Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Feature Request - Add AES Support in NSCA #5
When you use NSCA with NSClient++ only the AES-128 works properly. See the example below:
In the nsclient.ini on the Windows server:
`; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = AES`
In the nsca.cfg on the Nagios XI box:
The above scenario works. If however, you use option 15 or 16 (RIJNDAEL-192 or RIJNDAEL-256), the passive check results are not being received, and you can see errors in the "/var/log/messages" similar to this one:
According to a Nagios XI user on the Nagios Support forum, the issue is in fact this:
AES-192 and AES-256 support needs to be added to NSCA so that it can be used with NSClient++.
Looking forward to seeing this fixed. :+1
Stronger encryption like aes is really a minimal required encryption these days. It's also confusing, as the NSClient++ 's documentation suggest using aes, while this in fact doesn't work with Nagios's current NSCA implementation.