Installing NRPE

From TykWiki
Jump to navigationJump to search

Nagios configuration

To configure Nagios to use NRPE to gather information from remote hosts, first a command definition is needed in /usr/local/etc/nagios/objects/commands.cfg:

# 'check_nrpe2' command definition /tyk
define command{
        command_name    check_nrpe2
        command_line    $USER1$/check_nrpe2 -H $HOSTADDRESS$ -c $ARG1$

NRPE installation

To install and configure NRPE on a FreeBSD server to monitor it with Nagios, I first install the NRPE port:

sudo portmaster /usr/ports/net-mgmt/nrpe2

I always use SSL for NRPE even on LAN, so I check the SSL option and continue. If I am installing NRPE in a jail I remember to check "Compilation within jail(8)" in the options for /usr/ports/net-mgmt/nagios-plugins which will be installed as a dependency of /usr/ports/net-mgmt/nrpe2.

NRPE Configuration

After the installation is complete I copy the sample config and edit it:

sudo cp /usr/local/etc/nrpe.cfg-sample /usr/local/etc/nrpe.cfg
sudo ee /usr/local/etc/nrpe.cfg

The only options I change are allowed_hosts and I also change the line:

command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10


command[check_users]=/usr/local/libexec/nagios/check_users -w 10 -c 20

or something like that. I normally have screen running with at least 4-5 tabs open and I don't want Nagios to throw a warning whenever I log on to the machine :)

If I am installing NRPE in a jail with only a root partition there is no reason to monitor /usr /var and /tmp as well - so in a jail I delete the following lines from /usr/local/etc/nrpe.cfg:

command[check_var]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var
command[check_tmp]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /tmp
command[check_usr]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /usr

I also like monitor the installed ports on a FreeBSD server for security vulnerabilities, there is a seperate article on how to enable that. There is a bunch of other things that NRPE can do aside from the default things in the sample config that the port installs - the ones I have documented are all in the Nagios category.

I then enable NRPE in rc.conf:

sudo ee /etc/rc.conf

..and start NRPE:

sudo /usr/local/etc/rc.d/nrpe2 start

If I need to open up a firewall to allow the Nagios server to reach NRPE on this server, I allow incoming traffic to TCP port 5666 from the Nagios server to reach the machine running NRPE.

I then go add the machine to the Nagios server configs with the relevant hostgroups and/or services, restart Nagios, and go check the web interface and wait to see if everything is green, and if not, I probably need to adjust anything else in nrpe.cfg on the machine being monitored (or maybe there is actually a problem I need to go fix).