[Nagios-users] check_nt MEMUSE

Thu Nov 19 14:13:18 UTC 2009

On 11/19/09 2:37 PM Thomas Guyot-Sionnest wrote:

Hi Thomas,

>> the Client Logfile shows me:
>>
>> [...]
>> 2009-11-19 07:43:04: error:D:\source\NSCP-stable\include\Socket.h:699:
>> Error: Could not complete SSL handshake : [-1] 1, attempting to resume...
>> [...]
>>
>> Whats going on? ;-)
> 
> This seems to be because your NRPE don't have ssl enabled. Look at the
> - --help output of check_nrpe, you should see:
> 
> SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
> 

there is nothing for SSL. We are using nrpe 1.9. (see below)

>> Here is my NSC.ini
>>
>> [...]
>>
>> [NRPE]
>> ;# NRPE PORT NUMBER
>> ;  This is the port the NRPEListener.dll will listen to.
>> port=5666
>> ;
>> ;# COMMAND TIMEOUT
>> ;  This specifies the maximum number of seconds that the NRPE daemon
>> will allow plug-ins to finish executing before killing them off.
>> ;command_timeout=60
>> ;
>> ;# COMMAND ARGUMENT PROCESSING
>> ;  This option determines whether or not the NRPE daemon will allow
>> clients to specify arguments to commands that are executed.
>> ;allow_arguments=0
>> ;
>> ;# COMMAND ALLOW NASTY META CHARS
>> ;  This option determines whether or not the NRPE daemon will allow
>> clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
>> ;allow_nasty_meta_chars=0
>> ;
>> ;# USE SSL SOCKET
>> ;  This option controls if SSL should be used on the socket.
>> use_ssl=1
> 
> Atlernatively turn this to 0 and use the -n switch in check_nrpe (so if
> you upgrade you won't break your checks by enabling SSL)+

Ok, I've set it to "0", but our check_nrpe doesn't know the "-n" option.

  ./check_nrpe -H orbiter.uclv.net -p 5666 -c 'CheckMem ShowAll=long \
MaxWarn=80 MaxCrit=90 type=physical' -n

Incorrect command line arguments supplied

NRPE Plugin for Nagios
Copyright (c) 1999-2003 Ethan Galstad (nagios at nagios.org)
Version: 1.9
Last Modified: 07-22-2003
License: GPL

Usage: ./check_nrpe -H <host_address> [-p port] [-c command] [-to to_sec]

Options:
  <host_address> = The IP address of the host running the NRPE daemon
  [port]         = The port on which the daemon is running - default is 5666
  [command]      = The name of the command that the remote daemon should run
  [to_sec]       = Number of seconds before connection attempt times out.
                   Default timeout is 10 seconds

>> ;# ALLOWED HOST ADDRESSES
>> ;  This is a comma-delimited list of IP address of hosts that are
>> allowed to talk to NRPE deamon.
>> ;  If you leave this blank the global version will be used instead.
>> allowed_hosts=<removed>
> 
> Make sure tis parameter list the IP/network from your monitoring server
> (be extra careful if your monitoring server has multiple VLANs / servers)

these are the IPs from our monitoring servers, and they don't have 
multiple VLANs/servers.

Richard