Log file monitoring for Windows servers

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Post Reply
Srinija1995
Posts: 3
Joined: Thu Apr 13, 2023 3:06 am

Log file monitoring for Windows servers

Post by Srinija1995 »

Hi All,

Good day.
We are having a new requirement to configure windows log files in Nagios monitoring.
We found a script from Nagios exchange for this and added it in nagios.
Unfortunately, we are not getting the expected output.

Command:
check_log=cmd /c echo scripts\\check_log.ps1; -F C:\Program Files\NSClient++\log\srcSQLAgentSQLT01_id0208 -O C:\Program Files\NSClient++\log\sqlconfig.protocol-2023-04-05-10-00-09 -P FAILED | powershell.exe -command -

Script:
<#
    $Logfile - path to logfile
    $Oldlog  - temp path to file where will be stored part of log file checked by plugin, used to specify diff from $Logfile
    $Query   - case-sensitive search string, when plugin match pattern in log, it will return CRITICAL state
    Example:.\check_log.ps1 C:\Test.log C:\Temp\Test.log ERROR
#>

 

Param(
    [Parameter(Mandatory=$false)][string]$Logfile,
    [Parameter(Mandatory=$false)][string]$Oldlog,
    [Parameter(Mandatory=$false)][string]$Query
    )

 

# check if passed all arguments
if ( $PSBoundParameters.Count -ne 3 ) {
    echo "Please pass correct arguments"
    echo "Usage: .\check_log.ps1 <log_file> <old_log_file> <pattern>"
    echo "For more details use 'Get-Content check_log.ps1'"
    exit $STATE_UNKNOWN
    }

 

# definition of exit codes
$STATE_OK = 0
$STATE_WARNING = 1
$STATE_CRITICAL = 2
$STATE_UNKNOWN = 3

 


# check if file exist
$FileExists = Test-Path $Logfile
if ( $FileExists -ne $True ) {
    echo "Log check error: Log file $logfile does not exist!"
    exit $STATE_UNKNOWN
    }

 


# check if old file exist, if not create copy of $Logfile
# if size of $Oldlog is greter than $Logfile remove it - check for log rotation
$FileExists = Test-Path $Oldlog
If ( $FileExists -ne $True ) {
    Copy-Item $Logfile $Oldlog
    echo "Log check data initialized..."
    exit $STATE_OK
    } elseif ( (Get-Item $Oldlog).Length -gt (Get-Item $Logfile).Length ) {
    Remove-Item $Oldlog
    echo "Cleanup"
    exit $STATE_OK
    }

 


# create tempfile for store diff between $Oldlog and $Logfile
$tempdiff = [System.IO.Path]::GetTempFileName()

 

# get content of $Logfile and $Oldlog
$LogContent = Get-Content -Path $Logfile
$OldLogContent = Get-Content -Path $Oldlog

 

# compare $LogContent and $OldLogContent, save diff to $tempdiff
Compare-Object -ReferenceObject $LogContent -DifferenceObject $OldLogContent | Select-Object -Property InputObject > $tempdiff

 

# override file $Oldlog using conetent of $Logfile
Set-Content -Path $Oldlog -Value $LogContent

 

# get lines from $tempdiff which contain $Query
$Grep = Get-Content -Path $tempdiff | Select-String -Pattern $Query -CaseSensitive -SimpleMatch

 

# get count of $Query occurrences
$Count = ($Grep | Measure-Object).Count

 

# get the latest line from lines which contain $Query
$LastEntry = $Grep | Select-Object -Last 1

 

# remove $tempdiff
Remove-Item $tempdiff

 

# if $Query no occure return OK state
# if occure, return CRITICAL, count of line with $Query and latest line which $Query
if ( $Count -eq 0 ) {
    echo "Log check ok - 0 pattern matches found"
    exit $STATE_OK
    }
else {
    echo "($Count) $LastEntry"
    exit $STATE_CRITICAL
    }

Output from nagios:
[****@host ~]$ /usr/local/nagios/libexec/check_nrpe -2 -H HOSTNAME -t 30 -c check_log
Failed to execute check_log: 57: The parameter is incorrect.


Please find the above mentioned command (in Nsclient.ini file), script, output and help us in resolving this issue.

Regards,
Srinija
kg2857
Posts: 234
Joined: Wed Apr 12, 2023 5:48 pm

Re: Log file monitoring for Windows servers

Post by kg2857 »

Looks like an argument to check_log or the defined command is not right. Run check_log directly from the host and get the args right.
Srinija1995
Posts: 3
Joined: Thu Apr 13, 2023 3:06 am

Re: Log file monitoring for Windows servers

Post by Srinija1995 »

Hi kg2875,

Thanks a lot for your response.
As suggested by you, I ran it from the server. Please find the below output:

Output from client server:
PS C:\Program Files\NSClient++\scripts> ./check_log.ps1; -F C:\Program Files\NSClient++\log\srcSQLAgentSQLT01_id0208 -O C:\Program Files\NSClient++\log\sqlconfig.protocol-2023-04-05-10-00-09 -P FAILED
Please pass correct arguments
Usage: .\check_log.ps1 <log_file> <old_log_file> <pattern>
For more details use 'Get-Content check_log.ps1'
-F : The term '-F' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:18
+ ./check_log.ps1; -F C:\Program Files\NSClient++\log\srcSQLAgentSQLT01 ...
+                  ~~
    + CategoryInfo          : ObjectNotFound: (-F:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Tried the given above one also but no luck.

===========================================================
PS C:\Program Files\NSClient++\scripts> .\check_log.ps1 <C:\Program Files\NSClient++\log\srcSQLAgentSQLT01_id0208> <C:\Program Files\NSClient++\logsqlconfig.protocol-2023-04-05-10-00-09> <Failed>
At line:1 char:17
+ .\check_log.ps1 <C:\Program Files\NSClient++\log\srcSQLAgentSQLT01_id ...
+                 ~
The '<' operator is reserved for future use.
At line:1 char:76
+ ...  <C:\Program Files\NSClient++\log\srcSQLAgentSQLT01_id0208> <C:\Progr ...
+                                                                 ~
The '<' operator is reserved for future use.
At line:1 char:148
+ ...  Files\NSClient++\logsqlconfig.protocol-2023-04-05-10-00-09> <Failed>
+                                                                  ~
The '<' operator is reserved for future use.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RedirectionNotSupported

Please check and help me on this issue.

Regards,
Srinija.
kg2857
Posts: 234
Joined: Wed Apr 12, 2023 5:48 pm

Re: Log file monitoring for Windows servers

Post by kg2857 »

I guess this is where you read the output and resolve the issues.
Asking others to read for you seems strange.
Srinija1995
Posts: 3
Joined: Thu Apr 13, 2023 3:06 am

Re: Log file monitoring for Windows servers

Post by Srinija1995 »

yes off course.
We will read the output's from both Server end and nagios end.
Being working on nagios, We should be able to understand on all the ways. I have already given output from nagios end.
If you could see my previous post, you can find the output from the nagios server.
lilysnape
Posts: 1
Joined: Tue Oct 17, 2023 4:31 am

Re: Log file monitoring for Windows servers

Post by lilysnape »

To diagnose the issue, you can try running the PowerShell script manuallymapquest on the Windows server to see if it executes without errors. Use the same parameters you're passing through Nagios. This can help identify any issues with the script itself.
Post Reply