Error: Could not create external command file '/usr/local/nagios/var/ > rw/nagios.cmd' as named pipe: (2) -> No such file or directory. If > this file already exists and you are sure that another copy of > Nagios is not running, you should delete this file. > Bailing out due to errors encountered while trying to initialize the > external command file... (PID=31661) The above error dissapeared as soon i created the rw directory inside /usr/local/nagios/var This time i could see nagios as a proces running: [root@DELL8B81Y11 subsys]# ps -ef | grep nagios nagios 1992 1 0 09:47 ? 00:00:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg But when i type <a href="http://localhost/nagios/">http://localhost/nagios/</a> i get the nagios open up page but then when i click host detail i see <pre><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. <hr> <address>Apache/2.2.3 (Red Hat) Server at localhost Port 80</address> </body></html> </pre>I also checked the /var/log/httpd/error_log : [Thu Mar 19 09:49:05 2009] [error] [client 127.0.0.1] Premature end of script headers: status.cgi, referer: <a href="http://localhost/nagios/side.html">http://localhost/nagios/side.html</a> [Thu Mar 19 09:49:40 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/ [Thu Mar 19 09:50:40 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/ [Thu Mar 19 09:51:19 2009] [error] [client 127.0.0.1] (13)Permission denied: exec of '/usr/local/nagios/sbin/status.cgi' failed, referer: <a href="http://localhost/na">http://localhost/na</a> gios/side.html [Thu Mar 19 09:51:19 2009] [error] [client 127.0.0.1] Premature end of script headers: status.cgi, referer: <a href="http://localhost/nagios/side.html">http://localhost/nagios/side.html</a> [Thu Mar 19 09:51:21 2009] [error] [client 127.0.0.1] (13)Permission denied: exec of '/usr/local/nagios/sbin/status.cgi' failed, referer: <a href="http://localhost/na">http://localhost/na</a> gios/side.html [Thu Mar 19 09:51:21 2009] [error] [client 127.0.0.1] Premature end of script headers: status.cgi, referer: <a href="http://localhost/nagios/side.html">http://localhost/nagios/side.html</a> [Thu Mar 19 09:51:40 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/ [Thu Mar 19 09:52:40 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/ [Thu Mar 19 09:53:40 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/ Thanks you for your help , <div class="gmail_quote">On Wed, Mar 18, 2009 at 5:26 PM, <<a href="mailto:nagios-users-request@lists.sourceforge.net">nagios-users-request@lists.sourceforge.net</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Nagios-users mailing list submissions to <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a> To subscribe or unsubscribe via the World Wide Web, visit <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> or, via email, send a message with subject or body 'help' to <a href="mailto:nagios-users-request@lists.sourceforge.net">nagios-users-request@lists.sourceforge.net</a> You can reach the person managing the list at <a href="mailto:nagios-users-owner@lists.sourceforge.net">nagios-users-owner@lists.sourceforge.net</a> When replying, please edit your Subject line so it is more specific than "Re: Contents of Nagios-users digest..." Today's Topics: 1. Re: RESEND: orphaned check, no check results posted, no macro expand: solaris 10, new install] (David Dozier) 2. Re: problem starting nagios (Marc Powell) 3. Circular Map setup (Albrecht Dre?) 4. Re: Nagios-SNMP (Jim Avery) 5. Re: blank perfdata: not parsing macros (Jim Avery) 6. Re: Circular Map setup (Jim Avery) 7. Stuck on NRPE for OS X Server (Andrew Davis) 8. Re: Stuck on NRPE for OS X Server (Andrew Davis) 9. Re: Stuck on NRPE for OS X Server (Andrew Davis) 10. Re: Stuck on NRPE for OS X Server (Allan Clark) ---------------------------------------------------------------------- Message: 1 Date: Wed, 18 Mar 2009 12:17:07 -0400 From: David Dozier <David.Dozier@Sun.COM> Subject: Re: [Nagios-users] RESEND: orphaned check, no check results posted, no macro expand: solaris 10, new install] To: Marc Powell <<a href="mailto:marc@ena.com">marc@ena.com</a>> Cc: Nagios User list <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:49C11E83.2070209@sun.com">49C11E83.2070209@sun.com</a>> Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Thanks Marc, For the URL: I see that the debug_level needs to be set to 2048 to capture macro expansion. Debug_verbosity=2 I've restarted and will continue troubleshooting. David Marc Powell wrote: > On Mar 18, 2009, at 10:02 AM, David Dozier wrote: > > >> All, >> >> Should I be seeing the following lack of macro expansion in >> nagios.debug? >> >> In nagios.debug: >> ================ >> [] Raw Command Input: $USER1$/check_ping -H $HOSTADDRESS$ -w >> 3000.0,80% >> -c 5000.0,100% -p 5 >> [] Expanded Command Output: $USER1$/check_ping -H $HOSTADDRESS$ -w >> 3000.0,80% -c 5000.0,100% -p 5 >> >> [] Finished reaping 0 check results >> > > I don't use nagios-3 yet but I believe it might depend on the > debug_verbosity without looking at the actual code. Here is an example > where it was shown as expanded after the second loop through MACRO > PROCESSING -- <a href="http://article.gmane.org/gmane.network.nagios.devel/4737" target="_blank">http://article.gmane.org/gmane.network.nagios.devel/4737</a> > > >> FYI: I set Debugging_output=256, and every "Expanded Command >> Output" is >> not expanded, and every "Reap check results" yeilds 0 check results. >> > > Did you mean debug_level? is debug_verbosity set to 2? > > -- > Marc > > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. <a href="http://p.sf.net/sfu/www-adobe-com" target="_blank">http://p.sf.net/sfu/www-adobe-com</a> > _______________________________________________ > Nagios-users mailing list > <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> > <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > ------------------------------ Message: 2 Date: Wed, 18 Mar 2009 12:43:33 -0500 From: Marc Powell <<a href="mailto:marc@ena.com">marc@ena.com</a>> Subject: Re: [Nagios-users] problem starting nagios To: Nagios User list <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:2DDE945C-0D20-4664-B5B7-DECE59564050@ena.com">2DDE945C-0D20-4664-B5B7-DECE59564050@ena.com</a>> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Hi Anirudh, On Mar 18, 2009, at 12:13 PM, Anirudh Srinivasan wrote: > This is what i see when i run this .and to tell you i dint create > time period which i think is no way related to this problem: > > Nagios 3.0.6 > Copyright (c) 1999-2008 Ethan Galstad (<a href="http://www.nagios.org" target="_blank">http://www.nagios.org</a>) > Last Modified: 12-01-2008 > License: GPL > > Nagios 3.0.6 starting... (PID=31661) > Local time is Wed Mar 18 12:59:33 EDT 2009 > Error: Template 'generic-host' specified in host definition could > not be not found (config file '/usr/local/nagios/etc/objects/ > localhost.cfg', starting on line 20) > Error: Template 'generic-service' specified in service definition > could not be not found (config file '/usr/local/nagios/etc/objects/ > localhost.cfg', starting on line 64) > > Error: Could not create external command file '/usr/local/nagios/var/ > rw/nagios.cmd' as named pipe: (2) -> No such file or directory. If > this file already exists and you are sure that another copy of > Nagios is not running, you should delete this file. > Bailing out due to errors encountered while trying to initialize the > external command file... (PID=31661) Any Error's will prevent nagios from starting. That's a pretty common convention for daemons. You must fix the three configuration errors above before nagios will start. For the first two errors, you have host{} and service{} definitions that reference other definitions named 'generic-host' and 'generic- service'. They do not exist in a cfg file that you've told nagios to load. Use grep to find which file they exist in and make sure it's listed as a cfg_file in nagios.cfg. For the last error, nagios has been told to listen for external commands but is unable to create the 'file' needed to do that under / usr/local/nagios/var/rw. Does that directory exist and is it owned and readable/writable by the nagios user? If you installed from source, I believe the make command to do that is 'make install-commandmode' from within the nagios source tree, or you can just create the rw directory (but not the nagios.cmd file) and give it nagios ownership and rwx permissions. -- Marc ------------------------------ Message: 3 Date: Wed, 18 Mar 2009 19:16:13 +0100 From: Albrecht Dre? <<a href="mailto:albrecht.dress@arcor.de">albrecht.dress@arcor.de</a>> Subject: [Nagios-users] Circular Map setup To: <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a> Message-ID: <1237400180.5381.0@antares> Content-Type: text/plain; charset="us-ascii" Hi all, I use Nagios to monitor several servers, redundant switches, and Windows PC's and printers. Works perfectly, except for the circular status map... The problem is that the icons of the components in the "outer ring" are overlapping (see attached screenshot). Is there any way to influence the placement of icons in the circular map? Thanks in advance, Albrecht. -------------- next part -------------- A non-text attachment was scrubbed... Name: nagios-circular.png Type: image/png Size: 28691 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available ------------------------------ Message: 4 Date: Wed, 18 Mar 2009 19:16:30 +0000 From: Jim Avery <<a href="mailto:jim@jimavery.me.uk">jim@jimavery.me.uk</a>> Subject: Re: [Nagios-users] Nagios-SNMP To: Joseph Ribin Roy <<a href="mailto:Ribin.Roy@mformation.com">Ribin.Roy@mformation.com</a>> Cc: <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a> Message-ID: <<a href="mailto:765d77c80903181216o7b8b7ccbvf1267df8a2bb1bf3@mail.gmail.com">765d77c80903181216o7b8b7ccbvf1267df8a2bb1bf3@mail.gmail.com</a>> Content-Type: text/plain; charset=ISO-8859-1 2009/3/18 Joseph Ribin Roy <<a href="mailto:Ribin.Roy@mformation.com">Ribin.Roy@mformation.com</a>>: > Any feedback or other ways of integrating of Nagios-SNMP will be grateful. I use NagTrap. It's probably not everyone's cup of tea but is easy to install and maintain (compared with the scripts I used before anyway). <a href="http://nagtrap.org" target="_blank">http://nagtrap.org</a> Cheers, Jim ------------------------------ Message: 5 Date: Wed, 18 Mar 2009 19:23:44 +0000 From: Jim Avery <<a href="mailto:jim@jimavery.me.uk">jim@jimavery.me.uk</a>> Subject: Re: [Nagios-users] blank perfdata: not parsing macros To: <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a> Message-ID: <<a href="mailto:765d77c80903181223o47ffda5ah59010a84201d9f02@mail.gmail.com">765d77c80903181223o47ffda5ah59010a84201d9f02@mail.gmail.com</a>> Content-Type: text/plain; charset=ISO-8859-1 2009/3/18 M P <<a href="mailto:reg@eyesopen.org">reg@eyesopen.org</a>>: > Other than compiling from source, any other tips? I would suggest you try PNP4Nagios, but again if you installed Nagios from repositories you're going to find it more difficult to get it working than if you installed it from source. Cheers, Jim ------------------------------ Message: 6 Date: Wed, 18 Mar 2009 19:41:03 +0000 From: Jim Avery <<a href="mailto:jim@jimavery.me.uk">jim@jimavery.me.uk</a>> Subject: Re: [Nagios-users] Circular Map setup To: Albrecht Dre? <<a href="mailto:albrecht.dress@arcor.de">albrecht.dress@arcor.de</a>> Cc: <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a> Message-ID: <<a href="mailto:765d77c80903181241sdc38c14u9be59957258952e9@mail.gmail.com">765d77c80903181241sdc38c14u9be59957258952e9@mail.gmail.com</a>> Content-Type: text/plain; charset=ISO-8859-1 2009/3/18 Albrecht Dre? <<a href="mailto:albrecht.dress@arcor.de">albrecht.dress@arcor.de</a>>: > Hi all, > > I use Nagios to monitor several servers, redundant switches, and Windows > PC's and printers. ?Works perfectly, except for the circular status map... > ?The problem is that the icons of the components in the "outer ring" are > overlapping (see attached screenshot). ?Is there any way to influence the > placement of icons in the circular map? > > Thanks in advance, Albrecht. You could try specifying 2d_coords in your host definitions. See <a href="http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host" target="_blank">http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host</a> But I recommend you try either NEXSM (can be tricky to install but is great for large networks) or the automap feature in NagVis (easy to install, but requires a MySQL database). hth, Jim ------------------------------ Message: 7 Date: Wed, 18 Mar 2009 15:59:24 -0400 From: Andrew Davis <<a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a>> Subject: [Nagios-users] Stuck on NRPE for OS X Server To: "<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>" <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:49C1529C.2030106@gmail.com">49C1529C.2030106@gmail.com</a>> Content-Type: text/plain; charset="iso-8859-1" I have two Mac OS X servers, one running 10.3, the other running 10.4. Neither can be upgraded to 10.5 due to third party s/w constraints. Both are PPC based XServe's. Trying to compile nrpe with: ./configure --sysconfdir=/etc/nagios --enable-ssl Initially, I got the "cannot find ssl libraries" error: ~ checking for SSL headers... SSL headers found in /usr/local/ssl checking for SSL libraries... configure: error: Cannot find ssl libraries I downloaded the latest openssl and built it with: ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl make make test make install I then had to edit ~/src/nrpe/configure and change the reference from libssl.so to libssl.dylib After that, nrpe compiled cleanly and I was able to move ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've confirmed that port 5666 is open and xinetd is running: /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4 0 0 *.5666 *.* LISTEN However, when connecting from the remote server, I get: /usr/local/nagios/libexec/check_nrpe -H <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> CHECK_NRPE: Error - Could not complete SSL handshake. The same test but w/o SSL gives yields: [nagios@nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages. So two questions: 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad different being BSD-based. So what's the proper way to stop/restart the xinetd daemon? 2) Any thoughts on SSL handshake error? I've googled it, but I'm not getting very far. Anyone have a step-by-step for compiling nagios plugins and NRPE from source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for all other internal hosts, so I prefer to use it for the Mac's too. I know I could do it via check_by_ssh and get around this, but I prefer to use NRPE if I can. -- A. Davis Email: <a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a> "There is no limit to what a man can accomplish if he doesn't care who gets the credit." - Ronald Reagan -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 8 Date: Wed, 18 Mar 2009 16:09:31 -0400 From: Andrew Davis <<a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a>> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server To: "<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>" <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:49C154FB.2010509@gmail.com">49C154FB.2010509@gmail.com</a>> Content-Type: text/plain; charset="iso-8859-1" FYI: /var/log/system.log on the client shows: Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170 Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as user/group root! whether I do the default test (with SSL) or use the -n flag to test w/o SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set to run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by nobody:nobody. Only /usr/local/sbin/nrpe is owned by root (as it should be), but is also set to 755 perms. I've compared to a Linux box I have with NRPE and xinetd working properly and the permissions are identical. I'm stumped... Andrew Davis wrote: > I have two Mac OS X servers, one running 10.3, the other running 10.4. > Neither can be upgraded to 10.5 due to third party s/w constraints. > Both are PPC based XServe's. > > Trying to compile nrpe with: > > ./configure --sysconfdir=/etc/nagios --enable-ssl > > Initially, I got the "cannot find ssl libraries" error: > > ~ > checking for SSL headers... SSL headers found in /usr/local/ssl > checking for SSL libraries... configure: error: Cannot find ssl > libraries > > I downloaded the latest openssl and built it with: > > ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl > make > make test > make install > > I then had to edit ~/src/nrpe/configure and change the reference from > libssl.so to libssl.dylib > > After that, nrpe compiled cleanly and I was able to move > ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've > confirmed that port 5666 is open and xinetd is running: > > /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v > greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM > 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive > /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4 > 0 0 *.5666 *.* LISTEN > > However, when connecting from the remote server, I get: > > /usr/local/nagios/libexec/check_nrpe -H <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> > CHECK_NRPE: Error - Could not complete SSL handshake. > > The same test but w/o SSL gives yields: > > [nagios@nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H > <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> > CHECK_NRPE: Received 0 bytes from daemon. Check the remote server > logs for error messages. > > So two questions: > > 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad > different being BSD-based. So what's the proper way to stop/restart > the xinetd daemon? > 2) Any thoughts on SSL handshake error? I've googled it, but I'm not > getting very far. > > Anyone have a step-by-step for compiling nagios plugins and NRPE from > source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for > all other internal hosts, so I prefer to use it for the Mac's too. I > know I could do it via check_by_ssh and get around this, but I prefer > to use NRPE if I can. > -- > > > A. Davis > Email: <a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a> > > "There is no limit to what a man can accomplish > if he doesn't care who gets the credit." - Ronald Reagan > -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 9 Date: Wed, 18 Mar 2009 16:57:30 -0400 From: Andrew Davis <<a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a>> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server To: "<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>" <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:49C1603A.8060702@gmail.com">49C1603A.8060702@gmail.com</a>> Content-Type: text/plain; charset="iso-8859-1" If I'm reading this correctly, the line about "NRPE daemon cannot be run as user/group root!" is directly from the source code of NRPE. Its not an xinetd thing. I've confirmed that xinetd is running and listening on port 5666. I tried changing the owner/group from nobody:nobody to another unprivileged user, but it didn't work. Same results. It appears that despite my configuring the /etc/nagios/nrpe.cfg and the /etc/xinetd.d/nrpe files to use a user other than root, it still tries to start it as the root user and thus when an incoming connection comes in, it gives the "NRPE daemon cannot be run as user/group root!" error. Any thoughts on how to rectify this? Since NRPE is working fine on Linux, is this just a Mac OS X thing? Any help would be immensely appreciated. AD Andrew Davis wrote: > FYI: /var/log/system.log on the client shows: > > Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170 > Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as > user/group root! > > whether I do the default test (with SSL) or use the -n flag to test > w/o SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set > to run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by > nobody:nobody. Only /usr/local/sbin/nrpe is owned by root (as it > should be), but is also set to 755 perms. I've compared to a Linux box > I have with NRPE and xinetd working properly and the permissions are > identical. > > I'm stumped... > > Andrew Davis wrote: >> I have two Mac OS X servers, one running 10.3, the other running >> 10.4. Neither can be upgraded to 10.5 due to third party s/w >> constraints. Both are PPC based XServe's. >> >> Trying to compile nrpe with: >> >> ./configure --sysconfdir=/etc/nagios --enable-ssl >> >> Initially, I got the "cannot find ssl libraries" error: >> >> ~ >> checking for SSL headers... SSL headers found in /usr/local/ssl >> checking for SSL libraries... configure: error: Cannot find ssl >> libraries >> >> I downloaded the latest openssl and built it with: >> >> ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl >> make >> make test >> make install >> >> I then had to edit ~/src/nrpe/configure and change the reference from >> libssl.so to libssl.dylib >> >> After that, nrpe compiled cleanly and I was able to move >> ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've >> confirmed that port 5666 is open and xinetd is running: >> >> /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v >> greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM >> 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive >> /usr/local/src/nrpe-2.12/src root# netstat -an|grep >> 5666tcp4 0 0 *.5666 >> *.* LISTEN >> >> However, when connecting from the remote server, I get: >> >> /usr/local/nagios/libexec/check_nrpe -H <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> >> CHECK_NRPE: Error - Could not complete SSL handshake. >> >> The same test but w/o SSL gives yields: >> >> [nagios@nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H >> <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> >> CHECK_NRPE: Received 0 bytes from daemon. Check the remote >> server logs for error messages. >> >> So two questions: >> >> 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad >> different being BSD-based. So what's the proper way to stop/restart >> the xinetd daemon? >> 2) Any thoughts on SSL handshake error? I've googled it, but I'm not >> getting very far. >> >> Anyone have a step-by-step for compiling nagios plugins and NRPE from >> source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for >> all other internal hosts, so I prefer to use it for the Mac's too. I >> know I could do it via check_by_ssh and get around this, but I prefer >> to use NRPE if I can. >> -- >> >> >> A. Davis >> Email: <a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a> >> >> "There is no limit to what a man can accomplish >> if he doesn't care who gets the credit." - Ronald Reagan >> -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 10 Date: Wed, 18 Mar 2009 17:19:11 -0400 From: Allan Clark <<a href="mailto:allanc@chickenandporn.com">allanc@chickenandporn.com</a>> Subject: Re: [Nagios-users] Stuck on NRPE for OS X Server To: <a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a> Cc: "<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>" <<a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a>> Message-ID: <<a href="mailto:37c712e0903181419q4fda28e8o83b1cd5464f69ab3@mail.gmail.com">37c712e0903181419q4fda28e8o83b1cd5464f69ab3@mail.gmail.com</a>> Content-Type: text/plain; charset="iso-8859-1" Reply is bottom-posted. On Wed, Mar 18, 2009 at 16:57, Andrew Davis <<a href="mailto:nccomp@gmail.com">nccomp@gmail.com</a>> wrote: > If I'm reading this correctly, the line about "NRPE daemon cannot be run > as user/group root!" is directly from the source code of NRPE. Its not an > xinetd thing. I've confirmed that xinetd is running and listening on port > 5666. I tried changing the owner/group from nobody:nobody to another > unprivileged user, but it didn't work. Same results. It appears that despite > my configuring the /etc/nagios/nrpe.cfg and the /etc/xinetd.d/nrpe files to > use a user other than root, it still tries to start it as the root user and > thus when an incoming connection comes in, it gives the "NRPE daemon cannot > be run as user/group root!" error. Any thoughts on how to rectify this? > Since NRPE is working fine on Linux, is this just a Mac OS X thing? Any help > would be immensely appreciated. > > AD > > > Andrew Davis wrote: > > FYI: /var/log/system.log on the client shows: > > Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170 > Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as > user/group root! > > whether I do the default test (with SSL) or use the -n flag to test w/o > SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set to run as > nobody:nobody and /etc/nagios/nrpe.cfg is owned by nobody:nobody. Only > /usr/local/sbin/nrpe is owned by root (as it should be), but is also set to > 755 perms. I've compared to a Linux box I have with NRPE and xinetd working > properly and the permissions are identical. > > I'm stumped... > > Andrew Davis wrote: > > I have two Mac OS X servers, one running 10.3, the other running 10.4. > Neither can be upgraded to 10.5 due to third party s/w constraints. Both are > PPC based XServe's. > > Trying to compile nrpe with: > > ./configure --sysconfdir=/etc/nagios --enable-ssl > > Initially, I got the "cannot find ssl libraries" error: > > ~ > checking for SSL headers... SSL headers found in /usr/local/ssl > checking for SSL libraries... configure: error: Cannot find ssl libraries > > I downloaded the latest openssl and built it with: > > ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl > make > make test > make install > > I then had to edit ~/src/nrpe/configure and change the reference from > libssl.so to libssl.dylib > > After that, nrpe compiled cleanly and I was able to move ~src/nrpe/src/nrpe > to /usr/local/sbin and start xinetd up. I've confirmed that port 5666 is > open and xinetd is running: > > /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v greproot > 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM 0:00.02 > /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive > /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4 0 > 0 *.5666 *.* LISTEN > > However, when connecting from the remote server, I get: > > /usr/local/nagios/libexec/check_nrpe -H <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> > CHECK_NRPE: Error - Could not complete SSL handshake. > > The same test but w/o SSL gives yields: > > [nagios@nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H > <a href="http://host.mydomain.org" target="_blank">host.mydomain.org</a> > CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for > error messages. > > So two questions: > > 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad > different being BSD-based. So what's the proper way to stop/restart the > xinetd daemon? > 2) Any thoughts on SSL handshake error? I've googled it, but I'm not > getting very far. > > Anyone have a step-by-step for compiling nagios plugins and NRPE from > source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for all > other internal hosts, so I prefer to use it for the Mac's too. I know I > could do it via check_by_ssh and get around this, but I prefer to use NRPE > if I can. > > -- > > On a Mac, your xinetd is a bolt-on over the launchd that's there by default; you've obviously got it running. Since you're in /etc/xinetd.d/<something>, you need to cnfigure a different username via xinetd's config. Look for a /etc/xinetd.d/nrpe file, or similar, containing the config for your nrpe service. I tend to grep for the port number in order to find the file. Remember to check /local/* The time service has an example with juicy comments: service time { # This is for quick on or off of the service disable = yes ... ... # External services must fill out the following # user = # group = ... ... } Take a look there, see if you can choose a better username and/or group and if your port of xinetd honours it. I don't know if you have a nrpe user, or run it as nobody. A better option would be a proper launchd config, allowing you to shutdown xinetd if you're installing it there for this purpose only, but then it's a Mac-only thing, and would be more difficult to maintain for non-Mac people. Allan -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. <a href="http://p.sf.net/sfu/www-adobe-com" target="_blank">http://p.sf.net/sfu/www-adobe-com</a> ------------------------------ _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> End of Nagios-users Digest, Vol 34, Issue 31 ******************************************** </blockquote></div> -- Anirudh Srinivasan