Linux

Nagios NRPE 不允許參數

  • December 20, 2019

我正在嘗試使用 Nagios NRPE 外掛與我的伺服器進行通信。我有一個命令定義/etc/nagios/nrpe_local.cfg來使用它:

command[check_service]=/usr/lib/nagios/plugins/check_service -s $ARG1$

當我在終端中手動執行命令時,它會成功:

# /usr/lib/nagios/plugins/check_service -s bind9
OK: Service bind9 is running!

當我嘗試從我的 Nagios 伺服器執行它時,它抱怨命令未定義:

# /usr/lib/nagios/plugins/check_nrpe -H 10.32.10.3 -c check_service -a bind9
NRPE: Command 'check_service!bind9' not defined

其他check_nrpe命令有效,所以我認為伺服器的 沒有問題commands.cfg,但無論如何這裡是定義:

define command {
   command_name        check_nrpe
   command_line        /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$
}

檢查在伺服器上看起來像這樣:

define service {
   use                 local-service
   host_name           dc1,dc2
   service_description BIND Service
   check_command       check_nrpe!check_service!bind9
}

在 Web 界面上,它返回CRITICAL:服務未執行!,實際上並非如此。

我怎樣才能check_nrpe允許一個額外的論點?我試過 enable dont_blame_nrpe,但這也不允許它去。

編輯- 打開調試並重新執行檢查,我在系統日誌中得到以下資訊:

Dec 19 09:01:56 dc1 nrpe[5586]: CONN_CHECK_PEER: checking if host is allowed: 10.32.10.12 port 33962
Dec 19 09:01:56 dc1 nrpe[5586]: Connection from 10.32.10.12 port 33962
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): is host >10.32.10.12< an allowed host >10.32.10.12<
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): is host >10.32.10.12< an allowed host >10.32.10.12<
Dec 19 09:01:56 dc1 nrpe[5586]: is_an_allowed_host (AF_INET): host is in allowed host list!
Dec 19 09:01:56 dc1 nrpe[5586]: Host address is in allowed_hosts
Dec 19 09:01:56 dc1 nrpe[5586]: Host 10.32.10.12 is asking for command 'check_service' to be run...
Dec 19 09:01:56 dc1 nrpe[5586]: Running command: /usr/lib/nagios/plugins/check_service -s
Dec 19 09:01:56 dc1 nrpe[5587]: WARNING: my_system() seteuid(0): Operation not permitted
Dec 19 09:01:56 dc1 nrpe[5586]: Command completed with return code 2 and output: CRITICAL: Service  is not running!
Dec 19 09:01:56 dc1 nrpe[5586]: Return Code: 2, Output: CRITICAL: Service  is not running!
Dec 19 09:01:56 dc1 nrpe[5586]: Connection from 10.32.10.12 closed.

我已經驗證了 Group in/etc/systemd/system/multi-user.target.wants/nagios-nrpe-server.service匹配 in 中的nrpe_group參數/etc/nagios/nrpe.cfg/etc/group和中存在同一個使用者/etc/passwd

--enable-command-args問題是在建構包時沒有設置 Debian 包nagios-nrpe-server,這是使用dont_blame_nrpe.

  1. 確保在啟用後重新啟動了 nrpe 守護程序dont_blame_nrpe
  2. debug將nrpe.cfg 中的指令更改為 1 並重新啟動守護程序。之後,您應該在日誌中獲得有用的調試資訊。

引用自:https://serverfault.com/questions/996115