Why do check_nrpe not work in remote server? - nagios

I installed Nagios to my local server, and am monitoring a CentOS server.
All the plugins (nagios plugins and nrpe) are installed too, and working in local, but not via my server. Generic services are monitored well but others (local services) aren't working. Statut information shows: CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.
I've installed nrpe in my remote host and added commands in nrpe.cfg.
In my nagios server, I defined those commands in my server's configuration file.
When I check those commands in my centOS server, it works well.
For exemple when I type:
./check_procs -w 250 -c 300
prompt shows:
PROCS AVERTISSEMENT: 284 processus | procs=284;250;300;0;
Or the command: ./check_nrpe -H localhost
It shows: NRPE v3.2.1
Everything seems working, but if I try: ./check_nrpe -H monitoredserver, it doesn't work.
Also, in nagios web interface, every local service in monitored server shows: CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.

Please verify common mistakes which you can have:
Your NRPE daemon is not started on remote server
Run service nrpe status on remote server and verify NRPE state.
Test your network connection
Run telnet monitoredserver 5666 from Nagios server and test your connection. If this command fail, then you have firewall between these servers.

Related

Can't Connect to External SQL Server From Docker Container

I've developed a SpringBoot(Java) application that calls out to an external SQL Server on port 1433. The SQL Server instance is located on-premises (not local SQL Server instances). However, it's reachable from my desktop using either IntelliJ or SQL Clients.
I am using the Microsoft SQL Server JDBC connector to communicate with the instances.
If I run the app from IntelliJ all is well, the app can call the SQL Server, execute the command and returns a resultsset.
However, now I'm trying to Dockerize the api app. The container does the usual SpringBoot initialization but when it tries to call the SQL Server I get the following error:
com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host myexternalsqlserver.domain, port 1433 has failed. Error: "myexternalsqlserver.domain. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:234)
at com.microsoft.sqlserver.jdbc.SQLServerException.ConvertConnectExceptionToSQLServerException(SQLServerException.java:285)
at com.microsoft.sqlserver.jdbc.SocketFinder.findSocket(IOBuffer.java:2434)
at com.microsoft.sqlserver.jdbc.TDSChannel.open(IOBuffer.java:659)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2546)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2216)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2067)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1204)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:825)
at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
at com.symetra.SdsApi.SqlConnector.getResultSet(SqlConnector.java:26)
This is my Docker file
FROM openjdk:11.0.4-jre-slim-buster
VOLUME /tmp
COPY target/myapi-1.0-SNAPSHOT.jar app.jar
EXPOSE 8080
EXPOSE 1433
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -Dspring.profiles.active=docker -jar /app.jar" ]
And these are the Docker commands I use to build and run the container:
docker build -t myapi . && docker run -p 8080:8080 -p 1433:1433 --name myapi myapi "java","-jar","myapi-1.0-SNAPSHOT.jar"
I don't think the mapping of port 1433 is necessary, it's just an experiment. I should be able to communicate outside of my container through to port 1433 on the host. Port 1433 isn't being blocked on the host because I have no problems running this outside the container.
Finally, this is the connection string I'm using:
//Create Connection Url.
String connectionUrl="jdbc:sqlserver://myexternalsqlserver.domain:1433;database=mydb;user=MyUser;password=MyPassword";
I'm not sure what I'm doing wrong here. I'm wondering if I need to set up Docker networking.
Thanks for your help!
It should work.
NB I'm assuming myexternalsqlserver.domain is not what you're using.
One way to test your container is to shell into it (or create a variant) and try resolving the SQL Server's host name:
docker run --interactive --tty openjdk:11.0.4-jre-slim-buster /bin/bash
# then from within the container's shell
apt update && apt install -y dnsutils
nslookup ${SQL_SERVER}
If that succeeds, it's your code.
If not, it's the network.
NB Your container need not publish 1443 (--publish=1433:1433) since it's consuming that port (on the SQL Server) not exposing the port itself.
The same issue bugged me for days and finally was able to solve it by following the steps below.
In my case the SQL server was hosted on Azure managed instance and exposed a private endpoint. The docker was able to resolve the DNS name of the Azure managed instance to a private IP address (as expected ). But this resolved IP was considered by the docker network/bridge as a locally running application because upon inspecting docker's bridge (docker network inspect bridge)The subnet of the bridge was found to be a range of IP addresses where the resolved IP of the SQL server also falls. Hence, the docker assumed the SQL server to be hosted in the same local network and not outside (here enterprise network). In my case the Windows VM I was working was already on the private network of the enterprise.
Solution:
In the docker desktop -> settings -> Docker Engine json file, add a new key value pair
"bip": "<local IP address range which is outside of the resolved sql server IP>".
Restart the docker desktop and the issue should be solved.

How to connect sql server using docker on mac?

I am trying to connect to sql server using docker. I have successfully enabled the container using this command
sudo docker run -d --name aakash -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=Maximus6hero#" -p 1434:1434 microsoft/mssql-server-linux
docker ps
3e41723b93d5 microsoft/mssql-server-linux "/opt/mssql/bin/sqls…" About an hour ago Up About an hour 1433/tcp, 0.0.0.0:1434->1434/tcp aakash
It shows that my container is running.
But when i try to connect using db visualizer it throws an error.
The TCP/IP connection to the host localhost, port 1434 has failed. Error: "The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2000 or later.". ClientConnectionId:6a802ae0-7203-411d-a599-4c1de997d843.
I also have windows pc with me, and i can connect easily using sql server management studio. Even i can connect others pc using that windows pc. But when i try to connect my mac to windows pc using its ip it also gives the same error.
I have enabled tcp/ip connection on windows using sql server configuration manager. But there is no such thing on mac.
You might be getting this error on your MAC because when you run the docker in the background, it uses only 2GB of memory by default which is insufficient to run the SQL server as it needs minimum of 3.25 GB and ideally, we should point it to 4GB of memory. Update the preferences section with above details on your docker. Save and restart the docker and you may check the below steps to see if that might help you for your MAC. I did this using Azure Data Studio and Docker.
Once you have Saved and restart the docker with 4GB of Memory Allocation for docker to run, all you'd need to do is pull the docker image of the sql server and download it. this can be done by below commands on your terminal . FYI, I am using bash commands below:
Command 1:
sudo docker pull mcr.microsoft.com/mssql/server:2017-latest
This will pull the latest vesion docker image and download. Once done, you need to set your SQL authentication on the server for your database. Follow below commands:
Command 2:
sudo docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=<SetYourPasswordHere>' \
-p 1433:1433 --name sql1 \
-d mcr.microsoft.com/mssql/server:2017-latest
This sets your password and uses the port 1433 for SQL server (which is the default port). To confirm if the image has been created and the SQL server is running on docker, execute the below command to check log(s).
Command 3:
docker ps
To check all instances in your history of dockers( i.e. if you already had dockers installed before you are attempting this SQL connection/execution), run the below command and it will give you all the logs of all instances you have created
Command 4:
docker ps -a
or
docker ps -all
Once, you have completed above steps and see that the docker has created SQL instance, you need to go to Azure Data Studio and set the below credentials to access the server that you just created above using Docker.
Server: localhost
Authentication Type: SQL Authentication
Username: sa
Password: <Check Command 2 to see what you entered in the password where it says SetYourPasswordHere>
Hope this helps in your tryst with running SQL server on your MAC. All the Best!

check_nrpe nagios3 gives status unknown

I'm trying to excute the following command:
/usr/lib/nagios/plugings/check_nrpe -H xxxxxxx -c check_disk -a 60 80 /dev/sda1
but I got the following message:
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
When I consult the log in the remote host, I found that:
anonymous rsyslogd-2359: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/2359 ]
The command /usr/lib/nagios/plugings/check_disk -a 60 80 /dev/sda1 is working fine in the remote host.
A couple of things to check:
On the machine where you have NRPE installed, check the nrpe.cfg file. Make sure the allowed_hosts= line is uncommented and that its value includes the IP address of the Nagios server that's trying to connect to it. Make sure the dont_blame_nrpe line is uncommented and it's value is set to 1, i.e.: dont_blame_nrpe=1.
Restart nrpe.
If you have firewall rules enabled on this machine, make sure there's a rule to allow connections to tcp port 5666.

Apache2 Ubuntu Server Failed to connect to localhost port 5984: Connection refused with CouchDB

I have an Apache2 Ubuntu Server that is running and want to replicate my couchDB database locally to remote on the server. With terminal curl from this documentation on how to replicate. I performed this:
curl -X POST -d '{"source":"http://127.0.0.1:5984/demo","http://server_IP_here/":"demo"}' \http://127.0.0.1:5984/_replicate
The error comes up everytime. Is there something wrong with the above statement?
The server IP has doesn't require ports as a side not.
curl: (7) Failed to connect to 127.0.0.1 port 5984: Connection refused
Try to use port 8092
I couldn't found documentation on this, though random trying different ports found that my couchbase instance answer there :)

Add a plugin from Nagios Exchange to Nagios 3.x

I just finished installing Nagios 3 in Ubuntu server and I'm not sure how I can add a third party plugin into it.
The plugin is available : Here
Thanks in advance for your help
You didn't mention any information about the server that you want to monitor with Nagios.
I'm going to assume it's an Ubuntu Linux server and it's not the same server as the machine you installed Nagios on.
On the server to be monitored:
Ensure that NRPE (Nagios Remote Plugin Executor) is installed. Here's a link to instructions for installing NRPE on the Ubuntu operating system.
http://tecadmin.net/install-nrpe-on-ubuntu/
After you install NRPE on the server to be monitored, it's very important that you edit the nrpe.cfg file (most likely found at etc/nagios/nrpe.cfg but this can differ based on your installation method).
You need to modify the allowed_hosts configuration line to include the IP address of your Nagios server. If you don't, NRPE will refuse connection attempts from Nagios and you won't be able to run your Nagios plugin or report results back to Nagios.
Be sure to restart NRPE after you've modified nrpe.cfg.
Next you'll need to download the Nagios plugin to the server being monitored. For example:
wget --directory-prefix=/usr/lib/nagios/plugins/ https://github.com/thehunmonkgroup/nagios-plugin-file-ages-in-dirs/archive/v1.1.tar.gz
cd to your nagios plugins directory and extract the tar-gzipped archive you just downloaded:
cd /usr/lib/nagios/plugins/
tar zxvf v1.1
ls -al /usr/lib/nagios/plugins/nagios-plugin-file-ages-in-dirs-1.1/check_file_ages_in_dirs
Be sure to give the nagios plugin script execute permissions:
chmod a+x /usr/lib/nagios/plugins/nagios-plugin-file-ages-in-dirs-1.1/check_file_ages_in_dirs
With the nagios plugin now residing on your server to be monitored, you will need to define some command definitions on that same server.
First you need to find the path that NRPE will search for new command definitions that you manually add to the system.
To do this, grep your nrpe.cfg file for the term "include_dir".
For example:
grep include_dir /etc/nagios/nrpe.cfg
include_dir=/etc/nrpe.d/
If no result for "include_dir" is returned from your grep, add the above "include_dir" configuration to your nrpe.cfg file. Ensure that the /etc/nrpe.d/ folder is created.
Create a new file in your include_dir named check_file_ages_in_dirs.cfg. Add to check_file_ages_in_dirs.cfg a command definition for check_file_ages_in_dirs pointing to the path of your Nagios plugin and including the arguments necessary to execute it.
For example:
echo "command[check_file_ages_in_dirs]=/usr/lib/nagios/plugins/nagios-plugin-file-ages-in-dirs-1.1/check_file_ages_in_dirs -d \"/tmp\" -w 24 -c 48" >> /etc/nrpe.d/check_file_ages_in_dirs.cfg
cat /etc/nrpe.d/check_file_ages_in_dirs.cfg
command[check_file_ages_in_dirs]=/usr/lib/nagios/plugins/nagios-plugin-file-ages-in-dirs-1.1/check_file_ages_in_dirs -d "/tmp" -w 24 -c 48
For the above, I hard-coded the warning and critical thresholds of 24 hours and 48 hours. I've also hard-coded the directory to check as "/tmp"
Attempt to execute the nagios plugin script locally to confirm it's working correctly:
/usr/lib/nagios/plugins/nagios-plugin-file-ages-in-dirs-1.1/check_file_ages_in_dirs -d "/tmp" -w 24 -c 48
OK: 1 dir(s) -- /tmp: 1 files
Ensure the nrpe user has read permissions on your check_file_ages_in_dirs.cfg file:
chmod a+r /etc/nrpe.d/check_file_ages_in_dirs.cfg
Restart your nrpe service, as per the instructions in http://tecadmin.net/install-nrpe-on-ubuntu/
You also need to ensure that if you have any firewall rules in place, they allow tcp traffic to port 5666.
On your Nagios server:
From your Nagios server, you'll need to manually run check_nrpe against your host to be monitored so as to verify correct functioning of the Nagios plugin and correct NRPE configuration.
Find the location of your check_nrpe file. On my installation, it's located at /usr/local/nagios/libexec/check_nrpe, but this could be different for your installation.
find / -name "check_nrpe" -type f
/usr/local/nagios/libexec/check_nrpe
If you don't have check_nrpe, you'll need to install it on your Nagios server.
apt-get install nagios-nrpe-plugin
First execute check_nrpe against your server to be monitored with no remote command arguments. This is just to confirm that NRPE is running on your remote server and it's correctly configured to allow connections from your Nagios server.
Note: For this example I'll pretend the IP address of the host I want to monitor is 10.0.0.1. Replace this with the IP address of the host you want to monitor.
/usr/local/nagios/libexec/check_nrpe -H 10.0.0.1
NRPE v2.14
The check_nrpe command above should return the version number of the NRPE agent running on the remote host if it's configured correctly.
Next attempt to manually invoke the Nagios plugin via NRPE:
/usr/local/nagios/libexec/check_nrpe -H 10.0.0.1 -c check_file_ages_in_dirs
OK: 1 dir(s) -- /tmp: 1 files
If you get output similar to the above, then it's time to move on to defining hosts, services, and commands on your Nagios server.
It would be cleaner to define separate configuration files for host, service, and command definitions. But that's outside of the scope of this post.
For now, we'll define these things in the default Nagios configuration file (nagios.cfg).
First locate your nagios.cfg file:
find / -name "nagios.cfg" -type f
/usr/local/nagios/etc/nagios.cfg
Edit the nagios.cfg file.
Add a host definition for the server you wish to monitor:
define host {
host_name Remote-Host
alias Remote-Host
address 10.0.0.1
use linux-server
contact_groups admins
notification_interval 0
notification_period 24x7
notifications_enabled 1
register 1
}
Add a command definition for the remote execution of check_file_ages_in_dirs:
define command {
command_name check_file_ages_in_dirs
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_file_ages_in_dirs
register 1
}
Add a service definition that will reference the check_file_ages_in_dirs command:
define service {
service_description check_file_ages_in_dirs
use generic-service
check_command check_file_ages_in_dirs
host_name Remote-Host
contact_groups admins
notification_interval 0
notification_period 24x7
notifications_enabled 1
flap_detection_enabled 1
register 1
}
Save and exit your nagios.cfg file.
Validate your Nagios configuration file:
nagios -v /usr/local/nagios/etc/nagios.cfg
If no errors are reported, restart your Nagios service.
Check the Nagios Web UI, and you should see your check_file_ages_in_dirs service monitoring your remote host.

Resources