Walker News

How To Install NRPE On RedHat Linux?

Nagios, an open source computer/network monitoring system, can monitor remote servers actively or passively. For active mode check, one can use check_by_ssh to execute Nagios plugin on remote hosts, check_snmp via SNMP protocol, NRPE addon (Nagios Remote Plugin Executor), etc.

The focus of this subject is active mode status checking using NRPE solution that supports SSL encryption and smaller communication overhead (as compare to SSH solution), better security control, etc.

A brief intro of how NRPE works with Nagios Core

Nagios Core process on server executes check_nrpe plugin to connect NRPE listener (daemon) on remote host that in turn executes Nagios plugin to check system/service status.

Therefore, you need to compile NRPE on Nagios server (for check_nrpe binary) and remote server (for NRPE listener binary).

How to compile and install NRPE on RHEL 5.2

NOTE:
  • Though this reference is based on RHEL 5.2, it should be applicable to Fedora and CentOS.
     
  • Prior to compile NRPE source files, uses rpm command to confirm the system has installed openssl, libssl, gcc, etc.
     
  • In additional, compile and install Nagios Plugins (refer to steps for “Nagios Plugins” and “create user account for running nagios” ONLY, if this standard plugins package is not already installed).
     
  • To play safe, compile NRPE source files on each Linux servers that require NRPE binaries.
     
  • On Nagios server, stop after executing “make install-plugin” command (see below).

Firstly, login as root and download NRPE to local disk. If the Linux machine has direct access to Internet, just run this wget to download NRPE v2.12 (latest version at this time of writing):
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz

Extract NRPE source files from the compressed tarball:
tar -zxvf nrpe-2.12.tgz
cd nrpe-2.12

Run configure file. The use of “with-nrpe_port” is optional, which is only applicable for those who want to change NRPE default listening port from 5666 to other port number (e.g. 63636):
./configure --with-nrpe_port=63636

Compile NRPE source files (pipe output to tee command is optionally, but duplicate output to file could be useful for tracing errors that happen during compilation):
make all | tee nrpe.make.all.log

Install NRPE plugin (will automatically copy src/check_nrpe to /usr/local/nagios/libexec directory):
make install-plugin
Stop here if this procedure is applied on Nagios server (as mentioned above). Continue next step if this procedure is done on remote server (to be monitored by Nagios server).

Install the daemon (NRPE listener) and sample of NRPE config file:
make install-daemon
make install-daemon-config

Append the entry of NRPE listener and port number to /etc/services file, e.g.:
nrpe      63636/tcp      # NRPE Listener

Edit /usr/local/nagios/etc/nrpe.cfg to change “allowed_hosts” from “127.0.0.1” to the Nagios server IP address where check_nrpe plugin is running.
In my test, the “CHECK_NRPE: Error – Could not complete SSL handshake.” rejection is caused by “allowed_hosts” setting in nrpe.cfg file :(

Add this entry to /etc/rc.local file for Linux to run NRPE listener automatically after boot-up (for some reasons I couldn’t get NRPE daemon up via xinetd service):
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

To run NRPE daemon (listener) immediately, just manually execute that line in /etc/rc.local file. To terminate NRPE listener, execute ps command to find out the PID of NRPE:
ps -elf | grep nrpe | grep -v grep

Then run kill -9 <NRPE_PID> to stop it.

Now, let’s check NRPE installation to confirm it works. So, make sure the NRPE daemon is running on remote server (login as root):
netstat -tulpan | grep nrpe

Confirm the RedHat Firewall is not running (for simplicity) or ensure it allows Nagios server connects to NRPE listening port number. In my test, the “Connection refused or timed out” is caused by RedHat Firewall.

Login to Nagios server as root or nagios user and run check_nrpe to confirm it can communicate with NRPE daemon on remote host (that listening to TCP port number 63636, in this example):
cd /usr/local/nagios/libexec
./check_nrpe -H <NRPE_Listener_IP> 63636

If it displays “NRPE v2.12” (the version used in this guide), it means everything OK and set to configure Nagios Core (e.g. /usr/local/nagios/etc/objects/linux.cfg, etc.) for monitoring that particular remote host using NRPE addon solution.

Custom Search

2016  •  Privacy Policy