+2
Hi,
I explain my problem, i need to oversee my windows computer with centreon.
I install centreon_nrpe3_plugin on windows and linux, i edit my file .ini with correct informations.
But when i try from linux this command : ./check_centreon_nrpe3 -H x.x.x.x -p 5666 -u -2 -P 8192
The result is : CHECK_NRPE STATE UNKNOWN : Socket timeout after 10 seconds.
Do you know why i have this error ?
I stay available if you need more info.
Thanks,
Best answer by christophe.niel-ACT
View originalHello
Socket Timeout means there is a network issue, a firewall rule, something not ok in the config on the target host
nrpe (on linux) or nsclient(on windows) is a service that listen on the tcp port that you have setup in the config on the host. The default is 5666.
please check these points :
1 : make sure the daemon or service is running
2 : make sure on your host that the port is open and listening (netstat -an on windows, netstat -ntaupe on linux, look for a listening port on 5666)
3 : test from the poller “ telnet xxxx 5666 ” (or nc/netcat) to see if it connects to the host
(to be clear on the words : host = the server you want to monitor where you have installed the nrpe daemon, poller = the centreon serveur that has the check_nrpe command)
if all these point are ok, then it may be an issue in the config file.
+2
Hello Christophe,
The daeomon is running on linux and windows, no problem on this
firewall has been desactivate on linux and windows too.
telnet from my linux to windows is ok.
I see with netstat the packet but after 15-20 seconds, linux is on waiting, and windows clear her netstat.. so i don’t know
My config.ini i think is ok but maybe...
netstat was to check is the tcp port 5666 was listening.
if you cant telnet 5666 then it’s probably a nsclient.ini problem indeed, did you follow the guide and setup your .ini correctly
here is the default “out of the box” section for nrpe in nsclient.ini
; Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 0.0.0.0/0
; PORT NUMBER - Port to use for NRPE.
port = 5666
; Needed for long output, with check_centreon_nrpe
payload length = 8192
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client).
; extended response = true
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
make sure you have the payload 8192
change “allowed hosts = 0.0.0.0/0“ by your poller’s IP Adress :
“allowed hosts = 192.168.x.y “ for example as explained in the documentation : Centreon NSClient++ | Centreon Documentation
then restart the service
+2
I have this on my .ini :
# NRPEServer SETTINGS
[/settings/NRPE/server]
allow arguments = true
allow nasty characters = true
allowed hosts = 192.168.244.16
port = 5666
payload length = 8192
insecure = false
use ssl = false
If i enable insecure and use ssl i have other error, is this : check_nrpe: (ssl_err !=5) Error - Could not complete SSL handshake
mmmh, I personnaly uses nsclient restapi, because of historical and security reasons,
but if you don’t want to use ssl then : then put this in the ini
use ssl = false
and in the command line you need to pass “-n” or “--no-ssl”. --help tell you this :
-n, --no-ssl Do no use SSL
in your case if “use ssl=false” and “-n” in the command line, then there is a network issue
I just tried on a server at home :
=> I get a timeout like you
with -n option : instant reply OK.
(Even if this work, I would still suggest to fix your SSL issues and “use ssl=true”, for security sake.)
then you will need to add the “ -n” option in each host where you have ssl disabled (in the macro nrpe extra options) like this :
+2
I try different commands :
the result :
you are making a mistake between -p an -P
-P, --payload-size=SIZE Specify non-default payload size for NSClient++
-p, --port=PORT The port on which the daemon is running (default=5666)
in your first post it was ok
./check_centreon_nrpe3 -H x.x.x.x -p 5666 -u -2 -P 8192
so let’s try using ssl with the correct command line (modify nsclient.ini, restart nsclient service)
./check_centreon_nrpe3 -H x.x.x.x -p 5666 -u -2 -P 8192
and without ssl (modify nsclient.ini, restart nsclient service)
./check_centreon_nrpe3 -H x.x.x.x -p 5666 -u -2 -P 8192 -n
(and your netstat -an is a windows command to see if the port is open on the HOST not the poller
the command on windows to grep is “ netstat -an | findstr -i listen “ )
+2
Oh ! it’s working !!
Thank you for your help.. i stay blocked just for “ -n”
I’m going to edit all check and try to see if it’s good now.
Thank a lot again !
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.