上次碰Nagios好像是四月份的時候
今天又摸了一下
順帶解決老妖提的"CHECK_NRPE: Error - Could not complete SSL handshake."問題

因為Nagios預設是走SSL去pooling取得各主機的資訊
記得剛開始的時候我都會下"-n"的參數來規避SSL

/usr/local/nagios/libexec/check_nrpe -n -H 主機位置 -c 指令

主要原因還是因為他就是不過啊
今天有比較仔細看了一下nrpe.cfg


ALLOWED HOST ADDRESSES
This is an optional comma-delimited list of IP address or hostnames
that are allowed to talk to the NRPE daemon.
#
Note: The daemon only does rudimentary checking of the client's IP
address. I would highly recommend adding entries in your /etc/hosts.allow
file to allow only the specified host to connect to the port
you are running this daemon on.
#

`NOTE: This option is ignored if NRPE is running under either inetd or xinetd`

allowed_hosts=127.0.0.1,120.101.10.202

所以只好去編輯/etc/xinetd.d/nrpe

service nrpe { flags = REUSE socket_type = stream port = 5666 wait = no user = nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 120.101.10.202 }

接著就重跑監控端的nagios看有那些問題需要解決
我主要是因為之前都會多帶一個"-n"的參數
所以都必須要拿掉
然後看看設定檔有沒有問題
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
確定沒問題後再讓nagios吃進新的設定
/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
接著重啟nagios服務
service nagios restart

大致上應該就正常了

Nagios

ALLOWED HOST ADDRESSES

This is an optional comma-delimited list of IP address or hostnames

that are allowed to talk to the NRPE daemon.

Note: The daemon only does rudimentary checking of the client's IP

address. I would highly recommend adding entries in your /etc/hosts.allow

file to allow only the specified host to connect to the port

you are running this daemon on.

NOTE: This option is ignored if NRPE is running under either inetd or xinetd

Categories

`NOTE: This option is ignored if NRPE is running under either inetd or xinetd`