Connect to address localhost and port 0 NRPE check_tcp

Hi All,

I have a nrpe port check for kibana in icinga and have written the template as below:

apply Service “nrpe-kibana-port” {
import “generic-service”
check_command = “nrpe”
vars.nrpe_command = “check_tcp”
vars.nrpe_arguments = ["-H localhost -p 5601"]

// assign where host.vars.os == “Linux”
assign where match(“kibana”, host.name)
ignore where host.vars.snmp_checks == “true”

This gets assigned but the output in icinga is:
connect to address localhost and port 0

on the client I can run the check and get a ok result.

my nrpe.cfg has the config to allow the command
command[check_tcp]=/usr/lib64/nagios/plugins/check_tcp -w $ARG1$ -c $ARG2$

if you would debug this, you would see that the arguments that you pass are the variable $ARG1$

command[check_tcp]=/usr/lib64/nagios/plugins/check_tcp $ARG1$

Also maybe you need to define multiple arguments with more ARG variables and define a array in icinga2 to use it.
vars.nrpe_arguments = [ “-H”, “localhost”, “-p”, “5601” ]

of you just define a static check on the host(s)

changing the commands as you described above seems to miss read the arguments.
TCP CRITICAL - Invalid hostname, address or socket: -p

changing the commands as you described above seems to miss read the arguments.
TCP CRITICAL - Invalid hostname, address or socket: -p

did you also try the second approach that i mentioned with multiple arguments ?

in this case

in nrpe:
command[check_tcp]=/usr/lib64/nagios/plugins/check_tcp $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$

in icinga2:
vars.nrpe_arguments = [ “-H”, “localhost”, “-p”, “5601” ]

did you try that ?

I did, I then get check_tcp: No arguments found

I also tried to use -H $ARG1$ -p $ARG2$
Which gives the error: TCP CRITICAL - Invalid hostname, address or socket: -p

Running the command on its own works: /usr/lib64/nagios/plugins/check_tcp -H 127.0.0.1 -p 443
TCP OK - 0.000 second response time on 127.0.0.1 port 443|time=0.000178s;;;0.000000;10.000000

Did you try to debug the arguments, how these were ,passed to the script ?
You can do a debugging with a wrapper script

Would that be turning debug on in the nrpe.cfg on the client? I did that and enabled the log file but get no response on that.

try to add in nrpe a script like this:

#!/bin/bash
echo "$@"
/usr/lib64/nagios/plugins/check_tcp $@

then the arguments are shown as output of the script before the execution

Excuse my ignorance but would that be something I add into the .conf file for the apply Service rule?
or in the nagios plugin file?

I know what the arguements should be and I am using them in my query. The -H for host and the -p for the port. These are the minimum requirements but it still seems to say no arguments found when running the nrpe check.

> check_tcp: No arguments found
> Usage:
> check_tcp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
> [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
> [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
> [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
> [-N <server name indication>]

actualy the script is for the nrpe agent.

With that you can see if the arguments were passed the wrong way to the binary.

I do not have a setup like this in my env, so i cannot test it.
These are only some things what you can try to find out what the problem is.

the check_nrpe is a binary so I cant edit that and the check_tcp script
I have checked the agent logs and found the following

Warning: Daemon is configured to accept command arguments from clients!
Nov 08 07:26:21 zadcprdlsyslog01 nrpe[2166]: Listening for connections on port 5666
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2181]: CONN_CHECK_PEER: checking if host is allowed: IP Address port 20711
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2181]: Host IP Address is asking for command ‘check_tcp’ to be run…
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2181]: Running command: /usr/bin/sudo /usr/lib64/nagios/plugins/check_tcp -H IP Address -p 443
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2182]: WARNING: my_system() seteuid(0): Operation not permitted
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2182]: Warning: Could not set effective GID=992
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2182]: Warning: Unable to change supplementary groups using initgroups()
Nov 08 07:26:41 zadcprdlsyslog01 nrpe[2182]: Warning: Could not set UID=994
Nov 08 07:26:41 zadcprdlsyslog01 sudo[2183]: pam_faillock(sudo:auth): Bad number supplied for fail_interval argument
Nov 08 07:26:41 zadcprdlsyslog01 sudo[2183]: pam_unix(sudo:auth): conversation failed
Nov 08 07:26:41 zadcprdlsyslog01 sudo[2183]: pam_unix(sudo:auth): auth could not identify password for [nrpe]
Nov 08 07:26:41 zadcprdlsyslog01 sudo[2183]: pam_faillock(sudo:auth): Bad number supplied for fail_interval argument
Nov 08 07:26:43 zadcprdlsyslog01 nrpe[2181]: Command completed with return code 1 and output:
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2191]: CONN_CHECK_PEER: checking if host is allowed: IP Address port 34023
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2191]: Host IP Address is asking for command ‘check_tcp’ to be run…
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2191]: Running command: /usr/bin/sudo /usr/lib64/nagios/plugins/check_tcp -H localhost -p 5443
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2192]: WARNING: my_system() seteuid(0): Operation not permitted
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2192]: Warning: Could not set effective GID=992
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2192]: Warning: Unable to change supplementary groups using initgroups()
Nov 08 07:27:05 zadcprdlsyslog01 nrpe[2192]: Warning: Could not set UID=994
Nov 08 07:27:05 zadcprdlsyslog01 sudo[2193]: pam_faillock(sudo:auth): Bad number supplied for fail_interval argument
Nov 08 07:27:05 zadcprdlsyslog01 sudo[2193]: pam_unix(sudo:auth): conversation failed
Nov 08 07:27:05 zadcprdlsyslog01 sudo[2193]: pam_unix(sudo:auth): auth could not identify password for [nrpe]
Nov 08 07:27:05 zadcprdlsyslog01 sudo[2193]: pam_faillock(sudo:auth): Bad number supplied for fail_interval argument
Nov 08 07:27:06 zadcprdlsyslog01 nrpe[2191]: Command completed with return code 1 and output:
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2198]: CONN_CHECK_PEER: checking if host is allowed: IP Address port 39655
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2198]: Host IP Address is asking for command ‘check_procs’ to be run…
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2198]: Running command: /usr/lib/nagios/plugins/check_procs -w -C kibana -w 4:8 -c 1:10 -c -s
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2199]: WARNING: my_system() seteuid(0): Operation not permitted
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2199]: Warning: Could not set effective GID=992
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2199]: Warning: Unable to change supplementary groups using initgroups()
Nov 08 07:27:17 zadcprdlsyslog01 nrpe[2199]: Warning: Could not set UID=994

I have tested changing the nrpe user in nrp.cfg to nagios and also tested with adding commands to sudoers file.

i guess with sudo in front of the check there is no successful output or even a execution of the check
In the log there is also the statement, that there is no password for the sudo execution given.

For check tcp you should not need sudo.

We got this resolved by adding sudo permissions and no password to the client.