Page 1 of 3
Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 8:36 am
by lpereira
Hello All:
I'm trying to monitor the content of the "Excluded folder" REG_SZ using the script i founded here:
https://exchange.nagios.org/directory/P ... bs/details
The thing is.. i got an output with a prompt
This is the path for the reg key "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration" and the name of the key is ExcludedFolder. We need to know when the content of this value changes.
the error i got is:
[root@nagios libexec]# [root@nagios libexec]# ./check_nrpe -H HOSTADDRESS -p 5666 -c check_reg_key -a "HKEY_LOCAL_MACHINE" "SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\" "Real Time Scan Configuration" "ExcludedFolder" -n 0
>
help is appreciated.
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 1:34 pm
by lpereira
i made some changes on the .ini file, and i added there the folder i want to monitor. Basically i did this server side
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
check_reg_key=cscript.exe //T:30 //Nologo scripts\check_reg_key.vbs "HKEY_LOCAL_MACHINE" "SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration" "ExcludedFolder"
if i run the script from CMD on the server i got the following error.
Can ayone please assist?
thanks
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 1:59 pm
by lmiltchev
This is a 3rd party plugin, and we are not familiar with it. We will try to help you out but your best bet would be to contact the plugin's owner.
This is the command line example shown in the plugin:
./check_nrpe -H $HOSTADDRESS$ -p 5666 -c check_reg_key -a "HKEY_LOCAL_MACHINE" "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "WinStationsDisabled" 0
It seems like you are missing the last argument in your command (the value)... You last arg is the "ExcludedFolder".
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 2:38 pm
by lpereira
lmiltchev wrote:This is a 3rd party plugin, and we are not familiar with it. We will try to help you out but your best bet would be to contact the plugin's owner.
This is the command line example shown in the plugin:
./check_nrpe -H $HOSTADDRESS$ -p 5666 -c check_reg_key -a "HKEY_LOCAL_MACHINE" "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "WinStationsDisabled" 0
It seems like you are missing the last argument in your command (the value)... You last arg is the "ExcludedFolder".
i have modified the ini file (and restarted the service)
Code: Select all
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
check_reg_key=cscript.exe //T:30 //Nologo scripts\check_reg_key.vbs "HKEY_LOCAL_MACHINE" "SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration" "ExcludedFolder" 0
from command line i now got the following error.
Code: Select all
[root@nagios libexec]# ./check_nrpe -H SERVER IP -p 5666 -c check_reg_key -n
CHECK_NRPE: Invalid packet type received from server.
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 2:43 pm
by scottwilkerson
Before we get any further, you are going to need to be able to make the command run sucessfully on the client system before you can ever make it work from XI.
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 2:51 pm
by lpereira
scottwilkerson wrote:Before we get any further, you are going to need to be able to make the command run sucessfully on the client system before you can ever make it work from XI.
Let me know if on the .ini file things should be ok
Code: Select all
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
check_reg_key=cscript.exe //T:30 //Nologo scripts\check_reg_key.vbs "HKEY_LOCAL_MACHINE" "SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\" "ExcludedFolder" "0"
i'm still having erros on the CMD
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 3:19 pm
by lpereira
Maybe this script does not work for me.
Let's do a clean start. I need to monitor a Registry key under "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration, the String is ExcludedFolder, and inside this String, i need to get alerted if someone (or something) modify the values inside it.
The string is extense, it contains all the excluded folders for our Anti Virus.
Does this script work? or should i need to find a different one.
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 3:19 pm
by scottwilkerson
We are unfamiliar with the plugin, you need to be able to tell us what you run the the command line successfully before we can assist with putting it in the ini file
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 3:25 pm
by lpereira
scottwilkerson wrote:We are unfamiliar with the plugin, you need to be able to tell us what you run the the command line successfully before we can assist with putting it in the ini file
we just posted at the same time. See my previous answer.
Re: Check_reg_key.vbs "folder not found"
Posted: Tue Jul 10, 2018 3:36 pm
by scottwilkerson
lpereira wrote:Does this script work? or should i need to find a different one.
as I had stated, we are not familiar with the plugin, you need to test it to see if it works from the Windows command line, if you cannot successfully do that, I would try something different.