NRPE Problems

Carroll, Jim P [Contractor] jcarro10 at sprintspectrum.com
Tue Nov 12 21:31:20 CET 2002


You mean the nrpe file used by xinetd, right?
 
There actually is a sample xinetd.d/nrpe file included in the README:
 
[quote]
        # default: on
        # description: NRPE
        service nrpe
        {
                flags           = REUSE
                socket_type     = stream
                wait            = no
                user            = <user>
                server          = <nrpebin>
                server_args     = -i <nrpecfg>
                log_on_failure  += USERID
                disable         = no
                only_from       = <ipaddress1> <ipaddress2> ...
        }

   - Replace <user> with the name of the user that the nrpe server should
run as.
   - Replace <nrpebin> with the path to the nrpe binary on your system.
   - Replace <nrpecfg> with the path to the nrpe config file on your system.
   - Replace the <ipaddress> fields with the IP addresses of hosts which
     are allowed to connect to the NRPE daemon.  This only works if xinetd
was
     compiled with support for wrappers.
[end quote]
 
jc
-----Original Message-----
From: Gerald Wichmann [mailto:gwichman at zantaz.com]
Sent: Tuesday, November 12, 2002 2:15 PM
To: Carroll, Jim P [Contractor]; nagios-users at lists.sourceforge.net
Subject: RE: NRPE Problems


That was it.. Guess it wants the full path in there. This problem would be
easily averted if they'd put a sample nrpe.cfg somewhere in the docs. I was
actually looking at the nrpe.cfg file wondering if it wanted the full path
earlier when I saw the permission denied. Thought maybe it was trying to run
the directory instead of the actual nrpe executable. Didn't have a chance to
try it though until now. Thanks again
 
Gerald Wichmann
Senior Systems Development Engineer
Zantaz, Inc.
925.598.3099 (w)
 
-----Original Message-----
From: Carroll, Jim P [Contractor] [mailto:jcarro10 at sprintspectrum.com]
Sent: Tuesday, November 12, 2002 11:48 AM
To: Gerald Wichmann; nagios-users at lists.sourceforge.net
Subject: RE: NRPE Problems
 
I think I know what the problem is.  It's in your /etc/xinetd.d/nrpe file.
Here's mine:
 
$ cat nrpe
# default: on
# description: NRPE
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = nagios
        server          = /home/nagios/bin/nrpe
        server_args     = -i /home/nagios/etc/nrpe.cfg
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 10.108.58.68 10.108.58.69
}
For reference, my server binary is /home/nagios/bin/nrpe, and the config
file is /home/nagios/etc/nrpe.cfg.
 
Make the necessary changes and see if that helps.
 
jc
-----Original Message-----
From: Gerald Wichmann [mailto:gwichman at zantaz.com]
Sent: Tuesday, November 12, 2002 1:21 PM
To: nagios-users at lists.sourceforge.net
Cc: Carroll, Jim P [Contractor]
Subject: NRPE Problems
Ok you guys were right. It was monitoring my local box not the boxes I
thought it was. In my attempts to implement NRPE I seem to have done
something wrong.. All the files I believe are in place and xinetd seems to
start normally. But when I do a check_nrpe for some command it fails. My
Nagios service page lists status as UNKNOWN and status information as
"CHECK_NRPE: Error receiving data from host."  Any ideas as to what I'm
missing? I can post more output as necessary but I think the below is
everything.:
 
[root at PS-NAT libexec]# ./check_nrpe 10.1.82.30 -c check_disk1
CHECK_NRPE: Error receiving data from host.
[root at PS-NAT libexec]#
 
/var/log/messages of xinetd restarting and then a log for when I attempt the
above check_nrpe:
 
Nov 12 11:03:38 ps-sm-poly-00 xinetd[8359]: Exiting...
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: chargen disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: chargen disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: daytime disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: daytime disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: echo disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: echo disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: rsync disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: time disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: time disabled, removing
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: xinetd Version 2.3.0 started
with libwrap options compiled in.
Nov 12 11:03:38 ps-sm-poly-00 xinetd[3178]: Started working: 2 available
services
Nov 12 11:04:15 ps-sm-poly-00 xinetd[4990]: execv( /usr/sbin ) failed:
Permission denied (errno = 13)
 
NOTE the bottom entry. That's what it logs anytime I try to do a check_nrpe
command from the nagios server (so my log is filled with them)
 
Attempt to Telnet to port 5666 on the box running NRPE (from the nagios
server):
 
[root at PS-NAT libexec]# telnet 10.1.82.30 5666
OLE_LINK1Trying 10.1.82.30...
Connected to 10.1.82.30.
Escape character is '^]'.
Connection closed by foreign host.
[root at PS-NAT libexec]#
 
Which differs from when I try to connect to a port where nothing is
listening on:
 
Trying 10.1.82.30...
telnet: connect to address 10.1.82.30: Connection refused
 
Various files, paths, configs, permissions of NRPE setup:
 
[root at ps-sm-poly-00 /root]# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = nagios
        server          = /usr/sbin
        server_args     = -i /usr/local/nagios
        log_on_failure  += USERID
        disable         = no
        only_from       = 10.1.82.21
}
 
 
[root at ps-sm-poly-00 /root]# ls -l /usr/local/nagios
total 6
drwxr-xr-x    2 root     root         1304 Nov 11 22:37 libexec
-rw-r--r--    1 root     root         3303 Nov 11 22:29 nrpe.cfg
 
 
[root at ps-sm-poly-00 /root]# ls -l /usr/sbin/nrpe
-rwxr-xr-x    1 root     root        80002 Nov 11 22:28 /usr/sbin/nrpe
 
 
[root at ps-sm-poly-00 /root]# cat /usr/local/nagios/nrpe.cfg
############################################################################
#
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios at nagios.org)
#
# Last Modified: 06-03-2002
#
# NOTES:
# This is a sample configuration file for the NRPE daemon.  It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
############################################################################
#
 
 
 
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
 
server_port=5666
 
 
 
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
 
server_address=10.1.82.21
 
 
 
# ALLOWED HOST ADDRESSES
# This is a comma-delimited list of IP address of hosts that are allowed
# to talk to the NRPE daemon.
#
# NOTE: The daemon only does rudimentary checking of the client's IP
#       address.  I would highly recommend adding entries in your
#       /etc/hosts.allow file to allow only the specified host to connect
#       to the port you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
 
allowed_hosts=10.1.82.21
 
 
 
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
 
nrpe_user=nagios
 
 
 
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
 
nrpe_group=nagios
 
 
 
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
 
debug=1
 
 
 
# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory.
 
command[check_users]=/usr/local/nagios/libexec/check_users 5 10
command[check_load]=/usr/local/nagios/libexec/check_load 5 10 15 20 25 30
command[check_disk1]=/usr/local/nagios/libexec/check_disk 80 95 /dev/hda6
command[check_disk2]=/usr/local/nagios/libexec/check_disk 80 95 /dev/hda10
command[check_disk3]=/usr/local/nagios/libexec/check_disk 80 95 /dev/sda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs 5 10 Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs 150 200
command[check_smtp]=/usr/local/nagios/libexec/check_smtp
 
 
 
[root at ps-sm-poly-00 /root]# ls -l /usr/local/nagios/libexec/
total 696
-rwxr-xr-x    1 root     root         2264 Jul  8 08:37 check_breeze
-rwxr-xr-x    1 root     root        21557 Jul  8 08:37 check_by_ssh
-rwxr-xr-x    1 root     root        21468 Jul  8 08:37 check_disk
-rwxr-xr-x    1 root     root         7741 Jul  8 08:37 check_disk_smb
-rwxr-xr-x    1 root     root        21554 Jul  8 08:37 check_dns
-rwxr-xr-x    1 root     root        11462 Jul  8 08:37 check_dummy
-rwxr-xr-x    1 root     root         3830 Jul  8 08:37 check_flexlm
-rwxr-xr-x    1 root     root        19341 Jul  8 08:37 check_ftp
-rwxr-xr-x    1 root     root        37436 Jul  8 08:37 check_http
-rwxr-xr-x    1 root     root        19072 Jul  8 08:37 check_imap
-rwxr-xr-x    1 root     root         7434 Jul  8 08:37 check_ircd
-rwxr-xr-x    1 root     root        19372 Jul  8 08:37 check_load
-rwxr-xr-x    1 root     root         5207 Jul  8 08:37 check_log
-rwxr-xr-x    1 root     root        17699 Jul  8 08:37 check_mrtg
-rwxr-xr-x    1 root     root        16036 Jul  8 08:37 check_mrtgtraf
-rwxr-xr-x    1 root     root        19527 Jul  8 08:37 check_nagios
-rwxr-xr-x    1 root     root        20291 Jul  8 08:37 check_nntp
-rwxr-xr-x    1 root     root         7853 Jul  8 08:37 check_ntp
-rwxr-xr-x    1 root     root        27386 Jul  8 08:37 check_nwstat
-rwxr-xr-x    1 root     root         4324 Jul  8 08:37 check_oracle
-rwxr-xr-x    1 root     root        21786 Jul  8 08:37 check_overcr
-rwxr-xr-x    1 root     root        24254 Jul  8 08:37 check_ping
-rwxr-xr-x    1 root     root        19296 Jul  8 08:37 check_pop
-rwxr-xr-x    1 root     root        23856 Jul  8 08:37 check_procs
-rwxr-xr-x    1 root     root        21050 Jul  8 08:37 check_real
-rwxr-xr-x    1 root     root         9695 Jul  8 08:37 check_rpc
-rwxr-xr-x    1 root     root         1180 Jul  8 08:37 check_sensors
-rwxr-xr-x    1 root     root        19590 Jul  8 08:37 check_smtp
-rwxr-xr-x    1 root     root        17952 Jul  8 08:37 check_ssh
-rwxr-xr-x    1 root     root        19382 Jul  8 08:37 check_swap
-rwxr-xr-x    1 root     root        24484 Jul  8 08:37 check_tcp
-rwxr-xr-x    1 root     root        20547 Jul  8 08:37 check_time
-rwxr-xr-x    1 root     root        19293 Jul  8 08:37 check_udp
-rwxr-xr-x    1 root     root        24689 Jul  8 08:37 check_ups
-rwxr-xr-x    1 root     root        17946 Jul  8 08:37 check_users
-rwxr-xr-x    1 root     root        19259 Jul  8 08:37 check_vsz
-rwxr-xr-x    1 root     root         3016 Jul  8 08:37 check_wave
-rwxr-xr-x    1 root     root        16752 Jul  8 08:37 urlize
-rwxr-xr-x    1 root     root         1974 Jul  8 08:37 utils.pm
-rwxr-xr-x    1 root     root          739 Jul  8 08:37 utils.sh
[root at ps-sm-poly-00 /root]#
 
 
 
Gerald Wichmann
Senior Systems Development Engineer
Zantaz, Inc.
925.598.3099 (w)
 
 
This e-mail has been captured and archived by the ZANTAZ Digital Safe(tm)
service. For more information, visit us at www.zantaz.com. 
IMPORTANT: This electronic mail message is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential or exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, or the
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender immediately by
telephone or directly reply to the original message(s) sent. Thank you.


This e-mail has been captured and archived by the ZANTAZ Digital Safe(tm)
service. For more information, visit us at www.zantaz.com. 
IMPORTANT: This electronic mail message is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential or exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, or the
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender immediately by
telephone or directly reply to the original message(s) sent. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20021112/3a671acb/attachment.html>


More information about the Users mailing list