CHECK_NRPE: No output returned with check_iptables.sh script

[Assaf Flatto]

Kaplan, Andrew H. wrote:
>
> Hi there --
>
> I am running the check_iptables.sh script on one of our clients, and 
> while the script presents output whenever it is
> manually run on the server with the firewall, this output is not being 
> transmitted to the Nagios server. The error message
>
> that I am encountering is the following:
>
> CHECK_NRPE: No output returned from daemon. 
>
> The check_iptables.sh script is located in the 
> /usr/local/nagios/libxec directory, and has been added as a definition to
>
> the /usr/local/nagios/etc/commands.cfg file with the syntax shown below:
>
> # 'check_iptables.sh' command definition
> define command{
>         command_name    check_iptables
>         command_line    /usr/local/nagios/libexec/check_iptables.sh
>         }
>
> The definition for check on the Nagios server has been added to the 
> /usr/local/nagios/etc/objects/services.cfg file
> with the following:
>
> # Service definition
> define service{
>         use                             generic-service         ; Name 
> of service template to use
>
>         host_name                       <hostame>
>         service_description             Check IP Tables
>         is_volatile                     0
>         check_period                    workhours
>         max_check_attempts              4
>         normal_check_interval           5
>         retry_check_interval            1
>         contact_groups                  linux-admins
>         notification_interval           960
>         notification_period             workhours
>         check_command                   check_nrpe!check_iptables
>         }
>
> The check_iptables.sh script has been added to the 
> /usr/local/nrpe/libexec directory on the client, and the definition
> of the check shown below is included in the client's nrpe.cfg file:
>
> command[check_iptables]=/usr/local/nrpe/libexec/check_iptables.sh
>
> The client system is situated outside the company filewall in a DMZ, 
> and connections are made through the firewall
> via an SSH connection. There are several other services that are 
> monitored by the Nagios server, and the output from
> their respective chceks are getting through to the Nagios server.
>
> The NRPE client is version 2.6, while the Nagios server is running the 
> 3.1.2 release. I checked the nagios.log and
> messages log files, but I did not see any errors relating to the 
> script. What other step(s) do I need to take in order
> for the output that is generated on the client be transmitted to the 
> server? Thanks.
>
>
Have you tried enabling the debugging on the nrpe client and see what 
the output is when you manually trigger the check ?
Have you tried running the check manually as the nagios user ? what 
output did you get ?
what are the return codes that you implemented in the iptables test 
script , and what output is sent beside the return codes?

Assaf

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null