Check file modification date timestamp

[jkinning]

I am running Nagios XI 2014R2.7 with NSClient++ 0.4.3.143 2015-04-29. I am trying to leverage Nagios to monitor two files on our DNS servers
C:\windows\system32\dns\cache.dns
C:\windows\system32\ntds.dit

I need to have that monitored based on modification dates so when and if the files get updated Nagios would send out critical notification to our admins. These files shouldn't change that often and when they do I would be notified so I could make the necessary change to the Nagios check. I was trying the file age check and check file but I couldn't come up with anything that would work. We have other tools but Nagios is the one our Management wants us to leverage so I am trying to get a working check to make sure this file doesn't get changed.

[tmcdonald]

What did you try for file age? Realistically if you check it every 5 minutes, then checking if the modification age is under 10 minutes should give plenty of overlap.

[jkinning]

I was trying something like this but it isn't working out

Code: Select all

./check_nrpe -H <server> -c CheckFiles -a path='C:\\windows\\system32\\dns' pattern='cache.dns' 'filter=written < -10m' MaxCrit=1

[hsmith]

When you say that it isn't working out, what kind of output are you getting? Is it just telling you that the file has not been modified, or are you getting some sort of error?

[jkinning]

I am getting this:

Code: Select all

./check_nrpe -H <host> -c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' 'filter=written < -10m' MaxCrit=1
No files found|'count'=0;0;1

I am not 100% confident that this is looking or validating the modification date. I guess the short of it I am looking for some assistance in getting a check to work which checks the file modification date I set and will notify me if it changes. Does that make sense?

[scottwilkerson]

If you remove the filter does it show the file

Code: Select all

./check_nrpe -H <host> -c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' MaxCrit=1

[jkinning]

Code: Select all

./check_nrpe -H <host>-c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' MaxCrit=1
No files found|'count'=0;0;1

Same results.

[jdalrymple]

Code: Select all

./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'

FWIW - I couldn't figure out time units - can you?

[jkinning]

Very wierd stuff.

I can run this command and it returns value which is good.

Code: Select all

./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows' 'max-depth=4' pattern='CACHE.DNS' 'critical=written>-600s'
OK: All 5 files are ok|'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746
[./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows' 'max-depth=4' pattern='ntds.dit' 'critical=written>-600s'
OK: All 1 files are ok|'ntds.dit_written'=1244665896;0;1444306831

The bad thing is I only want the C:\WIndows\System32\dns\CACHE.DNS file monitored not the other 4.

But if I try the entire path it doesn't work.

Code: Select all

./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' 'max-depth=4' pattern='ntds.dit' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' 'max-depth=4' pattern='CACHE.DNS' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' pattern='CACHE.DNS' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns\\CACHE.DNS' 'critical=written>-600s'
No files found

[jdalrymple]

What was wrong with my command?

./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'