check_wmi_not fully grasping how this works yet.

[tonyroth]

Excuse me if I missed this being posted somewhere else.

trying to figure out the what where and how of nagios xi, yes I'm a newb. So anyway within nagiosxi I bring up the monitor wizard and select wmi I put the host and username/pw (tested and validated, via powershell gwmi ) in there respective fields, I then uncheck everything but the process portion (I need to check a given process not service). No matter what process I put in I get the following.

COMMAND: /usr/local/nagios/libexec/check_wmi_plus.pl -H -u 'doman\user' -p \'xxx@ -m checkprocess -s Commandline -a 'MediaBeacon64.exe'
OUTPUT: WMI Query returned no data. The item you were looking for may NOT exist or the software that creates the WMI Class may not be running, or all data has been excluded.

I need to check in the above case to see if mediabeacon64.exe is running. No matter what text that I put in for the -a parameter I get the same result.

I'm sort of stumped on the nsclient\wmi relationship so I may be failing within that context.
thanks

[sreinhardt]

nsclient does provide an additional way to check wmi, however when using the check_wmi_plus.pl plugin, you are actually using perl to check wmi directly from the nagios box itself. The errors you are getting, seem to me that wmi is likely being blocked by an intermediate firewall or the local firewall on one of the systems. Let's start by nmapping and making sure dcom is open at least.

Code: Select all

nmap -p 135 [host\IP of windows machine]

[tonyroth]

Tht would have been funny and sad if true but already tested that. Any more ideas?

[sreinhardt]

Was the result only open not open/filtered or closed? We can certainly do some checks with wmic or the plugin directly, however I just wanted to get the basics out of the way so that it wasn't anything glaringly obvious(you know, when its a nice simple resolve like closed ports).

[tonyroth]

just logged in to the xi server and ran the wmic command it returned results just fine.

[slansing]

So you SSH'd in and ran it as root correct? Can you copy exactly what you ran and post it here? And also a copy of your service configuration for the check in question that nagios is running?

[tonyroth]

in other words
wmic -U "dom/user%somepw" //10.1.5.58 "select * from Win32_process where name like '%MediaBeacon64.exe'"

returned the expect results while running

[sreinhardt]

Wait a second, I just noticed, that there is no hostname or IP after the command from the web ui, as a side note check_wmi+plus rarely works from the test command button as it has escaping issues with php.

COMMAND: /usr/local/nagios/libexec/check_wmi_plus.pl -H -u 'doman\user' -p \'xxx@ -m checkprocess -s Commandline -a 'MediaBeacon64.exe'

Did you intentionally remove this, or was it not actually passed?

[tonyroth]

trying to sanitize things heres the service file

[sreinhardt]

After testing your command, obviously with a different process, I can confirm that you check works, however you have to swap the \ for a / in the user field so it is domain/user. Otherwise everything works great here with that command.