[ale] CHECK_NRPE: Error receiving data from daemon.

Tony Cicirello TCicirello at switchdesk.com
Thu Feb 10 13:26:52 EST 2011 

This is probably a case of missing the obvious but i have tried everything i could think of and also what the nrpe.pdf doc suggests.  

I am installing nrpe on centOS box using yum. The package installs without error. 
Version info: nagios-nrpe x86_64 2.12-1.el5.rf 

I've added the check_nrpe command to /etc/nagios/objects/commands.cfg 
# 'check_nrpe' command definition 
define command { 
command_name check_nrpe 
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ 
} 

and the host IP address to nrpe.cfg 

nrpe is configured to run as a daemon and shows as running: 
ps auxw | grep nrpe 
root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe 
nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d 

nrpe is listening on the correct port: 
netstat -at | grep nrpe 
tcp 0 0 mail.panoston.com:nrpe *:* LISTEN 

The problem(s) arise when I run check_nrpe on the remote host. 
Running without ssl yields 
/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n 

Running with ssl yields: 
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231 
CHECK_NRPE: Error - Could not complete SSL handshake. 

I've verified that IPtables is set correctly. Here is the output: 
iptables -L 
Chain INPUT (policy ACCEPT) 
target prot opt source destination 
RH-Firewall-1-INPUT all -- anywhere anywhere 

Chain FORWARD (policy ACCEPT) 
target prot opt source destination 
RH-Firewall-1-INPUT all -- anywhere anywhere 
ACCEPT all -- 192.168.21.0/24 anywhere 

Chain OUTPUT (policy ACCEPT) 
target prot opt source destination 

Chain RH-Firewall-1-INPUT (2 references) 
target prot opt source destination 
ACCEPT all -- anywhere anywhere 
ACCEPT icmp -- anywhere anywhere icmp any 
ACCEPT esp -- anywhere anywhere 
ACCEPT ah -- anywhere anywhere 
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns 
ACCEPT udp -- anywhere anywhere udp dpt:ipp 
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp 
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 
ACCEPT all -- 192.168.2.31 anywhere state NEW 
ACCEPT all -- IP Address anywhere state NEW 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp 
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3 
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap 
ACCEPT udp -- anywhere anywhere udp spt:6277 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn 
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn 
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1 
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 

Here is the allowd_hosts line from nrpe.cfg 
allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1 


The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110210/5992574c/attachment-0001.html

More information about the Ale mailing list