Setting up NRPE daemon

Set up config file to bind to local IP, only allow needed hosts to connect (in /etc/nrpe.cfg):

server_address=10.14.8.3
allowed_hosts=10.14.8.149,10.14.8.150

Install daemon:

apk add nrpe && rc-update add nrpe default

Add a definition for a check command to /etc/nrpe.cfg, for example:

command[check_routes]=/usr/bin/check_routes.sh

Create the above script, and populate:

#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15

NUMROUTES=`ip route | grep -n  | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
    echo "WARNING: No routing information received"
    exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
    echo "OK: $NUMROUTES routes in routing table"
    exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
fi

Restart NRPE. Allow port 5666 (or whatever port you've specified for nrpe in /etc/nrpe.cfg) through Shorewall (in /etc/shorewall/rules) through to monitoring hosts. On the monitoring host, run the following command to test, where 10.14.8.3 is the IP of the host to monitor:

/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes

You should get output like:

OK: 173 routes in routing table

If you are having trouble, enable debugging in /etc/nrpe.cfg, and check /var/log/messages for errors. Most likely error(s) has to do with permissions of what you are trying to execute.

Example of monitoring opennhrp connection:

#!/bin/sh 
# $1 is hostname to check

if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1 
fi

# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null 

HOSTOUTPUT="`host $1`" 
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" 
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" 
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" 
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"

echo $TUNNELSTATUS

This article is issued from Alpinelinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.