check_wmi_plus and check_win_eventlog showing no events

[mclark]

New to the forums. Thanks for your assistance.

I'm using check_wmi_plus to check MS Event Viewer for warnings and errors. Although those events exist in the event logs, Nagios is reporting there are none found.

This is the command definition from check_wmi_plus.

Code: Select all

define command{
command_name	check_win_eventlog
command_line	$USER6$/check_wmi_plus.pl -H $HOSTADDRESS$ -m checkeventlog -u $USER8$ -p $USER9$ -a $ARG1$ -o $ARG2$ -3 $ARG3$ -w $ARG4$ -c $ARG5$ $ARG6$ $ARG7$
}

My service definition is structured like so. It should check the Application and System logs and show the number of Warning and Error events within last 24 hours.

Code: Select all

check_wmi_plus.pl -H HOST -u USER -p PASS -m checkeventlog -a application, system -o 2 -3 24

This server is being successfully polled by check_wmi_plus for RAM usage, disk space, etc.

What am I missing?

Thanks again.

[lmiltchev]

How did you configure the "wmi" user on the Windows server? Does the user have sufficient rights?

Here's a document, which is written for Nagios XI but it may point you to the right direction:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

[mclark]

Thanks for your reply!

I followed the steps from the check_wmi_plus webpage. Ths same account works for other check_wmi_plus commands, i.e., check_win_uptime, check_ts!sessions, check_win_mem, check_win_page, check_win_disk, check_win_cpudetail.

They were not much different than the document you included, the instructions on the site don't mention Performance Monitor Users group. To make sure that wasn't the issue I added the user to the Performance Monitor Users group.

I'm still showing 0 events although the logs actually have two errors from just 45 minutes ago.

I also ran this from the command line. When I run this command,

Code: Select all

 /usr/local/nagios/bin/plugins/check_wmi_plus/check_wmi_plus.pl -H "**********" -u "*******" -p "*******" -m checkeventlog -a application, system -o 2 -3 24

The following output appears:

Code: Select all

/usr/local/nagios/bin/plugins/check_wmi_plus/check_wmi_plus.pl -H "**********" -u "*******" -p "*******"$USER8" -m checkeventlog -a application, system -o 2 -3 24
>

The only option I had at that point typing CTRL-C to break out of that and get back to the prompt. I tried the command without quotes around the host, user and passwords. In each of those cases I got a login error. This output is strange because it includes '$USER8$', which is the variable for username in the command. (I replaced $USER8$ with the actual username, hidden here for security purposes.)

[Box293]

Does this KB article relate to your issue?

https://support.nagios.com/kb/article.php?id=476

[mclark]

I neglected to mention earlier that this server is running 2012r2.

This document, linked above, suggests making the user a domain user.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Your link says it must be a domain user.

We have it as a local user on our servers. I hesitate to make it a domain user as it works for the other checks we've configured.

[tgriep]

I think if you add the login account to the Local Administrators group, that should work for you.
It doesn't need to be a Domain Admin.
Try that and post back if this works for you.

[mclark]

Adding the account to the Local Administrators group.

We had originally wanted to limit the access this user has to the domain so we used a local account. Also we had trouble getting a domain account working. I just created a domain account to test and am having trouble with the login.

I've tried the following variations for logging in and they were all unsuccessful. (This is in an Active Directory domain. Nagios is running on a purchased CentOS VM.)

-u "username" -p "password"
-u "domain\user" -p "password"
-u "domain/user" -p "password"
-u "username@domain" -p "password"

I then tried all those combinations without quotes. What should be the correct syntax?

[lmiltchev]

The following worked for me:

Code: Select all

-u "domain\user" -p "password"

and

Code: Select all

-u 'domain\user' -p 'password'

Do you have any special characters in the password?

[mclark]

Ah yes, special characters. Our password requirements include a special character.

[rkennedy]

Try appending a $USER#$ variable as your password, then substitute that for your check. The special characters are most likely throwing Nagios off.

See this document for an explanation - https://assets.nagios.com/downloads/nag ... Macros.pdf