Posts Tagged ‘ Nagios ’

Correcting SSL handshake error in nagios

When the  “CHECK_NRPE: Error – Could not complete SSL handshake” error is shown in nagios, please follow the steps to correct it
1) Same nrpe version

Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.

You can check this from nagios server by command
/usr/local/nagios/libexec/check_nrpe -H clientserverip -p portno

2) SSL is disabled.

Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches)

3) Incorrect file permissions.

Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.

4)Pseudo-random device files are not readable.

Permission of  /dev/*random should be 666

5)Unallowed address.

If you’re running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say “only_from =”, where is the IP address that you’re connected to the NRPE daemon from.

CHECK_NRPE: Socket timeout after 10 seconds

checking the NRPE installations when we use this command …

# /usr/local/nagios/libexec/check_nrpe -H localhost


# /usr/local/nagios/libexec/check_nrpe -H <IP Address of remote machine>


# /usr/local/nagios/libexec/check_nrpe -H

shows following error message…

CHECK_NRPE: Socket timeout after 10 seconds

So, I googled alot, after searching alot, I came across few of the solutions, (thanks for those who post it).

I am just clubbing those solution…

1. check that local NRPE (remote host) is working fine…

# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.8

(So, u got the above output, means remote host NRPE installation is fine.)

2. Now, from the nagios server box, run the comand

# /usr/local/nagios/libexec/check_nrpe -H
CHECK_NRPE: Socket timeout after 10 seconds.

ok, u got the error ! hmmm…

3. Now, check that ur nagios server is allowing the incoming & outgoing connection via port 5666

# /sbin/iptables -A INPUT -p tcp  --dport 5666 -j ACCEPT
# /sbin/iptables -A OUTPUT -p tcp  --dport 5666 -j ACCEPT

4.After adding the rules, make sure to save your new IPTables rules by doing

# /sbin/iptables-save > /etc/sysconfig/iptables

that’s it !!!

Try again the command

# /usr/local/nagios/libexec/check_nrpe -H localhost


# /usr/local/nagios/libexec/check_nrpe -H <IP Address of remote machine>