设置 NRPE 守护进程

安装守护进程

apk add nrpe && rc-update add nrpe default

设置配置文件以绑定到本地 IP，仅允许需要的主机连接 (在 /etc/nrpe.cfg 中)

server_address=10.14.8.3
allowed_hosts=10.14.8.149,10.14.8.150

在 /etc/nrpe.cfg 中添加检查命令的定义，例如

command[check_routes]=/usr/bin/check_routes.sh

创建上述脚本，并填充内容

#!/bin/sh
#
numroutes_ok=80
numroutes_warn=15

NUMROUTES=`ip route | grep -n  | awk -F ':' '{print $1}' | tail -n 1`
if [ -z "$NUMROUTES" ]; then
    echo "WARNING: No routing information received"
    exit 1
elif [ $NUMROUTES -ge $numroutes_ok ]; then
    echo "OK: $NUMROUTES routes in routing table"
    exit 0
elif [ $NUMROUTES -ge $numroutes_warn ]; then
    echo "WARNING: $NUMROUTES routes in routing table"
    exit 1
else
    echo "CRITICAL: $NUMROUTES routes in routing table"
    exit 2
fi

重启 NRPE。允许端口 5666 (或您在 /etc/nrpe.cfg 中为 nrpe 指定的任何端口) 通过 Shorewall (在 /etc/shorewall/rules 中) 到监控主机。在监控主机上，运行以下命令进行测试，其中 10.14.8.3 是要监控的主机的 IP

/usr/local/nagios/libexec/check_nrpe -H 10.14.8.3 -p 5666 -c check_routes

您应该得到类似如下的输出

OK: 173 routes in routing table

如果您遇到问题，请在 /etc/nrpe.cfg 中启用调试，并检查 /var/log/messages 中是否有错误。最有可能的错误与您尝试执行的内容的权限有关。

监控 opennhrp 连接的示例

#!/bin/sh 
# $1 is hostname to check

if [ -z "$1" ]; then
    echo "Hostname must be specified as argument"
    exit 1 
fi

# The 5 second wait is in case tunnel wasn't up, this will act as a keepalive when run often enough
ping -c 1 -w 5 $1 > /dev/null 

HOSTOUTPUT="`host $1`" 
# The final awk will grep for a /16 network range
HOSTNETWORK="`echo $HOSTOUTPUT | awk -F ' ' '{print $NF}' | awk -F '.' '{print $1"."$2}'`" 
ROUTETONETWORK="`ip route | grep $HOSTNETWORK'\.'`" 
NEXTHOP="`echo $ROUTETONETWORK | awk -F ' ' '{print $3}'`" 
# This assumes that up/down is last entry on line which it was in testing
TUNNELSTATUS="`/usr/sbin/opennhrpctl show | grep -A 3 $NEXTHOP | grep Flags | awk -F ' ' '{print $NF}'`"

echo $TUNNELSTATUS