FIX "CRITICAL – Socket timeout after 10 seconds" - Nagios

How to fix “CRITICAL – Socket timeout after 10 seconds” error?
We can fix this by increasing the “Socket timeout” value from the default 10 seconds to let’s say 20.

We can do this by adding a parameter to a specific command defined in commands.cfg file on your Nagios server. Commands.cfg file is usually located at /usr/local/nagios/etc/objects/commands.cfg (if you compiled Nagios) or /etc/nagios/commands.cfg (if you installed Nagios from RPM).

Read more about commands.cfg in my post “Nagios configuration – How to configure Nagios” post.

BEFORE (/usr/local/nagios/etc/objects/commands.cfg):

define command {
 command_name    check_nrpe
 command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
 }
AFTER (/usr/local/nagios/etc/objects/commands.cfg):

define command {
 command_name    check_nrpe
 command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t 20
 }
There are also other commands that support the “-t” parameter! Be sure to add a “-t 20” parameter to the command you had “CRITICAL – Socket timeout after 10 seconds” problems with ??

Block YouTube HTTPS Traffic In Squid & Iptables

Blocking 443 traffic in iptables or squid (Transparent proxy) is possible with below rule

Iptables Rule to Block YouTube in IPTABLES

iptables -I FORWARD -p tcp --dport 80 -m string --string 'youtube.com' --algo bm --to 65535 -j DROP
iptables -I FORWARD -p tcp --dport 443 -m string --string 'youtube.com' --algo bm --to 65535 -j DROP

Above rules will block entire traffic destine to 443 port but you can apply same rule on particular single ip, range of ips or complete network.

To Apply Same Rule on Single IP Address or Subnet

iptables -I FORWARD -p tcp --dport 443 -s 192.168.2.10 -m string --string ‘youtube.com’ --algo bm --to 65535 -j DROP

You can also block "facebook", "twitter" or other https websites with above method.

Ping with Real time (Timestamp)

Ping with Real time (Timestamp)

ping google.com | awk '/^[0-9]+ bytes from / { "date" | getline pong; close("date"); print pong":",$0; }'

You can also save the results with a txt file with simply adding > after the command

ping google.com | awk '/^[0-9]+ bytes from / { "date" | getline pong; close("date"); print pong":",$0; }' >results.txt


If you’re interested in all types of replies (unreachable, no route to host, etc), the following should work on most systems;

ping google.com | while read pong; do echo "$(date): $pong"; done


You can also save the results with a txt file with simply adding > after the command

ping google.com | while read pong; do echo "$(date): $pong"; done > results.txt

Cron job not running after a timezone change

New time is not reflecting on crons logs even after chaning timezone & time.
Here is the simple trick to fix this

Restart the rsyslog service with below command to sync the new time with all applications (including cron)

service rsyslog restart

Forward SMPT port 25 with other port

Linux does not allow root users to bind port traffic to ports 1024 and below. However, the simple mail transfer protocol (SMTP) has a default value of port 25. If you are running Linux, you must configure the reserve SMTP agent to listen to a custom port instead of the default port 25.

Before you begin
Run the commands in the following procedure as a root user.

Update your firewall to open the port above port 1024 by adding the following lines to your

vim /etc/sysconfig/iptables file:

-A OUTPUT -p tcp -s serverIP -d 0/0 --dport Port_Above_1024   -m state --state ESTABLISHED -j ACCEPT
-A INPUT -s 0/0 -d serverIP -m state --state NEW,ESTABLISHED  -p tcp --dport Port_Above_1024 -i eth0 -j ACCEPT

Restart your firewall:

/etc/init.d/iptables restart

Open port 25 for forwarding:

iptables -A FORWARD -p tcp --destination-port 25 -j ACCEPT;

Forward port 25 to your custom port above 1024:

iptables -t nat -A PREROUTING -j REDIRECT   -p tcp --destination-port 25 --to-port Port_Above_1024

To verify that port 25 is forwarding, Run a telnet command:

telnet yourServer 25

If you do not receive a successful response, forward port 25 to a different custom port.

Port_Above_1024 change the same to any port no. above 1024

df and du commands show different disk usage?

When you delete a file that is being held "open" by a process what actually happens is the file's name is deleted but not its inode (and its data). df sees what is happening at filesystem level whereas du sees what is happening at file/directory level. If the filename is gone du doesn't see it in the directory any longer. However since the inode is still in use df sees that the filesystem is still using the space.

You most probably know that you can remove a file that still in use by some application and for this application it remains available. It because file descriptor in /proc/ filesystem is held open

SOLUTION - Solution is very simple for this issue

Just run this command from root user

lsof | grep '(deleted)'

It will show the output like this

java      24485 31103  centos   14w      REG              202,1           0   25520518 /opt/apache-tomcat-7.0.62/logs/catalina.2015-12-24.log (deleted)
java      24485 31103  centos   15w      REG              202,1           0   25520519 /opt/apache-tomcat-7.0.62/logs/localhost.2015-12-24.log (deleted)
java      24485 31103  centos   16w      REG              202,1           0   25520521 /opt/apache-tomcat-7.0.62/logs/manager.2015-12-24.log (deleted)
java      24485 31103  centos   17w      REG              202,1           0   25520527 /opt/apache-tomcat-7.0.62/logs/host-manager.2015-12-24.log (deleted)
java      24485 31103  centos   42w      REG              202,1 43935147690   25520530 /opt/apache-tomcat-7.0.62/logs/catalina.out.2015-12-24 (deleted)
java      24485 31103  centos   43w      REG              202,1 43935147690   25520530 /opt/apache-tomcat-7.0.62/logs/catalina.out.2015-12-24 (deleted)
java      24485 31103  centos   99w      REG              202,1   769125049   25520517 /opt/apache-tomcat-7.0.62/logs/localhost_access_log.2016-01-21.txt (deleted)



Just check the application & kill it or stop/start it (In above case I need to restart or kill Apache Tomcat to get back my lost space)