So I have explorer.exe being monitored on one of my windows systems because it was just one of those default things you saw in samples. I noticed explorer.exe is not technically running unless at some point someone has logged into the desktop directly or thru remote desktop. So system may be fine but just because someone hasn't logged in, it complains. Am I missing something, am I right on? Is there a reason to be monitoring explorer.exe?
Thanks.
JR
Any point to monitoring explorer.exe?
Re: Any point to monitoring explorer.exe?
It really depends on the use case, as it distinguishes if someone is logged in the computer or not. To confirm what you said, you are right, it will only return OK when a session is in progress. (local, RDP or 'locked') To some, this might be useful, to others, it may not matter to you.
Locked / Open session -
Logged out -
Locked / Open session -
Code: Select all
[root@localhost libexec]# ./check_nrpe -H 192.168.3.221 -c check_process -a "process=explorer.exe"
OK: all processes are ok.|'explorer.exe state'=1;0;0 'count'=1;0;0
Code: Select all
[root@localhost libexec]# ./check_nrpe -H 192.168.3.221 -c check_process -a "process=explorer.exe"
CRITICAL: explorer.exe=stopped|'explorer.exe state'=0;0;0 'count'=1;0;0
Former Nagios Employee
-
LinearTechs
- Posts: 3
- Joined: Mon Jun 13, 2016 2:38 pm
Re: Any point to monitoring explorer.exe?
Greetings,
I have a consideration for this one: What if you want to monitor for the existance of explorer.exe, but want it to be a Warning if it is running and Okay if it isn't?
I think it's a good idea to monitor the servers that nobody should be logging into directly without prior authorization.
So, how do I reverse the specifications/standards of the explorer.exe check?
TIA and I look forward to your reply.
I have a consideration for this one: What if you want to monitor for the existance of explorer.exe, but want it to be a Warning if it is running and Okay if it isn't?
I think it's a good idea to monitor the servers that nobody should be logging into directly without prior authorization.
So, how do I reverse the specifications/standards of the explorer.exe check?
TIA and I look forward to your reply.
________________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
Re: Any point to monitoring explorer.exe?
There are more efficient plugins / ways for monitoring logged in users on Windows rather than deferring to explorer.exe. Have you considered some of these options:
http://john.wesorick.com/2011/03/nagios ... ndows.html
https://exchange.nagios.org/directory/P ... ck/details
https://exchange.nagios.org/directory/P ... er/details
http://john.wesorick.com/2011/03/nagios ... ndows.html
https://exchange.nagios.org/directory/P ... ck/details
https://exchange.nagios.org/directory/P ... er/details
Be sure to check out the Knowledgebase for helpful articles and solutions!
-
LinearTechs
- Posts: 3
- Joined: Mon Jun 13, 2016 2:38 pm
Re: Any point to monitoring explorer.exe?
Well,
It seems each of those has the same issue I was describing earlier, namely they all look for users to be logged in, and give Warning/Critical if no one is logged in.
I need to reverse the behavior such that it is Warning if one person is logged in, Critical if more than one is logged in and Okay if no one is logged in.
And, in that regard, it doesn't seem like running the negate plugin over these would quite get what I am looking for either.
It does seem that Wesorick's might work if I can figure out how to define a range of "0 users" as being the Okay state. Unfortunately, I'm unfamiliar with AutoIT scripting, but I will see if I can grok it.
Thanks for the info.
It seems each of those has the same issue I was describing earlier, namely they all look for users to be logged in, and give Warning/Critical if no one is logged in.
I need to reverse the behavior such that it is Warning if one person is logged in, Critical if more than one is logged in and Okay if no one is logged in.
And, in that regard, it doesn't seem like running the negate plugin over these would quite get what I am looking for either.
It does seem that Wesorick's might work if I can figure out how to define a range of "0 users" as being the Okay state. Unfortunately, I'm unfamiliar with AutoIT scripting, but I will see if I can grok it.
Thanks for the info.
________________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
Re: Any point to monitoring explorer.exe?
Let us know if you have additional questions pertaining to this use-case!
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Any point to monitoring explorer.exe?
I believe @bwallace is correct in other plugins will be more efficient.
I meant to do this yesterday, but here's a use case if you did want to go the explorer.exe route with negate.
Explorer open -
Now, let's use negate -
We can flip CRIT -> OK as well -
While it still shows the original wording, the exit codes are what matter. This plugin will effectively reverse what check_nrpe is doing.
I meant to do this yesterday, but here's a use case if you did want to go the explorer.exe route with negate.
Explorer open -
Code: Select all
[root@localhost libexec]# ./check_nrpe -H 192.168.3.221 -c check_process -a "process=explorer.exe"
OK: all processes are ok.|'explorer.exe state'=1;0;0 'count'=1;0;0
[root@localhost libexec]# echo $?
0
Code: Select all
[root@localhost libexec]# ./negate -o CRITICAL ./check_nrpe -H 192.168.3.221 -c check_process -a "process=explorer.exe"
OK: all processes are ok.|'explorer.exe state'=1;0;0 'count'=1;0;0
[root@localhost libexec]# echo $?
2
Code: Select all
[root@localhost libexec]# ./negate -o CRITICAL -c OK ./check_nrpe -H 192.168.3.221 -c check_process -a "process=explorer.exe"
CRITICAL: explorer.exe=stopped|'explorer.exe state'=0;0;0 'count'=1;0;0
[root@localhost libexec]# echo $?
0
Former Nagios Employee
-
LinearTechs
- Posts: 3
- Joined: Mon Jun 13, 2016 2:38 pm
Re: Any point to monitoring explorer.exe?
I am sorry for the long delay on this response, but I got hit with one of those "has to be done yesterday" projects... 
@rkennedy & @bwallace: Thanks for your help. I did finally get the new command into my commands.cfg, and it seems to be working as expected.
Thanks again for your time and efforts in getting me on the right path.
@rkennedy & @bwallace: Thanks for your help. I did finally get the new command into my commands.cfg, and it seems to be working as expected.
Thanks again for your time and efforts in getting me on the right path.
________________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds
Re: Any point to monitoring explorer.exe?
@jriker1 Is it alright if we lock this thread and mark the issue as resolved?
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Any point to monitoring explorer.exe?
Yes, please close.