Version 4 (modified by mickem, 11 months ago) (diff)

--

TracNav

  1. NRPE server
    1. Queries (commands)
    2. Commands (executable)
    3. Configuration
        1. CACHE ALLOWED HOSTS
        2. ALLOWED HOSTS
        3. INBOX
        4. TIMEOUT
        5. PASSWORD
      2. NRPE SERVER SECTION
        1. COMMAND ARGUMENT PROCESSING
        2. PORT NUMBER
        3. COMMAND ALLOW NASTY META CHARS

NRPE server

A simple server that listens for incoming NRPE connection and handles them.

Queries (commands)

No commands avalible in NRPEServer

Commands (executable)

TODO: Add command list

Configuration

Section: /settings/default

Keys:

KeyTitleDescription
cache allowed hostsCACHE ALLOWED HOSTS If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
allowed hostsALLOWED HOSTS A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
inboxINBOX The default channel to post incoming messages on
timeoutTIMEOUT Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
passwordPASSWORD Password used to authenticate againast server

Advanced Keys:

KeyTitleDescription
certificate keySSL CERTIFICATE
certificate formatCERTIFICATE FORMAT
certificateSSL CERTIFICATE
verify modeVERIFY MODE
caCA
bind toBIND TO ADDRESS Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
thread poolTHREAD POOL
allowed ciphersALLOWED CIPHERS
socket queue sizeLISTEN QUEUE Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.
use sslENABLE SSL ENCRYPTION This option controls if SSL should be enabled.

CACHE ALLOWED HOSTS

Description: If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.

Key: cache allowed hosts

Default value: 1

Sample: 

# CACHE ALLOWED HOSTS
# If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
[/settings/default]
cache allowed hosts=1

ALLOWED HOSTS

Description: A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.

Key: allowed hosts

Default value: 127.0.0.1

Sample: 

# ALLOWED HOSTS
# A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
[/settings/default]
allowed hosts=127.0.0.1

INBOX

Description: The default channel to post incoming messages on

Key: inbox

Default value: inbox

Sample: 

# INBOX
# The default channel to post incoming messages on
[/settings/default]
inbox=inbox

TIMEOUT

Description: Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.

Key: timeout

Default value: 30

Sample: 

# TIMEOUT
# Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
[/settings/default]
timeout=30

PASSWORD

Description: Password used to authenticate againast server

Key: password

Sample: 

# PASSWORD
# Password used to authenticate againast server
[/settings/default]
password=

NRPE SERVER SECTION

Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.

Section: /settings/NRPE/server

Keys:

KeyTitleDescription
allow argumentsCOMMAND ARGUMENT PROCESSING This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
portPORT NUMBER Port to use for NRPE.
allow nasty charactersCOMMAND ALLOW NASTY META CHARS This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.

Advanced Keys:

KeyTitleDescription
cache allowed hostsCACHE ALLOWED HOSTS If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
certificate keySSL CERTIFICATE parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
certificate formatCERTIFICATE FORMAT parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
socket queue sizeLISTEN QUEUE Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
certificateSSL CERTIFICATE parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
verify modeVERIFY MODE parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
caCA parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
bind toBIND TO ADDRESS Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
allowed hostsALLOWED HOSTS A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
timeoutTIMEOUT Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
thread poolTHREAD POOL parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
allowed ciphersALLOWED CIPHERS A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
performance dataPERFORMANCE DATA Send performance data back to nagios (set this to 0 to remove all performance data).
payload lengthPAYLOAD LENGTH Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
use sslENABLE SSL ENCRYPTION This option controls if SSL should be enabled. parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.

COMMAND ARGUMENT PROCESSING

Description: This option determines whether or not the we will allow clients to specify arguments to commands that are executed.

Key: allow arguments

Default value: 0

Sample: 

# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
[/settings/NRPE/server]
allow arguments=0

PORT NUMBER

Description: Port to use for NRPE.

Key: port

Default value: 5666

Sample: 

# PORT NUMBER
# Port to use for NRPE.
[/settings/NRPE/server]
port=5666

COMMAND ALLOW NASTY META CHARS

Description: This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.

Key: allow nasty characters

Default value: 0

Sample: 

# COMMAND ALLOW NASTY META CHARS
# This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
[/settings/NRPE/server]
allow nasty characters=0