NAGIOS - monitoring windows event logs

[brianweeks22]

Good Morning,

I am receiving the error w/in nagios.... (Return code of 126 is out of bounds - plugin may not be executable)

I have followed these directions:

at first the plugin was not set to executable w/in the nagios server.. I changed it to 755(before I change it i received error code 127.. after I change it.. it can now see the plugin.. but not execute.. I am running this on a centos5 server... the client is a windows server 2003 and is currently set-up w/in nagios and being successfully monitored... I am stumped..


on the windows machien i have the .exe running as a service.. and can see it w/in the process list...


Thanks

Code: Select all

Installing check_win_eventlog and eventlog_agent!

1. Installing check_win_eventlog
To install this Nagios Plugin, simply copy check_win_eventlog.pl to
$NAGIOS_HOME/libexec directory and set the excutable flag on it.
To make use of the Plugin you need to define a check_command and a
service like it is shown below:

define command{
       command_name           check_win_eventlog
       command_line           $USER1$/check_win_eventlog.pl -H $HOSTADDRESS$ -s $ARG1$ -l $ARG2$ -t $ARG3$
}

define service{
       service_description    System Eventlog
       use                    generic-service
       check_command          check_win_eventlog!a!System!.*:+1
       max_check_attemtps     1
       host_name              MyMaschine
       contact_groups         MyAdminGroup
       is_volatile            1
}

This will check the Eventlog Protocol "System" and excludes all Events
that are not of type error ('.*' exclude all; '+1' but include errors).


2. Install the eventlog_agent
You have several options to install the eventlog_agent on your Windows Server.
a) Manual
To test this peace of Software you may choose to simply run the 'eventlog_agent.exe'
from the Windows Explorer. There is NO konfiguration needed, so you can just run
the Nagios Plugin to check the agent.
b) Windows Service
Most people will want to install the 'eventlog_agent.exe' as Windows Service, because
this way it will start automatically on each reboot.
To do this, you will need 'instsrv.exe' and 'srvany.exe' from Microsoft Resource Kit.
Just copy those files together with 'eventlog_agent.exe', 'eventlog_agent.bat' and
'eventlog_agent.reg' into the folder 'c:\programme\eventlog_agent' and run the
batch file. If you want to use a different folder, then you will need to modify
the path in 'eventlog_agent.bat' and 'eventlog_agent.reg'
c) Autostart
You may put the exe into your Systems Autostart Folder. But this requires that there is
someone logged in.

[abrist]

have you followed part 2 of the output?

Code: Select all

2. Install the eventlog_agent
You have several options to install the eventlog_agent on your Windows Server.
a) Manual
To test this peace of Software you may choose to simply run the 'eventlog_agent.exe'
from the Windows Explorer. There is NO konfiguration needed, so you can just run
the Nagios Plugin to check the agent.
b) Windows Service
Most people will want to install the 'eventlog_agent.exe' as Windows Service, because
this way it will start automatically on each reboot.
To do this, you will need 'instsrv.exe' and 'srvany.exe' from Microsoft Resource Kit.
Just copy those files together with 'eventlog_agent.exe', 'eventlog_agent.bat' and
'eventlog_agent.reg' into the folder 'c:\programme\eventlog_agent' and run the
batch file. If you want to use a different folder, then you will need to modify
the path in 'eventlog_agent.bat' and 'eventlog_agent.reg'
c) Autostart
You may put the exe into your Systems Autostart Folder. But this requires that there is
someone logged in.

[brianweeks22]

Thank you for the reply.. Yes, I have completed step 2... I also ensured that ALL path's are correct as well w/in the client files

nagios error logs

[1368030730] Warning: Return code of 126 for check of service 'Event-Logs' on host 'Archivesrvr01' was out of bounds.Make sure the plugin you're trying to run is executable.
[

This the the complete nagios plugin that I downloaded.. linux server and windows host files

[abrist]

try:

Code: Select all

chmod +x /us/local/nagios/libexec/check_win_eventlog.pl
ls -la /usr/local/nagios/libexec

[brianweeks22]

[root@rodan libexec]# chmod +x /usr/local/nagios/libexec/check_win_eventlog.pl
[root@rodan libexec]# ls -la /usr/local/nagios/libexec
total 216
drwxr-xr-x. 2 root root 4096 May 8 10:13 .
drwxr-xr-x. 5 root root 4096 Jan 22 18:04 ..
-rwxr-xr-x. 1 root root 127337 Mar 21 2012 check_mssql_health
-rwxr-xr-x. 1 root root 69188 Jan 30 16:15 check_nrpe
-rwxr-xr-x. 1 root root 1434 Apr 5 2012 check_proc_meminfo
-rwxr-xr-x. 1 root root 6771 Apr 6 2004 check_win_eventlog.pl
[root@rodan libexec]#

I should add that my plugins are under /usr/lib/nagios/plugins..

this is how it was set-up when handed to me...

I changed your path and ran it on the correct (our setup) path..

still no success... all config files DO point to this location.. and nagios IS currently set-up and running.. just wanted to give ya that littel bit of info


Thanks

now i placed the .PL file right onto the nagios server.. i am guessing that it was pre-compiled... can you verify?

Thanks

[slansing]

Have you tried to manually execute this plugin with the information you have in your service definition? I.e. "Host address" "-s,-l,-t" flags etc.

If it does function properly try changing the command definition to the following:

Code: Select all

define command{
       command_name           check_win_eventlog
       command_line           /usr/lib/nagios/plugins/check_win_eventlog.pl -H $HOSTADDRESS$ -s $ARG1$ -l $ARG2$ -t $ARG3$
}

Using the full directory path.

[brianweeks22]

how do I manually execute a plugin? same as nrpe?

I did try the new command, and it is still returning

(Return code of 126 is out of bounds - plugin may not be executa

does this mean that it is not executable on the server or client?

Thanks

[sreinhardt]

If you are using a perl plugin on the local nagios system that checks against a remote host, the plugin issues with execution would be on the nagios server. Based on your command configuration, this would seem to be the case.

try running "ls -lva /usr/lib/nagios/plugins |grep -i check_win_eventlog.pl" and return the output.

Alternatively if you are using nrpe or another remote checker that runs on a client, it would depend on if nrpe is returning this or the local nagios system. If other nrpe checks are working it is likely on the remote system. A similar ls command as above to your remote plugin directory and searching for the plugin name you are having issues with would show the same information.

[brianweeks22]

output of command...

[root@rodan nagios]# ls -lva /usr/lib/nagios/plugins |grep -i check_win_eventlog.pl
-rwxr-xr-x. 1 root root 6771 Apr 6 2004 check_win_eventlog.pl


NRPE checks ARE working.. the server is centoS and the client/host is server 2003

Thanks

[sreinhardt]

Ah somehow I didn't catch before that you had listed permissions. To answer your question of how to manually run it. You would log into your nagios machine, cd to /usr/lib/nagios/plugins, then run your command as you have defined in nagios.

/usr/lib/nagios/plugins/check_win_eventlog.pl -H $HOSTADDRESS$ -s $ARG1$ -l $ARG2$ -t $ARG3$

$HOSTADDRESS$ = Remote Hostname or IP
$ARG1$ = unique ID that is used by the Agent to identify an request.
$ARG2$ = The Eventlog protocol name. This is one of 'System', 'Application' or 'Security'.
$ARG3$ = A list of regular expressions divided by colons (:) for EventTypes

All of these options should already be defined in your service check.