WEBClient
WEB client can be used both from command line and from queries to check remote systes via WEB(REST)

WEBClient — WEBClient

WEB client can be used both from command line and from queries to check remote systes via WEB(REST)

Queries (Overview):

A list of all available queries (check commands)

Command Description
web_exec Execute remote script via WEB.
web_forward Forward the request as-is to remote host via WEB.
web_query Request remote information via WEB.
web_submit Submit information to remote host via WEB.

Commands (Overview):

TODO: Add a list of all external commands (this is not check commands)

Configuration (Overview):

Common Keys:

Path / Section Key Description
/settings/NRPE/client channel CHANNEL
/settings/NRPE/client/targets/default address TARGET ADDRESS
/settings/NRPE/client/targets/default certificate SSL CERTIFICATE
/settings/NRPE/client/targets/default certificate key SSL CERTIFICATE KEY
/settings/NRPE/client/targets/default insecure Insecure legacy mode
/settings/NRPE/client/targets/default payload length PAYLOAD LENGTH
/settings/NRPE/client/targets/default timeout TIMEOUT
/settings/NRPE/client/targets/default use ssl ENABLE SSL ENCRYPTION
/settings/NRPE/client/targets/default verify mode VERIFY MODE

Advanced keys:

Path / Section Key Default Value Description
/settings/NRPE/client/targets/default alias ALIAS  
/settings/NRPE/client/targets/default allowed ciphers ALLOWED CIPHERS  
/settings/NRPE/client/targets/default ca CA  
/settings/NRPE/client/targets/default certificate format CERTIFICATE FORMAT  
/settings/NRPE/client/targets/default dh DH KEY  
/settings/NRPE/client/targets/default host TARGET HOST  
/settings/NRPE/client/targets/default is template IS TEMPLATE  
/settings/NRPE/client/targets/default parent PARENT  
/settings/NRPE/client/targets/default port TARGET PORT  

Sample keys:

Path / Section Key Default Value Description
/settings/NRPE/client/targets/sample address TARGET ADDRESS  
/settings/NRPE/client/targets/sample alias ALIAS  
/settings/NRPE/client/targets/sample allowed ciphers ALLOWED CIPHERS  
/settings/NRPE/client/targets/sample ca CA  
/settings/NRPE/client/targets/sample certificate SSL CERTIFICATE  
/settings/NRPE/client/targets/sample certificate format CERTIFICATE FORMAT  
/settings/NRPE/client/targets/sample certificate key SSL CERTIFICATE KEY  
/settings/NRPE/client/targets/sample dh DH KEY  
/settings/NRPE/client/targets/sample host TARGET HOST  
/settings/NRPE/client/targets/sample insecure Insecure legacy mode  
/settings/NRPE/client/targets/sample is template IS TEMPLATE  
/settings/NRPE/client/targets/sample parent PARENT  
/settings/NRPE/client/targets/sample payload length PAYLOAD LENGTH  
/settings/NRPE/client/targets/sample port TARGET PORT  
/settings/NRPE/client/targets/sample timeout TIMEOUT  
/settings/NRPE/client/targets/sample use ssl ENABLE SSL ENCRYPTION  
/settings/NRPE/client/targets/sample verify mode VERIFY MODE  

Queries

A quick reference for all available queries (check commands) in the WEBClient module.

web_exec

WEBClientweb_exec
Execute remote script via WEB.

Usage:

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
host   The host of the host running the server
port   The port of the host running the server
address   The address (host:port) of the host running the server
timeout   Number of seconds before connection times out (default=10)
target   Target to use (lookup connection info from config)
retry   Number of times ti retry a failed connection attempt (default=2)
command   The name of the command that the remote daemon should run
arguments   list of arguments
no-ssl N/A Do not initial an ssl handshake with the server, talk in plain-text.
certificate   Length of payload (has to be same as on the server)
dh   The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key   Client certificate to use
certificate-format   Client certificate format (default is PEM)
insecure N/A Use insecure legacy mode
ca   A file representing the Certificate authority used to validate peer certificates
verify   Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers   Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length   Length of payload (has to be same as on the server)
buffer-length   Same as payload-length (used for legacy reasons)
ssl N/A Initial an ssl handshake with the server.

Arguments

help (WEBClient, web_exec)
Show help screen (this screen)
help-pb (WEBClient, web_exec)
Show help screen as a protocol buffer payload
show-default (WEBClient, web_exec)
Show default values for a given command
help-short (WEBClient, web_exec)
Show help screen (short format).
host (WEBClient, web_exec)
The host of the host running the server
port (WEBClient, web_exec)
The port of the host running the server
address (WEBClient, web_exec)
The address (host:port) of the host running the server
timeout (WEBClient, web_exec)
Number of seconds before connection times out (default=10)
target (WEBClient, web_exec)
Target to use (lookup connection info from config)
retry (WEBClient, web_exec)
Number of times ti retry a failed connection attempt (default=2)
command (WEBClient, web_exec)
The name of the command that the remote daemon should run
arguments (WEBClient, web_exec)
list of arguments
no-ssl (WEBClient, web_exec)
Do not initial an ssl handshake with the server, talk in plain-text.
certificate (WEBClient, web_exec)
Length of payload (has to be same as on the server)
dh (WEBClient, web_exec)
The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key (WEBClient, web_exec)
Client certificate to use
certificate-format (WEBClient, web_exec)
Client certificate format (default is PEM)
insecure (WEBClient, web_exec)
Use insecure legacy mode
ca (WEBClient, web_exec)
A file representing the Certificate authority used to validate peer certificates
verify (WEBClient, web_exec)
Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers (WEBClient, web_exec)
Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length (WEBClient, web_exec)
Length of payload (has to be same as on the server)
buffer-length (WEBClient, web_exec)
Same as payload-length (used for legacy reasons)
ssl (WEBClient, web_exec)
Initial an ssl handshake with the server.

web_forward

WEBClientweb_forward
Forward the request as-is to remote host via WEB.

Usage:

Arguments

web_query

WEBClientweb_query
Request remote information via WEB.

Usage:

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
host   The host of the host running the server
port   The port of the host running the server
address   The address (host:port) of the host running the server
timeout   Number of seconds before connection times out (default=10)
target   Target to use (lookup connection info from config)
retry   Number of times ti retry a failed connection attempt (default=2)
command   The name of the query that the remote daemon should run
arguments   list of arguments
query-command   The name of the query that the remote daemon should run
query-arguments   list of arguments
no-ssl N/A Do not initial an ssl handshake with the server, talk in plain-text.
certificate   Length of payload (has to be same as on the server)
dh   The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key   Client certificate to use
certificate-format   Client certificate format (default is PEM)
insecure N/A Use insecure legacy mode
ca   A file representing the Certificate authority used to validate peer certificates
verify   Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers   Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length   Length of payload (has to be same as on the server)
buffer-length   Same as payload-length (used for legacy reasons)
ssl N/A Initial an ssl handshake with the server.

Arguments

help (WEBClient, web_query)
Show help screen (this screen)
help-pb (WEBClient, web_query)
Show help screen as a protocol buffer payload
show-default (WEBClient, web_query)
Show default values for a given command
help-short (WEBClient, web_query)
Show help screen (short format).
host (WEBClient, web_query)
The host of the host running the server
port (WEBClient, web_query)
The port of the host running the server
address (WEBClient, web_query)
The address (host:port) of the host running the server
timeout (WEBClient, web_query)
Number of seconds before connection times out (default=10)
target (WEBClient, web_query)
Target to use (lookup connection info from config)
retry (WEBClient, web_query)
Number of times ti retry a failed connection attempt (default=2)
command (WEBClient, web_query)
The name of the query that the remote daemon should run
arguments (WEBClient, web_query)
list of arguments
query-command (WEBClient, web_query)
The name of the query that the remote daemon should run
query-arguments (WEBClient, web_query)
list of arguments
no-ssl (WEBClient, web_query)
Do not initial an ssl handshake with the server, talk in plain-text.
certificate (WEBClient, web_query)
Length of payload (has to be same as on the server)
dh (WEBClient, web_query)
The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key (WEBClient, web_query)
Client certificate to use
certificate-format (WEBClient, web_query)
Client certificate format (default is PEM)
insecure (WEBClient, web_query)
Use insecure legacy mode
ca (WEBClient, web_query)
A file representing the Certificate authority used to validate peer certificates
verify (WEBClient, web_query)
Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers (WEBClient, web_query)
Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length (WEBClient, web_query)
Length of payload (has to be same as on the server)
buffer-length (WEBClient, web_query)
Same as payload-length (used for legacy reasons)
ssl (WEBClient, web_query)
Initial an ssl handshake with the server.

web_submit

WEBClientweb_submit
Submit information to remote host via WEB.

Usage:

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
host   The host of the host running the server
port   The port of the host running the server
address   The address (host:port) of the host running the server
timeout   Number of seconds before connection times out (default=10)
target   Target to use (lookup connection info from config)
retry   Number of times ti retry a failed connection attempt (default=2)
command   The name of the command that the remote daemon should run
alias   Same as command
message   Message
result   Result code either a number or OK, WARN, CRIT, UNKNOWN
no-ssl N/A Do not initial an ssl handshake with the server, talk in plain-text.
certificate   Length of payload (has to be same as on the server)
dh   The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key   Client certificate to use
certificate-format   Client certificate format (default is PEM)
insecure N/A Use insecure legacy mode
ca   A file representing the Certificate authority used to validate peer certificates
verify   Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers   Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length   Length of payload (has to be same as on the server)
buffer-length   Same as payload-length (used for legacy reasons)
ssl N/A Initial an ssl handshake with the server.

Arguments

help (WEBClient, web_submit)
Show help screen (this screen)
help-pb (WEBClient, web_submit)
Show help screen as a protocol buffer payload
show-default (WEBClient, web_submit)
Show default values for a given command
help-short (WEBClient, web_submit)
Show help screen (short format).
host (WEBClient, web_submit)
The host of the host running the server
port (WEBClient, web_submit)
The port of the host running the server
address (WEBClient, web_submit)
The address (host:port) of the host running the server
timeout (WEBClient, web_submit)
Number of seconds before connection times out (default=10)
target (WEBClient, web_submit)
Target to use (lookup connection info from config)
retry (WEBClient, web_submit)
Number of times ti retry a failed connection attempt (default=2)
command (WEBClient, web_submit)
The name of the command that the remote daemon should run
alias (WEBClient, web_submit)
Same as command
message (WEBClient, web_submit)
Message
result (WEBClient, web_submit)
Result code either a number or OK, WARN, CRIT, UNKNOWN
no-ssl (WEBClient, web_submit)
Do not initial an ssl handshake with the server, talk in plain-text.
certificate (WEBClient, web_submit)
Length of payload (has to be same as on the server)
dh (WEBClient, web_submit)
The pre-generated DH key (if ADH is used this will be your ‘key’ though it is not a secret key)
certificate-key (WEBClient, web_submit)
Client certificate to use
certificate-format (WEBClient, web_submit)
Client certificate format (default is PEM)
insecure (WEBClient, web_submit)
Use insecure legacy mode
ca (WEBClient, web_submit)
A file representing the Certificate authority used to validate peer certificates
verify (WEBClient, web_submit)
Which verification mode to use: none: no verification, peer: that peer has a certificate, peer-cert: that peer has a valid certificate, ...
allowed-ciphers (WEBClient, web_submit)
Which ciphers are allowed for legacy reasons this defaults to ADH which is not secure preferably set this to DEFAULT which is better or a an even stronger cipher
payload-length (WEBClient, web_submit)
Length of payload (has to be same as on the server)
buffer-length (WEBClient, web_submit)
Same as payload-length (used for legacy reasons)
ssl (WEBClient, web_submit)
Initial an ssl handshake with the server.

/ settings/ NRPE/ client

/settings/NRPE/client (WEBClient)

WEB CLIENT SECTION

Section for WEB active/passive check module.
Key Default Value Description
channel NRPE CHANNEL

Sample:

# WEB CLIENT SECTION
# Section for WEB active/passive check module.
[/settings/NRPE/client]
channel=NRPE
channel (WEBClient, /settings/NRPE/client)

CHANNEL

The channel to listen to.

Path: /settings/NRPE/client

Key: channel

Default value: NRPE

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client]
# CHANNEL
channel=NRPE

… / handlers

/settings/NRPE/client/handlers (WEBClient)

CLIENT HANDLER SECTION

Sample:

# CLIENT HANDLER SECTION
#
[/settings/NRPE/client/handlers]

… / targets

/settings/NRPE/client/targets (WEBClient)

REMOTE TARGET DEFINITIONS

Sample:

# REMOTE TARGET DEFINITIONS
#
[/settings/NRPE/client/targets]

… / targets / default

/settings/NRPE/client/targets/default (WEBClient)

TARGET DEFENITION

Target definition for: default
Key Default Value Description
address   TARGET ADDRESS
alias   ALIAS
allowed ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH ALLOWED CIPHERS
ca   CA
certificate   SSL CERTIFICATE
certificate format PEM CERTIFICATE FORMAT
certificate key   SSL CERTIFICATE KEY
dh   DH KEY
host   TARGET HOST
insecure   Insecure legacy mode
is template 0 IS TEMPLATE
parent default PARENT
payload length 1024 PAYLOAD LENGTH
port 0 TARGET PORT
timeout 30 TIMEOUT
use ssl 1 ENABLE SSL ENCRYPTION
verify mode none VERIFY MODE

Sample:

# TARGET DEFENITION
# Target definition for: default
[/settings/NRPE/client/targets/default]
address=
alias=
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca=
certificate=
certificate format=PEM
certificate key=
dh=
host=
insecure=
is template=0
parent=default
payload length=1024
port=0
timeout=30
use ssl=1
verify mode=none
address (WEBClient, /settings/NRPE/client/targets/default)

TARGET ADDRESS

Target host address

Path: /settings/NRPE/client/targets/default

Key: address

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# TARGET ADDRESS
address=
alias (WEBClient, /settings/NRPE/client/targets/default)

ALIAS

The alias (service name) to report to server

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: alias

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# ALIAS
alias=
allowed ciphers (WEBClient, /settings/NRPE/client/targets/default)

ALLOWED CIPHERS

The allowed list of ciphers (setting insecure wil override this to only support ADH

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: allowed ciphers

Default value: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca (WEBClient, /settings/NRPE/client/targets/default)

CA

The certificate authority to use to authenticate remote certificate

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: ca

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# CA
ca=
certificate (WEBClient, /settings/NRPE/client/targets/default)

SSL CERTIFICATE

The ssl certificate to use to encrypt the communication

Path: /settings/NRPE/client/targets/default

Key: certificate

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# SSL CERTIFICATE
certificate=
certificate format (WEBClient, /settings/NRPE/client/targets/default)

CERTIFICATE FORMAT

Format of SSL certificate

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: certificate format

Default value: PEM

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# CERTIFICATE FORMAT
certificate format=PEM
certificate key (WEBClient, /settings/NRPE/client/targets/default)

SSL CERTIFICATE KEY

Key for the SSL certificate

Path: /settings/NRPE/client/targets/default

Key: certificate key

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# SSL CERTIFICATE KEY
certificate key=
dh (WEBClient, /settings/NRPE/client/targets/default)

DH KEY

The diffi-hellman perfect forwarded secret to use setting –insecure will override this

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: dh

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# DH KEY
dh=
host (WEBClient, /settings/NRPE/client/targets/default)

TARGET HOST

The target server to report results to.

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: host

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# TARGET HOST
host=
insecure (WEBClient, /settings/NRPE/client/targets/default)

Insecure legacy mode

Use insecure legacy mode to connect to old NRPE server

Path: /settings/NRPE/client/targets/default

Key: insecure

Default value:

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# Insecure legacy mode
insecure=
is template (WEBClient, /settings/NRPE/client/targets/default)

IS TEMPLATE

Declare this object as a template (this means it will not be available as a separate object)

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: is template

Default value: 0

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# IS TEMPLATE
is template=0
parent (WEBClient, /settings/NRPE/client/targets/default)

PARENT

The parent the target inherits from

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: parent

Default value: default

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# PARENT
parent=default
payload length (WEBClient, /settings/NRPE/client/targets/default)

PAYLOAD LENGTH

Length of payload to/from the NRPE agent. This is a hard specific value so you have to “configure” (read recompile) your NRPE agent to use the same value for it to work.

Path: /settings/NRPE/client/targets/default

Key: payload length

Default value: 1024

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# PAYLOAD LENGTH
payload length=1024
port (WEBClient, /settings/NRPE/client/targets/default)

TARGET PORT

The target server port

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/default

Key: port

Default value: 0

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# TARGET PORT
port=0
timeout (WEBClient, /settings/NRPE/client/targets/default)

TIMEOUT

Timeout when reading/writing packets to/from sockets.

Path: /settings/NRPE/client/targets/default

Key: timeout

Default value: 30

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# TIMEOUT
timeout=30
use ssl (WEBClient, /settings/NRPE/client/targets/default)

ENABLE SSL ENCRYPTION

This option controls if SSL should be enabled.

Path: /settings/NRPE/client/targets/default

Key: use ssl

Default value: 1

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# ENABLE SSL ENCRYPTION
use ssl=1
verify mode (WEBClient, /settings/NRPE/client/targets/default)

VERIFY MODE

What to verify default is non, to validate remote certificate use remote-peer

Path: /settings/NRPE/client/targets/default

Key: verify mode

Default value: none

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/default]
# VERIFY MODE
verify mode=none

… / targets / sample

/settings/NRPE/client/targets/sample (WEBClient)

TARGET DEFENITION

Target definition for: sample
Key Default Value Description
address   TARGET ADDRESS
alias   ALIAS
allowed ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH ALLOWED CIPHERS
ca   CA
certificate   SSL CERTIFICATE
certificate format PEM CERTIFICATE FORMAT
certificate key   SSL CERTIFICATE KEY
dh   DH KEY
host   TARGET HOST
insecure   Insecure legacy mode
is template 0 IS TEMPLATE
parent default PARENT
payload length 1024 PAYLOAD LENGTH
port 0 TARGET PORT
timeout 30 TIMEOUT
use ssl 1 ENABLE SSL ENCRYPTION
verify mode none VERIFY MODE

Sample:

# TARGET DEFENITION
# Target definition for: sample
[/settings/NRPE/client/targets/sample]
address=
alias=
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca=
certificate=
certificate format=PEM
certificate key=
dh=
host=
insecure=
is template=0
parent=default
payload length=1024
port=0
timeout=30
use ssl=1
verify mode=none
address (WEBClient, /settings/NRPE/client/targets/sample)

TARGET ADDRESS

Target host address

Path: /settings/NRPE/client/targets/sample

Key: address

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# TARGET ADDRESS
address=
alias (WEBClient, /settings/NRPE/client/targets/sample)

ALIAS

The alias (service name) to report to server

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: alias

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# ALIAS
alias=
allowed ciphers (WEBClient, /settings/NRPE/client/targets/sample)

ALLOWED CIPHERS

The allowed list of ciphers (setting insecure wil override this to only support ADH

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: allowed ciphers

Default value: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca (WEBClient, /settings/NRPE/client/targets/sample)

CA

The certificate authority to use to authenticate remote certificate

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: ca

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# CA
ca=
certificate (WEBClient, /settings/NRPE/client/targets/sample)

SSL CERTIFICATE

The ssl certificate to use to encrypt the communication

Path: /settings/NRPE/client/targets/sample

Key: certificate

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# SSL CERTIFICATE
certificate=
certificate format (WEBClient, /settings/NRPE/client/targets/sample)

CERTIFICATE FORMAT

Format of SSL certificate

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: certificate format

Default value: PEM

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# CERTIFICATE FORMAT
certificate format=PEM
certificate key (WEBClient, /settings/NRPE/client/targets/sample)

SSL CERTIFICATE KEY

Key for the SSL certificate

Path: /settings/NRPE/client/targets/sample

Key: certificate key

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# SSL CERTIFICATE KEY
certificate key=
dh (WEBClient, /settings/NRPE/client/targets/sample)

DH KEY

The diffi-hellman perfect forwarded secret to use setting –insecure will override this

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: dh

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# DH KEY
dh=
host (WEBClient, /settings/NRPE/client/targets/sample)

TARGET HOST

The target server to report results to.

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: host

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# TARGET HOST
host=
insecure (WEBClient, /settings/NRPE/client/targets/sample)

Insecure legacy mode

Use insecure legacy mode to connect to old NRPE server

Path: /settings/NRPE/client/targets/sample

Key: insecure

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# Insecure legacy mode
insecure=
is template (WEBClient, /settings/NRPE/client/targets/sample)

IS TEMPLATE

Declare this object as a template (this means it will not be available as a separate object)

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: is template

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# IS TEMPLATE
is template=0
parent (WEBClient, /settings/NRPE/client/targets/sample)

PARENT

The parent the target inherits from

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: parent

Default value: default

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# PARENT
parent=default
payload length (WEBClient, /settings/NRPE/client/targets/sample)

PAYLOAD LENGTH

Length of payload to/from the NRPE agent. This is a hard specific value so you have to “configure” (read recompile) your NRPE agent to use the same value for it to work.

Path: /settings/NRPE/client/targets/sample

Key: payload length

Default value: 1024

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# PAYLOAD LENGTH
payload length=1024
port (WEBClient, /settings/NRPE/client/targets/sample)

TARGET PORT

The target server port

Advanced (means it is not commonly used)

Path: /settings/NRPE/client/targets/sample

Key: port

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# TARGET PORT
port=0
timeout (WEBClient, /settings/NRPE/client/targets/sample)

TIMEOUT

Timeout when reading/writing packets to/from sockets.

Path: /settings/NRPE/client/targets/sample

Key: timeout

Default value: 30

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# TIMEOUT
timeout=30
use ssl (WEBClient, /settings/NRPE/client/targets/sample)

ENABLE SSL ENCRYPTION

This option controls if SSL should be enabled.

Path: /settings/NRPE/client/targets/sample

Key: use ssl

Default value: 1

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# ENABLE SSL ENCRYPTION
use ssl=1
verify mode (WEBClient, /settings/NRPE/client/targets/sample)

VERIFY MODE

What to verify default is non, to validate remote certificate use remote-peer

Path: /settings/NRPE/client/targets/sample

Key: verify mode

Default value: none

Sample key: This key is provided as a sample to show how to configure objects

Used by: NRPEClient, WEBClient

Sample:

[/settings/NRPE/client/targets/sample]
# VERIFY MODE
verify mode=none
comments powered by Disqus