The Nagios Remote Plugin Executor (NRPE) is a system daemon that uses a special client-server protocol and should be installed on all client hosts that you want to monitor via your Nagios server remotely. It allows the central Nagios server to trigger any Nagios checks on these client hosts securely and with low overhead. Here, we will show you how to set up and configure any CentOS 7 client to use NRPE; if you’ve got more than one computer in your network that you want to monitor, you need to apply this process for every instance.
To Start With: What Do You Need?
To complete this process, you will require a computer other than your Nagios server with an installation of the CentOS 7 operating system and root privileges, which you want to monitor, and which needs a console-based text editor of your choice installed on it, along with a connection to the Internet in order to facilitate the download of additional packages. This computer needs to have access to our Nagios server over the network. In our example, the Nagios server has the IP address 192.168.1.7, and our client system will have the IP address 192.168.1.8.
The Process
- Log in as root on your CentOS 7 client system and install all Nagios plugins as well as NRPE on it:
yum install epel-release;yum install nrpe nagios-plugins-all nagiosplugins-nrpe
- Afterwards, open the main NRPE config file (after making a backup first):
cp /etc/nagios/nrpe.cfg /etc/nagios/nrpe.cfg.BAK && vi /etc/nagios/nrpe.cfg
- Find the line that starts with allowed_hosts, and add the IP address of your Nagios server separated by a comma so that we can communicate with it (in our example ,192.168.1.7, so change it accordingly); it should read as follows:
allowed_hosts=127.0.0.1,192.168.1.7
- Save and close the file, then enable NRPE at boot and start it:
systemctl enable nrpe && systemctl start nrpe
- Then enable the NRPE port in firewalld. To do this, create a new firewalld service file for NRPE:
sed 's/80/5666/g' /usr/lib/firewalld/services/http.xml | sed 's/WWW
(HTTP)/Nagios NRPE/g' | sed 's/<description>.*<\/description>//g' >
/etc/firewalld/services/nrpe.xml
firewall-cmd --reload
firewall-cmd --permanent --add-service=nrpe; firewall-cmd --reload - Finally, test the NRPE connection. To do this, log in as root on your Nagios server (for example, at 192.168.1.7) and execute the following command to check NRPE on our client (192.168.1.8):
/usr/lib64/nagios/plugins/check_nrpe -H 192.168.1.8 -c check_load
- If the output prints out an OK -load average message with some numbers, you have successfully configured NRPE on the client!
How Does It Work?
Here in this process, we have shown you how to install NRPE on your CentOS 7 clients that you want to monitor with your Nagios servers. If you want to monitor other Linux systems running other distributions such as Debian or BSD, you should be able to find appropriate packages using their own package managers or compile NRPE from source. Besides the NRPE package, we also installed all the Nagios plugins on this machine since NRPE is only the daemon for running monitoring commands on client computers, but it does not include them. After installation, NRPE is listening only on localhost (127.0.0.1) connections by default, so we then had to change this to also listen to connections from our Nagios server, which runs with the IP 192.168.1.7, using the allowed_hosts directive in the main NRPE configuration file. The NRPE port 5666 is needed for incoming connections from the Nagios server, so we also had to open it in the firewall. Since no firewalld rule is available for it by default, we created our own new service file and added it to the current firewalld configuration. Afterwards, we could test our NRPE installation from our Nagios server by running a check_nrpe command using the client’s IP address and a random check command (check_load returns the system’s load).