Hi Eric,
Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor.
And running the nrpe checl locally:
[root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15
[root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126
And I do have port 5666 open on the security group for this host.
And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead.
[root@ops:~] #service iptables status Firewall is stopped.
It's only when checking from the monitoring host that nrpe fails:
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake.
Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon....
Thanks for any and all help with this one!! Tim
On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann e.lehmann88@gmail.com wrote:
Hi Does the deamon run under xinetd? Then you have to configure the only_from in */etc/**xinetd.d**/**nrpe* to.
Regards Eric Am 01.05.2015 06:46 schrieb "Tim Dunphy" bluethundr@gmail.com:
Hello,
I am trying to monitor a host in the Amazon EC2 cloud.
Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error:
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake.
And if I telnet into the host on port 5666 to see if the FW port is open, the connection closes right away:
[root@monitor1:~] #telnet ops.somewhere.com 5666 Trying 54.225.218.125... Connected to ops.somewhere.com. Escape character is '^]'. Connection closed by foreign host.
You can see there it connects, but then it closes immediately after the connection.
I have NRPE running on the host I want to monitor:
[root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root 5u IPv4 4063 TCP *:nrpe (LISTEN)
And I have the IP of my nagios server listed in the xinetd conf file:
[root@ops:~] #cat /etc/xinetd.d/nrpe # default: on # description: NRPE (Nagios Remote Plugin Executor) service nrpe { flags = REUSE socket_type = stream port = 5666 wait = no user = nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 xx.xx.xx.xx # <- representing my
real
nagios server IP }
And I have my default security group for that host open on port 5666 to
the
world for this experiment. I plan on locking that down again to the
single
IP of my monitoring host once I get this resolved.
Does anyone have any suggestions on how I can get that problem solved?
Thanks, Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos