Alert when Windows process IS running

[hillhealthcenter]

I installed NSClient++ 0.4.4.23 on one host as a test. I getting the "CHECK_NRPE: Error - Could not complete SSL handshake." for both the Windows Uptime service in XI and for the command that you gave me.

[hillhealthcenter]

Please disregard my last post. I found the solution to the '...handshake..." issue

[lmiltchev]

Were you able to successfully run the following command from the command line on the Nagios XI server?

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <client ip> -c check_process -a "process=<process name>" "critical=count>1" "ok=count=0" "warning=count>1"

Let us know if you need more help.

[hillhealthcenter]

The command works from the server CLI. Now I need to figure out how to get it into XI.

[lmiltchev]

Add a new service in under the CCM. Use "check_nrpe" as a check command. Add check_process to $ARG1$, and -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1" to ARG2$. Save and apply configuration. The service config should look something like this:

Code: Select all

define service {
	host_name			Windows7
	service_description		IE Process
	use				xiwizard_windowsserver_nsclient_service
	check_command			check_nrpe!check_process!-a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"!!!!!!
	max_check_attempts		5
	check_interval			5
	retry_interval			1
	check_period			24x7
	notification_interval		60
	contacts			nagiosadmin
	_xiwizard			windowsserver
	register			1
	}

Under "Service Status Detail" you should see something like this:

example01.PNG

Here's a document explaining how to manage monitoring plugins in Nagios XI:
https://assets.nagios.com/downloads/nag ... lugins.pdf

Let us know if you have any more questions/issues.

[hillhealthcenter]

This is the output that I get from the server CLI:

Code: Select all

login as: root
[email protected]'s password:
Last login: Fri Jul 29 13:32:41 2016 from 2ua4010qbb.hhc.com
[root@nagiosxi ~]# cd libexec
-bash: cd: libexec: No such file or directory
[root@nagiosxi ~]# ls
anaconda-ks.cfg  install.log.syslog  scripts
install.log      nagiosxi.bak        setup-linux.sh
[root@nagiosxi ~]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
-bash: ./check_nrpe: No such file or directory
You have new mail in /var/spool/mail/root
[root@nagiosxi ~]# cd /
You have mail in /var/spool/mail/root
[root@nagiosxi /]# ls
bin   cgroup  etc   lib         media  opt   root  selinux  store  tmp  var
boot  dev     home  lost+found  mnt    proc  sbin  srv      sys    usr
[root@nagiosxi /]# cd etc
[root@nagiosxi etc]# ls
adjtime                    init.d           rc
aliases                    inittab          rc0.d
aliases.db                 inputrc          rc1.d
alternatives               iproute2         rc2.d
anacrontab                 issue            rc3.d
apt                        issue.net        rc4.d
asound.conf                issue-standard   rc5.d
audisp                     jwhois.conf      rc6.d
audit                      kde              rc.d
avahi                      krb5.conf        rc.local
bash_completion.d          ld.so.cache      rc.sysinit
bashrc                     ld.so.conf       redhat-release
blkid                      ld.so.conf.d     resolv.conf
bonobo-activation          lftp.conf        rpc
centos-release             libaudit.conf    rpm
cgconfig.conf              libuser.conf     rpmdevtools
cgconfig.d                 locales.conf     rsyslog.conf
cgrules.conf               localtime        rwtab
cgsnapshot_blacklist.conf  login.defs       rwtab.d
chkconfig.d                logrotate.conf   sasl2
ConsoleKit                 logrotate.d      securetty
cron.d                     lvm              security
cron.daily                 mailcap          selinux
cron.deny                  mail.rc          services
cron.hourly                makedev.d        sestatus.conf
cron.monthly               man.config       sgml
crontab                    mdadm.conf       shadow
cron.weekly                mime.types       shadow-
crypttab                   mke2fs.conf      shells
csh.cshrc                  modprobe.d       skel
csh.login                  motd             smart
dbus-1                     mrtg             snmp
default                    mtab             sound
depmod.d                   my.cnf           ssh
dhcp                       nagiosql         ssl
DIR_COLORS                 nagiosxi-banner  statetab
DIR_COLORS.256color        NetworkManager   statetab.d
DIR_COLORS.lightbgcolor    networks         subversion
dracut.conf                nsswitch.conf    sudo.conf
dracut.conf.d              ntp              sudoers
environment                ntp.conf         sudoers.d
ethers                     odbc.ini         sudoers.rpmnew
event.d                    odbcinst.ini     sudo-ldap.conf
exports                    openldap         sysconfig
favicon.png                opt              sysctl.conf
filesystems                pam.d            system-release
fonts                      pango            system-release-cpe
freetds.conf               passwd           terminfo
fstab                      passwd-          udev
gai.conf                   pear             virc
gconf                      pear.conf        vmware-caf
gcrypt                     php.d            vmware-tools
gnome-vfs-2.0              php.ini          vmware-vcli
gnupg                      pki              wgetrc
group                      plymouth         wvdial.conf
group-                     pm               X11
grub.conf                  polkit-1         xdg
gshadow                    pool.conf        xinetd.conf
gshadow-                   popt.d           xinetd.d
gtk-2.0                    postfix          xml
host.conf                  ppp              yafApplabelRules.conf
hosts                      printcap         yum
hosts.allow                profile          yum.conf
hosts.deny                 profile.d        yum.repos.d
httpd                      protocols
init                       pulse
[root@nagiosxi etc]# cd /usr/local/bagios/libexec
-bash: cd: /usr/local/bagios/libexec: No such file or directory
You have mail in /var/spool/mail/root
[root@nagiosxi etc]# cd /usr/local/nagios/libexec
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Socket timeout after 10 seconds.
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
UNKNOWN: No handler for that command.
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Error - Could not complete SSL handshake.
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Error - Could not complete SSL handshake.
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ^C
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Exception processing request: Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Exception processing request: Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# [root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
-bash: [root@nagiosxi: command not found
[root@nagiosxi libexec]# Exception processing request: Request command contained illegal metachars!
-bash: Exception: command not found
[root@nagiosxi libexec]# You have mail in /var/spool/mail/root
-bash: You: command not found
[root@nagiosxi libexec]# [root@nagiosxi libexec]#
-bash: [root@nagiosxi: command not found
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]#
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"            Exception processing request: Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe"
OK: all processes are ok.|'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'count'=25;0;0
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CRITICAL: iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started|'count'=27;1;1
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CRITICAL: iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started|'count'=22;1;1
[root@nagiosxi libexec]#

For our purposes, we just need a count of instances of the "process" using >20 MB of memory. How can we suppress the instances from being listed?

[rkennedy]

You should be able to use working_set which will match the amount of physical memory in use. Here's an example -

Code: Select all

(0 processes)
[root@localhost libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=working_set>70m"
OK: all processes are ok.|'iexplore.exe ws_size'=0MB;70;0 'count'=1;0;1

(iexplore.exe open)
[root@localhost libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=working_set>70m"
CRITICAL: iexplore.exe=started|'iexplore.exe ws_size'=25.44921MB;70;0 'iexplore.exe ws_size'=95.90234MB;70;0 'count'=2;0;1

[hillhealthcenter]

I have a new issue now since starting upgrade the NSCLient++ on our hosts to version 0.4.4.23. They have a warning status because they were rebooted in the last 48 hours. We don't have a warning argument. We do have a critical argument for >21 days. Is there somewhere else I should look?

[rkennedy]

I have a new issue now since starting upgrade the NSCLient++ on our hosts to version 0.4.4.23. They have a warning status because they were rebooted in the last 48 hours. We don't have a warning argument. We do have a critical argument for >21 days. Is there somewhere else I should look?

I'm a bit confused, do you have a check setup for uptime of some sort? Can you show us a screenshot of what you're seeing?

[hillhealthcenter]

Sorry it took so long to respond. I've attached a screenshot.

When we reboot windows hosts that have the NSClient++ v.0.4.4.23 agent the uptime metric shows a warning state for the 48 hours after reboot. We don't know where to look to change this behavior. It only occurs on hosts with the newer version of NSClient.