NRPEv2 not working well on embedded 2.1



  • Hi All,

    I have an issue with the NRPE plugin. I am using embedded 2.1:

    FreeBSD my.system.com 8.3-RELEASE-p11 FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 19:13:36 EDT 2013    root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386  i386

    I continually get

    CHECK_NRPE: Socket timeout after 10 seconds.

    when checking from my nagios server.

    I have also seen the SSL handshake error occasionally but the majority of the time this is the error I see.

    Most of the answers to this topic recommend to try and extend the timeout value of the check_nrpe request from the server side (tried this) or to hack up a new package with SSL included.  This doesn't seem to specifically be targeted at the embedded platform.

    Any ideas in troubleshooting/debugging this would be greatly appreciated.



  • More information on this error.

    From Nagios Server:

    
    NRPE Plugin for Nagios
    Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
    Version: 2.13
    Last Modified: 11-11-2011
    License: GPL v2 with exemptions (-l for more info)
    SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
    
    
    
    root@nagios:/usr/lib/nagios/plugins# /usr/lib/nagios/plugins/check_nrpe -H 192.168.40.254 -c check_load
    CHECK_NRPE: Socket timeout after 10 seconds.
    
    

    From pfSense:

    
    NRPE Plugin for Nagios
    Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
    Version: 2.13
    Last Modified: 11-11-2011
    License: GPL v2 with exemptions (-l for more info)
    SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
    
    
    
    [2.1-RELEASE][root@my.system.com]/(132): /usr/local/libexec/nagios/check_nrpe2 -H 192.168.40.254 -c check_load
    OK - load average: 0.62, 0.23, 0.11|load1=0.622;15.000;30.000;0; load5=0.230;10.000;25.000;0; load15=0.113;5.000;20.000;0; 
    
    

    I have tried with the -n switch with no effect.

    Connectivity to the PFSense box is there from the Nagios host

    
    root@nagios:/usr/lib/nagios/plugins# telnet 192.168.40.254 5666
    Trying 192.168.40.254...
    Connected to 192.168.40.254.
    Escape character is '^]'.
    ^]
    telnet> quit
    Connection closed.
    
    

    Tried with dont_blame_nrpe=1 as well.  Logs are not showing anything at all.

    Im guessing this must be a bug with the embedded i386 package.

    Any Ideas?



  • I can confirm that I am still having this issue with the latest embedded 2.2.1 image and NRPE v2 2.15_5 v2.2_4



  • Have you tried increasing the socket timeout on the scanning system (just add '-t 20' to the end of the 'check_nrpe' command to increase to 20 seconds)? And is your scanning server's IP address added to the 'allowed_hosts' entry in your nrpe.cfg?



  • Yes I have tried to extend the timeout with the same result.  There is no visible latency between the nagios server and pfsense.



  • And your 'allowed_hosts' entry?



  • I have tried with IP of nagios server and have added IP of pfsense to the list as well.



  • Did a little digging and found out that nrpe2 isn't compatible with nrpe (you seem to be running an nrpe check against an nrpe2 host). The solution may be to test this by putting together a quick test system equipped with nrpe2 and see if that works. If so, update your Nagios system accordingly.
    http://t36015.network-nagios-user.nagiostalk.info/nrpe-and-check-nrpe2-t36015.html



  • Thanks,  I was wondering about this exact thing.  I'll try to get nrpe2 installed on my server and go from there.


Log in to reply