CHECK_NRPE: Socket timeout after 10 seconds.
Alex Dehaini
alexdehaini at gmail.com
Wed Sep 3 11:06:11 CEST 2008
In that case, then it is not the firewall then.
Lex
On Wed, Sep 3, 2008 at 8:58 AM, J. Bakshi <joydeep at infoservices.in> wrote:
> Alex Dehaini wrote:
> > Why not drop this rule temporarily and test. If it works, then you
> > know for sure it is your firewall.
>
> I did it. but no success. I should look into it in depth
>
>
>
> >
> > Alternatively, you could seek commercial support.
> >
> > Lex
> >
> > On Wed, Sep 3, 2008 at 4:21 AM, J. Bakshi <joydeep at infoservices.in
> > <mailto:joydeep at infoservices.in>> wrote:
> >
> > Mark Young wrote:
> > > On Sep 2, 2008, at 9:44 AM, J. Bakshi wrote:
> > >
> > >
> > >> J. Bakshi wrote:
> > >>
> > >>> Alex Dehaini wrote:
> > >>>
> > >>>
> > >>>> Dude,
> > >>>>
> > >>>> I am assisting with nagios not your firewall. Read your firewall
> > >>>> docs
> > >>>> very well. Remember to always read the documentation carefully
> > >>>> before
> > >>>> requesting for assistance that are already in the docs.
> > >>>>
> > >>>>
> > >>> The nrpe docs mentions abt the firewall rules which I have
> already
> > >>> used,
> > >>> but no luck :-(
> > >>>
> > >>>
> > >> Not firewall; I have solved the problem by incresing time with -t
> > >>
> > >
> > > From what you are describing I believe that this is a problem with
> > > your xinetd nrpe configuration. I run into this problem a lot. By
> > > default Xinet will only allow so many instances per second that if
> > > exceeded xinet will refuse connects for certain amount of time.
> > > Basically your remote server thinks that it is being DDoS.
> > Increasing
> > > the time is only covering a symptom.
> > >
> >
> > Hi Mark,
> >
> > Thanks for your hints and configuration.
> > I'm not using xinetd. I'm using nrpe daemon instead.
> > May be my firewall is responsible for the problem but I'm not sure
> > Even after increasing the time with -t 20 the commands still report
> > socket time out :-(
> >
> > Here is the rule set I have in my firewall. May be this create the
> > problem
> >
> > ## SYN-FLOODING PROTECTION
> > # This rule maximises the rate of incoming connections. In order to
> do
> > this we divert tcp
> > # packets with the SYN bit set off to a user-defined chain. Up to
> > limit-burst connections
> > # can arrive in 1/limit seconds ..... in this case 4 connections
> > in one
> > second. After this, one
> > # of the burst is regained every second and connections are allowed
> > again. The default limit
> > # is 3/hour. The default limit burst is 5.
> > #
> > iptables -N syn-flood
> > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
> > iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
> > iptables -A syn-flood -j DROP
> >
> >
> > with regards
> >
> > > You can change this globally or per service by adding these lines
> in
> > > ether /etc/xinetd.conf or /etc/xinetd.d/nrpe. You can play with
> the
> > > exact numbers you need. I believe the default is 50 connections a
> > > second.
> > >
> > > # CPS where 100 connection per second with a timepout of 10
> > seconds if
> > > exceded.
> > >
> > > # Max number of instances running
> > >
> > > [myoung at vserve xinetd.d]# more nrpe
> > > # default: on
> > > # description: NRPE (Nagios Remote Plugin Executor)
> > > service nrpe
> > > {
> > > flags = REUSE
> > > socket_type = stream
> > > port = 5666
> > > wait = no
> > > user = nagios
> > > group = nagios
> > > server = /usr/local/nagios/bin/nrpe
> > > server_args = -c /usr/local/nagios/etc/nrpe.cfg
> --inetd
> > > log_on_failure += USERID
> > > disable = no
> > > only_from = 127.0.0.1
> > <http://127.0.0.1>,IP.ADDRESS.OF.NAGIOS
> > > cps = 100 10
> > > instances = 300
> > > }
> > >
> > >
> > > Good luck!
> > >
> > > Mark Young
> > > ___
> > > Nagios Enterprises, LLC
> > > Web: www.nagios.com <http://www.nagios.com>
> > >
> > >
> > >
> >
> -------------------------------------------------------------------------
> > > This SF.Net email is sponsored by the Moblin Your Move
> > Developer's challenge
> > > Build the coolest Linux based applications with Moblin SDK & win
> > great prizes
> > > Grand prize is a trip for two to an Open Source event anywhere
> > in the world
> > > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> > > _______________________________________________
> > > Nagios-users mailing list
> > > Nagios-users at lists.sourceforge.net
> > <mailto:Nagios-users at lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > > ::: Please include Nagios version, plugin version (-v) and OS
> > when reporting any issue.
> > > ::: Messages without supporting info will risk being sent to
> > /dev/null
> > >
> > >
> >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Joydeep Bakshi, Linux System Admin
> > Kolkatainfoservices Pvt Ltd,
> > 23A Royd Street, Kolkata 700016, India
> > Work Phone 91 033 40014784
> > http://infoservices.in/
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> > challenge
> > Build the coolest Linux based applications with Moblin SDK & win
> > great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in
> > the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > <mailto:Nagios-users at lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> > reporting any issue.
> > ::: Messages without supporting info will risk being sent to
> /dev/null
> >
> >
> >
> >
> > --
> > Alex Dehaini
> > Developer
> > Site - www.alexdehaini.com <http://www.alexdehaini.com>
> > Email - alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Joydeep Bakshi, Linux System Admin
> Kolkatainfoservices Pvt Ltd,
> 23A Royd Street, Kolkata 700016, India
> Work Phone 91 033 40014784
> http://infoservices.in/
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - alexdehaini at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080903/5dc31597/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list