Page 2 of 4
Re: Check file modification date timestamp
Posted: Thu Oct 08, 2015 1:26 pm
by jkinning
I am getting No files found.
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'
No files found
I also thought maybe it was case-sensitive so I looked up the exact file path and same thing
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns\\CACHE.DNS' 'critical=written>-600s'
No files found
Or is that what the results should be and then if the file is >-600s it would display and trigger the notification? Basically, if the file gets modified.
Re: Check file modification date timestamp
Posted: Thu Oct 08, 2015 4:01 pm
by jdalrymple
Naah, that's werid. What version of nsclient?
Code: Select all
[jdalrymple@localhost subsys]$ /usr/local/nagios/libexec/check_nrpe -H <winhost> -c check_files -a 'file=C:\\Windows\\System32\\dns\\CACHE.DNS' 'critical=written>-600s'
No drives found
[jdalrymple@localhost subsys]$ /usr/local/nagios/libexec/check_nrpe -H <winhost> -c check_files -a 'file=C:\\Program Files\\NSClient++\nsclient.log' 'critical=written>-1s'
CRITICAL: 0/1 files (nsclient.log)|'nsclient.log_written'=1444337993;0;1444337992
[jdalrymple@localhost subsys]$ /usr/local/nagios/libexec/check_nrpe -H <winhost> -c check_files -a 'file=C:\\Program Files\\NSClient++\nsclient.log' 'critical=written>-0s'
OK: All 1 files are ok|'nsclient.log_written'=1444338000;0;1444338000
Obviously my machine is not a DNS server.
Re: Check file modification date timestamp
Posted: Fri Oct 09, 2015 7:45 am
by jkinning
I (0.4.3.143 2015-04-29) seem to be doing fine...
Re: Check file modification date timestamp
Posted: Fri Oct 09, 2015 1:54 pm
by lmiltchev
H-m-m, I am using the same version of NSClient++ and I am able to "see" the file just fine.
Code: Select all
[root@testbox libexec]# ./check_nrpe -H x.x.x.x
I (0.4.3.143 2015-04-29) seem to be doing fine...
[root@testbox libexec]# ./check_nrpe -H x.x.x.x -c CheckFiles -a path='C:\\windows\\system32\\dns' pattern='cache.dns' 'filter=written < -10m' MaxCrit=1
CACHE.DNS|'count'=1;0;1
It must be a permissions issue. Can you open a CMD Prompt, run the following command and show the output?
Code: Select all
icacls c:\Windows\SYstem32\dns\CACHE.DNS
Re: Check file modification date timestamp
Posted: Fri Oct 09, 2015 2:55 pm
by jkinning
C:\Users\unknown>icacls C:\Windows\System32\dns\CACHE.DNS
C:\Windows\System32\dns\CACHE.DNS WS\DnsAdmins:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 1 files; Failed processing 0 files
Re: Check file modification date timestamp
Posted: Fri Oct 09, 2015 10:02 pm
by jdalrymple
Is your nsclient++ service running as localhost\SYSTEM? That's the typical setup.
Re: Check file modification date timestamp
Posted: Mon Oct 12, 2015 8:20 am
by jkinning
Yes it is.
Re: Check file modification date timestamp
Posted: Mon Oct 12, 2015 2:06 pm
by jdalrymple
Spun up my ADDS box and it totally worked. This is on 2012R2:
Code: Select all
[jdalrymple@localhost libexec]$ ./check_nrpe -H myaddsbox -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'
OK: All 1 files are ok|'CACHE.DNS_written'=1443040812;0;1444676134
What's next, maybe try putting a file at 'c:\somefile.txt' and see if that works?
Re: Check file modification date timestamp
Posted: Tue Oct 13, 2015 6:35 am
by jkinning
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\gpo.txt' 'critical=written>-600s'
OK: All 1 files are ok|'gpo.txt_written'=1310932869;0;1444735203
./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'
No files found
Re: Check file modification date timestamp
Posted: Tue Oct 13, 2015 9:21 am
by jdalrymple
You've got me pretty well stumped. I'm not sure how much help it will be, but it might be worth trying debugging in nsclient and seeing if nsclient.log shares any useful information.
Code: Select all
[/settings/log]
file name = nsclient.log
level = debug