Configuring Nagios Plugins & NRPE on Solaris 10

Here’s a step by step installation of the Nagios plugin NRPE for Solaris 10 x86 (as the remote host):

useradd -c “nagios system user” -d /usr/local/nagios -m nagios
chown nagios:nagios /usr/local/nagios/
cd /usr/local/src # or wherever you like to put source code
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
wget http://internap.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
gunzip nagios-plugins-1.4.11.tar.gz
tar -xvf nagios-plugins-1.4.11.tar
gunzip nrpe-2.12.tar.gz
tar -xvf nrpe-2.12.tar

First we’ll compile the nagios plugins:

cd nagios-plugins-1.4.11
./configure
make
make install
chown -R nagios:nagios /usr/local/nagios/libexec
cd ..

Run a quick check to make sure the plugins are working:

/usr/local/nagios/libexec/check_disk -w 10 -c 5 -p /

Next, we’ll compile NRPE. Normally at this point we would just run `cd nrpe-2.12; ./configure`. Unfortunately, the configure script can not find the SSH headers and libraries on Solaris 10. You get errors like this:

checking for SSL headers… configure: error: Cannot find ssl headers

checking for SSL libraries… configure: error: Cannot find ssl libraries

The answer to this is, of course, to tell configure where to find them:

cd nrpe-2.12
./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/

Currently there is a bug in 2.12 that it assumes that all systems have 2 syslog facilities that Solaris doesn’t have, so if you try and compile it generates the following errors:

nrpe.c: In function `get_log_facility’:
nrpe.c:617: error: `LOG_AUTHPRIV’ undeclared (first use in this function)
nrpe.c:617: error: (Each undeclared identifier is reported only once
nrpe.c:617: error: for each function it appears in.)
nrpe.c:619: error: `LOG_FTP’ undeclared (first use in this function)
*** Error code 1
make: Fatal error: Command failed for target `nrpe’
Current working directory /usr/local/src/nrpe-2.12/src
*** Error code 1
make: Fatal error: Command failed for target `all’

Unfortunately, the fix at this time is to comment out the code that calls these two facilities, lines 616-619, in src/nrpe.c:

/*else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTHPRIV;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_FTP;*/

UPDATE: You no longer need to comment out these lines, just replace them with the following:

else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTH;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_DAEMON;

Now it will compile:

# make all
cd ./src/; make ; cd ..
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket ./snprintf.o
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o check_nrpe check_nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket

*** Compile finished ***

Next install the new binaries:

# make install
cd ./src/ && make install
make install-plugin
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
.././install-sh -c -m 775 -o nagios -g nagios check_nrpe /usr/local/nagios/libexec
make install-daemon
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/bin
.././install-sh -c -m 775 -o nagios -g nagios nrpe /usr/local/nagios/bin

Optionally, if you want to use the sample config file run (Recommended if you don’t already have a standard config):

# make install-daemon-config
./install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
./install-sh -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc

Modify the nrpe.cfg file with your settings:

vi /usr/local/nagios/etc/nrpe.cfg

With Solaris 10, we don’t use either inetd or xinetd, but SMF. Thankfully, we can convert inetd entires into the SMF repository with the inetconv command. So first, add the following entry to /etc/services:

nrpe 5666/tcp # NRPE

Then add the following line to the end of /etc/inet/inetd.conf:

nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Next, we need to convert it to SMF:

# inetconv
nrpe -> /var/svc/manifest/network/nrpe-tcp.xml
Importing nrpe-tcp.xml …Done
# inetconv -e
svc:/network/nrpe/tcp:default enabled

Check to make sure it went online:

# svcs svc:/network/nrpe/tcp:default
STATE STIME FMRI
online 15:53:39 svc:/network/nrpe/tcp:default
# netstat -a | grep nrpe
*.nrpe *.* 0 0 49152 0 LISTEN

Check the default installed parameters:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10

Change it so that it uses tcp_wrappers:

# inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE

And check to make sure it took effect:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
tcp_wrappers=TRUE
default connection_backlog=10

Modify your hosts.allow and hosts.deny to only allow your nagios server access to the NRPE port. Note that tcpd always looks at hosts.allow first, so even though we specify that everyone is rejected in the hosts.deny file, the ip addresses specified in hots.allow are allowed.
/etc/hosts.allow:

nrpe: LOCAL, 10.0.0.45

/etc/hosts.deny:

nrpe: ALL

Finally, check to make sure you have everything installed correctly (should return version information):

/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

Optionally, modify any firewalls between your nagios server and the remote host to allow port 5666.
Don’t forget to configure your nagios server to check your new service.





Please VOTE for this page at: ADD TO DEL.ICIO.US | ADD TO DIGG | ADD TO FURL | ADD TO NEWSVINE | ADD TO NETSCAPE | ADD TO REDDIT | ADD TO STUMBLEUPON | ADD TO TECHNORATI FAVORITES | ADD TO SQUIDOO | ADD TO WINDOWS LIVE | ADD TO YAHOO MYWEB | ADD TO ASK | ADD TO GOOGLE


40 Comments


  1. I had to use this additional code change described here: http://www.nagios.org/faqs/viewfaq.php?faq_id=372 to get rid of SSL Handshake errors. Thanks for the resource!

    Why did you use the /usr/sfw/bin/tcpd instead of using the built-in Solaris 10 wrappers built into inetd?

    Posted March 30, 2008, 12:29 pm

  2. Good points, you’ll notice that I used –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/ pointing to the SUNWcry and SUNWcryr packages that I had installed as also referenced in the FAQ above. As far as the tcpd I used, I don’t have any other on the system. Please post any alternatives you have. Thanks!

    Posted March 30, 2008, 10:20 pm

  3. When I run the final check for the nrpe plugin I run into the following error:

    # /usr/local/nagios/libexec/check_nrpe -H localhost
    ld.so.1: check_nrpe: fatal: libssl.so.0.9.7: open failed: No such file or directory

    I’ve installed openssl-0.9.8 but it doesn’t install into the /usr/lib directory.

    Any idea how this can be fixed?

    Posted April 17, 2008, 10:28 pm

  4. You have two options. One, install the SUNWcry and SUNWcryr packages and then use the parameters I specified on the NRPE compile. The second option, would to be to compile openssl, specifying a specific location for the install and then changing the ssl compile options when compiling NRPE. If I remember right, there was an compile option if you used openssl specifically. I don’t have access to check right now, but to see what compile options are available, run `./configure –help | less`. Please post your solution when you get it figured out.

    Posted April 17, 2008, 11:14 pm

  5. make in nagios-plugins-1.4.11 fails…on solaris 10 on sparc

    eck_mysql-check_mysql.o `test -f ‘check_mysql.c’ || echo ‘./’`check_mysql.c; \
    then mv -f “.deps/check_mysql-check_mysql.Tpo” “.deps/check_mysql-check_mysql.Po”; else rm -f “.deps/check_mysql-check_mysql.Tpo”; exit 1; fi
    gcc: language strconst not recognized
    gcc: check_mysql.c: linker input file unused because linking not done
    mv: cannot access .deps/check_mysql-check_mysql.Tpo
    *** Error code 2
    make: Fatal error: Command failed for target `check_mysql-check_mysql.o’
    Current working directory /var/tmp/nrpe/nagios-plugins-1.4.11/plugins
    *** Error code 1
    The following command caused the error:
    failcom=’exit 1′; \
    for f in x $MAKEFLAGS; do \
    case $f in \
    *=* | –[!k]*);; \
    *k*) failcom=’fail=yes’;; \
    esac; \
    done; \
    dot_seen=no; \
    target=`echo all-recursive | sed s/-recursive//`; \
    list=’gl lib plugins plugins-scripts plugins-root po’; for subdir in $list; do \
    echo “Making $target in $subdir”; \
    if test “$subdir” = “.”; then \
    dot_seen=yes; \
    local_target=”$target-am”; \
    else \
    local_target=”$target”; \
    fi; \
    (cd $subdir && make $local_target) \
    || eval $failcom; \
    done; \
    if test “$dot_seen” = “no”; then \
    make “$target-am” || exit 1; \
    fi; test -z “$fail”
    make: Fatal error: Command failed for target `all-recursive’
    Current working directory /var/tmp/nrpe/nagios-plugins-1.4.11
    *** Error code 1
    make: Fatal error: Command failed for target `all’

    Posted April 25, 2008, 1:52 pm

  6. I’m now getting a handshake error, despite editing the nrpe.c file as specified in that earlier post, although that line didn’t appear on 222, it was on 242 or 243 I believe.

    I couldn’t find anything related to openssl in the ./configure -help file, only how to specify where libs were installed. I configured with the following “./configure -with-ssl=/usr/local/ssl/ -with-ssl-inc=/usr/local/ssl/include/openssl/ -with-ssl-lib=/usr/local/ssl/lib/” ….but it doesn’t appear to be working.

    Posted April 28, 2008, 5:20 pm

  7. Aerosmith:

    When troubleshooting compile problems, no one will be able to tell you what is wrong from the output on the screen. The real problem with the compile will be found in the file config.log. Take a look in that file and see what was the last thing before the compile died and that’s what you should be looking into.

    Dave:

    What’s the handshake error you’re getting? The same error as referenced in the FAQ above or a different one?

    Posted April 29, 2008, 10:19 pm

  8. Thanks @kevin

    Posted May 2, 2008, 1:12 pm

  9. I followed every single step above to install nrpe on SUN Sparc 5.10 system, had the exactly the same problem Dave Try encountered. I verified that both SUNWcry and SUNWcryr and openssl 0.9.8 has been installed. but it still failed when I did the final check.

    If using SUNWcry.
    # /usr/local/nagios/libexec/check_nrpe -H localhost
    ld.so.1: check_nrpe: fatal: libssl.so.0.9.7: open failed: No such file or directory

    If using Openssl
    # /usr/local/nagios/libexec/check_nrpe -H localhost
    ld.so.1: check_nrpe: fatal: libssl.so.0.9.8: open failed: No such file or directory

    Do I need to reinstall SUNWcry and SUNWcryr as Kevin suggested as option one?

    Any suggestions and help will be appreciated.

    Posted June 13, 2008, 12:28 pm

  10. Gary, where is libssl.so.0.9.7 on your system, what is the path to it? Did you specify that same path in your configure options?

    ./configure –with-ssl=/path/to/main/ssl/dir –with-ssl-lib=/same/path/plus/lib/

    Kevin

    Posted June 13, 2008, 9:37 pm

  11. Hi Kevin,

    I followed the exact steps as above
    cd nrpe-2.12
    ./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/
    and I have verified that the file libssl.so.0.9.7 is in the directory /usr/sfw/lib
    don’t know why it still complains.
    the only difference is that we don’t have files hosts.allow and hosts.deny on our system, but it makes no difference after adding those two files.
    Any suggestion about what I should look into next?

    Thanks a lot!

    Gary

    Posted June 16, 2008, 6:05 pm

  12. Aerosmith:

    The method for getting the make of the plug-ins to work can be found here:

    kernel-dump.blogspot.com/2008/01/how-to-compile-nagios-plugins-for.html

    Read it carefully several times to make sure you understand the switches of users and use of Bash.

    Posted June 19, 2008, 7:27 pm

  13. Hello,

    I think I’m having the same issue as Dave. I installed the SUNWcry and SUNWcryr packages, pointed the configure script to the appropriate ssl directories, modified both nrpe.c and check_nrpe.c to use the appropriate encryption, trying the lines:

    SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);

    or

    SSL_CTX_set_cipher_list(ctx,”ADH”); +
    SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);

    as suggested in different forums, and still, when I restart the nrpe service and test it with

    /usr/local/nagios/libexec/check_nrpe -H localhost

    I get the ssl handshake error:

    CHECK_NRPE: Error - Could not complete SSL handshake.

    Any other thoughts?

    Posted June 26, 2008, 9:20 am

  14. So it sounds like you were able to get everything to compile correctly and have no library errors, you just can not complete the handshake with the remote server. Most often I have seen this error when running different versions of NRPE on the host and client.

    This FAQ may help you troubleshoot this error:

    http://www.nagios.org/faqs/viewfaq.php?faq_id=191

    Kevin

    Posted June 26, 2008, 9:58 am

  15. In src/nrpe.c replace the lines 616 - 619 like that (don’t comment them):

    else if(!strcmp(varvalue,”authpriv”))
    log_facility=LOG_AUTH;
    else if(!strcmp(varvalue,”ftp”))
    log_facility=LOG_DAEMON;

    Posted July 18, 2008, 8:16 am

  16. I agree, that is a better solution. Have you recommended any solutions to the developers for a permanent fix for the next version of NRPE?

    Posted July 18, 2008, 9:29 am

  17. Kevin,

    how do you start nagios automagically at boot under Solaris 10?

    Axel

    Posted July 31, 2008, 8:43 am

  18. Axel,

    Solaris 10 uses SMF or the Service Management Facility to control what services start on bootup. If you followed the steps above, successfully converted it from inetd to SMF and the service went online, it will also come online every time you reboot.

    Kevin

    Posted July 31, 2008, 8:48 am

  19. Yes, the NRPE - I’m looking for starting Nagios itself on Solaris. As my Ultra 10 is idling away and twiddlikng its virtual thumbs anyway I have nagios installed on it, but would like to start it automagically at boot time (not the NRPE service, though).

    Converting init.d files to SMF seems to be a tad bit trickier, though?

    Posted July 31, 2008, 8:55 am

  20. Ahh, sorry, I misread your question. Unfortunately, my nagios server runs on Solaris 9 still so I haven’t gone through that process yet. Thinking about it though, SMF has backwards compatibility specifically for this case - applications that only have init scripts built. SMF still executes scripts in /etc/rc<n>.d/ folders that have not been converted. So you should be able to use the script generated by the make install-init command, by placing it in /etc/rc3.d/, etc. You should also be able to start it manually by executing /etc/init.d/nagios start - if the script has all the right paths for your installation in it.

    Posted July 31, 2008, 9:23 am

  21. After googling for several days (granted, I must have hit the wrong keywords), I came up with a template manifest. Hope this helps others, too.

    Nagios Monitoring

    Posted July 31, 2008, 9:49 am

  22. darn, that got swallowed :-)

    Posted July 31, 2008, 9:49 am

  23. Dude,
    Thanks for the lessons, But I have one problem more which is when i attempt to ./check_nrpe -H localhost i get the (apparently common) error
    “CHECK_NRPE: Error - Could not complete SSL handshake.”

    Now I do not have root on the machine which could be a problem, I cannot possibly in the near future get root on the machine, so installing extra packages is out of the question for now.

    I’ve attempted modifying line 222 or src/nrpe.c but to no avail. For now anyway. So if anyone can help me out, that would be cool.

    thx :D

    Posted August 19, 2008, 3:08 am

  24. Hi Guys,
    can anyone help me?

    Scenario

    Nagios Server (core) 3.0.3 under Linux (Ubuntu 8.04) - NRPE 2.12 (latest)

    Monitored Host: Solaris 10 (SunOS S10DBSERVER 5.10 Generic sun4u sparc SUNW,Sun-Blade-2500)

    I tried to install NRPE 2.12 on S10:
    Download package, extract in folder.

    I HAVE NOT SUNWcry installed. I can’t find where download package for my S10 Sparc. Free download only for Solaris 8 :(

    1) Apply the patch:
    As mentioned here (The second solution is to change line 222 of src/nrpe.c like this: - SSL_CTX_set_cipher_list(ctx,”ADH”); + SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”); and recompile. )
    DONE.

    Comment these line in nrpe.c
    /* else if(!strcmp(varvalue,”authpriv”))
    log_facility=LOG_AUTHPRIV;
    else if(!strcmp(varvalue,”ftp”))
    log_facility=LOG_FTP; */

    DONE.

    2) Compile with:
    ./configure –with-ssl-lib=/usr/sfw/lib \
    –with-ssl-inc=/usr/sfw/include –with-ssl=/usr/sfw \
    –prefix=/opt/nagios

    OK, done.

    3) Edit the /opt/nagios/etc/nrpe.cfg file.
    Only 1 change to do: change paths to nagios plugins

    4) Edit the /etc/inetd.conf file, setting up like this:
    nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg –inetd

    5) Edit /etc/services adding
    nrpe 5666/tcp # NRPE

    6) Converting inetd to SMF
    inetconv
    inetconv -e
    svcs svc:/network/nrpe/tcp:default
    netstat -a | grep nrpe
    inetadm -l svc:/network/nrpe/tcp:default
    inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE
    inetadm -l svc:/network/nrpe/tcp:default
    vi /etc/hosts.allow (nrpe: LOCAL, NagiosServerIPaddress)
    vi /etc/hosts.deny (nrpe: ALL)

    Testing:

    On S10:
    bash-3.00# /opt/nagios/libexec/check_nrpe -H localhost
    NRPE v2.12

    bash-3.00# /opt/nagios/libexec/check_nrpe -H localhost -c check_load
    OK - load average: 0.21, 0.27, 0.27|load1=0.211;15.000;30.000;0; load5=0.270;10.000;25.000;0; load15=0.270;5.000;20.000;0;

    WOW…it seems working…

    Now, testing on Nagios Core server:

    root@nagios-srv:~# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.241
    CHECK_NRPE: Error - Could not complete SSL handshake.

    LOG on S10 tell: Aug 26 10:29:28 S10DBSERVER nrpe[32]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

    Without SSL

    root@nagios-srv:~# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.241 -n
    CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

    LOG on S10 tell: Aug 26 10:29:58 S10DBSERVER nrpe[33]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

    Same error -.-

    —-

    I installed also openssl0.9.8h:

    ./config –prefix=/opt/openssl
    make
    make test
    make install

    No errors

    Recompile NRPE with:

    ./configure –with-ssl-lib=/opt/openssl/lib \
    –with-ssl-inc=/opt/openssl/include –with-ssl=/opt/openssl \
    –prefix=/opt/nagios

    Error:
    checking for SSL headers… SSL headers found in /opt/openssl/include/..
    checking for SSL libraries… configure: error: Cannot find ssl libraries

    bash-3.00# find . / -name “libssl.so.0.9.7″
    /usr/sfw/lib/sparcv9/libssl.so.0.9.7
    /usr/sfw/lib/libssl.so.0.9.7

    So, no libssl.so.0.9.7 present in /opt/openssl/lib

    —–

    PLEASE help

    Simone

    Posted August 26, 2008, 2:36 am

  25. From the README of openssl:

    NOTE: The header files used to reside directly in the include
    directory, but have now been moved to include/openssl so that
    OpenSSL can co-exist with other libraries which use some of the
    same filenames.

    So try this instead:

    –with-ssl-inc=/opt/openssl/include/openssl

    Or try searching for ssl.h, which is the name of the SSL header file that is should be looking for.

    Posted August 26, 2008, 8:01 am

  26. Hi Kevin,
    thank for reply.

    But, my problem is that compiler can’t find SSL libraries, not headers.

    However, I try this:

    ./configure –with-ssl-lib=/opt/openssl/lib –with-ssl-inc=/opt/openssl/include/openssl –with-ssl=/opt/openssl –prefix=/opt/nagios

    checking for SSL headers… SSL headers found in /opt/openssl/include/openssl/..
    checking for SSL libraries… configure: error: Cannot find ssl libraries

    If I look for “ssl.h”, I get this result:

    /opt/openssl/include/openssl/ssl.h (83972 bytes)
    /usr/sfw/include/openssl/ssl.h (74911 bytes)

    Mmh… I’m confused :/

    What’s wrong? Headers or libraries?

    Tnx,
    Simone

    Posted August 27, 2008, 3:50 am

  27. Sorry, I misread your earlier post. You are having problems with the libraries. Did you find that it was looking for libssl.so.0.9.7 in config.log? I believe the libraries that you have installed are libcrypto.a and libssl.a and are the static libraries. If you need the libssl.so, then you need the shared libraries installed as well and should add the option “shared” to your configure when compiling openssl.

    Posted August 27, 2008, 10:22 am

  28. Tnx Kevin,
    I tried to compile OpenSSL with:

    ./config shared –prefix=/opt/openssl

    And recompiled NRPE with:

    ./configure –with-ssl-lib=/opt/openssl/lib –with-ssl-inc=/opt/openssl –with-ssl=/opt/openssl –prefix=/opt/nagios

    Works, but there’s always same error:

    nrpe[25471]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

    Executing nrpe as a daemon without SSL, everything works fine!

    Last chance is to find sunwcry and sunwcryr for my Solaris10

    Thank you!

    Posted August 28, 2008, 5:44 am

  29. For the handshake errors have you tried going through these steps yet?

    http://www.nagios.org/faqs/viewfaq.php?faq_id=191

    Posted August 28, 2008, 8:52 am

  30. I’m banging my head against the wall with this issue. Don’t know if this is RBAC or what is causing the problem. After compiling NRPE according to the instructions and getting SSL working, some scripts work: CPU, Load work great. The scripts that don’t work (and by “don’t work” I mean are not able to store sys command results into variables when being called by NRPE under SMF) are the ones that contain backticks or (). The check_oracle script is one of them. A simple example is below:

    if I call a script alias from nagios to the solaris host, and the script contains:
    #!/bin/ksh
    test = `ps`
    echo $test

    the results passed back will be empty. I did some experimentation and found that the command IS executed, but it cannot be stored into a variable, so nagios displays the ‘no output returned’ message, unless I also echo some text. This is some wierd stuff.

    My kernel is: SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T5220. Anyone know what I should do?

    Posted August 29, 2008, 2:58 pm

  31. I saw that you had posted this on the nagiosplug-help mailing list. There are some great people on that list, I’d give them a couple more days to respond….

    Posted August 29, 2008, 11:11 pm

  32. Hi,

    I am receiving the same error as well:

    CHECK_NRPE: Error - Could not complete SSL handshake.

    I am using Sol 8. Have few Q’s after reading the FAQ at: http://www.nagios.org/faqs/viewfaq.php?faq_id=191

    1. Since I am using Sol 8, and not Sol10, would installing sunwcry and sunwcryr pkgs help me?
    2. I have installed NRPE 2.12 and nagios-plugins-1.4.11… if these versions are not compatible, can you suggest what combination of NRPE and nagios-plugins versions should I go for?

    Thanks,
    Hanu

    Posted September 2, 2008, 6:16 am

  33. Hi,

    Thank you this wonderfull article and it really helped me configure NRPE on Solaris 10. I am sure it would have helped a lot of newbies like me.

    However, I would like to install NRPE on SOLARIS 8 and 9 as well. Do you have any suggestions on installing NRPE on Solaris 8 & 9 under inetd or Xinetd?

    Thanks a lot in advance for your help..

    Posted September 15, 2008, 12:09 am

  34. I cannot get check_swap to compile on solaris 10 x86. I keep getting :

    Cannot use swapctl in the large files compilation environment

    durign the configure stage and it does not add check_swap to Makefile.

    Any ideas ?

    Posted September 15, 2008, 1:37 am

  35. Hanu - As long as you were able to compile NRPE with some SSL libraries, you should be fine. It is more likely that it is the version mis-match between servers. Make sure that the NRPE version is the same on both the server and client.

    Amrit - You’re welcome! I don’t have a how to document written for those versions, however, they should be easier since you do not need to convert the inetd line to SMF.

    Henti - This seems to be a long standing problem with 32-bit Solaris, hopefully you can get some developers on your side to get the code updated. Good luck!

    Posted September 15, 2008, 10:15 pm

  36. Please note that a new version on nagios-plugins (1.4.13) has been released. See the release notes for more information:

    https://sourceforge.net/forum/forum.php?forum_id=870554

    “This release contains enhancements for check_procs and pst3 on Solaris systems (so it works correctly in Solaris 10 zones and also runs much faster). There were other minor updates and fixes from Thomas Guyot-Sionnest, Holger Weiss and Matthias Eble.”

    Posted September 25, 2008, 9:01 am

  37. Problem with ssl is because nrpe cant find ssl library in available lib’s paths.
    1st install openssl package ( available on sunfreeware.com )
    2nd crle -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib/
    3rd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i
    4th Check from nagios server check_nrpe -H solaris_ip

    Posted October 16, 2008, 5:47 am

  38. Hello,

    I was having the same issues. I found these commands resolved the problem:

    #crle -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib/

    #/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

    Now confirm that nrpe is functioning properly:

    #/usr/local/nagios/libexec/check_nrpe -H localhost

    Hope this helps,

    Anthony

    Posted November 7, 2008, 8:36 pm

  39. Run ‘yum install openssl-devel’ and the ./configure script will run correctly afterward. This applies to linux systems. You may have to run ‘apt-get install openssl-devel’ depending on the linux variant.

    -Donald

    Posted December 24, 2008, 10:14 pm

  40. I was having this error also: “CHECK_NRPE: Error - Could not complete SSL handshake.”
    When I telnet’ed to the port I noticed this message:
    “ld.so.1: tcpd: fatal: libc.so.1: open failed: No such file or directory”

    So I updated my library locations using the crle command:
    “crle -l /usr/sfw/lib:/usr/local/ssl/lib:/usr/local/lib:/usr/lib:/lib:/usr/local/ssl/lib”
    I was then able to perform the check_nrpe test successfully.

    I did not require the SSL ADH cypher change for it to work either.

    Posted December 26, 2008, 4:06 pm

Leave a reply