The host table must include information about the current host, for example
10.3.1.16 wiki-uh.gutzmann.com wiki
The hostname should be set up accordingly in
Add the NRPE port to /etc/services:
locate "5671" and insert before:
nrpe 5666/tcp # NRPE
Out of context: You should consider using a fast DNS server. I found that Google DNS is much faster than those of most hosting providers.
Insert the line
before all other nameserver directives.
Install latest updates
Some of the packages may already have been installed. If during the installation on your particular server you find any other missing packages, please be so kind to add a comment to this post.
yum install bind-utils php ntp xinetd openssl-devel make gcc wget
Make sure that Perl is installed by typing "
perl -v". If it's missing, add it by:
yum install perl
It's important that all servers show the correct time:
service ntpd start
chkconfig ntpd on
If the system is running on a virtual machine, NTP may fail with the following error message in /var/log/messages:
cap_set_proc() failed to drop root privileges: Operation not permitted
See here how to handle this problem.
Check if xinetd is running and start it otherwise:
service xinetd status
If not running:
service xinetd start
Add Users and groups
usermod -a -G nagcmd nagios
If Apache is installed on the client and you want to have it monitored, make sure that an "index.html" exists:
Consider setting up your firewall for dynamic DNS names.
Add the following line to /etc/sysconfig/iptables, replacing the monitoring server name as required:
-A INPUT -m state --state NEW -m tcp -p tcp -s monitor-a.gutzmann.com --dport 5666 -j ACCEPT
Restart the firewall:
service iptables restart
Download Nagios and related software
Install Nagios Plugins
./configure --with-nagios-user=nagios --with-nagios-group=nagios
Install and setup NRPE
Install NRPE client
Restrict access to Nagios server
locate the line starting with "
only_from" and append the address(es) of the Nagios monitoring server(s). In this example we are using
only_from = 127.0.0.1 10.3.1.14
IPv4 and IPv6:
only_from = 127.0.0.1 10.3.1.14 fe80::21c:42ff:fe93:3ccf
Make sure the nrpe daemon is running under xinetd:
netstat -at | grep nrpe
The output out this command should show something like this:
tcp 0 0 *:nrpe *:* LISTEN
If you don't see this output, try to restart XINETD:
service xinetd restart
If the test still fails, check
Set up logging
Make sure that xinetd writes to its own log file, so it doesn't clutter /var/log/messages.
locate the line defining "
log_type", and replace it by
log_type = FILE /var/log/xinetd.log
Test NRPE locally
Next, check to make sure the NRPE daemon is functioning properly. To do this, run the check_nrpe plugin that was installed for testing purposes.
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
You should get a string back that tells you what version of NRPE is installed, like this:
Customize NRPE commands
Add commands to NRPE by editing /usr/local/nagios/etc/nrpe.cfg. Here is an example:
locate the sections listing NRPE commands and add (use whatever mount points you want do monitor):
command[check_root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
command[check_home]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /home
Now test the new commands:
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_home
Test NRPE from the Nagios monitoring server
At your Nagios monitoring server (not the one you're installing the NRPE client on!), run the following command, replacing the ip address with the name or address of the actual client:
/usr/local/nagios/libexec/check_nrpe -H 10.3.1.17 -c check_load
If you see an error message indicating that check_nrpe was not found, check that you didn't miss the definition on the command in /usr/local/nagios/etc/objects/commands.cfg; see "1 - Installation - Nagios Server (CentOS 6.4)".
If you see the error message "CHECK_NRPE: Error - Could not complete SSL handshake.", you should check:
- Went something wrong with the firewall configuration? Try "
telnet 10.3.1.17 5666" from the Nagios server (replace the IP address with the name or address of your NRPE client). Enter "QUIT" do stop the telnet session (there are more correct ways, but this will do).
- Check all configuration files if you accidentally entered sample data from this How-To.
- Make sure that you actually testing from the Nagios monitoring server and not from the host you just installed NRPE Client on. Reason is that you didn't allow the client's public IP address in /etc/xinet.d/nrpe, just localhost and the Nagios server.