Home / server / Questions / 996115
Accepted
Canadian Luke
Asked: 2019-12-19 16:56:27 +0800 CST

Nagios NRPE won't allow arguments

  • 772

I am trying to use a Nagios NRPE plugin to communicate with my servers. I have a command definition in /etc/nagios/nrpe_local.cfg to use it:

command[check_service]=/usr/lib/nagios/plugins/check_service -s $ARG1$

When I manually run the command in my terminal, it succeeds:

# /usr/lib/nagios/plugins/check_service -s bind9
OK: Service bind9 is running!

When I try running it from my Nagios Server, it complains the command is not defined:

# /usr/lib/nagios/plugins/check_nrpe -H 10.32.10.3 -c check_service -a bind9
NRPE: Command 'check_service!bind9' not defined

Other check_nrpe commands work, so I don't think there is an issue in the server's commands.cfg, but here is the definition anyways:

define command {
    command_name        check_nrpe
    command_line        /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$
}

The check would look like this on the server:

define service {
    use                 local-service
    host_name           dc1,dc2
    service_description BIND Service
    check_command       check_nrpe!check_service!bind9
}

On the web interface, it returns CRITICAL: Service is not running!, which is not actually the case.

How can I get check_nrpe to allow the one extra argument? I have tried enabling dont_blame_nrpe, but that did not allow it to go either.

Edit - With debug turned on, and re-running the check, I get the following in my syslog:

Dec 19 09:01:56 dc1 nrpe[5586]: CONN_CHECK_PEER: checking if host is allowed: 10.32.10.12 port 33962
Dec 19 09:01:56 dc1 nrpe[5586]: Connection from 10.32.10.12 port 33962
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): is host >10.32.10.12< an allowed host >10.32.10.12<
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): is host >10.32.10.12< an allowed host >10.32.10.12<
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): host is in allowed host list!
Dec 19 09:01:56 dc1 nrpe[5586]: Host address is in allowed_hosts
Dec 19 09:01:56 dc1 nrpe[5586]: Host 10.32.10.12 is asking for command 'check_service' to be run...
Dec 19 09:01:56 dc1 nrpe[5586]: Running command: /usr/lib/nagios/plugins/check_service -s
Dec 19 09:01:56 dc1 nrpe[5587]: WARNING: my_system() seteuid(0): Operation not permitted
Dec 19 09:01:56 dc1 nrpe[5586]: Command completed with return code 2 and output: CRITICAL: Service  is not running!
Dec 19 09:01:56 dc1 nrpe[5586]: Return Code: 2, Output: CRITICAL: Service  is not running!
Dec 19 09:01:56 dc1 nrpe[5586]: Connection from 10.32.10.12 closed.

I have verified that the Group in /etc/systemd/system/multi-user.target.wants/nagios-nrpe-server.service matches the nrpe_group parameter in /etc/nagios/nrpe.cfg. The same user exists in /etc/group and /etc/passwd.

linux

2 Answers

    1. Make sure you restarted the nrpe daemon after enabling dont_blame_nrpe
    2. Change the debug directive in nrpe.cfg to 1 and restart the daemon. You should get useful debug information in the logs after that.
    • 2
  2. Best Answer

    The issue is that the Debian package does not set --enable-command-args when building the nagios-nrpe-server package, which is what's required to use dont_blame_nrpe.

    • 2