Nagios NRPE and the different payload (packet, buffer) sizes using cross-version communication

Written by - 0 comments

Published on - last updated on March 31st 2022 - Listed in Nagios Icinga Monitoring Linux


If you're using Nagios' NRPE as remote monitoring plugin execution program in a monitoring solution, you might have come across some weird behaviour when using a combination of multiple NRPE versions. In the last few years, NRPE has made major version jumps from an everlasting 2.15 to a final 4.0.3.

These changes in the NRPE source code included major security improvements and (finally) a larger payload size - which we are about to look at in more detail in this article.

Note: Check out article Monitoring Windows hosts with NSClient++ using NRPE and API to have a detailed overview of the last major NRPE changes.

The major changes in code caused all kinds of compatibility issues, from OpenSSL related connection errors (Could not complete SSL handshake) to payload size (also known as packet size) problems with NSClient++ and other cross-version issues.

Basic rule: check_nrpe plugin new, NRPE server may be older

The basic rule for a monitoring using NRPE is: The plugin (check_nrpe) on your monitoring server should be the newest version. The latest NRPE 4.0.3 supports backward compatibility parameters -2 for NRPE v2 and -3 for NRPE v3 servers. That doesn't always guarantee a fully working communication, but it should work in many cases.

The best combination is if plugin and server run the same version, preferably all at the latest 4.0.3. But this isn't very realistic, especially if you're monitoring hundreds if not thousands of hosts with different Linux distributions and versions.

Current State: Which distribution contains which NRPE version

First we need to find out which NRPE (server) version runs on which Linux distribution. NRPE is usually packaged into two different packages on Debian based distributions: nagios-nrpe-server for the server (listener) and nagios-nrpe-plugin for the check_nrpe monitoring plugin.

On CentOS and Red Hat the packages are split into a nrpe (server) and nagios-plugins-nrpe (plugin).

Most major distributions offer NRPE as package, to be directly installed from the distribution repositories.

 Distribution  NRPE version
 Distribution package name
 Centos 7 with EPEL
 4.0.3
 4.0.3-6.el7
 Centos 8 with EPEL
 4.0.3
 4.0.3-6.el8
 Debian 9 (Stretch)
 3.0.1
 3.0.1-3+deb9u1
 Debian 10 (Buster)
 3.2.1
 3.2.1-2
 Debian 11 (Bullseye)
 4.0.3
 4.0.3-1
 Ubuntu 14.04 (Trusty)
 2.15.0  2.15-0ubuntu1
 Ubuntu 16.04 (Xenial)
 2.15.0  2.15-1ubuntu1
 Ubuntu 18.04 (Bionic)
 3.2.1  3.2.1-1ubuntu1
 Ubuntu 20.04 (Focal)
 4.0.0
 4.0.0-2ubuntu1 (contains payload fixes)
 Ubuntu 22.04 (Jammy)
 4.0.3
 4.0.3-1ubuntu2
 Red Hat (see CentOS with EPEL)


Note: The NRPE packages on Debian are built without command line arguments.

Larger payload with cross versions

Let's assume that we've gotten rid of the NRPE v2 in our environment. With this out of the way, there is now a mix of NRPE v3 and NRPE v4 servers around. As mentioned above, the check_nrpe plugin is backward compatible, right? Yes and no.

Let's do a basic comparison on two servers. One is running Ubuntu 18.04 (Bionic) with NRPE server 3.2.1, the other one is a Debian 11 (Bullseye) server with NRPE 4.0.3. We want to see a plugin output with a large payload (a lot of data in the output of the plugin, transmitted to the check_nrpe plugin).

To create a valid test scenario, we simply created a folder containing 10'000 files on both servers:

root@focal:~# mkdir /opt/nrpetest
root@focal:~# for i in $(seq 1 10000); do touch /opt/nrpetest/$i; done

Then create a basic check plugin which lists all the files:

root@focal:~# cat /opt/nrpetest/check_test.sh
#!/bin/bash
files=($(ls /opt/nrpetest))
echo "Found ${#files[*]} files: ${files[*]}"
exit 0

Add this plugin as "check_test" command to NRPE:

root@focal:~# grep "check_test" /etc/nagios/nrpe.cfg
command[check_test]=/opt/nrpetest/check_test.sh

and reload NRPE server:

root@focal:~# systemctl reload nagios-nrpe-server

Now we have two servers (Ubuntu 18.04 with NRPE 3.2.1 and Ubuntu 20.04 with NRPE 4.0.0) with different NRPE servers listening awaiting the checks from different check_nrpe plugin versions.

NRPE plugin 3.1.1 to NRPE Server 3.2.1

The first test involved an older check_nrpe 3.1.1 compiled from source:

ckadm@mintp ~/src/nrpe-nrpe-3.1.1/src $ ./check_nrpe -V

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.1.1
Last Modified: 2017-05-24
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required

This didn't turn out that well:

ckadm@mintp ~/src/nrpe-nrpe-3.1.1/src $ ./check_nrpe -H bionic
CHECK_NRPE: Error - Could not complete SSL handshake with bionic: 1

Even a communication within the same NRPE v3 didn't correctly work. But let's stick to my words from above: Use a new check_nrpe plugin!

NRPE plugin 3.1.1 to NRPE Server 4.0.3

Not much to see here, same issue as above:

ckadm@mintp ~/src/nrpe-nrpe-3.1.1/src $ ./check_nrpe -H bullseye
CHECK_NRPE: Error - Could not complete SSL handshake with bullseye: 1


NRPE plugin 4.0.0 (from source) to NRPE Server 3.2.1

This time check_nrpe was compiled from source from the 4.0.0 release. This release contained a bug with the payload calculation, which was later fixed in 4.0.2. How does that turn out?

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -V
NRPE Plugin for Nagios
Version: 4.0.0

The communication with the NRPE server can be established:

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bionic
NRPE v3.2.1

What about the payload? Do we see all 10K files?

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bionic -c check_test
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

Nope! We're cut short! The output stops after file name 1182.

But let's try the -3 parameter, to enable the v3 packet size:

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bionic -c check_test -3
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 119 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 12 120 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 121 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 122 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 123 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 124 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 125 1250 [...] 9999 check_test.sh

Eureka! The full plugin output is shown in its entirety!

Note: I obviously truncated the output or this article would just be overblown...

NRPE plugin 4.0.3 (from source) to NRPE Server 3.2.1

Another run with check_nrpe compiled from source, this time from the 4.0.3 release (as of writing this article the newest version). This release (and 4.0.2) contains a couple of bug fixes, one of them also related to the payload calculation. How will this one work out?

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -V
NRPE Plugin for Nagios
Version: 4.0.3

Communication with older NRPE server still works fine:

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bionic
NRPE v3.2.1

And yet again the payload is cut when using the default parameters:

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bionic -c check_test
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

But when using the -3 parameter to talk to NRPE v3, the payload size is increased and the plugin's full output is shown:

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bionic -c check_test -3
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 119 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 12 120 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 121 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 122 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 123 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 124 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 125 1250 [...] 9999 check_test.sh

In this situation it didn't really matter whether we've used the check_nrpe plugin in version 4.0.0 or 4.0.3 talking to NRPE 3.2.1. The -3 parameter seems a must when expecting a large plugin output from a NRPE v3 server.

NRPE Plugin 4.0.0 (from source) to NRPE Server 4.0.3

As mentioned before, NRPE 4.0.0 contains a bug which causes a wrong calculation in the payload size. How does that show when using check_nrpe 4.0.0 to a NRPE server 4.0.3?

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bullseye
NRPE v4.0.3

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bullseye -c check_test
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

The output is cut! Same behaviour as if we would have talked to a NRPE v3 server!

What if the -3 parameter is applied?

ckadm@mintp ~/src/nrpe-nrpe-4.0.0/src $ ./check_nrpe -H bullseye -c check_test -3
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

No change. The output coming from NRPE 4.0.3 server to the check_nrpe 4.0.0 plugin is cut and stops after file name 1182. That must be the mentioned bug causing the wrong payload/packet size calculation and cutting the output.

NRPE Plugin 4.0.0 (Ubuntu patched) to NRPE Server 4.0.3

The nagios-nrpe-plugin package in Ubuntu 20.04 (Focal) shows the following entry in the changelog:

nagios-nrpe (4.0.0-2) unstable; urgency=medium
  * Add upstream patch to fix check_nrpe buffer length calculation.
 -- Bas Couwenberg <sebastic@debian.org>  Thu, 23 Jan 2020 05:40:17 +0100

The buffer length is yet another term for the packet size or payload size. Could this mean that the payload bugfix is part of the Ubuntu packaged check_nrpe? Let's try it.

The plugin version itself shows 4.0.0, without any additional hint:

root@focal:~# /usr/lib/nagios/plugins/check_nrpe -V
NRPE Plugin for Nagios
Version: 4.0.0

But by running the check_test command on the Bullseye server, we quickly see that the full plugin output is showing up:

root@focal:~# /usr/lib/nagios/plugins/check_nrpe -H bullseye -c check_test
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 119 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 12 120 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 121 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 122 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 123 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 124 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 125 1250 [...] 9999 check_test.sh

That's a success!

What if we add the -3 parameter here?

root@focal:~# /usr/lib/nagios/plugins/check_nrpe -H bullseye -c check_test -3
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

By using the NRPE v3 parameter, the output is cut. That's the same behaviour as in the un-patched check_nrpe 4.0.0.

NRPE Plugin 4.0.3 (from source) to NRPE Server 4.0.3

Finally using the same versions: check_nrpe 4.0.3 (compiled from source) to our Bullseye server running NRPE server 4.0.3.

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -V
NRPE Plugin for Nagios
Version: 4.0.3

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bullseye
NRPE v4.0.3

As expected, no problems with the large payload size with the default parameters:

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bullseye -c check_test
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 119 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 12 120 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 121 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 122 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 123 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 124 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 125 1250 [...] 9999 check_test.sh

And here the same result with the -3 parameter on all other 4.0.x versions:

ckadm@mintp ~/src/nrpe-4.0.3/src $ ./check_nrpe -H bullseye -c check_test -3
Found 10001 files: 1 10 100 1000 10000 1001 1002 1003 1004 1005 1006 1007 1008 1009 101 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 102 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 103 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 104 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 105 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 106 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 107 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 108 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 109 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 11 110 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 111 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 112 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 113 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 114 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 115 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 116 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 117 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 118 1180 1181 1182

Final notes and remarks

NRPE has come a long way and it has significantly improved in the past few years. It's sad that Nagios Enterprises decided to mark NRPE as EOL and stop development of it. A lot of good developers have put a lot of efforts to renew NRPE in the last couple of years.

Here are some final remarks when using NRPE across multiple versions:

  • Ditch NRPE v2! It is insecure, runs with old SSL parameters and has a a very short packet/payload size
  • On the monitoring server, where you run the check_nrpe plugin, make sure to use the latest available version (which is 4.0.3 right now)
  • If you're using check_nrpe 4.0.0 manually compiled from source, ditch this one and use either 4.0.3 from source or use the check_nrpe from the distribution package
  • If the target server is running NRPE server 3.x.x (for example on an Ubuntu 18.04 machine), you must use the -3 parameter for large plugin output
  • If the target server is running NRPE server 4.0.x, use the default parameters and never use the -3 parameter as it would cut the large output

 NRPE Plugin version
 NRPE Server version
 Large output (payload)
 4.0.0 (from source)
 3.2.1  Yes, with -3 parameter
 4.0.0 (Ubuntu Focal)
 3.2.1 Yes, with -3 parameter
 4.0.3
 3.2.1
Yes, with -3 parameter
 4.0.0 (from source)
 4.0.3
No
 4.0.0 (Ubuntu Focal)
 4.0.3
 Yes
 4.0.3
 4.0.3
 Yes

By the way: In Icinga 2, the "nrpe" command is part of the ITL (Icinga Template Library). The -3 parameter can be enabled by using vars.nrpe_version_3 in the Service object, starting with Icinga 2 2.14.0. A pull request was created to add this -3 parameter to ITL.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder