problem starting nagios
Anirudh Srinivasan
srianirudh at gmail.com
Thu Mar 19 15:05:40 CET 2009
Error: Could not create external command file '/usr/local/nagios/var/
> rw/nagios.cmd' as named pipe: (2) -> No such file or directory. If
> this file already exists and you are sure that another copy of
> Nagios is not running, you should delete this file.
> Bailing out due to errors encountered while trying to initialize the
> external command file... (PID=31661)
The above error dissapeared as soon i created the rw directory inside
/usr/local/nagios/var
This time i could see nagios as a proces running:
[root at DELL8B81Y11 subsys]# ps -ef | grep nagios
nagios 1992 1 0 09:47 ? 00:00:00 /usr/local/nagios/bin/nagios
-d /usr/local/nagios/etc/nagios.cfg
But when i type http://localhost/nagios/ i get the nagios open up page but
then when i click host detail i see
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
root at localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>Apache/2.2.3 (Red Hat) Server at localhost Port 80</address>
</body></html>
I also checked the /var/log/httpd/error_log :
[Thu Mar 19 09:49:05 2009] [error] [client 127.0.0.1] Premature end of
script headers: status.cgi, referer: http://localhost/nagios/side.html
[Thu Mar 19 09:49:40 2009] [error] [client 127.0.0.1] Directory index
forbidden by Options directive: /var/www/html/
[Thu Mar 19 09:50:40 2009] [error] [client 127.0.0.1] Directory index
forbidden by Options directive: /var/www/html/
[Thu Mar 19 09:51:19 2009] [error] [client 127.0.0.1] (13)Permission denied:
exec of '/usr/local/nagios/sbin/status.cgi' failed, referer:
http://localhost/na
gios/side.html
[Thu Mar 19 09:51:19 2009] [error] [client 127.0.0.1] Premature end of
script headers: status.cgi, referer: http://localhost/nagios/side.html
[Thu Mar 19 09:51:21 2009] [error] [client 127.0.0.1] (13)Permission denied:
exec of '/usr/local/nagios/sbin/status.cgi' failed, referer:
http://localhost/na
gios/side.html
[Thu Mar 19 09:51:21 2009] [error] [client 127.0.0.1] Premature end of
script headers: status.cgi, referer: http://localhost/nagios/side.html
[Thu Mar 19 09:51:40 2009] [error] [client 127.0.0.1] Directory index
forbidden by Options directive: /var/www/html/
[Thu Mar 19 09:52:40 2009] [error] [client 127.0.0.1] Directory index
forbidden by Options directive: /var/www/html/
[Thu Mar 19 09:53:40 2009] [error] [client 127.0.0.1] Directory index
forbidden by Options directive: /var/www/html/
Thanks you for your help ,
On Wed, Mar 18, 2009 at 5:26 PM, <nagios-users-request at lists.sourceforge.net
> wrote:
> Send Nagios-users mailing list submissions to
> nagios-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> or, via email, send a message with subject or body 'help' to
> nagios-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> nagios-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nagios-users digest..."
>
>
> Today's Topics:
>
> 1. Re: RESEND: orphaned check, no check results posted, no macro
> expand: solaris 10, new install] (David Dozier)
> 2. Re: problem starting nagios (Marc Powell)
> 3. Circular Map setup (Albrecht Dre?)
> 4. Re: Nagios-SNMP (Jim Avery)
> 5. Re: blank perfdata: not parsing macros (Jim Avery)
> 6. Re: Circular Map setup (Jim Avery)
> 7. Stuck on NRPE for OS X Server (Andrew Davis)
> 8. Re: Stuck on NRPE for OS X Server (Andrew Davis)
> 9. Re: Stuck on NRPE for OS X Server (Andrew Davis)
> 10. Re: Stuck on NRPE for OS X Server (Allan Clark)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 18 Mar 2009 12:17:07 -0400
> From: David Dozier <David.Dozier at Sun.COM>
> Subject: Re: [Nagios-users] RESEND: orphaned check, no check results
> posted, no macro expand: solaris 10, new install]
> To: Marc Powell <marc at ena.com>
> Cc: Nagios User list <nagios-users at lists.sourceforge.net>
> Message-ID: <49C11E83.2070209 at sun.com>
> Content-Type: text/plain; format=flowed; charset=ISO-8859-1
>
> Thanks Marc,
>
> For the URL:
>
> I see that the debug_level needs to be set to 2048 to capture macro
> expansion.
>
> Debug_verbosity=2
>
> I've restarted and will continue troubleshooting.
>
> David
>
>
>
> Marc Powell wrote:
> > On Mar 18, 2009, at 10:02 AM, David Dozier wrote:
> >
> >
> >> All,
> >>
> >> Should I be seeing the following lack of macro expansion in
> >> nagios.debug?
> >>
> >> In nagios.debug:
> >> ================
> >> [] Raw Command Input: $USER1$/check_ping -H $HOSTADDRESS$ -w
> >> 3000.0,80%
> >> -c 5000.0,100% -p 5
> >> [] Expanded Command Output: $USER1$/check_ping -H $HOSTADDRESS$ -w
> >> 3000.0,80% -c 5000.0,100% -p 5
> >>
> >> [] Finished reaping 0 check results
> >>
> >
> > I don't use nagios-3 yet but I believe it might depend on the
> > debug_verbosity without looking at the actual code. Here is an example
> > where it was shown as expanded after the second loop through MACRO
> > PROCESSING -- http://article.gmane.org/gmane.network.nagios.devel/4737
> >
> >
> >> FYI: I set Debugging_output=256, and every "Expanded Command
> >> Output" is
> >> not expanded, and every "Reap check results" yeilds 0 check results.
> >>
> >
> > Did you mean debug_level? is debug_verbosity set to 2?
> >
> > --
> > Marc
> >
> >
> >
> ------------------------------------------------------------------------------
> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> development
> > software that enables intelligent coding and step-through debugging.
> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 18 Mar 2009 12:43:33 -0500
> From: Marc Powell <marc at ena.com>
> Subject: Re: [Nagios-users] problem starting nagios
> To: Nagios User list <nagios-users at lists.sourceforge.net>
> Message-ID: <2DDE945C-0D20-4664-B5B7-DECE59564050 at ena.com>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
>
> Hi Anirudh,
>
> On Mar 18, 2009, at 12:13 PM, Anirudh Srinivasan wrote:
>
> > This is what i see when i run this .and to tell you i dint create
> > time period which i think is no way related to this problem:
> >
> > Nagios 3.0.6
> > Copyright (c) 1999-2008 Ethan Galstad (http://www.nagios.org)
> > Last Modified: 12-01-2008
> > License: GPL
> >
> > Nagios 3.0.6 starting... (PID=31661)
> > Local time is Wed Mar 18 12:59:33 EDT 2009
> > Error: Template 'generic-host' specified in host definition could
> > not be not found (config file '/usr/local/nagios/etc/objects/
> > localhost.cfg', starting on line 20)
> > Error: Template 'generic-service' specified in service definition
> > could not be not found (config file '/usr/local/nagios/etc/objects/
> > localhost.cfg', starting on line 64)
> >
> > Error: Could not create external command file '/usr/local/nagios/var/
> > rw/nagios.cmd' as named pipe: (2) -> No such file or directory. If
> > this file already exists and you are sure that another copy of
> > Nagios is not running, you should delete this file.
> > Bailing out due to errors encountered while trying to initialize the
> > external command file... (PID=31661)
>
>
> Any Error's will prevent nagios from starting. That's a pretty common
> convention for daemons. You must fix the three configuration errors
> above before nagios will start.
>
> For the first two errors, you have host{} and service{} definitions
> that reference other definitions named 'generic-host' and 'generic-
> service'. They do not exist in a cfg file that you've told nagios to
> load. Use grep to find which file they exist in and make sure it's
> listed as a cfg_file in nagios.cfg.
>
> For the last error, nagios has been told to listen for external
> commands but is unable to create the 'file' needed to do that under /
> usr/local/nagios/var/rw. Does that directory exist and is it owned and
> readable/writable by the nagios user? If you installed from source, I
> believe the make command to do that is 'make install-commandmode' from
> within the nagios source tree, or you can just create the rw directory
> (but not the nagios.cmd file) and give it nagios ownership and rwx
> permissions.
>
> --
> Marc
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 18 Mar 2009 19:16:13 +0100
> From: Albrecht Dre? <albrecht.dress at arcor.de>
> Subject: [Nagios-users] Circular Map setup
> To: nagios-users at lists.sourceforge.net
> Message-ID: <1237400180.5381.0 at antares>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi all,
>
> I use Nagios to monitor several servers, redundant switches, and
> Windows PC's and printers. Works perfectly, except for the circular
> status map... The problem is that the icons of the components in the
> "outer ring" are overlapping (see attached screenshot). Is there any
> way to influence the placement of icons in the circular map?
>
> Thanks in advance, Albrecht.
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: nagios-circular.png
> Type: image/png
> Size: 28691 bytes
> Desc: not available
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: not available
>
> ------------------------------
>
> Message: 4
> Date: Wed, 18 Mar 2009 19:16:30 +0000
> From: Jim Avery <jim at jimavery.me.uk>
> Subject: Re: [Nagios-users] Nagios-SNMP
> To: Joseph Ribin Roy <Ribin.Roy at mformation.com>
> Cc: nagios-users at lists.sourceforge.net
> Message-ID:
> <765d77c80903181216o7b8b7ccbvf1267df8a2bb1bf3 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2009/3/18 Joseph Ribin Roy <Ribin.Roy at mformation.com>:
> > Any feedback or other ways of integrating of Nagios-SNMP will be
> grateful.
>
> I use NagTrap. It's probably not everyone's cup of tea but is easy to
> install and maintain (compared with the scripts I used before anyway).
>
> http://nagtrap.org
>
> Cheers,
>
> Jim
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 18 Mar 2009 19:23:44 +0000
> From: Jim Avery <jim at jimavery.me.uk>
> Subject: Re: [Nagios-users] blank perfdata: not parsing macros
> To: nagios-users at lists.sourceforge.net
> Message-ID:
> <765d77c80903181223o47ffda5ah59010a84201d9f02 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2009/3/18 M P <reg at eyesopen.org>:
> > Other than compiling from source, any other tips?
>
> I would suggest you try PNP4Nagios, but again if you installed Nagios
> from repositories you're going to find it more difficult to get it
> working than if you installed it from source.
>
> Cheers,
>
> Jim
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 18 Mar 2009 19:41:03 +0000
> From: Jim Avery <jim at jimavery.me.uk>
> Subject: Re: [Nagios-users] Circular Map setup
> To: Albrecht Dre? <albrecht.dress at arcor.de>
> Cc: nagios-users at lists.sourceforge.net
> Message-ID:
> <765d77c80903181241sdc38c14u9be59957258952e9 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2009/3/18 Albrecht Dre? <albrecht.dress at arcor.de>:
> > Hi all,
> >
> > I use Nagios to monitor several servers, redundant switches, and Windows
> > PC's and printers. ?Works perfectly, except for the circular status
> map...
> > ?The problem is that the icons of the components in the "outer ring" are
> > overlapping (see attached screenshot). ?Is there any way to influence the
> > placement of icons in the circular map?
> >
> > Thanks in advance, Albrecht.
>
> You could try specifying 2d_coords in your host definitions. See
> http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host
>
> But I recommend you try either NEXSM (can be tricky to install but is
> great for large networks) or the automap feature in NagVis (easy to
> install, but requires a MySQL database).
>
> hth,
>
> Jim
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 18 Mar 2009 15:59:24 -0400
> From: Andrew Davis <nccomp at gmail.com>
> Subject: [Nagios-users] Stuck on NRPE for OS X Server
> To: "nagios-users at lists.sourceforge.net"
> <nagios-users at lists.sourceforge.net>
> Message-ID: <49C1529C.2030106 at gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I have two Mac OS X servers, one running 10.3, the other running 10.4.
> Neither can be upgraded to 10.5 due to third party s/w constraints. Both
> are PPC based XServe's.
>
> Trying to compile nrpe with:
>
> ./configure --sysconfdir=/etc/nagios --enable-ssl
>
> Initially, I got the "cannot find ssl libraries" error:
>
> ~
> checking for SSL headers... SSL headers found in /usr/local/ssl
> checking for SSL libraries... configure: error: Cannot find ssl
> libraries
>
> I downloaded the latest openssl and built it with:
>
> ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl
> make
> make test
> make install
>
> I then had to edit ~/src/nrpe/configure and change the reference from
> libssl.so to libssl.dylib
>
> After that, nrpe compiled cleanly and I was able to move
> ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've
> confirmed that port 5666 is open and xinetd is running:
>
> /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v
> greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM
> 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive
> /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4
> 0 0 *.5666 *.* LISTEN
>
> However, when connecting from the remote server, I get:
>
> /usr/local/nagios/libexec/check_nrpe -H host.mydomain.org
> CHECK_NRPE: Error - Could not complete SSL handshake.
>
> The same test but w/o SSL gives yields:
>
> [nagios at nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H
> host.mydomain.org
> CHECK_NRPE: Received 0 bytes from daemon. Check the remote server
> logs for error messages.
>
> So two questions:
>
> 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad
> different being BSD-based. So what's the proper way to stop/restart the
> xinetd daemon?
> 2) Any thoughts on SSL handshake error? I've googled it, but I'm not
> getting very far.
>
> Anyone have a step-by-step for compiling nagios plugins and NRPE from
> source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for all
> other internal hosts, so I prefer to use it for the Mac's too. I know I
> could do it via check_by_ssh and get around this, but I prefer to use
> NRPE if I can.
>
> --
>
>
> A. Davis
> Email: nccomp at gmail.com
>
> "There is no limit to what a man can accomplish
> if he doesn't care who gets the credit." - Ronald Reagan
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 8
> Date: Wed, 18 Mar 2009 16:09:31 -0400
> From: Andrew Davis <nccomp at gmail.com>
> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server
> To: "nagios-users at lists.sourceforge.net"
> <nagios-users at lists.sourceforge.net>
> Message-ID: <49C154FB.2010509 at gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> FYI: /var/log/system.log on the client shows:
>
> Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170
> Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as
> user/group root!
>
> whether I do the default test (with SSL) or use the -n flag to test w/o
> SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set to
> run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by nobody:nobody.
> Only /usr/local/sbin/nrpe is owned by root (as it should be), but is
> also set to 755 perms. I've compared to a Linux box I have with NRPE and
> xinetd working properly and the permissions are identical.
>
> I'm stumped...
>
> Andrew Davis wrote:
> > I have two Mac OS X servers, one running 10.3, the other running 10.4.
> > Neither can be upgraded to 10.5 due to third party s/w constraints.
> > Both are PPC based XServe's.
> >
> > Trying to compile nrpe with:
> >
> > ./configure --sysconfdir=/etc/nagios --enable-ssl
> >
> > Initially, I got the "cannot find ssl libraries" error:
> >
> > ~
> > checking for SSL headers... SSL headers found in /usr/local/ssl
> > checking for SSL libraries... configure: error: Cannot find ssl
> > libraries
> >
> > I downloaded the latest openssl and built it with:
> >
> > ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl
> > make
> > make test
> > make install
> >
> > I then had to edit ~/src/nrpe/configure and change the reference from
> > libssl.so to libssl.dylib
> >
> > After that, nrpe compiled cleanly and I was able to move
> > ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've
> > confirmed that port 5666 is open and xinetd is running:
> >
> > /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v
> > greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM
> > 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive
> > /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4
> > 0 0 *.5666 *.* LISTEN
> >
> > However, when connecting from the remote server, I get:
> >
> > /usr/local/nagios/libexec/check_nrpe -H host.mydomain.org
> > CHECK_NRPE: Error - Could not complete SSL handshake.
> >
> > The same test but w/o SSL gives yields:
> >
> > [nagios at nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H
> > host.mydomain.org
> > CHECK_NRPE: Received 0 bytes from daemon. Check the remote server
> > logs for error messages.
> >
> > So two questions:
> >
> > 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad
> > different being BSD-based. So what's the proper way to stop/restart
> > the xinetd daemon?
> > 2) Any thoughts on SSL handshake error? I've googled it, but I'm not
> > getting very far.
> >
> > Anyone have a step-by-step for compiling nagios plugins and NRPE from
> > source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for
> > all other internal hosts, so I prefer to use it for the Mac's too. I
> > know I could do it via check_by_ssh and get around this, but I prefer
> > to use NRPE if I can.
> > --
> >
> >
> > A. Davis
> > Email: nccomp at gmail.com
> >
> > "There is no limit to what a man can accomplish
> > if he doesn't care who gets the credit." - Ronald Reagan
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 9
> Date: Wed, 18 Mar 2009 16:57:30 -0400
> From: Andrew Davis <nccomp at gmail.com>
> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server
> To: "nagios-users at lists.sourceforge.net"
> <nagios-users at lists.sourceforge.net>
> Message-ID: <49C1603A.8060702 at gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> If I'm reading this correctly, the line about "NRPE daemon cannot be run
> as user/group root!" is directly from the source code of NRPE. Its not
> an xinetd thing. I've confirmed that xinetd is running and listening on
> port 5666. I tried changing the owner/group from nobody:nobody to
> another unprivileged user, but it didn't work. Same results. It appears
> that despite my configuring the /etc/nagios/nrpe.cfg and the
> /etc/xinetd.d/nrpe files to use a user other than root, it still tries
> to start it as the root user and thus when an incoming connection comes
> in, it gives the "NRPE daemon cannot be run as user/group root!" error.
> Any thoughts on how to rectify this? Since NRPE is working fine on
> Linux, is this just a Mac OS X thing? Any help would be immensely
> appreciated.
>
> AD
>
> Andrew Davis wrote:
> > FYI: /var/log/system.log on the client shows:
> >
> > Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170
> > Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as
> > user/group root!
> >
> > whether I do the default test (with SSL) or use the -n flag to test
> > w/o SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set
> > to run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by
> > nobody:nobody. Only /usr/local/sbin/nrpe is owned by root (as it
> > should be), but is also set to 755 perms. I've compared to a Linux box
> > I have with NRPE and xinetd working properly and the permissions are
> > identical.
> >
> > I'm stumped...
> >
> > Andrew Davis wrote:
> >> I have two Mac OS X servers, one running 10.3, the other running
> >> 10.4. Neither can be upgraded to 10.5 due to third party s/w
> >> constraints. Both are PPC based XServe's.
> >>
> >> Trying to compile nrpe with:
> >>
> >> ./configure --sysconfdir=/etc/nagios --enable-ssl
> >>
> >> Initially, I got the "cannot find ssl libraries" error:
> >>
> >> ~
> >> checking for SSL headers... SSL headers found in /usr/local/ssl
> >> checking for SSL libraries... configure: error: Cannot find ssl
> >> libraries
> >>
> >> I downloaded the latest openssl and built it with:
> >>
> >> ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl
> >> make
> >> make test
> >> make install
> >>
> >> I then had to edit ~/src/nrpe/configure and change the reference from
> >> libssl.so to libssl.dylib
> >>
> >> After that, nrpe compiled cleanly and I was able to move
> >> ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've
> >> confirmed that port 5666 is open and xinetd is running:
> >>
> >> /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v
> >> greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM
> >> 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive
> >> /usr/local/src/nrpe-2.12/src root# netstat -an|grep
> >> 5666tcp4 0 0 *.5666
> >> *.* LISTEN
> >>
> >> However, when connecting from the remote server, I get:
> >>
> >> /usr/local/nagios/libexec/check_nrpe -H host.mydomain.org
> >> CHECK_NRPE: Error - Could not complete SSL handshake.
> >>
> >> The same test but w/o SSL gives yields:
> >>
> >> [nagios at nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H
> >> host.mydomain.org
> >> CHECK_NRPE: Received 0 bytes from daemon. Check the remote
> >> server logs for error messages.
> >>
> >> So two questions:
> >>
> >> 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad
> >> different being BSD-based. So what's the proper way to stop/restart
> >> the xinetd daemon?
> >> 2) Any thoughts on SSL handshake error? I've googled it, but I'm not
> >> getting very far.
> >>
> >> Anyone have a step-by-step for compiling nagios plugins and NRPE from
> >> source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for
> >> all other internal hosts, so I prefer to use it for the Mac's too. I
> >> know I could do it via check_by_ssh and get around this, but I prefer
> >> to use NRPE if I can.
> >> --
> >>
> >>
> >> A. Davis
> >> Email: nccomp at gmail.com
> >>
> >> "There is no limit to what a man can accomplish
> >> if he doesn't care who gets the credit." - Ronald Reagan
> >>
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 10
> Date: Wed, 18 Mar 2009 17:19:11 -0400
> From: Allan Clark <allanc at chickenandporn.com>
> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server
> To: nccomp at gmail.com
> Cc: "nagios-users at lists.sourceforge.net"
> <nagios-users at lists.sourceforge.net>
> Message-ID:
> <37c712e0903181419q4fda28e8o83b1cd5464f69ab3 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Reply is bottom-posted.
>
> On Wed, Mar 18, 2009 at 16:57, Andrew Davis <nccomp at gmail.com> wrote:
>
> > If I'm reading this correctly, the line about "NRPE daemon cannot be run
> > as user/group root!" is directly from the source code of NRPE. Its not an
> > xinetd thing. I've confirmed that xinetd is running and listening on port
> > 5666. I tried changing the owner/group from nobody:nobody to another
> > unprivileged user, but it didn't work. Same results. It appears that
> despite
> > my configuring the /etc/nagios/nrpe.cfg and the /etc/xinetd.d/nrpe files
> to
> > use a user other than root, it still tries to start it as the root user
> and
> > thus when an incoming connection comes in, it gives the "NRPE daemon
> cannot
> > be run as user/group root!" error. Any thoughts on how to rectify this?
> > Since NRPE is working fine on Linux, is this just a Mac OS X thing? Any
> help
> > would be immensely appreciated.
> >
> > AD
> >
> >
> > Andrew Davis wrote:
> >
> > FYI: /var/log/system.log on the client shows:
> >
> > Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170
> > Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as
> > user/group root!
> >
> > whether I do the default test (with SSL) or use the -n flag to test w/o
> > SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set to run
> as
> > nobody:nobody and /etc/nagios/nrpe.cfg is owned by nobody:nobody. Only
> > /usr/local/sbin/nrpe is owned by root (as it should be), but is also set
> to
> > 755 perms. I've compared to a Linux box I have with NRPE and xinetd
> working
> > properly and the permissions are identical.
> >
> > I'm stumped...
> >
> > Andrew Davis wrote:
> >
> > I have two Mac OS X servers, one running 10.3, the other running 10.4.
> > Neither can be upgraded to 10.5 due to third party s/w constraints. Both
> are
> > PPC based XServe's.
> >
> > Trying to compile nrpe with:
> >
> > ./configure --sysconfdir=/etc/nagios --enable-ssl
> >
> > Initially, I got the "cannot find ssl libraries" error:
> >
> > ~
> > checking for SSL headers... SSL headers found in /usr/local/ssl
> > checking for SSL libraries... configure: error: Cannot find ssl libraries
> >
> > I downloaded the latest openssl and built it with:
> >
> > ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl
> > make
> > make test
> > make install
> >
> > I then had to edit ~/src/nrpe/configure and change the reference from
> > libssl.so to libssl.dylib
> >
> > After that, nrpe compiled cleanly and I was able to move
> ~src/nrpe/src/nrpe
> > to /usr/local/sbin and start xinetd up. I've confirmed that port 5666 is
> > open and xinetd is running:
> >
> > /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v greproot
> > 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM 0:00.02
> > /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive
> > /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4 0
> > 0 *.5666 *.* LISTEN
> >
> > However, when connecting from the remote server, I get:
> >
> > /usr/local/nagios/libexec/check_nrpe -H host.mydomain.org
> > CHECK_NRPE: Error - Could not complete SSL handshake.
> >
> > The same test but w/o SSL gives yields:
> >
> > [nagios at nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H
> > host.mydomain.org
> > CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs
> for
> > error messages.
> >
> > So two questions:
> >
> > 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad
> > different being BSD-based. So what's the proper way to stop/restart the
> > xinetd daemon?
> > 2) Any thoughts on SSL handshake error? I've googled it, but I'm not
> > getting very far.
> >
> > Anyone have a step-by-step for compiling nagios plugins and NRPE from
> > source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for all
> > other internal hosts, so I prefer to use it for the Mac's too. I know I
> > could do it via check_by_ssh and get around this, but I prefer to use
> NRPE
> > if I can.
> >
> > --
> >
> >
> On a Mac, your xinetd is a bolt-on over the launchd that's there by
> default;
> you've obviously got it running. Since you're in
> /etc/xinetd.d/<something>,
> you need to cnfigure a different username via xinetd's config. Look for a
> /etc/xinetd.d/nrpe file, or similar, containing the config for your nrpe
> service. I tend to grep for the port number in order to find the file.
> Remember to check /local/*
>
> The time service has an example with juicy comments:
>
>
> service time
> {
> # This is for quick on or off of the service
> disable = yes
> ...
> ...
> # External services must fill out the following
> # user =
> # group =
> ...
> ...
> }
>
>
> Take a look there, see if you can choose a better username and/or group and
> if your port of xinetd honours it. I don't know if you have a nrpe user,
> or
> run it as nobody.
>
> A better option would be a proper launchd config, allowing you to shutdown
> xinetd if you're installing it there for this purpose only, but then it's a
> Mac-only thing, and would be more difficult to maintain for non-Mac people.
>
> Allan
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> easily build your RIAs with Flex Builder, the Eclipse(TM)based development
> software that enables intelligent coding and step-through debugging.
> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
>
> ------------------------------
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
>
> End of Nagios-users Digest, Vol 34, Issue 31
> ********************************************
>
--
Anirudh Srinivasan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090319/6eaa2db3/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list