[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
Hi, coming around cleaning older cases ... Thanks everyone for the discussion! On one hand I'm glad we managed to collect a bunch of log suppression and configuration workarounds. On the other hand it is sad that this seems to be mostly just "as it is" with no great way out (e.g. a fix in a later version one could try to backport). After Bill outlined - out of the upstream Forum - that it is a known issue with likely no fix I'd say until there is any further insight how to address this in a package update there isn't much one can act on. The bug will stay around and be helpful for anyone searching for the error message, but I'll set the task to incomplete until there is any change to the overall situation that allows to act and improve it. ** Changed in: nagios-nrpe (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
** Tags added: bseng-29 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
> I found a recent post on the nagios support forum but I do not have permission to access it, from its short description I got that "agents are falling back to packet version 2 when query an agent in version 4 by a plugin in version 3" Googlebot can see it. From there: "The way the NRPE plugin negotiates the SSL version of the agent does generate a lot of messages in the remote server but if the checks does work, you can disable the message by changing the following option in the nrpe.cfg file to a 1. That should stop all logging for the agent." It's quite dissatisfying but it seems to say that the plugin's *version probing logic* causes invalid error messages on the agent, and if you don't like that you should have rsyslog filter out the invalid error messages. Not how I would structure the protocol but elsewhere it's said that commercial nagios is moving to HTTP and deprecating nrpe protocol so it's unlikely to be fixed. I wiresharked this for a bit and it does appear that *no* cleartext traffic is transiting the link. e.g.: 07:14:24.538748 IP 192.168.1.246.39798 > 192.168.1.43.5666: Flags [P.], seq 836:1901, ack 826, win 506, options [nop,nop,TS val 10310092 ecr 4249413257], length 1065 E..].g@.?.i. . . ..+.v." .&.e1.LW.. ..Q..H..$..H ..h...&}...hk.!%./...z..#"..Gq.g...z!Bx..j].m<.0w'C.s..A..P |...E6.d..?..d.5..5...MU..:0.v./...\S.&.X.?); So I believe it is not falling back to v2 and is actually using v3 with ssl. One suggestion says to add '-2' to the check_nrpe command but that seems like really bad advice to me (at least for anywhere where network security is a consideration). my config: ii nagios-nrpe-plugin 3.2.1-2 amd64Nagios Remote Plugin Executor Plugin ii nagios-nrpe-server 4.0.3-1 amd64Nagios Remote Plugin Executor Server So it appears that upstream is saying to do a workaround and it's wontfix on their end. Disappointing but not surprising. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
** Also affects: nagios-nrpe (Debian) Importance: Undecided Status: New ** No longer affects: nagios-nrpe (Debian) ** Also affects: nagios-nrpe (Debian) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
We have similar issue but with the same version on both sides. The checks actually works (it seems), but generates a lot of these errors shown below. ### On a server being checked ### # Installed packages: nagios-nrpe-server/focal,focal,now 4.0.0-2ubuntu1 amd64 [installed] # Output from syslog: 2021-09-30 15:50:22 INFO: SSL Socket Shutdown. 2021-09-30 15:50:22 Could not read request from client *IP*, bailing out... 2021-09-30 15:50:22 Error: (use_ssl == true): Request packet version was invalid! ### On the monitor server ### # Installed packages: nagios-nrpe-plugin/focal,now 4.0.0-2ubuntu1 amd64 [installed] nagios-nrpe-server/focal,now 4.0.0-2ubuntu1 amd64 [installed] # Output from syslog: 2021-09-30 15:50:22 Remote *IP* does not support version 3/4 packets -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
This is a Focal v4 check_nrpe querying bionic NRPE v3 and should work without spamming logs. I am seeing in syslog: check_nrpe - - - Remote 10.1.2.3 does not support version 3/4 packets However checks are working. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
Thanks for the clues! I think I'd seen that URL in my research but the `rsyslog` filter had escaped me. I'll see about pestering upstream when time permits, any hints on where or who to pester appreciated. For the record, for Mint-20 or Ubuntu Focal using stock `rsyslog` this prevented the log spam but isn't a real fix: ``` sudo vi /etc/rsyslog.d/10-nrpe-log-spam.conf sudo systemctl restart rsyslog ``` File contents to "fix" NODE spam: ``` # /etc/rsyslog.d/10-nrpe-log-spam.conf # 2020-07-26 Sun: Suppress useless NRPE log spam # See https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184 :msg, contains, "Request packet version was invalid" stop :msg, contains, "Could not read request from client 192.168.1.11, bailing out" stop :msg, contains, "INFO: SSL Socket Shutdown" stop ``` File contents to "fix" Server spam: ``` # /etc/rsyslog.d/10-nrpe-log-spam.conf # 2020-07-26 Sun: Suppress useless NRPE log spam # See https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184 :msg, contains, "does not support Version 3 Packets" stop ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888184] Re: nagios-nrpe-server-4 is creating incorrect log spam
Thanks for taking the time to report this bug and trying to make Ubuntu better. I've seen some people facing issues regarding the packet version compatibility, you have version 3 and 4 in your setup. I tried to make a quick research about any compatibility issue between version 3 and 4 but I did not find something useful. I found a recent post on the nagios support forum but I do not have permission to access it, from its short description I got that "agents are falling back to packet version 2 when query an agent in version 4 by a plugin in version 3". This seems to match your case and it might be an upstream issue. It'd be great if you could engage in a discussion about it with upstream. In case you do that please link it here. Since you described it is still working, you can try to follow one of the solutions described in this article to silence those errors for now: https://support.nagios.com/kb/article/nrpe-remote-does-not-support- version-3-packets-786.html ** Changed in: nagios-nrpe (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888184 Title: nagios-nrpe-server-4 is creating incorrect log spam To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs