The host table must include information about the current host, for example
10.3.1.16 wiki-uh.gutzmann.com wiki
The hostname should be set up accordingly in
Add the NRPE port to /etc/services:
locate "5670" and insert before:
nrpe 5666/tcp # NRPE
Out of context: You should consider using a fast DNS server. I found that Google DNS is much faster than those of most hosting providers.
Insert the line
before all other nameserver directives.
Install latest updates
Some of the packages may already have been installed. If during the installation on your particular server you find any other missing packages, please be so kind to add a comment to this post.
yum install bind-utils php chrony openssl-devel make gcc wget
Make sure that Perl is installed by typing "
perl -v". If it's missing, add it by:
yum install perl
Start CHRONY (Time Protocol)
It's important that all servers show the correct time:
systemctl enable chronyd
systemctl start chronyd
If Apache is installed on the client and you want to have it monitored, make sure that an "index.html" exists:
Consider setting up your firewall for dynamic DNS names.
The following procedure must be modified if you use alternate configuration files for iptables, as displayed in /etc/sysconfig/system-config-firewall.
Add the following line to /etc/sysconfig/iptables, replacing the monitoring server name as required:
-A INPUT -m state --state NEW -m tcp -p tcp -s monitor-a.gutzmann.com --dport 5666 -j ACCEPT
Restart the firewall:
systemctl restart iptables
Using additional iptables files in /etc/sysconfig/system-config-firewall
On the Gutzmann servers, we use a number of additional iptables files for easier system management. /etc/sysconfig/system-config-firewall looks like this:
Server specific changes are applies to /etc/sysconfig/iptables_local only.
The changes are then:
Reread the rule sets and restart the firewall:
Install Nagios NRPE client
Set up NRPE
Set up xinetd
NRPE will be managed by xinetd, which means that the NRPE configuration file written to /etc/xinetd.d must be modified. If you change the xinetd configuration, you must reload xinetd. Changes to the NRPE configuration will be read by xinetd on the fly, so there is no need to restart NRPE afterwards or include it in the system startup.
Stop and disable the NRPE standalone demon:
The status should show that a new service has been added:
Reconfigured: new=1 old=0 dropped=0 (services)
Test NRPE locally
Next, check to make sure the NRPE daemon is functioning properly. To do this, run the check_nrpe plugin that was installed for testing purposes.
The command returns the NRPE version installed, like this:
Customize NRPE commands
The NRPE configuration can be found in /etc/nagios/nrpe.cfg. Instead of adding commands there, I recommend to put them into a separate conf file inside /etc/nagios. This information must be provided in the main configuration file, however:
Now add commands to NRPE by creating an additional configuration file in /etc/nagios/local.cfg. Here is an example:
These are examples only. You can add others, but keep in mind to "yum install" the respective plugins. Refer to
/etc/nagios/nrpe.cfg for instructions.
Now test the new commands:
/usr/lib64/nagios/plugins/check_nrpe -H 127.0.0.1 -c check_root
Grant NRPE access to your Nagios servers
By default, access is allowed from the local machine only. You can add other hosts in /etc/xinetd.d/nrpe. See above for an example; multiple ip addresses or names must be separated by spaces.
Test NRPE from the Nagios monitoring server
At your Nagios monitoring server (not the one you're installing the NRPE client on!), run the following command, replacing the ip address with the name or address of the actual client:
/usr/local/nagios/libexec/check_nrpe -H 10.3.1.17 -c check_load
If you see an error message indicating that check_nrpe was not found, check that you added the command to /usr/local/nagios/etc/objects/commands.cfg; see "1 - Installation - Nagios Server (CentOS 6.4)".
If you see the error message "CHECK_NRPE: Error - Could not complete SSL handshake.", you should check:
- Went something wrong with the firewall configuration? Try "
telnet 10.3.1.17 5666" from the Nagios server (replace the IP address with the name or address of your NRPE client). Enter "QUIT" do stop the telnet session (there are more correct ways, but this will do).
- Check all configuration files if you accidentally entered sample data from this How-To.
- Make sure you added the server address to the "
only" clause (a comma-delimited list) in the clients xinetd NRPE configuration - and reload xinetd.
- Make sure that you actually testing from the Nagios monitoring server and not from the host you just installed NRPE Client on.