Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Alert when Windows process IS running

https://support.nagios.com/forum/viewtopic.php?t=39668

Page 2 of 3

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 11:30 am
by hillhealthcenter
I installed NSClient++ 0.4.4.23 on one host as a test. I getting the "CHECK_NRPE: Error - Could not complete SSL handshake." for both the Windows Uptime service in XI and for the command that you gave me.

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 11:38 am
by hillhealthcenter
Please disregard my last post. I found the solution to the '...handshake..." issue

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 11:50 am
by lmiltchev
Were you able to successfully run the following command from the command line on the Nagios XI server?

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <client ip> -c check_process -a "process=<process name>" "critical=count>1" "ok=count=0" "warning=count>1"
Let us know if you need more help.

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 12:01 pm
by hillhealthcenter
The command works from the server CLI. Now I need to figure out how to get it into XI.

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 12:15 pm
by lmiltchev
Add a new service in under the CCM. Use "check_nrpe" as a check command. Add check_process to $ARG1$, and -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1" to ARG2$. Save and apply configuration. The service config should look something like this:

Code: Select all

define service {
	host_name			Windows7
	service_description		IE Process
	use				xiwizard_windowsserver_nsclient_service
	check_command			check_nrpe!check_process!-a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"!!!!!!
	max_check_attempts		5
	check_interval			5
	retry_interval			1
	check_period			24x7
	notification_interval		60
	contacts			nagiosadmin
	_xiwizard			windowsserver
	register			1
	}
Under "Service Status Detail" you should see something like this:
example01.PNG
Here's a document explaining how to manage monitoring plugins in Nagios XI:
https://assets.nagios.com/downloads/nag ... lugins.pdf

Let us know if you have any more questions/issues.

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 12:19 pm
by hillhealthcenter
This is the output that I get from the server CLI:

Code: Select all

login as: root
[email protected]'s password:
Last login: Fri Jul 29 13:32:41 2016 from 2ua4010qbb.hhc.com
[root@nagiosxi ~]# cd libexec
-bash: cd: libexec: No such file or directory
[root@nagiosxi ~]# ls
anaconda-ks.cfg  install.log.syslog  scripts
install.log      nagiosxi.bak        setup-linux.sh
[root@nagiosxi ~]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
-bash: ./check_nrpe: No such file or directory
You have new mail in /var/spool/mail/root
[root@nagiosxi ~]# cd /
You have mail in /var/spool/mail/root
[root@nagiosxi /]# ls
bin   cgroup  etc   lib         media  opt   root  selinux  store  tmp  var
boot  dev     home  lost+found  mnt    proc  sbin  srv      sys    usr
[root@nagiosxi /]# cd etc
[root@nagiosxi etc]# ls
adjtime                    init.d           rc
aliases                    inittab          rc0.d
aliases.db                 inputrc          rc1.d
alternatives               iproute2         rc2.d
anacrontab                 issue            rc3.d
apt                        issue.net        rc4.d
asound.conf                issue-standard   rc5.d
audisp                     jwhois.conf      rc6.d
audit                      kde              rc.d
avahi                      krb5.conf        rc.local
bash_completion.d          ld.so.cache      rc.sysinit
bashrc                     ld.so.conf       redhat-release
blkid                      ld.so.conf.d     resolv.conf
bonobo-activation          lftp.conf        rpc
centos-release             libaudit.conf    rpm
cgconfig.conf              libuser.conf     rpmdevtools
cgconfig.d                 locales.conf     rsyslog.conf
cgrules.conf               localtime        rwtab
cgsnapshot_blacklist.conf  login.defs       rwtab.d
chkconfig.d                logrotate.conf   sasl2
ConsoleKit                 logrotate.d      securetty
cron.d                     lvm              security
cron.daily                 mailcap          selinux
cron.deny                  mail.rc          services
cron.hourly                makedev.d        sestatus.conf
cron.monthly               man.config       sgml
crontab                    mdadm.conf       shadow
cron.weekly                mime.types       shadow-
crypttab                   mke2fs.conf      shells
csh.cshrc                  modprobe.d       skel
csh.login                  motd             smart
dbus-1                     mrtg             snmp
default                    mtab             sound
depmod.d                   my.cnf           ssh
dhcp                       nagiosql         ssl
DIR_COLORS                 nagiosxi-banner  statetab
DIR_COLORS.256color        NetworkManager   statetab.d
DIR_COLORS.lightbgcolor    networks         subversion
dracut.conf                nsswitch.conf    sudo.conf
dracut.conf.d              ntp              sudoers
environment                ntp.conf         sudoers.d
ethers                     odbc.ini         sudoers.rpmnew
event.d                    odbcinst.ini     sudo-ldap.conf
exports                    openldap         sysconfig
favicon.png                opt              sysctl.conf
filesystems                pam.d            system-release
fonts                      pango            system-release-cpe
freetds.conf               passwd           terminfo
fstab                      passwd-          udev
gai.conf                   pear             virc
gconf                      pear.conf        vmware-caf
gcrypt                     php.d            vmware-tools
gnome-vfs-2.0              php.ini          vmware-vcli
gnupg                      pki              wgetrc
group                      plymouth         wvdial.conf
group-                     pm               X11
grub.conf                  polkit-1         xdg
gshadow                    pool.conf        xinetd.conf
gshadow-                   popt.d           xinetd.d
gtk-2.0                    postfix          xml
host.conf                  ppp              yafApplabelRules.conf
hosts                      printcap         yum
hosts.allow                profile          yum.conf
hosts.deny                 profile.d        yum.repos.d
httpd                      protocols
init                       pulse
[root@nagiosxi etc]# cd /usr/local/bagios/libexec
-bash: cd: /usr/local/bagios/libexec: No such file or directory
You have mail in /var/spool/mail/root
[root@nagiosxi etc]# cd /usr/local/nagios/libexec
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Socket timeout after 10 seconds.
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
UNKNOWN: No handler for that command.
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Error - Could not complete SSL handshake.
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CHECK_NRPE: Error - Could not complete SSL handshake.
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ^C
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Exception processing request: Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
Exception processing request: Request command contained illegal metachars!
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# [root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
-bash: [root@nagiosxi: command not found
[root@nagiosxi libexec]# Exception processing request: Request command contained illegal metachars!
-bash: Exception: command not found
[root@nagiosxi libexec]# You have mail in /var/spool/mail/root
-bash: You: command not found
[root@nagiosxi libexec]# [root@nagiosxi libexec]#
-bash: [root@nagiosxi: command not found
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]#
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"            Exception processing request: Request command contained illegal metachars!
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe"
OK: all processes are ok.|'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'iexplore.exe state'=1;0;0 'count'=25;0;0
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CRITICAL: iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started|'count'=27;1;1
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
You have mail in /var/spool/mail/root
[root@nagiosxi libexec]# clear
[root@nagiosxi libexec]# ./check_nrpe -H 192.168.102.95 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=count>1"
CRITICAL: iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started, iexplore.exe=started|'count'=22;1;1
[root@nagiosxi libexec]#
For our purposes, we just need a count of instances of the "process" using >20 MB of memory. How can we suppress the instances from being listed?

Re: Alert when Windows process IS running

Posted: Wed Aug 10, 2016 1:42 pm
by rkennedy
You should be able to use working_set which will match the amount of physical memory in use. Here's an example -

Code: Select all

(0 processes)
[root@localhost libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=working_set>70m"
OK: all processes are ok.|'iexplore.exe ws_size'=0MB;70;0 'count'=1;0;1

(iexplore.exe open)
[root@localhost libexec]# ./check_nrpe -H 192.168.5.47 -c check_process -a "process=iexplore.exe" "critical=count>1" "ok=count=0" "warning=working_set>70m"
CRITICAL: iexplore.exe=started|'iexplore.exe ws_size'=25.44921MB;70;0 'iexplore.exe ws_size'=95.90234MB;70;0 'count'=2;0;1

Re: Alert when Windows process IS running

Posted: Thu Aug 11, 2016 3:01 pm
by hillhealthcenter
I have a new issue now since starting upgrade the NSCLient++ on our hosts to version 0.4.4.23. They have a warning status because they were rebooted in the last 48 hours. We don't have a warning argument. We do have a critical argument for >21 days. Is there somewhere else I should look?

Re: Alert when Windows process IS running

Posted: Thu Aug 11, 2016 3:24 pm
by rkennedy
hillhealthcenter wrote:I have a new issue now since starting upgrade the NSCLient++ on our hosts to version 0.4.4.23. They have a warning status because they were rebooted in the last 48 hours. We don't have a warning argument. We do have a critical argument for >21 days. Is there somewhere else I should look?
I'm a bit confused, do you have a check setup for uptime of some sort? Can you show us a screenshot of what you're seeing?

Re: Alert when Windows process IS running

Posted: Wed Aug 17, 2016 8:07 am
by hillhealthcenter
Sorry it took so long to respond. I've attached a screenshot.

When we reboot windows hosts that have the NSClient++ v.0.4.4.23 agent the uptime metric shows a warning state for the 48 hours after reboot. We don't know where to look to change this behavior. It only occurs on hosts with the newer version of NSClient.
All times are UTC-05:00
Page 2 of 3

Powered by phpBB® Forum Software © phpBB Limited