Problems with two plugins timing out
Kaplan, Andrew H.
AHKAPLAN at PARTNERS.ORG
Tue Jan 29 18:05:46 CET 2008
Hi there -
I am monitoring a system that functions as a mail and ssh server. Along with the
check_ssh and check_smtp plugins, I am also monitoring the mailq, check_mailq,
the diskspace, check_disk, and also the processes, check_procs. The latter three
plugins are working fine, but the first two, check_ssh and check_smtp, are
getting
socket timeout errors. The Nagios server and NRPE client are running the 2.6
version.
I ran the two plugins from the command line on both the Nagios server, via
check_nrpe, and on the client in question, using just the plugins. I included
the -p option
to specify the port. Both instances resulted in timeouts occurring. The client
system is running iptables, and I had configured it to allow what I thought was
the appropriate
traffic to go and come from the system. Listed below is an excerpt that deals
with this issue:
### Accept connections from <ip address> # Make sure to include these entries in
the OUTPUT chain.
$IPTABLES -A INPUT -p icmp -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 5666 -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 5666 -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 22 -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 25 -s <ip address> -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 25 -s <ip address> -j ACCEPT
...
$IPTABLES -A OUTPUT -p icmp -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 5666 -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 5666 -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 22 -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 22 -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 25 -d <ip address> -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 25 -d <ip address> -j ACCEPT
Are there any additional ports that I need to provide exceptions for in order to
get the two plugins to work? Thanks.
The information transmitted in this electronic communication is intended only
for the person or entity to whom it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of or taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received this
information in error, please contact the Compliance HelpLine at 800-856-1983 and
properly dispose of this information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080129/763f6b8d/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list