NRPE: Could not complete SSL handshake
Jeffrey Lensen
jeffrey at hyves.nl
Sun Apr 8 11:28:34 CEST 2007
Do you have something like a nagios.log file? Where Nagios logs its
alerts, external commands,etc? You can set this in your nagios.cfg file.
In here you should see something like:
[1175986495] SERVICE ALERT:
${host};${servicecheck};CRITICAL;SOFT;1;CHECK_NRPE: Could not complete
SSL handshake
This should give you an idea where the problem lies.
- Jeffrey
Andy Shellam wrote:
> Hi Jeffrey,
>
> That's what I thought - but as I said, all checks that use NRPE on any
> of these servers are succeeding, plus the times that the errors are
> logged do not correspond to a time that Nagios runs a check.
>
> Andy.
>
> Jeffrey Lensen wrote:
>
>> Hey Andy,
>>
>> Have you tried running your NRPE checkcommands manually?
>> ${NRPE_DIR}/check_nrpe -H ${host} -c ${command} -a
>> ${arguments_if_you_have_any}
>> What does this return?
>>
>> Usually when you get an error like this, it means that you have not
>> specified the ipaddress of the Nagios server (doing the nrpe
>> checkcommands) in the nrpe.cfg on the machine(s) being checked.
>> So make sure you have something like this:
>> allowed_hosts=127.0.0.1,${nagios_ip}
>>
>> Hope this helps,
>>
>> Jeffrey
>>
>>
>> Andy Shellam wrote:
>>
>>> Hi,
>>>
>>> I'm running NRPE 2.7.1 on a Fedora 6 machine.
>>> My Nagios 2.8 server is talking to it fine, and all NRPE checks are
>>> succeeding.
>>>
>>> However, every 5 minutes I'm getting the following error logged in my
>>> /var/log/messages log on the FC6 machine:
>>>
>>> Apr 8 08:33:58 acs20aa6 nrpe[23649]: Error: Could not complete SSL
>>> handshake. 5
>>>
>>> Yet when I look in my /var/log/secure log (which stores every command
>>> run through sudo from NRPE), I cannot match the SSL handshake error
>>> to a time of a check attempt from my Nagios server, e.g. for the
>>> above error:
>>>
>>> Apr 8 08:31:10 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_uptime
>>> Apr 8 08:31:10 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_dns -H
>>> portland-1.andyshellam.eu -a 89.200.137.203 -t 5 -w 3 -c 5
>>> Apr 8 08:31:10 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_load -w 5,4,3 -c
>>> 10,8,6
>>> Apr 8 08:35:18 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_disk -w 25% -c
>>> 10% -p /
>>> Apr 8 08:35:19 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_procs -w 1:1 -c
>>> 1:1 -C named
>>> Apr 8 08:35:19 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_swap -w 25% -c 10%
>>> Apr 8 08:35:32 acs20aa6 sudo: nagios : TTY=unknown ; PWD=/ ;
>>> USER=root ; COMMAND=/usr/local/nagios/libexec/check_procs -w 150 -c 200
>>>
>>> As you can see, there is no check being carried out at 8:33 (the time
>>> of the SSL error.) Plus there are no failing NRPE checks on the
>>> Nagios server for this host.
>>>
>>> I'm baffled.
>>>
>>> I've just checked on 2 of my other machines, which are running NRPE
>>> 2.7.1 on Fedora 4 and FreeBSD 6.1, and they both have the same
>>> problem - a reported SSL handshake error when no checks were being
>>> carried out.
>>>
>>> Now, on the FreeBSD machine, it has a firewall only letting my Nagios
>>> server talk to port 5666, so I know it's not possible for it to be
>>> another Nagios machine somewhere.
>>>
>>> Any ideas what could be causing NRPE to fail a connection attempt
>>> every 5 minutes, when it doesn't appear to be Nagios talking to it?
>>>
>>> Thanks
>>>
>>> Andy
>>>
>>> -------------------------------------------------------------------------
>>>
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to
>>> share your
>>> opinions on IT & business topics through brief surveys-and earn cash
>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>>
>>> _______________________________________________
>>> Nagios-users mailing list
>>> Nagios-users at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>> reporting any issue. ::: Messages without supporting info will risk
>>> being sent to /dev/null
>>>
>>>
>> !DSPAM:37,4618b06689291545070445!
>>
>>
>>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20070408/a5a0f899/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list