NSCA, NRPE+SSL woes

Michael Tucker mtucker at airmail.net
Mon Dec 29 23:43:09 CET 2003

Previous message: check_http and switches/hubs issues
Next message: NRPE 2.0 compile problem on Solaris 2.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Howdy:

I'm trying to set up nagios for the first time, using a central server, 
a distributed server, and hosts which are monitored by the distributed 
server. I seem to have everything working except for a couple of things.

  * * *

First, send_nsca -> nsca isn't working at all.

I have verified that nsca.cfg on the central server has 
"allowed_hosts={distributed server's hostname}". The central server can 
resolve the distributed server's hostname, and it can connect to it 
(ping). The submit_check_result shell script on the distributed server 
is exactly as indicated in the nagios documentation. There is no 
password in either check_nsca.cfg or nsca.cfg, and the 
encryption/decryption option is set to "1" (XOR). (I.e., I'm using the 
defaults on both ends for now.) All of the files belong to user:group 
nagios:nagios, which is the same user and group that owns the nagios 
process.

However, the central server never receives any data from the 
distributed server. If I attempt to run send_nsca manually, I get the 
following result:

> # /usr/bin/echo {arguments} | /usr/local/nagios/bin/send_nsca -H 
> {central server's hostname} -c /usr/local/nagios/bin/send_nsca.cfg
> Error: Server closed connection before init packet was received
> Error: Could not read init packet from server

I get the same result whether I run nsca (on the central server) as a 
standalone daemon, or through inetd.

If I enable active checks on the central server, it can "see" the 
monitored host and reports that it is healthy. If I disable active 
checks, wipe out the status log and restart nagios, it reports the 
monitored host's status as PENDING (of course, because it never 
receives any status report from nsca).

  * * *

Second, check_nrpe -> nrpe doesn't work if I enable SSL. If I disable 
SSL, it works fine. But with SSL enabled, I get the following result:
> # ./check_nrpe -H {host to monitor} -c check_load
> CHECK_NRPE: Error - Could not complete SSL handshake.

I get the same result whether I run nrpe as a standalone daemon on the 
monitored host, or through inetd. For what it's worth, I settled on 
running it through inetd with tcp wrappers, since that works fine as 
long as SSL is not enabled. I am working around this for now, but any 
help in this regard would be appreciated.

Thanks in advance for any help,
Michael



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_http and switches/hubs issues
Next message: NRPE 2.0 compile problem on Solaris 2.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list