Nagios Support Forum

I am trying to check a Windows service using WMI with Nagios XI 2014R1.1.

I added a service check for "Sophos Agent" and the status information under "service details" reads:

OK - Found 0 Services(s), 0 OK and 0 with problems (0 excluded).

However, when I run the command in CCM or via command line it returns what's expected:

COMMAND: /usr/local/nagios/libexec/check_wmi_plus.pl -H x.x.x.x -u 'xxx' -p 'xxx' -m checkservice -a ''\\''Sophos Agent'\\'''
OUTPUT: OK - Found 9 Services(s), 8 OK and 1 with problems (0 excluded). 'Sophos Anti-Virus status reporter' (SAVAdminService) is Running, 'Sophos Anti-Virus' (SAVService) is Running, 'Sophos Agent' (Sophos Agent) is Running, 'Sophos AutoUpdate Service' (Sophos AutoUpdate Service) is Running, 'Sophos Device Control Service' (Sophos Device Control Service) is Running, 'Sophos Message Router' (Sophos Message Router) is Running, 'Sophos Web Control Service' (Sophos Web Control Service) is Running, 'Sophos Web Intelligence Service' (swi_service) is Running, 'Sophos Web Intelligence Update' (swi_update_64) is Stopped.|'Total Service Count'=9; 'Service Count OK State'=8; 'Service Count Problem State'=1; 'Excluded Service Count'=0;


I am not sure what else to check, any help would be greatly appreciated!

Cheers

This could be a problem with escaping the backslashes in the web UI. Can you run the Test Check Command button from the CCM for that service? Also please post a screenshot of the service's page in the CCM.

Hi, thanks for the response!

Here is the output to the test check command:
OUTPUT: OK - Found 9 Services(s), 8 OK and 1 with problems (0 excluded). 'Sophos Anti-Virus status reporter' (SAVAdminService) is Running, 'Sophos Anti-Virus' (SAVService) is Running, 'Sophos Agent' (Sophos Agent) is Running, 'Sophos AutoUpdate Service' (Sophos AutoUpdate Service) is Running, 'Sophos Device Control Service' (Sophos Device Control Service) is Running, 'Sophos Message Router' (Sophos Message Router) is Running, 'Sophos Web Control Service' (Sophos Web Control Service) is Running, 'Sophos Web Intelligence Service' (swi_service) is Running, 'Sophos Web Intelligence Update' (swi_update_64) is Stopped.|'Total Service Count'=9; 'Service Count OK State'=8; 'Service Count Problem State'=1; 'Excluded Service Count'=0;

And attached is a screenshot of the service. Could it be an issue that I am using a domain user instead of a local one?

Could you try running the command from the shell? We need to check if the escaping is correct:

Here is the output:

OK - Found 1 Services(s), 1 OK and 0 with problems (0 excluded). 'Sophos Agent' (Sophos Agent) is Running.|'Total Service Count'=1; 'Service Count OK State'=1; 'Service Count Problem State'=0; 'Excluded Service Count'=0;

Please let me know if you need anything else.

On the Windows box, what is the actual "Service name" and "Display name" in "Services" (right-click on the service->Properties)? Have you tried using this:
instead of this:

changing to -a 'Sophos Agent'

OK - Found 1 Services(s), 1 OK and 0 with problems (0 excluded). 'Sophos Agent' (Sophos Agent) is Running.

That's much better thank you! I used the WMI Wizard and added the service that way, I think because I added the ' in the wizard ('Sophos Agent'), it turned out funky like that.

Just curious as to how the initial command got a more detailed summary with all the components of Sophos and this way it just finds the agent?

Again thanks for the help!

I believe with what you were running in the original command, it was matching anything that deals with 'Sophos Agent' now you are checking for only matches of "Sophos Agent" literally. I'll double check and see what the stipulations are for this.