CHECK_NRPE: Socket timeout after 10 seconds.

Alex Dehaini alexdehaini at gmail.com
Wed Sep 3 11:06:11 CEST 2008


In that case, then it is not the firewall then.

Lex

On Wed, Sep 3, 2008 at 8:58 AM, J. Bakshi <joydeep at infoservices.in> wrote:

> Alex Dehaini wrote:
> > Why not drop this rule temporarily and test. If it works, then you
> > know for sure it is your firewall.
>
> I did it. but no success. I should look into it in depth
>
>
>
> >
> > Alternatively, you could seek commercial support.
> >
> > Lex
> >
> > On Wed, Sep 3, 2008 at 4:21 AM, J. Bakshi <joydeep at infoservices.in
> > <mailto:joydeep at infoservices.in>> wrote:
> >
> >     Mark Young wrote:
> >     > On Sep 2, 2008, at 9:44 AM, J. Bakshi wrote:
> >     >
> >     >
> >     >> J. Bakshi wrote:
> >     >>
> >     >>> Alex Dehaini wrote:
> >     >>>
> >     >>>
> >     >>>> Dude,
> >     >>>>
> >     >>>> I am assisting with nagios not your firewall. Read your firewall
> >     >>>> docs
> >     >>>> very well. Remember to always read the documentation carefully
> >     >>>> before
> >     >>>> requesting for assistance that are already in the docs.
> >     >>>>
> >     >>>>
> >     >>> The nrpe docs mentions abt the firewall rules which I have
> already
> >     >>> used,
> >     >>> but no luck :-(
> >     >>>
> >     >>>
> >     >> Not firewall; I have solved the problem by incresing time with -t
> >     >>
> >     >
> >     >  From what you are describing I believe that this is a problem with
> >     > your xinetd nrpe configuration.  I run into this problem a lot.  By
> >     > default Xinet will only allow so many instances per second that if
> >     > exceeded xinet will refuse connects for certain amount of time.
> >     > Basically your remote server thinks that it is being DDoS.
> >      Increasing
> >     > the time is only covering a symptom.
> >     >
> >
> >     Hi Mark,
> >
> >     Thanks for your hints and configuration.
> >     I'm not using xinetd. I'm using nrpe daemon instead.
> >     May be my firewall is responsible for the problem but I'm not sure
> >     Even after increasing the time with  -t 20 the commands still report
> >     socket time out :-(
> >
> >     Here is the rule set I have in my firewall. May be this create the
> >     problem
> >
> >     ## SYN-FLOODING PROTECTION
> >     # This rule maximises the rate of incoming connections. In order to
> do
> >     this we divert tcp
> >     # packets with the SYN bit set off to a user-defined chain. Up to
> >     limit-burst connections
> >     # can arrive in 1/limit seconds ..... in this case 4 connections
> >     in one
> >     second. After this, one
> >     # of the burst is regained every second and connections are allowed
> >     again. The default limit
> >     # is 3/hour. The default limit burst is 5.
> >     #
> >     iptables -N syn-flood
> >     iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
> >     iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
> >     iptables -A syn-flood -j DROP
> >
> >
> >     with regards
> >
> >     > You can change this globally or per service by adding these lines
> in
> >     > ether /etc/xinetd.conf or /etc/xinetd.d/nrpe.  You can play with
> the
> >     > exact numbers you need.  I believe the default is 50 connections a
> >     > second.
> >     >
> >     > # CPS where 100 connection per second with a timepout of 10
> >     seconds if
> >     > exceded.
> >     >
> >     > # Max number of instances running
> >     >
> >     > [myoung at vserve xinetd.d]# more nrpe
> >     > # default: on
> >     > # description: NRPE (Nagios Remote Plugin Executor)
> >     > service nrpe
> >     > {
> >     >               flags           = REUSE
> >     >          socket_type     = stream
> >     >       port            = 5666
> >     >               wait            = no
> >     >          user            = nagios
> >     >       group           = nagios
> >     >               server          = /usr/local/nagios/bin/nrpe
> >     >          server_args     = -c /usr/local/nagios/etc/nrpe.cfg
> --inetd
> >     >               log_on_failure  += USERID
> >     >          disable         = no
> >     >       only_from       = 127.0.0.1
> >     <http://127.0.0.1>,IP.ADDRESS.OF.NAGIOS
> >     >       cps             = 100 10
> >     >       instances       = 300
> >     > }
> >     >
> >     >
> >     > Good luck!
> >     >
> >     > Mark Young
> >     > ___
> >     > Nagios Enterprises, LLC
> >     > Web:    www.nagios.com <http://www.nagios.com>
> >     >
> >     >
> >     >
> >
> -------------------------------------------------------------------------
> >     > This SF.Net email is sponsored by the Moblin Your Move
> >     Developer's challenge
> >     > Build the coolest Linux based applications with Moblin SDK & win
> >     great prizes
> >     > Grand prize is a trip for two to an Open Source event anywhere
> >     in the world
> >     > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >     <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> >     > _______________________________________________
> >     > Nagios-users mailing list
> >     > Nagios-users at lists.sourceforge.net
> >     <mailto:Nagios-users at lists.sourceforge.net>
> >     > https://lists.sourceforge.net/lists/listinfo/nagios-users
> >     > ::: Please include Nagios version, plugin version (-v) and OS
> >     when reporting any issue.
> >     > ::: Messages without supporting info will risk being sent to
> >     /dev/null
> >     >
> >     >
> >
> >
> >     --
> >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >     Joydeep Bakshi, Linux System Admin
> >     Kolkatainfoservices Pvt Ltd,
> >     23A Royd Street, Kolkata 700016, India
> >     Work Phone 91 033 40014784
> >     http://infoservices.in/
> >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> >
> -------------------------------------------------------------------------
> >     This SF.Net email is sponsored by the Moblin Your Move Developer's
> >     challenge
> >     Build the coolest Linux based applications with Moblin SDK & win
> >     great prizes
> >     Grand prize is a trip for two to an Open Source event anywhere in
> >     the world
> >     http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >     <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> >     _______________________________________________
> >     Nagios-users mailing list
> >     Nagios-users at lists.sourceforge.net
> >     <mailto:Nagios-users at lists.sourceforge.net>
> >     https://lists.sourceforge.net/lists/listinfo/nagios-users
> >     ::: Please include Nagios version, plugin version (-v) and OS when
> >     reporting any issue.
> >     ::: Messages without supporting info will risk being sent to
> /dev/null
> >
> >
> >
> >
> > --
> > Alex Dehaini
> > Developer
> > Site - www.alexdehaini.com <http://www.alexdehaini.com>
> > Email - alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Joydeep Bakshi, Linux System Admin
> Kolkatainfoservices Pvt Ltd,
> 23A Royd Street, Kolkata 700016, India
> Work Phone 91 033 40014784
> http://infoservices.in/
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>


-- 
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - alexdehaini at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080903/5dc31597/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list