search for: 5666

> > It's listening on both IPv6 and IPv4. Specifically, why is that a problem? The central problem seems to be that the monitoring host can't hit nrpe on port 5666 UDP. [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com CHECK_NRPE: Socket timeout after 10 seconds. It is listening on the puppet host on port 5666 [root at puppet:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME xinetd 2915 root 5u I...

> > is it working on localhost or not???!!! it could be selinux problem also, > if context is not correct. It's working on localhost: [root at puppet:~] #telnet localhost 5666 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. I notice if I stop the firewall on the puppet host (for no more than 2 seconds) and hit NRPE from the monitoring host it works: [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com NRPE v2.1...

...correct. -- Eero 2015-05-04 1:55 GMT+03:00 Tim Dunphy <bluethundr at gmail.com>: > > > > It's listening on both IPv6 and IPv4. Specifically, why is that a > problem? > > > The central problem seems to be that the monitoring host can't hit nrpe on > port 5666 UDP. > > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > puppet.mydomain.com > CHECK_NRPE: Socket timeout after 10 seconds. > > It is listening on the puppet host on port 5666 > > [root at puppet:~] #lsof -i :5666 > COMMAND PID USER FD TYPE DEVICE SIZ...

...restarted xinetd for good measure: [root at puppet:~] #systemctl restart xinetd [root at puppet:~] # Because I'm trying to hit nrpe on this host. Yet, xinetd/nrpe still seems to be listeing on TCP v6!! [root at puppet:~] #netstat -tulpn | grep -i listen | grep xinetd tcp6 0 0 :::5666 :::* LISTEN 2915/xinetd This is a CentOS 7.1 box: [root at puppet:~] #cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) What am I doing wrong? I need to be able to disable tcpv6 completely! Thanks Tim -- GPG me!! gpg --keyserver pool.sks-k...

...unning under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root at ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root at ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root at mo...

...or a host in the Amazon EC2 cloud. Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error: [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. And if I telnet into the host on port 5666 to see if the FW port is open, the connection closes right away: [root at monitor1:~] #telnet ops.somewhere.com 5666 Trying 54.225.218.125... Connected to ops.somewhere.com. Escape character is '^]'. Connection closed by foreign host. You can see there it connects, but then it closes imme...

...r/local/nagios/libexec/check_nrpe -H localhost > > > > NRPE v2.15 > > > > > > > > [root at ops:~] #grep only_from /etc/xinetd.d/nrpe > > > > only_from = 127.0.0.1 216.120.248.126 > > > > > > > > And I do have port 5666 open on the security group for this host. > > > > > > > > And I made sure the local firewall was stopped, because I am blocking > > > ports > > > > with the security groups instead. > > > > > > > > [root at ops:~] #service iptable...

...without the -n flag: > > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > ops.jokefire.com > *CHECK_NRPE: Error - Could not complete SSL handshake.* > > Running nmap from the monitor host I can see that the nrpe port is open: > > [root at monitor1:~] #nmap -p 5666 ops.jokefire.com > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT > Nmap scan report for ops.jokefire.com (54.225.218.125) > Host is up (0.011s latency). > rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com > PORT STATE SERVICE > *5...

...t under xinetd as usual way is to run it as nrped daemon. test against with check_nrpe, not using telnet. -- Eero 2015-05-04 2:27 GMT+03:00 Stephen Harris <lists at spuddy.org>: > On Sun, May 03, 2015 at 07:23:19PM -0400, Tim Dunphy wrote: > > [root at puppet:~] #telnet localhost 5666 > > This is using TCP > > > [root at monitor1:~] #nmap -p 5666 puppet.mydomain.com > ... > > 5666/tcp filtered nrpe > > This is using TCP > > > Back on the puppet host I verify that the port is open for UDP: > > So why are you opening a UDP port? > &g...

...nrpe checl locally: > > > > [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost > > NRPE v2.15 > > > > [root at ops:~] #grep only_from /etc/xinetd.d/nrpe > > only_from = 127.0.0.1 216.120.248.126 > > > > And I do have port 5666 open on the security group for this host. > > > > And I made sure the local firewall was stopped, because I am blocking > ports > > with the security groups instead. > > > > [root at ops:~] #service iptables status > > Firewall is stopped. > > > >...

...on.* And still getting the SSL error without the -n flag: [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com *CHECK_NRPE: Error - Could not complete SSL handshake.* Running nmap from the monitor host I can see that the nrpe port is open: [root at monitor1:~] #nmap -p 5666 ops.jokefire.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT Nmap scan report for ops.jokefire.com (54.225.218.125) Host is up (0.011s latency). rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com PORT STATE SERVICE *5666/tcp open nrpe* Nmap done: 1...

...to monitor. > > And running the nrpe checl locally: > > [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost > NRPE v2.15 > > [root at ops:~] #grep only_from /etc/xinetd.d/nrpe > only_from = 127.0.0.1 216.120.248.126 > > And I do have port 5666 open on the security group for this host. > > And I made sure the local firewall was stopped, because I am blocking ports > with the security groups instead. > > [root at ops:~] #service iptables status > Firewall is stopped. > > It's only when checking from the monitori...

...t; Yet when I try to check NRPE from the monitoring host I am getting an SSL > handshake error: > > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > ops.jokefire.com > CHECK_NRPE: Error - Could not complete SSL handshake. > > And if I telnet into the host on port 5666 to see if the FW port is open, > the connection closes right away: > > [root at monitor1:~] #telnet ops.somewhere.com 5666 > Trying 54.225.218.125... > Connected to ops.somewhere.com. > Escape character is '^]'. > Connection closed by foreign host. > > You can see...

...; [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > > ops.jokefire.com > > *CHECK_NRPE: Error - Could not complete SSL handshake.* > > > > Running nmap from the monitor host I can see that the nrpe port is open: > > > > [root at monitor1:~] #nmap -p 5666 ops.jokefire.com > > > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT > > Nmap scan report for ops.jokefire.com (54.225.218.125) > > Host is up (0.011s latency). > > rDNS record for 54.225.218.125: > ec2-54-225-218-125.compute-1.amazonaws.com >...

...array of about 60k numbers. The help on strsplit says to use perl=TRUE to get better formance, but still it takes several minutes to split this string. The massive string is the return value of a call to xmlElementsByTagName from the XML library and looks like this: ... 12345 564376 5674 6356656 5666 ... I've to read about a hundred of these files and was wondering whether there's a more efficient way to turn this string into an array of numerics. Any ideas? thanks a lot for your help and kind regards, Arne [[alternative HTML version deleted]]

...> > [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost > > > NRPE v2.15 > > > > > > [root at ops:~] #grep only_from /etc/xinetd.d/nrpe > > > only_from = 127.0.0.1 216.120.248.126 > > > > > > And I do have port 5666 open on the security group for this host. > > > > > > And I made sure the local firewall was stopped, because I am blocking > > ports > > > with the security groups instead. > > > > > > [root at ops:~] #service iptables status > > > Firewa...

...on the 8th after we verify the set up. I might even get there a little earlier and put down "reserved" tags. --- Thank you, Allan Marcus Solutions Architect Central Software and Development Team (CSD) Departmental Computing Services Division (DCS) Los Alamos National Laboratory 505-667-5666 allan@lanl.gov --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-...

...~] #find / -name "check_nrpe" [root at monitor1:~] # So I'm more comfortable with a source install. test against with check_nrpe, not using telnet. > I actually solved the problem by adding the port to tcp instead of udp on the puppet host: firewall-cmd --permanent --add-port=5666/tcp Then from the monitoring host: [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com NRPE v2.15 So it's all good at this point. I'm not sure why the instructions I followed said to open up the port under UDP.. Had I just done what I did I would have saved...

...ISTEN 26519/named-sdb tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 26519/named-sdb tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 27695/samba tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26519/named-sdb tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 27693/samba tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 27689/samba tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 880/nrpe tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 27693/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 27693/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 27693/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 27689/samba tcp 0 0 ::1:53 :::* LISTEN 26519/named-sdb tcp 0 0 ::1:953 :::* LISTE...

...0 0 ACCEPT tcp -- lo * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3306 > 0 0 ACCEPT udp -- lo * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:3306 > 0 0 NRPE tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5666 > 0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0 > icmptype 8 > 0 0 ACCEPT icmp -- * * 127.0.0.1 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT icmp -- * * 10.0.3.0/24 > 0.0.0.0/0...