JNRPE Server

JNRPE originally started as a java implementation of the NRPE Nagios Addon. As of version 2.0, it gained the ability to be embedded and allow anyone to include JNRPE features inside their own application.

Why JNRPE ?

You can use JNRPE everytime you need to write a Nagios plugin using the Java language and you don't want Nagios to start a new JVM every time your plugin(s) gets called.

Another reason you may want to get JNRPE, is that you want to control the internals of your application: JNRPE (as of version 2.0) can be easily embedded into your own application to give you the ability to answer to check_nrpe calls.

Last but not least, JNRPE and its plugins are pure JAVA: you can install and run JNRPE as soon as you have a JVM 1.5+.

How JNRPE works

Before we start configuring JNRPE, we must understand how it works. JNRPE makes a clear distinction between a plugin and a command: the plugin is an object that is able to execute some work, while the command is a configuration that says to the plugin what to execute (and how).

For example, suppose you are using MS Windows and want to check the free space of disk C and disk E.

In the example you want the following alerts:

  • WARNING if less than 20% of space is available on disk C
  • WARNING if less than 10% of space is available on disk E
  • CRITICAL if less than 10% of space is available on disk C
  • CRITICAL if less than 5% of space is available on disk E

You can perform such check using the CHECK_DISK plugin present in the plugin package. The plugin has the following command line:

     -p path -w WARNING_RANGE -c CRITICAL_RANGE

The range syntax is the following:

  [@]start:end
  Notes:

  start <= end

  start and ":" is not required if start=0

  if range is of format "start:" and end is not specified, assume end is infinity

  to specify negative infinity, use "~"

  if range starts with "@", then the range is negated (inclusive of endpoints)

In this example you will create the following command definition:

  check_disk_C : CHECK_DISK --path C: --warning :20 --critical :10 
  check_disk_E : CHECK_DISK --path E: --warning :10 --critical :5

A more advanced configuration would use the $ARG?$ macros to make the configuration dynamic:

  check_disk_C : CHECK_DISK --path C: --warning $ARG1$ --critical $ARG2$

JNRPE Server Configuration

While with the previous versions of JNRPE you were forced to configure JNRPE through an XML file, starting with JNRPE 2.0 you can now choose between two format:

  • The new INI configuration file
  • The old style XML configuration file

The new INI configuration file

This file is splitted into two different sections:

  • The server configuration section : contains the service configuration (binding address/port, accepted client ip, plugin installation directory, etc)
  • The command configuration section : contains the configuration of each command the server can execute. A command definition is very simple : just associates a command name and a list of arguments to a plugin name, so that you can refer to the plugin with the command name. Moreover, the command definition, configures the parameters to pass to the plugin. Many commands with different names can refer to the same plugin.

Let's analyze the following configuration:

 
 [server]
 accept-params : true
 bind-address : 127.0.0.1:5666
 plugin-path : /usr/local/jnrpe/plugins
 allow-address : 127.0.0.1
   
 [commands]
 check_disk_C : CHECK_DISK --path C: --warning $ARG1$ --critical $ARG2$
 check_disk_E : CHECK_DISK --path E: --warning $ARG1$ --critical $ARG2$
  • [server] - this means we are starting the server section
  • accept-params : true - means we want JNRPE to expand the $ARG?$ macros. If you set this to false, than parameters passed by check_nrpe will be ignored.
  • bind-address : 127.0.0.1:5666 - means we want JNRPE to listen on the 127.0.0.1 IP at port 5666. You can repeat this setting more than one time to instruct JNRPE to listen to many address. If you want the comunication between check_nrpe and JNRPE to be encrypted (check_nrpe default), add a ',ssl' at the end of the row:

    bind-address : 127.0.0.1:5666,ssl

  • plugin-path : /usr/local/jnrpe/plugins - means that in '/usr/local/jnrpe/plugins' JNRPE will find all the installed plugins.
  • allow-address : 127.0.0.1 - means that JNRPE must accept request coming from 127.0.0.1. You can repeat this line to accept requests from many addresses.
  • [commands] - means that the command section is starting

The two configured command could be invoked like this:

 check_nrpe -n -H 127.0.0.1 -c check_disk_E -a ':10!:5'
 check_nrpe -n -H 127.0.0.1 -c check_disk_C -a ':20!:10'

The old style XML configuration file

This file is splitted into two different sections:

  • The server configuration section : contains the service configuration (binding address/port, accepted client ip, plugin installation directory, etc)
  • The command configuration section : contains the configuration of each command the server can execute. A command definition is very simple : just associates a command name and a list of arguments to a plugin name, so that you can refer to the plugin with the command name. Moreover, the command definition, configures the parameters to pass to the plugin. Many commands with different names can refer to the same plugin.

Let's analyze the following configuration:

  <?xml version="1.0" encoding="UTF-8"?>
  <config>
     <server accept-params="true">
        <bind address="127.0.0.1:5666" SSL="false"/>
        <allow ip="127.0.0.1"/>
        <plugin path="/usr/local/jnrpe/plugins"/>
     </server>
     <commands>
        <command name="check_disk_C" plugin_name="CHECK_DISK">
           <arg name="path"  value="C:" />
           <arg name="warning"  value="$ARG1$" />
           <arg name="critical"  value="$ARG2$" />
        </command>
        <command name="check_disk_E" plugin_name="CHECK_DISK">
           <arg name="path"  value="E:" />
           <arg name="warning"  value="$ARG1$" />
           <arg name="critical"  value="$ARG2$" />
        </command>
     </commands>
  </config>
  • <server> - this means we are starting the server section
  • accept-params : true - means we want JNRPE to expand the $ARG?$ macros. If you set this to false, than parameters passed by check_nrpe will be ignored.
  • <bind address="127.0.0.1:5666" SSL="false"/> - means we want JNRPE to listen on the 127.0.0.1 IP at port 5666. You can repeat this setting more than one time to instruct JNRPE to listen to many address. If you want the communication between check_nrpe and JNRPE to be encrypted (check_nrpe default) set SSL to 'true'.
  • <plugin path="/usr/local/jnrpe/plugins"/> - means that in '/usr/local/jnrpe/plugins' JNRPE will find all the installed plugins.
  • <allow ip="127.0.0.1"/> - means that JNRPE must accept request coming from 127.0.0.1. You can repeat this line to accept requests from many addresses.
  • <commands> - means that the command section is starting

The two configured command could be invoked like this:

 check_nrpe -n -H 127.0.0.1 -c check_disk_E -a ':10!:5'
 check_nrpe -n -H 127.0.0.1 -c check_disk_C -a ':20!:10'