Nagios Remote Plugin Executor (NRPE) is a Nagios agent that allows remote systems monitoring using scripts that are hosted on the remote systems. It allows for monitoring resources such as disk usage, system load or number of users currently logged in. Nagios periodically polls the agent on the remote system using the check_nrpe plugin. Make sure that you have installed Nagios on your machine, if not click here to install nagios from source.
# wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nrpe-2.8.tar.gz
Extract the NRPE source code tarball.
# tar xzf nrpe-2.8.tar.gz
# cd nrpe-2.8
Compile the NRPE addon.
# ./configure
#make all
Install the NRPE plugin (for testing), daemon, and sample daemon config file.
# make install-plugin
# make install-daemon
# make install-daemon-config
Install the NRPE daemon as a service under xinetd.
# make install-xinetd
Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the only_from directive.
” only_from = 127.0.0.1 <nagios_ip_address> “
Add the following entry for the NRPE daemon to the /etc/services file.
” nrpe 5666/tcp # NRPE “
Restart the xinetd service.
# service xinetd restart
Its time to see if things are working properly…
Make sure the nrpe daemon is running under xinetd.
# netstat -at | grep nrpe
The output out this command should show something like this:
” tcp 0 0 *:nrpe *:* LISTEN “
Next, check to make sure the NRPE daemon is functioning properly. To do this, run the check_nrpe plugin thatwas installed for testing purposes.
# /usr/local/nagios/libexec/check_nrpe -H localhost
You should get a string back that tells you what version of NRPE is installed, like this:
NRPE v2.8
Open firewall rules:
Make sure that the local firewall on the machine will allow the NRPE daemon to be accessed from remote servers. To do this, run the following iptables command. Note that the RH-Firewall-1-INPUT chain name is RedHat-specific, so it will be different on other Linux distributions.
# iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
Save the new iptables rule so it will survive machine reboots.
# service iptables save
Customizing NRPE commands
The sample NRPE config file that got installed contains several command definitions that you’ll likely use to monitor this machine. The command definitions are used to (surprise) define commands that the NRPE daemonwill run to monitor local resources and services. You can edit the command definitions, add new commands, etc, by editing the NRPE config file:
# vim /usr/local/nagios/etc/nrpe.cfg
For the time being, I’ll assume you’re using the sample commands that are defined. You can test some of these by running the following commands:
# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_users
# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_load
# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_hda1
# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_total_procs
# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_zombie_procs
TROUBLESHOOTING TIPS AND SOLUTIONS
Here are some tips for troubleshooting some of the more common errors with the NRPE addon. If you encounter problems that aren’t covered here, send an email to the nagios-users mailing list. More information on the mailing lists can be found at: http://www.nagios.org/support/
The check_nrpe plugin returns
“CHECK_NRPE: Socket timeout after 10 seconds” or “Connection refused or timed out”
This error can indicate several things:
The command that the NRPE daemon was asked to run took longer than 10 seconds to execute. This is the most likely cause if the error message was “CHECK_NRPE: Socket timeout after 10 seconds”. Use the -t command line option to specify a longer timeout for the check_nrpe plugin. The following example will increase the timeout to 30 seconds:
#/usr/local/nagios/check_nrpe -H localhost -c somecommand -t 30
The NRPE daemon is not installed or running on the remote host. Verify that the NRPE daemon is running as standalone daemon or under inetd/xinetd with one of the following commands:
#ps axuw | grep nrpe
#netstat -at | grep nrpe
There is a firewall that is blocking the communication between the monitoring host (which runs the check_nrpe plugin) and the remote host (which runs the NRPE daemon). Verify that the firewall rules (e.g. iptables) that are running on the remote host allow for communication and make sure there isn’t a physical firewall that is located between the monitoring host and the remote host.
The check_nrpe plugin returns
“CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for an error message.”
First thing you should do is check the remote server logs for an error message. Seriously. 
This error could be due to the following problem:
The check_nrpe plugin was unable to complete an SSL handshake with the NRPE daemon. An error message in the logs should indicate whether or not this was the case. Check the versions of OpenSSL that are installed on the monitoring host and remote host. If you’re running a commercial version of SSL on the remote host, there might be some compatibility problems.
The check_nrpe plugin returns
“NRPE: Unable to read output”
This error indicates that the command that was run by the NRPE daemon did not return any character output.
This could be an indication of the following problems:
– An incorrectly defined command line in the command definition. Verify that the command definition in your NRPE configuration file is correct.
– The plugin that is specified in the command line is malfunctioning. Run the command line manually to make sure the plugin returns some kind of text output.
The check_nrpe plugin returns
“NRPE: Command ‘x’ not defined”
This error means that you didn’t define command x in the NRPE configuration file on the remote host. On the remote host, add the command definition for x. See the existing command definitions in the NRPE configuration file for more information on doing this. If you’re running the NRPE daemon as a standalone daemon (and not under inetd or xinetd), you’ll need to restart it in order for the new command to be recognized.
The check_nrpe plugin returns
“NRPE: Command timed out after x seconds”
This error indicates that the command that was run by the NRPE daemon did not finish executing within the specified time. You can increase the timeout for commands by editing the NRPE configuration file and changing the value of the command_timeout variable. If you’re running the NRPE daemon as a standalone daemon (and not under inetd or xinetd), you’ll need to restart it in order for the new timeout to be recognized.
How to go about debugging other problems…
When debugging problems it may be useful to edit the NRPE configuration file and change the debug=0 entry to debug=1. Once you do that, restart the NRPE daemon if it is running as a standalone daemon. After you try using the check_nrpe plugin again, you should be able to see some debugging information in the log files of the remote host. Check your logs carefully – they should be able to help provide clues as to where the problem lies…
#vim /etc/xinetd.d/nrpe
#vim /etc/services
nrpe 5666/tcp
#/usr/local/nagios/libexec/check_nrpe -H localhost
#ps -aux | grep nrpe
#nestat -at | grep nrpe
#/usr/local/nagios/libexec/check_nrpe -H localhost -c check_load
