Please note: SNRPE is not maintained any longer. Icinga 2 offers a new agent-based model for running remote checks, which is more secure and offers better performance than using (S)NRPE. For this reason, there is no need to use NRPE any longer.
The Secure Nagios Remote Plugin Executor (SNRPE) is a wrapper around the Nagios Remote Plugin Executor (NRPE).
NRPE implements communication in an insecure way, even if encryption is enabled. SNRPE tunnels the NRPE communication through an SSH connection, using SSH for secure authentication and communication.
SNRPE is designed to work without having to install any additional software on the monitored computer. Only the (usually installed) SSH daemon is needed.
On the monitoring server, using SNRPE is as simple as replacing all
references to check_nrpe with check_snrpe.
Please refer to the README file in the distribution for detailed
instructions.
Technically SNRPE works by having a daemon establish an SSH connection
to each monitored host. The check_snrpe scripts asks this
daemon for the local port number of the TCP tunnel that connects to the
NRPE daemon on the remote host and then calls check_nrpe
for performing the actual check.
Thus, you do not have to take care of manually assigning a local port to each monitored remote host, which makes this solution perfect for mass-deployment.
The software is licensed under the terms of the Apache License 2.0.
The easiest way to get started is installing the Debian package on the
monitoring server. The package has been designed to work with Ubuntu
12.04 LTS (Precise Pangolin), but it might also work with other versions
of Ubuntu and even with other Debian derivates. You can find the README
file with configuration instructions in
/usr/share/doc/nagios-snrpe-plugin/README. You can safely
skip the section called "Installation", because this has already been
accomplished by installing the Debian package.
On other system, you can download the bundle of binary files. SNRPE only
has a few dependencies. It needs a Java runtime environment (version 6
or newer), Upstart, netcat (available as nc) and the
check_nrpe executable, that it expects to be found in
/usr/lib/nagios/plugins/check_nrpe. The README file in the
distribution contains detailed installation and configuration
instructions.
Regardless of the installation method you should consult the
configuration file /etc/snrpe/snrpe.conf. This file
contains comments that explain all options.
Most likely you will want to change the path to the SSH private key file. You might also want to consider strict host-key checking, however when using public-key authentication, skipping the host-key check is relatively safe (see this explanation), unless you are worried about a man-in-the-middle reporting wrong results to you.
Release 1.0.0 (May 20th, 2013):
The source code can also be found in the SNRPE Git repository.
Visit other projects on projects.marsching.org!
© 2013 Sebastian Marsching