Page 1 of 2
Generate a custom check from a Powershell
Posted: Thu Dec 07, 2017 3:05 pm
by lpereira
Hello all:
We have created a custom Powershell script that check particullar Events on the Windows Event Viewer (Log replication services). the script check if 3 particullar ID's are present (13561, 13586 and 1311).
We want to use this scrtipt in order to get an alert if the Powershell output shows any of those 3 ID's.
Is there any way to get this done?
thanks in advance!!
Re: Generate a custom check from a Powershell
Posted: Thu Dec 07, 2017 5:21 pm
by kyang
I'm not exactly sure whats in your Powershell script?
If the script returns Nagios specific output then it should work when creating a check for it as it will return Nagios status codes.
http://nagios-plugins.org/doc/guideline ... PLUGOUTPUT
It should work something like this, with some simple pseudocode to think about.
If the script finds any of those three ID's, then return 2 for critical.
Else return 1 for OK.
Here's the kb article for setting up Powershell and other scripts to work with NSClient++.
https://support.nagios.com/kb/article.php?id=528
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 7:12 am
by lpereira
kyang wrote:I'm not exactly sure whats in your Powershell script?
If the script returns Nagios specific output then it should work when creating a check for it as it will return Nagios status codes.
http://nagios-plugins.org/doc/guideline ... PLUGOUTPUT
It should work something like this, with some simple pseudocode to think about.
If the script finds any of those three ID's, then return 2 for critical.
Else return 1 for OK.
Here's the kb article for setting up Powershell and other scripts to work with NSClient++.
https://support.nagios.com/kb/article.php?id=528
Hello.. so far this is the script
Code: Select all
Get-EventLog -LogName 'File Replication Service' | select -Property EventID,TimeGenerated | where -FilterScript {$_.EventID -match '13561' -or $_.EventID -match '13568' -or $_.EventID -match '1311'}
and this is the output
PS C:\Windows\system32> G:\Scripts\check_ntfrs_events.ps1
EventID TimeGenerated
------- -------------
13561 12/7/2017 10:51:27 AM
13568 12/7/2017 10:48:54 AM
13568 12/7/2017 10:28:21 AM
13568 11/22/2017 3:10:54 AM
13568 10/26/2017 8:12:24 PM
13568 9/20/2017 3:15:40 AM
13568 9/5/2017 8:13:51 PM
13568 8/24/2017 1:21:19 AM
13568 8/3/2017 4:04:45 AM
13568 7/12/2017 4:19:47 AM
13568 5/16/2017 10:01:07 PM
13568 5/16/2017 8:34:21 PM
13568 5/15/2017 2:31:44 PM
13568 5/15/2017 12:51:47 PM
13568 4/29/2017 2:23:32 PM
13568 4/29/2017 8:42:37 AM
13568 4/9/2017 1:48:32 PM
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 11:35 am
by npolovenko
Hello,
@lpereira. Unfortunately, we don't provide a custom plugin development on this forum. You may contact
[email protected] for a custom dev quote. Generally speaking, you'd need to write a function that would go through the event id's and return the code 2 if it finds 13561, 13586 or 1311, and otherwise return 0. For example, exit 0 "Everything is ok, no matching ID's found", Or exit 2 "Critical, one of the matching ID's was found". That's all it takes for Nagios to be able to track the results and send alerts. When this logic is done, take a look at the tutorial provided by
@kyang on how to set up NSClient to work with the plugin.
PS: There are a lot of plugins on Nagios Exchange that you can use as an example when writing your own.
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 12:36 pm
by mcapra
It's also worth mentioning
Nagios Log Server has
this functionality.
@WillemDH did this lovely write-up regarding Event Log monitoring using Nagios XI, NSCA, and NSClient++:
https://outsideit.net/real-time-eventlog-monitoring/
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 1:19 pm
by npolovenko
Thanks,
@mcapra!
@lpereira, Let us know if you have other questions for us.
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 3:55 pm
by lpereira
Thanks guys... i was finally able to get this working...
[root@nagios libexec]# ./check_nrpe -H XXX.XXX.XXX.XXXX -c check_ntfrs_events -n
Event ID 13568/13561/1311|
I have only one last question...
I created the comand in CCM, like this
Code: Select all
$USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -t 60 -c check_ntfrs_events $ARG1$ $ARG2$ -n
So, when i create the service, should i put 0 and 1 o the ARGS? (see attached image) Nagios will identify the 0 as "normal" and 1 as Critical?
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 4:30 pm
by dwhitfield
We'd need to see how this was set up in NSClient to know what you needed to do with the arguments (the script itself would be useful too). The script you showed before doesn't seem to take any arguments. Did you change it?
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 4:32 pm
by lpereira
yes i have modified it. And also i was able to figured out.. i changed the script exit showing error as 2. Nagios check 0 as normal and 2 as critical.
Is working now.
thanks for the help
Re: Generate a custom check from a Powershell
Posted: Mon Dec 11, 2017 4:59 pm
by npolovenko
@lpereira, Glad you were able to figure this out! Can we close this thread as resolved or do you have other questions for us?