Setting up NRPE daemon

From Alpine Linux
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Install daemon:

apk add nrpe && rc-update add nrpe default

Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):

server_address=10.14.8.3
allowed_hosts=10.14.8.149,10.14.8.150

Add a definition for a check command to /etc/nrpe.cfg, for example:

command[check_routes]=/usr/bin/check_routes.sh

Create the above script, and populate:

#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15

NUMROUTES=`ip route | grep -n  | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
    echo "WARNING: No routing information received"
    exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
    echo "OK: $NUMROUTES routes in routing table"
    exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
fi

Restart NRPE. Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:

/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes

You should get output like:

OK: 173 routes in routing table

If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors. Most likely error(s) has to do with permissions of what you are trying to execute.


Example of monitoring opennhrp connection:

#!/bin/sh 
# $1 is hostname to check

if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1 
fi

# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null 

HOSTOUTPUT="`host $1`" 
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" 
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" 
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" 
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"

echo $TUNNELSTATUS