Context Navigation

NSClient++ Help (#1) - proxy with arguments not passing on arguments in alias (#463) - Message List

proxy with arguments not passing on arguments in alias

Hi,

I've installed nsclient++ v0.3.6 on a number of Windows servers (a mix of Win32 and x64) and it works very well for most of what we need it for.

However, I'm having a problem with the (admittedly "extreme beta") proxy feature. I've allows arguments in [NRPE] and [External Scripts] sections, I've set up a number of aliases in the [NRPE Handlers] section that can be called from nagios which proxy through to a hidden server.

This works, as long as I don't supply any arguments. When I do, none of the arguments appear to be passed correctly by nsclient++. However, when I run the equivalent call from the command-line, it works!

I have 3 servers in this test, a linux nagios host (say on 192.168.10.10), a 64-bit windows server (dual-homed on 192.168.10.11 and 192.168.0.3) sitting in the middle, and another 64-bit windows server (on 192.168.0.2) sitting on the far side of the middle host.

The NSC.ini file on the middle (dual-homed) host looks like this (with commented-out bits elided for readability and minor changes for security):

[modules]
;# NSCLIENT++ MODULES
;# A list with DLLs to load at startup.
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
NRPEListener.dll
CheckEventLog.dll
CheckHelpers.dll
CheckWMI.dll
;
; Script to check external scripts and/or internal aliases.
CheckExternalScripts.dll
;
; Check other hosts through NRPE extreme beta and probably a bit dangerous! :)
NRPEClient.dll
[Settings]
;# PASSWORD
password=secret-password
;
;# ALLOWED HOST ADDRESSES
allowed_hosts=192.168.10.10
[log]
[NSClient]
[NRPE]
;# COMMAND ARGUMENT PROCESSING
allow_arguments=1
[Check System]
[EventLog]
buffer_size=524288
[External Scripts]
[External Alias]
[NSCA Agent]
[NSCA Commands]
[NRPE Handlers]
;# REMOTE NRPE PROXY COMMANDS
[NRPE Client Handlers]
proxy_alias_echo0=-H 192.168.0.2 -c alias_echo -a $ARG1$ $ARG2$ $ARG3$
proxy_alias_echo1=-H 192.168.0.2 -c alias_echo

The NSC.ini file on the hidden server looks like this (again, elided for readability and changes for security):-

[modules]
;# NSCLIENT++ MODULES
;# A list with DLLs to load at startup.
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
NRPEListener.dll
CheckEventLog.dll
CheckHelpers.dll
CheckWMI.dll
;
; Script to check external scripts and/or internal aliases.
CheckExternalScripts.dll
[Settings]
;# PASSWORD
password=secret-password
;
;# ALLOWED HOST ADDRESSES
allowed_hosts=192.168.0.3
[log]
[NSClient]
[NRPE]
;# COMMAND ARGUMENT PROCESSING
allow_arguments=1
[Check System]
[EventLog]
buffer_size=524288
[External Script]
;# COMMAND ARGUMENT PROCESSING
allow_arguments=1
[External Scripts]
alias_echo=scripts\echo_args.bat $ARG1$ $ARG2$ $ARG3$
[External Alias]
[NSCA Agent]
[NSCA Commands]
[NRPE Handlers]
;# REMOTE NRPE PROXY COMMANDS
;  A list of commands that check other hosts.
;  Used by the NRPECLient module
[NRPE Client Handlers]
check_other=-H 192.168.0.1 -p 5666 -c remote_command -a arguments

The "scripts\echo_args.bat" on the hidden server just echoes its arguments as follows:-

@echo OK: "%1" "%2" "%3" "%4" "%5" "%6" "%7" "%8" "%9"
@exit 0

Running nsclient in test mode (nsclient++ -test) on the middle host, I test the commands as follows:-

proxy_alias_echo0 1 2 3
d NSClient++.cpp(1034) Injecting: proxy_alias_echo0: 1, 2, 3
d \NRPEClient.cpp(225) >>>length: 1036
d \NRPEClient.cpp(229) <<<length: 1036
d NSClient++.cpp(1070) Injected Result: OK 'OK: "$ARG1$" "$ARG1$" "$ARG3$" "" ""
 "" "" "" ""'
d NSClient++.cpp(1071) Injected Performance Result: ''
OK:OK: "$ARG1$" "$ARG1$" "$ARG3$" "" "" "" "" "" ""
proxy_alias_echo0 1 2
d NSClient++.cpp(1034) Injecting: proxy_alias_echo0: 1, 2
d \NRPEClient.cpp(225) >>>length: 1036
d \NRPEClient.cpp(229) <<<length: 1036
d NSClient++.cpp(1070) Injected Result: OK 'OK: "$ARG1$" "$ARG1$" "$ARG3$" "" ""
 "" "" "" ""'
d NSClient++.cpp(1071) Injected Performance Result: ''
OK:OK: "$ARG1$" "$ARG1$" "$ARG3$" "" "" "" "" "" ""

However, if I test it from the command line, I get the following:

C:\Program Files\NSClient++>nsclient++ -noboot NRPEClient --host 192.168.0.2 -c alias_echo -a 1 2 3
l NSClient++.cpp(600) NSCLient++ - 0.3.6.816 2009-06-14 Started!
OK: "1" "2" "3" "" "" "" "" "" ""
l NSClient++.cpp(713) NSCLient++ - 0.3.6.816 2009-06-14 Stopped succcessfully

As you can see, when I run it through the alias, it fails to pass the command parameters correctly, despite appearing to do so, whereas doing it via the command line does pass the parameters successfully!

Am I'm just doing something wrong, or is it an issue with the proxy code?

While I'm at it, I've noticed that the proxy functionality seems to add a zero to the end of an IP address if it can't connect to the IP address the first time (e.g. when 192.168.0.2 was firewalled, it reported that it couldn't connect to 192.168.0.20). Is that a bug in the error report or does it somehow assume that you've made a mistake and append a zero to the IP address and try again?

Tree View Flat View (newer first) Flat View (older first)

Message #1446

Just an update - the issue hasn't been resolved in v0.3.7.346 (RC1), though I wasn't expecting it to be as it wasn't mentioned as a change.

Any chance of a fix in this version before a final release of v0.3.7? Please?

asckey

10/07/09 11:58:43 (4 years ago)
Message #1451

Just an update - I've sort-of implemented a workaround using the external scripts functionality to call nsclient in noboot mode with the parameters that were passed. I'm having to do some jiggery-pokery to filter out the debug messages, and to try and exit with the correct status so that the actual status (OK, WARNING, CRITICAL) is passed back to the nsclient++ daemon.

This latter bit is currently causing me a problem as the nsclient++ daemon appears to ignore the status word at the beginning of the message that is passed back by an external script, and so I have to work out how to get the batch file to exit with the proper ERRORLEVEL status.

Am I correct in assuming that ERRORLEVEL=0 implies OK, 1 implies WARNING, and 2 implies CRITICAL?

I'll keep this thread updated with my experiments, and I'll be grateful for any assistance on this.

asckey

10/08/09 11:20:06 (4 years ago)
- Message #1458
  
  Right...it seems that my assumptions are correct; if the batch files exit with status 0, nsclient++ returns an "OK" status, exiting with status 1 causes nsclient++ to pass on a "WARNING" status, and status 2 passes on a "CRITICAL" status.
  
  With this information, I've now implemented my workaround for the proxy issue which seems to work.
  
  My only remaining issues with my monitoring is now with the fact that nagios marks the hidden server as being down (possibly because I can't ping it?) and I've still to get NSCA mode working on other servers that I can't proxy to (because the firewall rules restrict inbound connections to a very small set of ports and protocols.
  
  asckey
  
  10/09/09 18:41:23 (4 years ago)
  - Message #1463
    Sorry for the delay.
    
    I have added temporary argument support for the up-coming 0.3.7 version (due soon) It uses the same options as NRPE (which I will change) but the following now works:
```
[modules]
CheckSystem.dll
NRPEListener.dll
CheckExternalScripts.dll
NRPEClient.dll
[NRPE]
allow_arguments=1
allow_nasty_meta_chars=1
[External Alias]
alias_process=checkProcState $ARG1$=started
[NRPE Client Handlers]
check_other=-H 192.168.0.101 -p 5666 -c alias_process -a $ARG1$
```
    Then running:
```
check_other explorer.exe
```
    Michael Medin
    mickem
    
    10/11/09 22:44:40 (4 years ago)
    - Message #1491
      
      Hi Michael,
      
      Sorry about the delay in responding...I've been snowed under at work with other things.
      
      I will take a look at the (now-released) v0.3.7 and let you know how well it works for me.
      
      asckey
      
      10/23/09 15:05:53 (4 years ago)
    - Message #1496
      I want to use a Windows based host as the proxy to check several Linux machines. I use the following settings:
      
      [modules] CheckSystem.dll NRPEListener.dll CheckExternalScripts.dll NRPEClient.dll [NRPE] allow_arguments=1 allow_nasty_meta_chars=1 [NRPE Client Handlers] check_other=-H $ARG1$ -p 5666 -c $ARG2$
      Then, I run the following command in nagios server to check:
      
      ./check_nrpe -H win-host -c check_other -a linux-host check_load
      However, it seems that the parameter $ARG1$ and $ARG2$ cannot be handled correctly by the "NRPE Client Handlers".
      fqf1
      
      11/18/09 09:21:18 (4 years ago)
      - Message #1506
        
        Which version?
        
        MickeM
        
        mickem
        
        11/19/09 17:03:47 (4 years ago)
        
        Message #1510
        
        Sorry for the delay. We are using the newest version: 0.3.7 win32.
        
        fqf1
        
        11/24/09 10:31:36 (4 years ago)

Tree View Flat View (newer first) Flat View (older first)

Subscriptions

Download in other formats:

RSS Feed