with the v3/v4 packet. This results in the older client rejecting the request. Upon receiving the rejected request the plugin will then attempt to connect with the v2 packet. This request will succeed however errors are produced in the log on the client and the Nagios server.

The options you have to stop the errors are:

  • Upgrade the client to v3/v4

    • This will stop the errors

  • Force the plugin to send v2 packets

    • Using the -2 argument will force the plugin to connect with v2 packets

    • /usr/local/nagios/libexec/check_nrpe -2 -H centos12

 

Plugin v3/v4 > NSClient++

In this scenario you have upgraded the plugin on the Nagios server and your agents are using NSClient++.

You execute this command on the nagios server:

/usr/local/nagios/libexec/check_nrpe -H 10.25.14.2

 

This is the result from running the command:

CHECK_NRPE: Socket timeout

 

In the NSClient++ log you will see the following logged per connection attempt:

2016-06-24 16:52:16: error:c:\source\master\include\socket/connection.hpp:143: Failed to read data: short read

 

This problem usually arises when NSClient++ has the payload length setting defined at a value other than 1024 (default).

When NSClient++ has the payload length setting defined, the check_nrpe plugin requires the arguments -2 -P xxxx where xxxx is the value defined for payload length.

/usr/local/nagios/libexec/check_nrpe -2 -P 65536 -H 10.25.14.2

 

For more information on using NSClient++ with the payload length setting please read this KB article:

Documentation - Packet Size Explained

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

Posted by: on Fri, Jun 24, 2016 at 12:51 AM. This article has been viewed 38821 times.
Filed Under: Common Problems, NRPE, NRPE, NRPE, NRPE
2.5 (4)
Article Rating (4 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Installing The AIX Agent
Viewed 7746 times since Wed, Jan 27, 2016
Nagios XI - Installing the XI Mac OS/X Agent
Viewed 5995 times since Wed, Jan 27, 2016
NRPE - Connection Refused By Host
Viewed 13895 times since Mon, Jul 17, 2017
Nagios XI - Monitoring Linux Using NRPE and Linux Server Monitoring Wizard
Viewed 5610 times since Mon, Oct 16, 2017
NRPE - Return Code Of 126 Is Out Of Bounds - Plugin May Not Be Executable
Viewed 7238 times since Fri, Jul 14, 2017
NRPE - CHECK_NRPE: Error - Could Not Complete SSL Handshake
Viewed 111740 times since Fri, Jul 14, 2017
NRPE - No Output Returned From Plugin
Viewed 14377 times since Mon, Jul 17, 2017
NRPE - v3 Enhanced Security
Viewed 98030 times since Thu, Jun 30, 2016
Nagios XI - Monitoring OS/X with Nagios XI
Viewed 4447 times since Thu, Jan 28, 2016
Nagios XI - Restarting A Linux Service With NRPE
Viewed 6115 times since Thu, Jan 28, 2016
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios