NRPEServer#

A server that listens for incoming NRPE connection and processes incoming requests.

List of Configuration#

Common Keys#

Advanced keys#

Configuration#

#

# 
[/settings/default]
allowed hosts=127.0.0.1
cache allowed hosts=true
inbox=inbox
socket queue size=0
thread pool=10
timeout=30

allowed hosts#

ALLOWED HOSTS

A comma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.

Sample#

[/settings/default]
# ALLOWED HOSTS
allowed hosts=127.0.0.1

bind to#

BIND TO ADDRESS

Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.

Sample#

[/settings/default]
# BIND TO ADDRESS
bind to=

cache allowed hosts#

CACHE ALLOWED HOSTS

If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.

Sample#

[/settings/default]
# CACHE ALLOWED HOSTS
cache allowed hosts=true

encoding#

NRPE PAYLOAD ENCODING

Sample#

[/settings/default]
# NRPE PAYLOAD ENCODING
encoding=

inbox#

INBOX

The default channel to post incoming messages on

Sample#

[/settings/default]
# INBOX
inbox=inbox

password#

PASSWORD

Password used to authenticate against server

Sample#

[/settings/default]
# PASSWORD
password=

socket queue size#

LISTEN QUEUE

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.

Sample#

[/settings/default]
# LISTEN QUEUE
socket queue size=0

thread pool#

THREAD POOL

Sample#

[/settings/default]
# THREAD POOL
thread pool=10

timeout#

TIMEOUT

Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.

Sample#

[/settings/default]
# TIMEOUT
timeout=30

NRPE SERVER SECTION#

Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.

# Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]
allow arguments=false
allow nasty characters=false
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed hosts=127.0.0.1
ca=${certificate-path}/ca.pem
cache allowed hosts=true
certificate=${certificate-path}/certificate.pem
certificate format=PEM
dh=${certificate-path}/nrpe_dh_512.pem
extended response=true
insecure=false
payload length=1024
performance data=true
port=5666
socket queue size=0
thread pool=10
timeout=30
use ssl=true
verify mode=none

allow arguments#

COMMAND ARGUMENT PROCESSING

This option determines whether or not the we will allow clients to specify arguments to commands that are executed.

Sample#

[/settings/NRPE/server]
# COMMAND ARGUMENT PROCESSING
allow arguments=false

allow nasty characters#

COMMAND ALLOW NASTY META CHARS

This option determines whether or not the we will allow clients to specify nasty (as in \|`&><’“\[]{}) characters in arguments.

Sample#

[/settings/NRPE/server]
# COMMAND ALLOW NASTY META CHARS
allow nasty characters=false

allowed ciphers#

ALLOWED CIPHERS

The chipers which are allowed to be used. The default here will differ is used in “insecure” mode or not. check_nrpe uses a very old chipers and should preferably not be used. For details of chipers please see the OPEN ssl documentation: https://www.openssl.org/docs/apps/ciphers.html

Sample#

[/settings/NRPE/server]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

allowed hosts#

ALLOWED HOSTS

A comma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# ALLOWED HOSTS
allowed hosts=127.0.0.1

bind to#

BIND TO ADDRESS

Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# BIND TO ADDRESS
bind to=

ca#

CA

Sample#

[/settings/NRPE/server]
# CA
ca=${certificate-path}/ca.pem

cache allowed hosts#

CACHE ALLOWED HOSTS

If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# CACHE ALLOWED HOSTS
cache allowed hosts=true

certificate#

SSL CERTIFICATE

Sample#

[/settings/NRPE/server]
# SSL CERTIFICATE
certificate=${certificate-path}/certificate.pem

certificate format#

CERTIFICATE FORMAT

Sample#

[/settings/NRPE/server]
# CERTIFICATE FORMAT
certificate format=PEM

certificate key#

SSL CERTIFICATE

Sample#

[/settings/NRPE/server]
# SSL CERTIFICATE
certificate key=

dh#

DH KEY

Sample#

[/settings/NRPE/server]
# DH KEY
dh=${certificate-path}/nrpe_dh_512.pem

encoding#

NRPE PAYLOAD ENCODING

parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# NRPE PAYLOAD ENCODING
encoding=

extended response#

EXTENDED RESPONSE

Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).

Sample#

[/settings/NRPE/server]
# EXTENDED RESPONSE
extended response=true

insecure#

ALLOW INSECURE CHIPHERS and ENCRYPTION

Only enable this if you are using legacy check_nrpe client.

Sample#

[/settings/NRPE/server]
# ALLOW INSECURE CHIPHERS and ENCRYPTION
insecure=false

payload length#

PAYLOAD LENGTH

Length of payload to/from the NRPE agent. This is a hard specific value so you have to “configure” (read recompile) your NRPE agent to use the same value for it to work.

Sample#

[/settings/NRPE/server]
# PAYLOAD LENGTH
payload length=1024

performance data#

PERFORMANCE DATA

Send performance data back to nagios (set this to 0 to remove all performance data).

Sample#

[/settings/NRPE/server]
# PERFORMANCE DATA
performance data=true

port#

PORT NUMBER

Port to use for NRPE.

Sample#

[/settings/NRPE/server]
# PORT NUMBER
port=5666

socket queue size#

LISTEN QUEUE

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# LISTEN QUEUE
socket queue size=0

ssl options#

VERIFY MODE

Comma separated list of verification flags to set on the SSL socket.

Sample#

[/settings/NRPE/server]
# VERIFY MODE
ssl options=

thread pool#

THREAD POOL

parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# THREAD POOL
thread pool=10

timeout#

TIMEOUT

Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Sample#

[/settings/NRPE/server]
# TIMEOUT
timeout=30

use ssl#

ENABLE SSL ENCRYPTION

This option controls if SSL should be enabled.

Sample#

[/settings/NRPE/server]
# ENABLE SSL ENCRYPTION
use ssl=true

verify mode#

VERIFY MODE

Comma separated list of verification flags to set on the SSL socket.

Sample#

[/settings/NRPE/server]
# VERIFY MODE
verify mode=none