Page 2 of 2
Re: Alert only if service startup type is automatic
Posted: Fri Jul 29, 2016 6:45 am
by jyoti22
thanks for the help mcapra! Now my service monitoring is working perfectly fine. However I am getting same issues with check_winevent plugin.
I have copied this plugin in scripts folder and modified nsclient.ini file
checkUPState=scripts\check_winevent.exe --log system --code "7030","7037" --type "error" --source "Service Control Manager" --verbos "Service entered unpredictable state"
Here for event log client requirement is to check event id in system log, if event id exists then generate customized alert as attached.
test from XI server
Code: Select all
[root@auscrpmonprd00 libexec]# ./check_nrpe -H 10.164.133.13 -c checkUPState
Failed to execute checkupstate: 14001: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
Kindly help on this as well.
Thanks in advance.
Re: Alert only if service startup type is automatic
Posted: Fri Jul 29, 2016 10:30 am
by mcapra
Does the
check_winevent plugin work if executed locally? That looks like a Windows runtime error to me, not something specific to NSClient. I would first verify that you have the necessary files
included with that plugin. What Windows flavor/version is this machine using?
Using that exact same NSClient configuration, I get the expected output:
Code: Select all
[root@localhost libexec]# ./check_nrpe -H 192.168.3.170 -c checkUPState
Event log(s): system
Event code(s): 7030, 7037
Event type(s): error
Event sources: Service Control Manager
Time window: 3600 seconds, timestamp: 20160729142126.000000+000
Eventlog system - 0 selected events
Total number of events selected: 0
EVENT OK - 0 events|'events'=0
Re: Alert only if service startup type is automatic
Posted: Mon Aug 01, 2016 3:49 am
by jyoti22
Hi,
My windows version is windows 2008 server R2. And I have copied check_winevet.exe, check_winevent.pl files to scripts folder.
running check_winevent.exe locally also gives same result.
Code: Select all
C:\Program Files\NSClient++\scripts>check_winevent.exe
The application has failed to start because its side-by-side configuration is incorrect.
Please see the application event log or use the command-line sxstrace.exe tool for more details
C:\Program Files\NSClient++\scripts>check_winservice.exe
SERVICE OK - 183 service(s).|services=183;;;
Re: Alert only if service startup type is automatic
Posted: Mon Aug 01, 2016 10:05 am
by mcapra
I would suggest including all the files in
check_winevent-1.3.zip. There's lots of libraries that this application requires to function.
https://www.itefix.net/check_winevent
The only issues I encountered with this plugin (on my 2008 RC2 machine) were a result of files being missing. If including all the files from the zip doesn't solve your issue, you're probably better off contacting the person who maintains that plugin:
https://www.itefix.net/contact
Re: Alert only if service startup type is automatic
Posted: Mon Aug 01, 2016 10:09 am
by lmiltchev
You should place
ALL of the files/directories that come with the plugin in the NSClient++ scripts directory...
example01.PNG
Re: Alert only if service startup type is automatic
Posted: Thu Aug 04, 2016 4:44 am
by jyoti22
After copying files. Its working fine
Thanks a lot!
Re: Alert only if service startup type is automatic
Posted: Thu Aug 04, 2016 9:08 am
by mcapra
Good news! Is it alright if we lock this thread and mark the issue as resolved?
Re: Alert only if service startup type is automatic
Posted: Fri Aug 05, 2016 4:25 am
by jyoti22
One last issue.
Event log monitoring is working fine. But we are not getting alerts triggered in Nagios. What could be the reason of it? Below is the command I am using in nsclient.ini file
checkUPState=scripts\check_winevent.exe --log system --code "7030","7037" --type "error" --source "Service Control Manager" --verbos "Service entered unpredictable state"
checkMisconfigured=scripts\check_winevent.exe --log system --code "7015","7017","7018","7019","7020" --type "error" --source "Service Control Manager" --verbos "Service is misconfigured"
As per these commands, when system logs finds entry for --code, nagios should trigger alert right?
Re: Alert only if service startup type is automatic
Posted: Fri Aug 05, 2016 7:36 am
by jyoti22
Please ignore my previous post. Event log monitoring is working fine.
However, I am not sure how the plugin works here, does it filter only newly generated alerts or scan complete file and generate alert. Can anyone please help to explain it.
How Nagios will clear this alert?
Re: Alert only if service startup type is automatic
Posted: Fri Aug 05, 2016 11:40 am
by mcapra
My understanding of it (this is not a plugin developed by Nagios) is that you are basically telling
check_winevent "I want to see events with (criteria) that have occurred over (time period). Please generate a critical/warning state if the threshold is above (threshold)."
With your definition:
Code: Select all
checkMisconfigured=scripts\check_winevent.exe --log system --code "7015","7017","7018","7019","7020" --type "error" --source "Service Control Manager" --verbos "Service is misconfigured"
By not including a time period (using the
--window option), you are essentially checking every event that exists in the system log. If the number of events matching your criteria exceeds the warning/critical threshold (which you have not set),
check_winevent will generate a warning/critical state. It will continue generating that critical/warning state until the number of events matching the criteria drops below the threshold.
In a nutshell, this plugin checks the number of events happening within a time frame and can generate warning/critical states if the number of events exceeds the threshold.