Check_nt process returns service not running in gui

[samton99]

Hello,

I am trying to monitor process's on windows servers. I have 3 windows servers 2 are windows 2008 r2 64 domain controller's and 1 is a windows 2003 32 bit web server.

On the 2 2008 servers i am tring to monitor the lsass.exe process

and the 2003 server i am trying to monitor the explorer.exe process ( i know its redundant but am just testing it to eliminate possible 2005 or 64 bit issues which it isn't)

here is the services definitions in windows.cfg

define service{
use generic-service
host_name rha-mail
service_description Explorer
check_commandervice{
use generic-service
host_name rha-dc1,rha-dc2
service_description Active Directory Service
check_command check_nt!PROCSTATE!-d SHOWALL -l lsass.exe
}

# Create a service for monitoring the Explorer.exe process
# Change the host_name to match the name of the host you defined above

define service{
use generic-service
host_name rha-mail
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l explorer.exe
}
check_nt!PROCSTATE!-d SHOWALL -l explorer.exe

In the gui i see

Active Directory Service CRITICAL 06-14-2012 13:50:47 0d 1h 33m 38s 3/3 lsass.exe: not running

Explorer CRITICAL 06-14-2012 13:49:52 0d 1h 8m 33s 3/3 explorer.exe: not running

Any ideas what I am doing wrong?

Thanks

[lmiltchev]

What do you see when you run the check from the command line?

Code: Select all

/usr/local/nagios/libexec/check_nt -H <IP> -p 12489 -s <password> -v PROCSTATE -d SHOWALL -l lsass.exe,explorer.exe

[samton99]

I see the following message

lsass.exe: not running - explorer.exe: not running

[sebastiaopburnay]

Well,

I don't know what kind of agent you have on those Windows Servers, but I would recommend the NSClient++.

Plus, for the check plugin I would advise you to use the check_nrpe instead of the check_nt.

Those tools (check_nrpe and NSClient++ are really good together, such as easy to use)

About those errors you report, are you sure those processes are started at the time you run the plugin? Because some processes (just like the explorer.exe) will only be running on your server when some user has an active session there.

Best regards,
sebastiaopburnay

[samton99]

I have NSClient++ NSClient++ 0,4,0,172 2012-05-08 installed on the servers

I am logged in to rdp on the servers and I am looking at the process running.

I am monitoring a service and that works fine.

I am not familiar with nrpe, i will look into this. Does nrpe require ssl I installed nrpe on the nagios with no ssl.

Will this work in monitoring remote machines, Linux and windows?

[lmiltchev]

If the output of:

Code: Select all

/usr/local/nagios/libexec/check_nt -H <IP> -p 12489 -s <password> -v PROCSTATE -d SHOWALL -l lsass.exe,explorer.exe

is

Code: Select all

lsass.exe: not running - explorer.exe: not running

next logical question would be: "Are you sure these services are actually running on this particular server"?

P.S.
Regarding sebastiaopburnay's post - sure you can use nrpe with nsclient++ if you wish. You will need to modify the nsc.ini file by removing the ";" symbol in front of "NRPEListener.dll" and setting the value of "allow_argument" to 1:

Code: Select all

NRPEListener.dll
allow_arguments=1

Then you will need to restart the nsclient++ service so that the changes can take effect. From a DOS command prompt:

Code: Select all

net stop nsclientpp
net start nsclientpp

[samton99]

OK I am trying the nrpe way

I do not have a nsc.ini file I have a nsclient.ini file

When I installed the client I selected nrpe as an option please see my nsclient.ini file

; Undocumented section


[/modules]

; CheckDisk - CheckDisk can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckDisk = 1

; Event log Checker. - Check for errors and warnings in the event log. This is only supported through NRPE so if you plan to use only NSClient this wont help you at all.
CheckEventLog = 1

; Check External Scripts - A simple wrapper to run external scripts and batch files.
CheckExternalScripts = 1

; Helper function - Various helper function to extend other checks. This is also only supported through NRPE.
CheckHelpers = 1

; Check NSCP - Checkes the state of the agent
CheckNSCP = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckWMI - CheckWMI can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckWMI = 1

; NRPE server - A simple server that listens for incoming NRPE connection and handles them. NRPE is preferred over NSClient as it is more flexible. You can of cource use both NSClient and NRPE.
NRPEServer = 1

; NSCAClient - Passive check support (needs NSCA on nagios server). Avalible crypto are: {0=No Encryption (not safe), 1=XOR, 2=DES, 3=DES-EDE3, 4=CAST-128, 6=XTEA, 8=Blowfish, 9=Twofish, 11=RC2, 14=AES, 15=AES, 16=AES, 20=Serpent, 23=GOST}
NSCAClient = 1

; NSClient server - A simple server that listens for incoming NSClient (check_nt) connection and handles them. Although NRPE is the preferred method NSClient is fully supported and can be used for simplicity or for compatibility.
NSClientServer = 1


; Undocumented section
[/settings/default]

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 192.168.1.30

; PASSWORD - Password used to authenticate againast server
password =


; PASSWORD - Password used to authenticate againast server


; Section for NRPE (NRPEListener.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]

# NRPE PORT NUMBER
port=5666

# USE SSL SOCKET
use_ssl=0

; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]


; Section for system checks and system settings
[/settings/check/system/windows]


; Confiure which services has to be in which state
[/settings/check/system/windows/service mapping]


; Configure crash handling properties.
[/settings/crash]


; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]


; A set of options to configure the real time checks
[/settings/eventlog/real-time]


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]


; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]


; A list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
[/settings/external scripts/alias]


; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]


; A list of wrappped scripts (ie. using the template mechanism)
[/settings/external scripts/wrapped scripts]


; A list of templates for wrapped scripts
[/settings/external scripts/wrappings]


; Section for configuring the log handling.
[/settings/log]


; Configure log file properties.
[/settings/log/file]


; Section for configuring the shared session.
[/settings/shared session]


; A list of avalible remote target systems
[/settings/targets]


; Section for NSCA passive check module.
[/settings/NSCA/client]


; Target definition for: default
[/settings/NSCA/client/targets/default]


I receive the following error in my log
2012-06-15 12:10:09: e:..\..\..\..\trunk\include\nrpe\server\ssl_connection.cpp:39: Failed to establish secure connection: unknown protocol
2012-06-15 12:20:08: e:..\..\..\..\trunk\include\nrpe\server\ssl_connection.cpp:39: Failed to establish secure connection: unknown protocol

I do not use a password for now I will change it later.

I am positive that the services on the windows server are running, in regards to the procstate

[sebastiaopburnay]

I receive the following error in my log
2012-06-15 12:10:09: e:..\..\..\..\trunk\include\nrpe\server\ssl_connection.cpp:39: Failed to establish secure connection: unknown protocol
2012-06-15 12:20:08: e:..\..\..\..\trunk\include\nrpe\server\ssl_connection.cpp:39: Failed to establish secure connection: unknown protocol

Well, that error sugests missconfiguration of some of the components, rather than a monitoring missmatch.

To be honest, that configuration file seems to be lacking some stuff out.

I can see you use a recent version of NSClient++, I'm still using good old NSClient v 0.3.9.322 2011-07-04 and the last time I went to install a recent version I imediatly switched to the older one, due to my previously earned comfort and little time to adjust myself.

I'm considering using newer versions of NSClient++ in the future, but in the meanwhile I'm still using this older one.

One diference I spoted very quickly was the configuration file, if you were using an older version I would provide you with an NSC.INI file in which you could simply search&replace IPs.

P.S. I do not use passwords for NRPE between nagios<->NSClient++ either, due to the fact that monitoring and monitored hosts are usually on the same LAN/VLAN with strong trust relationships between them.

Best regards,
sebastiaopburnay

[samton99]

I figured it out

under the nrpe section i put in

; Section for NRPE (NRPEListener.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]
port=5666
use ssl=0
allow arguments=1

the only difference is no under score _.

Now it is working

The issue is I compiled the nrpe without ssl support and by default all checks requires ssl unless specified no. I will have to keep this in mind for everything I do from now on.

I will try the service check now and post back.

I plan to not use passwords as well since everything is internal.

[agriffin]

Glad you found a solution!