NSCA Auth Problem?
Marc Powell
marc at ena.com
Thu Feb 12 21:55:25 CET 2004
On Thursday, February 12, 2004 2:24 PM, Bill Corcoran shared with us:
> I'm having a problem getting the NSCA add-on working right (should
> this go to the plugins list or the nagios list? i guessed here
> first).
>
> i've written a small wrapper in perl for the standard check_disk
> plugin so that it produces the output formatted as required by NSCA
> as specified in the README. then, i pipe it to send_nsca and here's
> what
> happens:
>
> (client side):
> [user at host test]$ ./check_disk_wrapper | ./send_nsca -H <nagios_host>
> -p <remote_port> -c ./send_nsca.cfg
> Error: Server closed connection before init packet was received
> Error: Could not read init packet from server
>
> (server side):
> [user at shost nagios]# ps -waux | grep nsca
> nagios 12026 0.0 0.2 1860 660 ? S Feb10 0:00
> /usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca2.cfg
> --single [user at shost nagios]# tail -f /var/log/messages Feb 11
> 08:06:44 <nagios_host> nsca[12026]: Host <client_ip> is not allowed
> to talk to us!
>
> Both the nsca daemon and nagios were both started standalone/manually.
> Both nsca.cfg on the server and send_nsca.cfg on the client have the
> same encryption method and password, and are using the same port.
> The client ip has been allowed in iptables on the server (most other
> things are blocked), as well as hosts.allow/xinetd config (but when i
> try running the nsca daemon under xinetd, i get the same thing on the
> client but no indication whatsoever on the server). And of course
> the host/service have been specified as usual in nagios' hosts.cfg
> and services.cfg, with active checks off and passive checks on.
>
> what the heck is going on here? is there some hidden place/way i
> need to tell nsca to allow my client to send passive checks? thanks
> for any and all help.
It's really not hidden. In nsca.cfg on your server --
# ALLOWED HOST ADDRESSES
# This is a comma-delimited list of IP address of hosts that are allowed
# to talk to the NSCA daemon.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend running as a service under
# inetd instead of as a standalone daemon and using TCP wrappers to
# limit access.
allowed_hosts=127.0.0.1,<your client ip>
--
Marc
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list