From OpenNMS

Contents 1 Introduction 2 Configuring NRPE Daemon 2.1 NRPE on Unix 2.2 NSClient++ on Windows 3 Configuring OpenNMS 3.1 Configuring NrpePlugin for discovery 3.2 Configuring NrpeMonitor for polling 3.3 Version History/Availability

Introduction

Starting with OpenNMS version 1.3.10, the NRPE plugin and monitor classes support SSL operation. This mode is the default for recent releases of both the official NRPE daemon (Unix, when built with SSL support) and NSClient++ (Windows, NRPEListener only).

Configuring NRPE Daemon

NRPE on Unix

The default for NRPE release 2.11 on Unix is to use SSL, unless you specify the -n parameter on the command line.

NSClient++ on Windows

The default for the NRPEListener of NSClient++ release 0.3.0 on Windows is to use SSL, unless you set use_ssl=0 in NSC.ini or in the registry.

Configuring OpenNMS

Configuring NrpePlugin for discovery

In capsd-configuration.xml, add a keyed parameter (key usessl, value true) to each protocol-plugin that uses the NrpePlugin. Note that the plugin will use SSL by default, so you can leave this parameter out if you know that you use SSL everywhere that you use NRPE. In a mixed environment, you can configure two protocol-plugin elements, one with SSL enabled and one with SSL disabled, but you will need to use separate protocol names (e.g. "NRPE" and "NRPES") if you do this.

    <protocol-plugin protocol="NRPE" class-name="org.opennms.netmgt.capsd.plugins.NrpePlugin" scan="on" user-defined="false">
       <property key="banner" value="*" />
       <property key="port" value="5666" />
       <property key="timeout" value="3000" />
       <property key="retry" value="2" />
       <property key="command" value="_NRPE_CHECK" />
       <property key="usessl" value="true" />
   </protocol-plugin>

Configuring NrpeMonitor for polling

In poller-configuration.xml, add a keyed parameter (key usessl, value true) to each service that uses the NrpeMonitor. Note that the monitor will use SSL by default, so you can leave this parameter out if you know that you use SSL everywhere that you use NRPE. In a mixed environment, you can configure two service elements, one with SSL enabled and one with SSL disabled, but be sure that the service names match the protocol names in capsd-configuration.xml.

               <service name="NRPE" interval="300000" user-defined="false" status="on">
                       <parameter key="retry" value="3"/>
                       <parameter key="timeout" value="3000"/>
                       <parameter key="port" value="5666"/>
                       <parameter key="command" value="_CHECK_NRPE"/>
                       <parameter key="padding" value="2"/>
                       <parameter key="rrd-repository" value="/opt/opennms/share/rrd/response"/>
                       <parameter key="ds-name" value="nrpe"/>
                       <parameter key="usessl" value="true"/>
               </service>

Version History/Availability

• This feature was added in version 1.3.10