Can the NCPA processes regex search other-than the binary?
Posted: Tue Apr 16, 2019 6:06 pm
Running NCPA 2.1.6 which means that this https://github.com/NagiosEnterprises/ncpa/issues/451 is not applicable.
Is it expected behavior that it is limited to only matching/searching for the actual binary name and ONLY the binary name?
We have various servers with java processes running on them at the same time. Tomcat/jboss/etc. Each of these are kicked off by wrapper scripts. Said wrapper script(s) filenames include words like tomcat/jboss/etc.
Sometimes the wrapper scripts die off. Don't care about those, but also don't want to get notified because something detects that too many "jboss" processes are running.
If we run "ps -ef" with no more than two grep statements we can determine if a running process is what we are after. An example would be [grep "jdk/bin/java" | grep jboss] will end up showing us only what we want to see.
Lets say that we have a few processes called "metricbeats" running, but each are running under a different config file for testing purposes. With a [ps -ef] it is clear which is running under what config file.
When I use the 'processes' regex statement, it will find them all.
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=[a-z]etricbeat,match=regex' -c 1:30
So far this is great, but if I want to extend the regex statement before or after the actual binary word "metricbeat" it keeps failing. Two example of it failing to find even a count of "1":
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat\s,match=regex' -c 1:30
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat.,match=regex' -c 1:30
These are the two regex patterns:
metricbeat.
metricbeat\s
Is this expected behavior that it is limited to only viewing the actual binary name?
Is it expected behavior that it is limited to only matching/searching for the actual binary name and ONLY the binary name?
We have various servers with java processes running on them at the same time. Tomcat/jboss/etc. Each of these are kicked off by wrapper scripts. Said wrapper script(s) filenames include words like tomcat/jboss/etc.
Sometimes the wrapper scripts die off. Don't care about those, but also don't want to get notified because something detects that too many "jboss" processes are running.
If we run "ps -ef" with no more than two grep statements we can determine if a running process is what we are after. An example would be [grep "jdk/bin/java" | grep jboss] will end up showing us only what we want to see.
Lets say that we have a few processes called "metricbeats" running, but each are running under a different config file for testing purposes. With a [ps -ef] it is clear which is running under what config file.
When I use the 'processes' regex statement, it will find them all.
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=[a-z]etricbeat,match=regex' -c 1:30
So far this is great, but if I want to extend the regex statement before or after the actual binary word "metricbeat" it keeps failing. Two example of it failing to find even a count of "1":
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat\s,match=regex' -c 1:30
/usr/local/nagios/libexec/check_ncpa.py -H servername.company.com -t 'XXXXXXXX' -P 5666 -M 'processes' -q 'name=metricbeat.,match=regex' -c 1:30
These are the two regex patterns:
metricbeat.
metricbeat\s
Is this expected behavior that it is limited to only viewing the actual binary name?