To be honest, I donât get what the problem is that you want to be solved. Could you clarify a bit what you want to achieve?
Please use code highlighting (like 3 backticks (`) ) as it makes your posts a lot easier to read. I changed that on your post already. Please use this as a reference.
The problem is that the option is used by check_nrpe, not by your notification command. Notification commands are âstupidâ, they donât know about Critical or Unknown. They just get a status from the check plugin (in your case check_nrpe ) and send that to the user.
I can see youâre using a check command called nrpe_v3. Iâd like to have a look into that because that seems to be the culprit here.
Ok, I donât know about the check_nrpe_v3 plugin. Maybe it doesnât honor the -u in every case?
The problem still seems to be there. Your notification script just getâs a string and sends it via e-mail. It doesnât know about nrpe or itâs timeouts.
You could try and run the different checks from commandline:
sudo -u icinga /usr/lib64/nagios/plugins/check_nrpe_v3 -u ... and see if itâs returning UNKNOWN or `CRITICAL``
is basically the check_nrpe plugin in version 3. I just use it this way to distinguish between v2 and v3.
/usr/lib/nagios/plugins/check_nrpe_v3
Incorrect command line arguments supplied
NRPE Plugin for Nagios
Version: 3.2.1
Copyright (c) 2009-2017 Nagios Enterprises
1999-2008 Ethan Galstad (nagios@nagios.org)
Last Modified: 2017-09-01
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required
Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]
[-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]
[-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]
[-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]
[-c <command>] [-E] [-a <arglist...>]
Options:
-H, --host=HOST The address of the host running the NRPE daemon
-2, --v2-packets-only Only use version 2 packets, not version 3
-4, --ipv4 Bind to ipv4 only
-6, --ipv6 Bind to ipv6 only
-n, --no-ssl Do no use SSL
-u, --unknown-timeout Make connection problems return UNKNOWN instead of CRITICAL
-V, --version Print version info and quit
-l, --license Show license
-E, --stderr-to-stdout Redirect stderr to stdout
-d, --use-dh=DHOPT Anonymous Diffie Hellman use:
0 Don't use Anonymous Diffie Hellman
(This will be the default in a future release.)
1 Allow Anonymous Diffie Hellman (default)
2 Force Anonymous Diffie Hellman
-P, --payload-size=SIZE Specify non-default payload size for NSClient++
-S, --ssl-version=VERSION The SSL/TLS version to use. Can be any one of:
SSLv3 SSL v3 only
SSLv3+ SSL v3 or above
TLSv1 TLS v1 only
TLSv1+ TLS v1 or above (DEFAULT)
TLSv1.1 TLS v1.1 only
TLSv1.1+ TLS v1.1 or above
TLSv1.2 TLS v1.2 only
TLSv1.2+ TLS v1.2 or above
-L, --cipher-list=LIST The list of SSL ciphers to use (currently defaults
to "ALL:!MD5:@STRENGTH:@SECLEVEL=0". THIS WILL change in a future release.)
-C, --client-cert=FILE The client certificate to use for PKI
-K, --key-file=FILE The private key to use with the client certificate
-A, --ca-cert-file=FILE The CA certificate to use for PKI
-s, --ssl-logging=OPTIONS SSL Logging Options
-b, --bind=IPADDR Local address to bind to
-f, --config-file=FILE Configuration file to use
-g, --log-file=FILE Log file to write to
-p, --port=PORT The port on which the daemon is running (default=5666)
-c, --command=COMMAND The name of the command that the remote daemon should run
-a, --args=LIST Optional arguments that should be passed to the command,
separated by a space. If provided, this must be the last
option supplied on the command line.
NEW TIMEOUT SYNTAX
-t, --timeout=INTERVAL:STATE
INTERVAL Number of seconds before connection times out (default=10)
STATE Check state to exit with in the event of a timeout (default=CRITICAL)
Timeout STATE must be a valid state name (case-insensitive) or integer:
(OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)
Note:
This plugin requires that you have the NRPE daemon running on the remote host.
You must also have configured the daemon to associate a specific plugin command
with the [command] option you are specifying here. Upon receipt of the
[command] argument, the NRPE daemon will run the appropriate plugin command and
send the plugin output and return code back to *this* plugin. This allows you
to execute plugins on remote hosts and 'fake' the results to make Nagios think
the plugin is being run locally.
Ok. Then try running your checks âmanuallyâ with sudo. This way you should see if the check is returning the correct status so your notification can send it.
If this is an example that you want to be âUNKNOWNâ, this will not work.
As the description states the -u flag sets the check state to unknown in case the connection times out (e.g. host not reachable, script running too long).
Your message shows that a connection is established but reset/not correctly answered. Not sure how to describe it best.
Check the host you are querying via nrpe. Is the IP of the monitoring server allowed?
Are there any firewalls or proxies between the host and the nrpe client.
What output do you get by simply running check_nrpe_v3 -H hostaddress?
@seeb Only you can close this thread. Just klick on the âSolutionâ checkbox in the posting that solved the issue. (In this case it might be your own, last posting). This way it gets closed and everyone sees that you donât need any more help.