Skip to main content

Hello guys 

 

i have a problem when trying to connect to nsclient 

my windows box is running the nsclient++ 

 

when i’m trying to connect to my nsclient from my centreon server i have a timeout on my centreon 

here is the command on my centreon 

/usr/lib/nagios/plugins/check_nrpe -H <ip of the windows>  -p 5666   -n 

 

here is the message from the logs of the nsclient 

\include/nrpe/server/protocol.hpp: Accepting connection from <ip of the centreon server>, count = 1

\include\socket/connection.hpp: Failed to read data : End of file

 

here is my config file  

# If you want to fill this file with all available options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = debug

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log


; A list of modules.
[/modules]

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; CheckNSCP - Use this module to check the health and status of NSClient++ itself
CheckNSCP = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1

; CheckTaskSched - Check status of your scheduled jobs.
CheckTaskSched = 1

; CheckNet - Network related check such as check_ping.
CheckNet = 1

; WEBServer - A server that listens for incoming HTTP connection and processes incoming requests. It provides both a WEB UI as well as a REST API in addition to simplifying configuration of WEB Server module.
WEBServer = enabled


; Section for REST API
[/settings/WEB/server]

; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 0.0.0.0/0

;CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true

; PORT NUMBER - Port to use for REST API.
port = 8443

; CERTIFICATE - Ssl certificate to use for the ssl server
certificate =


; Section for REST API roles
[/settings/WEB/server/roles]
limited = *.get


; Section for REST API users
[/settings/WEB/server/users/centreon]
password = centreon
role = limited


; Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\ ]{}) characters in arguments.
allow nasty characters = true

timeout = 120
; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 0.0.0.0/0

; PORT NUMBER - Port to use for NRPE.
port = 5666


; Needed for long output, with check_centreon_nrpe
payload length = 8192

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client).
; extended response = true

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false

; DH KEY-
dh = ${certificate-path}/nrpe_dh_2048.pem


[/settings/external scripts]
allow arguments = 1
allow nasty characters = 1


[/settings/external scripts/scripts/default]
ignore perfdata = true


[/settings/external scripts/scripts]
check_logfiles = scripts\\centreon\\check_logfiles.exe $ARG1$
check_centreon_plugins = scripts\\centreon\\centreon_plugins.exe --plugin=$ARG1$ --mode=$ARG2$ $ARG3$


;
[/settings/default]

; PASSWORD - Password used to authenticate against server
password = XXXXXX

; ALLOWED HOSTS - A comma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1

 

 

 

 

 

 

Hi,

You should add host in /setting/NRPE/server :

=====

[/settings/NRPE/server]

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 172.xx.xx.xx,172.xx.xx.xx

; PORT NUMBER - Port to use for NRPE.
port = 5666

=====

hello 

 

Thanks for your answer 

 

i changed the allowed host from 0.0.0.0/0 to the ip adress from the server who connect to my windows machine and i still have the same error 

 

and 0.0.0.0/0 mean to accept connection from anyone so i don’t think it has to be with my problem 

Hello, 

 

  • Have you open your port 8443/tcp on your windows host ? 
New-NetFirewallRule –DisplayName “IN 8443/TCP” -Direction inbound –Profile Any –Action Allow –LocalPort 8443 –Protocol TCP
  • ‘WEBServer = enabled’ should be set to ‘WEBServer = 1’.
  • ‘certificate =’ isn’t set, by default it is ‘certificate = ${certificate-path}/certificate.pem’.
    • Set back ‘use ssl’ to true.



 

Hello hboulouz 

 

thanks for your response 

 

here is the output everythings seems fine

 

PS C:\Users\Administrateur> New-NetFirewallRule -DisplayName "In 8443/TCP" -Direction inbound -Profile Any -Action Allow -LocalPort 8443 -Protocol TCP


Name                          : {XXXXXXXXXXXXXXXXXX}
DisplayName                   : In 8443/TCP
Description                   :
DisplayGroup                  :
Group                         :
Enabled                       : True
Profile                       : Any
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : La règle a été analysée à partir de la banque. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId

 

 

 

 

i added ; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem

 

then restarted the service

 

and tested with the nagios client 

/usr/lib/nagios/plugins/check_nrpe -H <ip of the windows box>

 

and still have the same error 


2025-02-18 09:41:51: debug:c:\source\0.5.2\include\nrpe/server/protocol.hpp:92: Accepting connection from: <ip of the debian box>, count=1
2025-02-18 09:41:51: error:c:\source\0.5.2\include\socket/connection.hpp:168: Failed to read data: short read

if i try with ssl disable on the command

i have this 

root@vm-lab-centreon:/home/centreon# /usr/lib/nagios/plugins/check_nrpe -H <ip of the windows> -n
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

 

and that on the windows box logs 

 

2025-02-18 09:41:51: debug:c:\source\0.5.2\include\nrpe/server/protocol.hpp:92: Accepting connection from: <ip of the debian box>, count=1
2025-02-18 09:41:51: error:c:\source\0.5.2\include\socket/connection.hpp:168: Failed to read data: short read

 

 

 

 

 

 

 

Here is the message of error when i restart nscp service i think it comes from here 

 


ading plugin: CheckNSCP
: Crash folder is: C:\Program Files\Centreon NSClient++/crash-dumps ading plugin: CheckNet
ading plugin: CheckSystem
p: 226: Failed to load: disk_queue_length: Invalid strategy: UNKNOWN
ading plugin: CheckTaskSched
ading plugin: NRPEServer
120: Non-standard buffer length (hope you have recompiled check_nrpe changing #define MAX_PACKETBUFFER_LENGTH
126: Allowed hosts definition: <ip from the centreon>(255.255.255.255), 0.0.0.0(0.0.0.0)
=
8192
127: Server config: address: UNKNOWN:5666, ssl enabled: none, no certificate, dh: C:\Program Files\Centreon NSClient++/securi 236: Not checking PDH data
': Exception in Failed to load NRPEServer: : resolve: Hôte inconnu
ugin refused to load: NRPEServer
ading plugin: WEBServer
1: Using certificate: C:\Program Files\Centreon NSClient++/security/certificate.pem
5: Loading webserver on port: 8443
nt++ 0.5.2.41 2018-04-26 Started! ng: DONE

i managed to solve the problem i think here is the message in the logs at the start 

 


CheckExternalScripts.cpp:63: Using script path: C:\Program Files\Centreon NSClient++ CheckExternalScripts.cpp:67: Using regexp: UNKNOWN
': Loading plugin: CheckHelpers
': Loading plugin: CheckNSCP
>p:51: Crash folder is: C:\Program Files\Centreon NSClient++/crash-dumps
': Loading plugin: CheckNet
': Loading plugin: CheckSystem
m.cpp:226: Failed to load: disk_queue_length: Invalid strategy: UNKNOWN
': Loading plugin: CheckTaskSched
': Loading plugin: NRPEServer
cpp:120: Non-standard buffer length (hope you have recompiled check_nrpe changing #define MAX_PACKETBUFFER_LENGTH cpp:126: Allowed hosts definition: 10.0.10.112(255.255.255.255)
cpp:127: Server config: address: :5666, ssl disabled
cpp:236: Not checking PDH data
Binding to: :::]:5666(ipv6)
Attempting to bind to: :::]:5666(ipv6)
I
Binding to: 0.0.0.0:5666(ipv4), reopen: true, reuse: true
Attempting to bind to: 0.0.0.0:5666(ipv4)
': Loading plugin: WEBServer
>p:161: Using certificate: C:\Program Files\Centreon NSClient++/security/certificate.pem
>p:185: Loading webserver on port: 8443
Client++ 0.5.2.41 2018-04-26 Started!
:arting: DONE
= 8192

 

 

 

but i still have the problem from earlier 

Hello i manage to fix my problem 

 

The payload-size was not the same in the config file then by default when you use the command to test it 

 /usr/lib/nagios/plugins/check_nrpe -H <ip of the windows box>

 

so you need to precise it 

 

 /usr/lib/nagios/plugins/check_nrpe -H <ip of the windows box> -2 -P 8192 

 

even in the command of centreon it was not the same as in the nsclient++ install 

so i adjust it 

 

/usr/lib64/nagios/plugins/check_centreon_nrpe3 -H <ip of the windows box> -p 5666 -t 30 -u -2 -P 8192 -c check_cpu -a "warning=time = '5m' and load > 80" "critical=time = '5m' and load > 90" show-all

 

Thanks all for your help

 

Reply


Terms & ConditionsCookie settings