Running NCPA 2.1.6 which means that this https://github.com/NagiosEnterprises/ncpa/issues/451 is not applicable.
Is it expected behavior that it is limited to only matching/searching for the actual binary name and ONLY the binary name?
We have various servers with java processes running on them at the same time. Tomcat/jboss/etc. Each of these are kicked off by wrapper scripts. Said wrapper script(s) filenames include words like tomcat/jboss/etc.
Sometimes the wrapper scripts die off. Don't care about those, but also don't want to get notified because something detects that too many "jboss" processes are running.
If we run "ps -ef" with no more than two grep statements we can determine if a running process is what we are after. An example would be [grep "jdk/bin/java" | grep jboss] will end up showing us only what we want to see.
Lets say that we have a few processes called "metricbeats" running, but each are running under a different config file for testing purposes. With a [ps -ef] it is clear which is running under what config file.
When I use the 'processes' regex statement, it will find them all.
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=[a-z]etricbeat,match=regex' -c 1:30
So far this is great, but if I want to extend the regex statement before or after the actual binary word "metricbeat" it keeps failing. Two example of it failing to find even a count of "1":
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat\s,match=regex' -c 1:30
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat.,match=regex' -c 1:30
These are the two regex patterns:
metricbeat.
metricbeat\s
Is this expected behavior that it is limited to only viewing the actual binary name?
Can the NCPA processes regex search other-than the binary?
Re: Can the NCPA processes regex search other-than the binar
No, you could use different values - username, name, cmd, exe, etc. Try using 'cmd', instead of 'name'. You can see all of the options from the web UI, on the API tab.Is it expected behavior that it is limited to only matching/searching for the actual binary name and ONLY the binary name?
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Can the NCPA processes regex search other-than the binar
Got it working to find/match "metricbeat -c /etc/metricbeat/metricbeat.yml":
/usr/local/nagios/libexec/check_ncpa.py -H servername -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'cmd=metricbeat\s\-c\s\/etc\/metricbeat\/metricbea[a-z]\.yml,match=regex' -c 1:30
Matches the ps -ef output:
root 6463 1 0 Mar29 ? 03:44:21 /usr/share/metricbeat/bin/metricbeat -c /etc/metricbeat/metricbeat.yml -path.home /usr/share/metricbeat -path.config /etc/metricbeat -path.data /var/lib/metricbeat -path.logs /var/log/metricbeat
Previous to today, I was unable to find any actual, written EXAMPLE of using the NCPA processes module, with "cmd" and regex
/usr/local/nagios/libexec/check_ncpa.py -H servername -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'cmd=metricbeat\s\-c\s\/etc\/metricbeat\/metricbea[a-z]\.yml,match=regex' -c 1:30
Matches the ps -ef output:
root 6463 1 0 Mar29 ? 03:44:21 /usr/share/metricbeat/bin/metricbeat -c /etc/metricbeat/metricbeat.yml -path.home /usr/share/metricbeat -path.config /etc/metricbeat -path.data /var/lib/metricbeat -path.logs /var/log/metricbeat
Previous to today, I was unable to find any actual, written EXAMPLE of using the NCPA processes module, with "cmd" and regex
Re: Can the NCPA processes regex search other-than the binar
I am glad using the 'cmd' option helped you solve the issue! I am closing this topic now. If you have any more questions, please start a new thread.
Be sure to check out our Knowledgebase for helpful articles and solutions!