To monitor a new server nagios client (nrpe) and nagios plugins needs to be installed. This instructions are given on a Ubuntu box but should be the same for all Linux/Unix servers.
Following steps will outline how to install them;


  • root access to the remote Linux/Unix host
  • nagios user account
  • libssl-dev (This is required for SSL connection)
  • xinetd


  • Create a nagios user with no shell
    useradd -M -s /usr/sbin/nologin nagios
  • Install libssl-dev
    apt-get install libssl-dev
  • install xinetd
    apt-get install xinetd
  • Download Nagios Plugins from and extract
    tar -xzvf nagios-plugins-1.4.16.tar.gz
    cd nagios-plugins-1.4.16
  • Compile and install the plugins.
    ./configure --with-nagios-user=nagios --with-nagios-group=nagios
    make install
  • Set permissions on the plugin directory
    chown nagios:nagios /usr/local/nagios
    chown -R nagios:nagios /usr/local/nagios/libexec
  • Download NRPE Add-on from and extract
    tar -xzvf nrpe-2.13.tar.gz
    cd nrpe-2.13
  • Compile and install
    make all
    make install-plugin
    make install-daemon
    make install-daemon-config
    make install-xinetd
  • Add monitoring server IP Address to nrpe daemon config
    only_from = <nagios_server_IP_Here>
  • A

  • dd NRPE port to /etc/services file
    nrpe 5666/tcp # NRPE
  • restart xinetd service
    service xinetd restart


  • Make sure the nrpe daemon is running under xinetd
    $ netstat -at | grep nrpe
    tcp 0 0 *:nrpe *:* LISTEN
  • Check NRPE daemon is functioning properly
    $ /usr/local/nagios/libexec/check_nrpe -H localhost
    NRPE v2.13
  • Check firewall rules
    $ iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
    $ service iptables save


Issue 1:


Connection refused by host


If you are in process of installing the NRPE daemon as an xinetd service for Nagios monitoring capabilities you may run across this error in /var/log/messages.
If you have started xinetd by typing the following:

$ /etc/init.d/xinetd start

but you do not see the NRPE service listening by using netstat:

$ netstat -an | grep 5666

then check /var/log/messages to see if an error similar to the following is in the log file:

xinetd[11497]: service/protocol combination not in /etc/services: nrpe/tcp

If so all you need to do is edit /etc/services and add the following line right above the cvsup entries.

nrpe 5666/tcp # NRPE

After this line is added restart xinetd and verify the 5666 port is now open. You should be good to go.

Issue 2:


Zimbra NRPE complains

check_mailq ERROR: is not executable by (uid 0:gid(0 10 6 4 3 2 1 0))

Get the path to mailq in zimbra and added to /usr/local/nagios/libexec/

$ nano /usr/local/nagios/libexec/
$PATH_TO_MAILQ   = "/opt/zimbra/postfix/sbin/mailq";