Page 1 of 4
Check file modification date timestamp
Posted: Mon Oct 05, 2015 7:42 am
by jkinning
I am running Nagios XI 2014R2.7 with NSClient++ 0.4.3.143 2015-04-29. I am trying to leverage Nagios to monitor two files on our DNS servers
C:\windows\system32\dns\cache.dns
C:\windows\system32\ntds.dit
I need to have that monitored based on modification dates so when and if the files get updated Nagios would send out critical notification to our admins. These files shouldn't change that often and when they do I would be notified so I could make the necessary change to the Nagios check. I was trying the file age check and check file but I couldn't come up with anything that would work. We have other tools but Nagios is the one our Management wants us to leverage so I am trying to get a working check to make sure this file doesn't get changed.
Re: Check file modification date timestamp
Posted: Mon Oct 05, 2015 12:25 pm
by tmcdonald
What did you try for file age? Realistically if you check it every 5 minutes, then checking if the modification age is under 10 minutes should give plenty of overlap.
Re: Check file modification date timestamp
Posted: Mon Oct 05, 2015 1:43 pm
by jkinning
I was trying something like this but it isn't working out
Code: Select all
./check_nrpe -H <server> -c CheckFiles -a path='C:\\windows\\system32\\dns' pattern='cache.dns' 'filter=written < -10m' MaxCrit=1
Re: Check file modification date timestamp
Posted: Tue Oct 06, 2015 11:26 am
by hsmith
When you say that it isn't working out, what kind of output are you getting? Is it just telling you that the file has not been modified, or are you getting some sort of error?
Re: Check file modification date timestamp
Posted: Tue Oct 06, 2015 1:03 pm
by jkinning
I am getting this:
Code: Select all
./check_nrpe -H <host> -c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' 'filter=written < -10m' MaxCrit=1
No files found|'count'=0;0;1
I am not 100% confident that this is looking or validating the modification date. I guess the short of it I am looking for some assistance in getting a check to work which checks the file modification date I set and will notify me if it changes. Does that make sense?
Re: Check file modification date timestamp
Posted: Tue Oct 06, 2015 4:44 pm
by scottwilkerson
If you remove the filter does it show the file
Code: Select all
./check_nrpe -H <host> -c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' MaxCrit=1
Re: Check file modification date timestamp
Posted: Tue Oct 06, 2015 7:43 pm
by jkinning
Code: Select all
./check_nrpe -H <host>-c CheckFiles -a path='C:\\windows\\system32\\dns\\' pattern='cache.dns' MaxCrit=1
No files found|'count'=0;0;1
Same results.
Re: Check file modification date timestamp
Posted: Wed Oct 07, 2015 3:01 pm
by jdalrymple
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'
FWIW - I couldn't figure out time units - can you?
Re: Check file modification date timestamp
Posted: Thu Oct 08, 2015 7:38 am
by jkinning
Very wierd stuff.
I can run this command and it returns value which is good.
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows' 'max-depth=4' pattern='CACHE.DNS' 'critical=written>-600s'
OK: All 5 files are ok|'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746 'CACHE.DNS_written'=1244665875;0;1444306746
[./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows' 'max-depth=4' pattern='ntds.dit' 'critical=written>-600s'
OK: All 1 files are ok|'ntds.dit_written'=1244665896;0;1444306831
The bad thing is I only want the C:\WIndows\System32\dns\CACHE.DNS file monitored not the other 4.
But if I try the entire path it doesn't work.
Code: Select all
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' 'max-depth=4' pattern='ntds.dit' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' 'max-depth=4' pattern='CACHE.DNS' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns' pattern='CACHE.DNS' 'critical=written>-600s'
No files found
./check_nrpe -H <host> -c check_files -a 'file=C:\\Windows\\System32\\dns\\CACHE.DNS' 'critical=written>-600s'
No files found
Re: Check file modification date timestamp
Posted: Thu Oct 08, 2015 11:00 am
by jdalrymple
What was wrong with my command?
jdalrymple wrote:./check_nrpe -H <host> -c check_files -a 'file=C:\\windows\\system32\\dns\\cache.dns' 'critical=written>-600s'