Trying to get process list from host when problem occur

[ShlomiUni]

Hi, So I've been trying to find a way to export host process list when nagios see a problem with the CPU..

I have a working powershell command to export the information I need, But I can't remote execute it on my windows host from my nagios centos machine even if I install powershell on my nagios server.

Invoke-Command -ScriptBlock {Get-WmiObject -class Win32_PerfFormattedData_PerfProc_Process | Select-Object Name,PercentProcessorTime,IDPROCESS | Sort-Object PercentProcessorTime} -ComputerName ServerName



So I've been thinking, Maybe there is a way to use nagios agent to export the information and send it to me some how?

I'm using NCPA to monitor my windows servers.

This is my CPU check command:

/usr/local/nagios/libexec/check_ncpa.py -H HOSTNAME -t 'mytoken' -P 5693 -M cpu/percent -w 80 -c 90 -q 'aggregate=avg'

So when a problem start, I receive notification of the CPU percent, I would like to include a process list if possible or just execute a second command to get the process list with cpu usage..
I want to know which process is the problematic one.

Thank you!

[ShlomiUni]

bump

[benjaminsmith]

Hi @ShlomiUni,

I believe the event handler feature would work very well for you in this application. When a problem CPU state arises, you can call your Powershell script on the remote host and have it generate the list of processes and either save those in a log file or send off an email.

Check out the following guide to get started with Event Handlers:
Introduction to Event Handlers

And the following KB article explains how to run Powershell scripts with NCPA.
https://support.nagios.com/kb/article/n ... a-722.html

Take a look at those docs, and let me know if you have any questions.

Benjamin

[ShlomiUni]

Hi @ShlomiUni,

I believe the event handler feature would work very well for you in this application. When a problem CPU state arises, you can call your Powershell script on the remote host and have it generate the list of processes and either save those in a log file or send off an email.

Check out the following guide to get started with Event Handlers:
Introduction to Event Handlers

And the following KB article explains how to run Powershell scripts with NCPA.
https://support.nagios.com/kb/article/n ... a-722.html

Take a look at those docs, and let me know if you have any questions.

Benjamin

Thank you so much, It helped me and it's working !
One question, Is there a macro for "Current Check:" ?
I'm trying to activate my event handler command only when the service "Current Check" is 2 , is that possible? I couldn't find any macro for that value.

Also, My event handler command is :

Code: Select all

#!/bin/bash
SERVICESTATE=$1
SERVICESTATETYPE=$2
if [[ "$SERVICESTATETYPE" == "HARD" && "$SERVICESTATE" == "CRITICAL" ]]; then
        /usr/local/nagios/libexec/check_ncpa.py -H myhostname.local -t mytoken -P 5693 -M 'plugins/ProcessList-Export.ps1'
 exit 0
else
 exit 0
fi

Is it possible to use $HOSTADDRESS$ instead of 'myhostname.local' ? It didn't work for me for some reason..

Thanks

[benjaminsmith]

Hi,

Thank you so much, It helped me and it's working !

Awesome! That's good to hear.

One question, Is there a macro for "Current Check:" ?

The $SERVICESTATE$ is the current check result.

$SERVICESTATE$ A string indicating the current state of the service ("OK", "WARNING", "UNKNOWN", or "CRITICAL").

However, Event handlers can fire on both soft and hard state changes, so you can broaden this to execute on soft state types as well. Let me know if that answers your questions or not. It sounds like you would like to log this more frequently.

All the standard Macros available in Nagios Core are found on the page below:
Standard Macors in Nagios

References:
Event Handlers

[ShlomiUni]

The $SERVICESTATE$ is the current check result.

$SERVICESTATE$ A string indicating the current state of the service ("OK", "WARNING", "UNKNOWN", or "CRITICAL").

However, Event handlers can fire on both soft and hard state changes, so you can broaden this to execute on soft state types as well. Let me know if that answers your questions or not. It sounds like you would like to log this more frequently.

So when using $SERVICESTATE$ and activating my event handler when the service state is crticial, it works, But after the first check the service becomes critical, second check, the service is still critical and activating the event handler again which I don't want.
I only want it to activate the event handler when the service is in critical state and Current Check is 1 of 1, Is that possible?
Or just limit the event handler for 1 command in period of time some how..

This is how my command looks now:

Code: Select all

#!/bin/bash
SERVICESTATE=$1
SERVICESTATETYPE=$2
SERVICESTATE=$3
if [[ "$SERVICESTATE" == "CRITICAL" ]]; then
        /usr/local/nagios/libexec/check_ncpa.py -H myhostname.local -t mytoken -P 5693 -M 'plugins/ProcessList-Export.ps1'
 exit 0
else
 exit 0
fi

Thanks!

[benjaminsmith]

Hi,

I only want it to activate the event handler when the service is in critical state and Current Check is 1 of 1, Is that possible?
Or just limit the event handler for 1 command in period of time some how..

There's not a macro for the counter that used for determining hard or soft state types, but there are macros for the last state and the current state type, so you could build in some logic checks to avoid executing the script it the service is changing state types or the last check was critical.

Let me know if that's going to work.

[ShlomiUni]

Hi,

I only want it to activate the event handler when the service is in critical state and Current Check is 1 of 1, Is that possible?
Or just limit the event handler for 1 command in period of time some how..

There's not a macro for the counter that used for determining hard or soft state types, but there are macros for the last state and the current state type, so you could build in some logic checks to avoid executing the script it the service is changing state types or the last check was critical.

Let me know if that's going to work.

Sure, That's good enough.
Last question, Is it possible to use $HOSTADDRESS$ instead of typing my actual hostname here:

Code: Select all

#!/bin/bash
SERVICESTATE=$1
SERVICESTATETYPE=$2

if [[ "$SERVICESTATETYPE" == "HARD" && "$SERVICESTATE" == "CRITICAL" ]]; then
        /usr/local/nagios/libexec/check_ncpa.py -H myhostname.local -t mytoken -P 5693 -M 'plugins/ProcessList-Export.ps1'
exit 0
else
exit 0
fi

/usr/local/nagios/libexec/check_ncpa.py -H myhostname.local -t mytoken -P 5693 -M 'plugins/ProcessList-Export.ps1'

I tried to change my hostname to $HOSTADDRESS$ but it doesn't work when I do it.
Thank you!

[benjaminsmith]

Hi,

Last question, Is it possible to use $HOSTADDRESS$ instead of typing my actual hostname here:

It's only possible to pass macros which are supported for your object type, and as we are working with a service check, the event handler is limited to service macros.

Benjamin

Reference:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf