[root@junon libexec]# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
CHECK_NRPE: Error - Could not complete SSL handshake.
[root@junon libexec]# /usr/local/nagios/libexec/check_nrpe -H 192.168.4.3
Connection refused by host
In /etc/xinetd.d/nrpe connections are allowed from 127.0.0.1
Naios debugging says :
-
Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.
-
SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches).
-
Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.
-
Pseudo-random device files are not readable. Greg Haygood noted the following… “After wringing my hair out and digging around with truss, I figured out the problem on my Solaris 8 boxen. The files /devices/pseudo/random* (linked through /dev/*random, and provided by Sun patch 112438) were not readable by the nagios user I use to launch NRPE. Making the character devices world-readable solved it.”
-
Unallowed address. If you’re running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say “only_from = xxx.xxx.xxx.xxx”, where xxx.xxx.xxx.xxx is the IP address that you’re connected to the NRPE daemon from.
[root@junon libexec]# netstat -at | grep nrpe
tcp 0 0 *:nrpe : LISTEN
-
SSL is installed and enabled (how can I check ??)
-
everyone has read on nrpe.cfg
-
don’t understand
-
only_from = 127.0.0.1
So what is going wrong ???
Thanks for the help !
[root@ares snmp]# /usr/local/nagios/libexec/check_nrpe -H 192.168.4.170
NRPE v2.8
ares (192.168.4.3) is the monitoring server with nagios installed)
junon (192.168.4.170) is the server to be monitored
check_nrpe from ares to junon : OK
check_nrpe from junon to ares : connection refused by host