NRPE Installation and Configuration on CentOS/RHEL

Requirements:

A Linux machine connected to the internet.

Optional Requirement:

A Linux machine running Nagios server (needed for running checks)

What is NRPE?

NRPE stands for Nagios Remote Plugin Executor.

It’s a Nagios agent that allows remote system monitoring using scripts that are hosted on the remote systems.

It allows for monitoring of resources such as disk usage, system load or the number of users currently logged in, etc…

Nagios periodically polls the agent on remote system using the check_nrpe plugin.

Let’s Begin:

Step 1 – Add the EPEL repository

Follow this guide: my EPEL installation guide in order to add the EPEL repository to your machine.

Step 2 – Install the NRPE  /OpenSSL packages

Run the next command to install the required NRPE packages as well as OpenSSL:

# yum install -y nagios-plugins-nrpe.x86_64 nrpe.x86_64 openssl

Step 3 – Configuring the NRPE agent

First, let’s edit the nagios.cfg file:

nano /etc/nagios/nrpe.cfg

Copy & paste the following data into the nagios.cfg file:

pid_file=/var/run/nrpe/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
dont_blame_nrpe=1    # Enables support for command arguments in the NRPE daemon.
debug=1
command_timeout=60
allowed_hosts=127.0.0.1,1.1.1.1    # The IP of the server/s allowed to pull information from the NRPE daemon on current machine.

command[check_ping]=/usr/lib/nagios/plugins/check_ping -w $ARG1$ -c $ARG2$
command[check_ifstatus]=/usr/lib/nagios/plugins/check_ifstatus -w $ARG1$ -c $ARG2$
command[check_local_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
command[check_local_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
command[check_local_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
command[check_cpu_load]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ -v
command[check_procs_by_name]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -C $ARG3$
command[check_local_mysql]=/usr/lib/nagios/plugins/check_mysql -u root -w $ARG1$ -c $ARG2$ -S
command[check_provider_ftp]=/usr/lib/nagios/plugins/check_ftp -H $ARG1$ -w $ARG2$ -c $ARG3$
command[check_openfiles]=/usr/lib/nagios/plugins/check_openfiles $ARG1$
command[version]=/usr/lib/nagios/plugins/version
command[centerity_event_command]=/usr/lib/nagios/plugins/centerity_command $ARG1$ $ARG2$
command[check_disk]=/usr/lib/nagios/plugins/check_disk $ARG1$
command[check_users]=/usr/lib/nagios/plugins/check_users $ARG1$
command[check_load]=/usr/lib/nagios/plugins/check_load $ARG1$
command[check_procs]=/usr/lib/nagios/plugins/check_procs $ARG1$
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs $ARG1$
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs $ARG1$
command[check_uptime]=/usr/lib/nagios/plugins/check_uptime $ARG1$
command[check_netstat]=/usr/lib/nagios/plugins/check_netstat $ARG1$
command[check_veritas_disks]=/usr/lib/nagios/plugins/check_vxdisk
command[check_swap]=/usr/lib/nagios/plugins/check_swap  -w 50% -c 38%
command[check_memory]=/usr/lib/nagios/plugins/check_memory $ARG1$
command[check_log]=/usr/lib/nagios/plugins/check_log $ARG1$
command[check_log2]=/usr/lib/nagios/plugins/check_log2 $ARG1$
command[check_date]=/usr/lib/nagios/plugins/check_date $ARG1$
command[check_file_age]=/usr/lib/nagios/plugins/check_file_age $ARG1$
command[check_mailq]=/usr/lib/nagios/plugins/check_mailq $ARG1$
command[check_netstat]=/usr/lib/nagios/plugins/check_netstat $ARG1$
command[check_oracle]=/usr/lib/nagios/plugins/check_oracle $ARG1$
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql $ARG1$
command[check_sensors]=/usr/lib/nagios/plugins/check_sensors $ARG1$
command[check_vxdisk]=/usr/lib/nagios/plugins/check_vxdisk $ARG1$
command[check_tcp]=/usr/lib/nagios/plugins/check_tcp $ARG1$
command[check_udp]=/usr/lib/nagios/plugins/check_udp $ARG1$
command[check_by_ssh]=/usr/lib/nagios/plugins/check_by_ssh $ARG1$
command[check_dummy]=/usr/lib/nagios/plugins/check_dummy $ARG1$
command[check_flexlm]=/usr/lib/nagios/plugins/check_flexlm $ARG1$
command[check_proc_load]=/usr/lib/nagios/plugins/check_proc_load $ARG1$
command[check_veritas_cluster]=/usr/lib/nagios/plugins/check_vcs $ARG1$
command[check_dell_storage]=/usr/lib/nagios/plugins/check_openmanage --only storage
command[check_dell_fans]=/usr/lib/nagios/plugins/check_openmanage --only fans
command[check_dell_memory]=/usr/lib/nagios/plugins/check_openmanage --only memory
command[check_dell_power]=/usr/lib/nagios/plugins/check_openmanage --only power
command[check_dell_temp]=/usr/lib/nagios/plugins/check_openmanage --only temp
command[check_dell_cpu]=/usr/lib/nagios/plugins/check_openmanage --only cpu
command[check_dell_voltage]=/usr/lib/nagios/plugins/check_openmanage --only voltage
command[check_dell_batteries]=/usr/lib/nagios/plugins/check_openmanage --only batteries
command[check_dell_amperage]=/usr/lib/nagios/plugins/check_openmanage --only amperage
command[check_dell_intrusion]=/usr/lib/nagios/plugins/check_openmanage --only intrusion
command[check_dell_sdcard]=/usr/lib/nagios/plugins/check_openmanage --only sdcard
command[check_dell_esmhealth]=/usr/lib/nagios/plugins/check_openmanage --only esmhealth
command[check_dell_esmlog]=/usr/lib/nagios/plugins/check_openmanage --only esmlog
command[check_dell_alertlog]=/usr/lib/nagios/plugins/check_openmanage --only alertlog
command[check_dell_critical]=/usr/lib/nagios/plugins/check_openmanage --only critical
command[check_dell_warning]=/usr/lib/nagios/plugins/check_openmanage --only warning
command[check_openmanage]=/usr/lib/nagios/plugins/check_openmanage
command[check_kvm]=sudo /usr/lib/nagios/plugins/check_kvm

*** Check the #Comments in the file to understand the options I used. ***
*** This is a pretty full nrpe.cfg file, you may want to remove unnecessary check_command‘s, I use them all. ***

Next, Let’s edit /etc/sudoers and add the following lines:

nano /etc/sudoers
Defaults:nagios !requiretty      # Allows for nagios user (The user NRPE uses) to not require a tty.
nagios ALL = NOPASSWD:/usr/lib64/nagios/plugins/*      # Allows nagios user to run all NRPE plugins using sudo without entering a password.

Make nagios the owner of /etc/nagios and /usr/lib64/nagios/plugins folders:

# chown -R nagios.nagios /etc/nagios
# chown -R nagios.nagios /usr/lib64/nagios/plugins

*** In 32bit systems, the nagios plugins folder will be located under /usr/lib/nagios/plugins ***

Optional Step 4 – Configuring the NRPE agent to run as daemon

Create a file /etc/xinetd.d/nrpe and paste the following information to it:

service nrpe
{
        flags           = REUSE
        type            = UNLISTED
        port            = 5666
        socket_type     = stream
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/sbin/nrpe
        server_args     = -c /etc/nagios/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1,1.1.1.1   # The IP of the Nagios server
}

Save the file and restart xinetd when done:

# service xinetd restart

or

# kill -HUP xinetd

Step 5 – Configuring IPtables to allow NRPE connections:

In order to allow NRPE to accept connections, you’ll need to open the relevant port in your machine’s firewall:

 # iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

Step 6 – Set NRPE agent service to start on boot and start it manually now

Run the next command:

# chkconfig nrpe on ; service nrpe start

Step 7 – Testing NRPE

The first test I always do allows me to see if the NRPE agent is responding:

# /usr/lib64/nagios/plugins/check_nrpe -H localhost

This is the response you’re supposed to get:

NRPE local check

NRPE local check

Then run the same check from the Nagios server:

NRPE remote check

NRPE remote check

If both checks returned the NRPE version then it means that the NRPE agent is installed and configured correctly on the monitored host.
It also means that there’s a clean connection between the two servers and that the monitored host’s port 5666 is opened and listening.

Now you can start checking the monitored host using other checks, for example, in order to check how much disk space left on the monitored server “/” mount point:

NRPE remote check disk

NRPE remote check disk

Troubleshooting

Troubleshooting NRPE could be annoying but as with all other Linux projects, it takes a typo to break the whole deal, so always remember to check everything all over again.
I’ll give you some examples to how I start troubleshooting NRPE problems, it really depends on the error you receive but here are some basic guide lines:

1. Make sure that the NRPE port is opened on the monitored host:

[root@Monitored ~]# netstat -an | grep 5666
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      
tcp        0

2. Make sure that nagios user is allowed to run the plugins without having to enter sudo password and is not required to open a tty:

[root@Monitored ~]# grep nagios /etc/sudoers
Defaults:nagios !requiretty
nagios ALL = NOPASSWD:/usr/lib64/nagios/plugins/*

3. Make sure that nagios user is the owner of /etc/nagios and /usr/lib64/nagios/plugins (or /usr/lib/nagios/plugins on 32bit machines):

[root@Monitored ~]# ls -la /etc/nagios/
drwxrwxr-x   2 nagios nagios 4096 2014-06-10 09:06 .
drwxr-xr-x. 66 root   root   4096 2014-06-09 16:17 ..
-rw-r--r--   1 nagios nagios 4844 2014-06-09 16:18 nrpe.cfg
[root@Monitored ~]# ls -la /usr/lib64/nagios/plugins/
drwxrwxr-x 2 nagios nagios   4096 2014-06-09 15:32 .
drwxr-xr-x 3 root   root     4096 2014-06-09 14:54 ..
-rwxr-xr-x 1 nagios nagios 115552 2014-06-09 14:59 check_apt
-rwxr-xr-x 1 nagios nagios  58248 2014-06-09 14:59 check_by_ssh
-rwxr-xr-x 1 nagios nagios  67392 2014-06-09 14:59 check_clamd
-rwxr-xr-x 1 nagios nagios  41568 2014-06-09 14:59 check_cluster
-rwxr-x--x 1 nagios nagios  56256 2014-06-09 14:59 check_dhcp

4. Make sure that the plugins which are in the plugins folder of the Nagios server also exist on the plugins folder of the Monitored server.
5. When a check fails against a remote host where you just finished configuring NRPE, run the check against a server where you know for sure the NRPE is working properly.
6. If you went through all these steps and are still having a problem, use the next document:



For those of you who wish to shorten the procedure, please use the following script that I have made:

Comments

comments

Leave a Comment

You must be logged in to post a comment.