Page 1 of 2
Log monitoring in Remote: check_file_content.pl
Posted: Tue Jun 04, 2019 4:33 am
by FrancisNagios
Hi,
I have a question about the Post:
"Log monitoring. check_file_content.pl " --> I'm trying to monitor that if a "pattern" is not found in a "file" on a Unix server, skip to notification using the command "check_file_content.pl"
It has been possible to prove that it works on the local Nagios server but it does not work when we apply it to another server. In this case a Unix with NRPE.
I show the
Command Management:
1.PNG
I show the
Service Management:
2.PNG
The alert shows: "
Can't open directory: No such file or directory" because it refers to the Nagios server instead of the remote machine.
The Command Line is modified by:
$ USER1 $ / check_file_content.pl -H vmexpca1.perimetral.dom -f $ ARG1 $ -i $ ARG2 $ -n $ ARG3 $
to specify the server directly but the alert results in the following:
3.PNG
Thanks and regards
Re: Log monitoring in Remote: check_file_content.pl
Posted: Tue Jun 04, 2019 4:37 pm
by scottwilkerson
Did you test this plugin from the command line first to verify your usage is correct?
Where did you get the plugin?
Re: Log monitoring in Remote: check_file_content.pl
Posted: Wed Jun 05, 2019 4:05 am
by FrancisNagios
Hi,
We have tested it on the same NagiosXI server, I attache the result:
Code: Select all
[root@nagiosxi libexec]# ./check_file_content.pl -f /usr/local/nagios/libexec/33d -i CRITICAL -n 0
OK for /usr/local/nagios/libexec/33d (1 found)
But we want to run it against a server with NRPE agent installed:
Code: Select all
[root@nagiosxi libexec]# ./check_file_content.pl -H vmexpca1 -f /backup/log -i OK -n 0
Usage : check_file_content.pl -f file -i include -e exclude -n lines_number [-h]
Options :
-f
Full path to file to analyze
-n
Number of lines to find (default is 1)
-i
Include pattern (can add multiple include)
-e
Exclude pattern (can add multiple include)
-h, --help
Print this help screen
Example : check_file_content.pl -f /etc/passwd -i 0 -e root -n 5
I attache the content of the check_file_exists file
check_file_content.pl
URL Plugin:
https://exchange.nagios.org/directory/P ... nt/details
Thanks and regards
Re: Log monitoring in Remote: check_file_content.pl
Posted: Wed Jun 05, 2019 7:36 am
by scottwilkerson
FrancisNagios wrote:But we want to run it against a server with NRPE agent installed:
If you have this plugin on the server with NRPE installed you need to add the command to the nrpe.cfg (then restart nrpe) and call it through check_nrpe command
such as, add this to nrpe.cfg
Code: Select all
command[check_file_content_33d]=/usr/local/nagios/libexec/check_file_content.pl -f /usr/local/nagios/libexec/33d -i CRITICAL -n 0
and call like this from the nagios server
Code: Select all
./check_nrpe -H vmexpca1 -c check_file_content_33d
Re: Log monitoring in Remote: check_file_content.pl
Posted: Tue Jul 02, 2019 10:21 am
by FrancisNagios
Hi,
We tested it and it worked correctly as you commented. Thank you.
We have also had to copy the check_file_content.pl plugin to the remote Linux server in the path where the plugins are located and grant it execution permissions.
We also have to make it for a remote server window.
What would be the call from the nagios server? with check_nt?
We have to add the command to the file nsclient.ini and copy the plugin to the remote server windows. It is true?
Thanks and regards
Re: Log monitoring in Remote: check_file_content.pl
Posted: Tue Jul 02, 2019 3:17 pm
by scottwilkerson
That script isn't going to run on a Windows server, you would want to check out the
NSClient++ via check_nrpe section here
https://support.nagios.com/kb/article/f ... s-783.html
Re: Log monitoring in Remote: check_file_content.pl
Posted: Tue Jul 16, 2019 7:44 am
by FrancisNagios
Hi,
We have performed these steps to monitor a remote service NTP from a Windows server using nrpe from the NagiosXI server
Paso 1: Se ha copiado el plugin check_time.vbs (NTP) al directorio script de NSCLIENT
https://exchange.nagios.org/directory/P ... s)/details
Â
Paso 2: The nsclient.ini file on the Windows server has been modified and the nsclient restarted
Code: Select all
[/modules]
CheckDisk = 1
CheckEventLog = 1
CheckExternalScripts = 1
CheckHelpers = 1
CheckNSCP = 1
CheckSystem = 1
NSClientServer = 1
[/settings/default]
allowed hosts = 10.16.70.238,10.16.70.52
password = XXXXXX
port=5666
allow_arguments=true
allow_nasty_meta_chars=true
check_ntp_time=cscript.exe //T:30 //NoLogo scripts\\check_time.vbs 10.16.70.237 20 240
The service has been created
NTP2.PNG
Paso 4: The command has been created
NTP.PNG
Paso 5: We have this error from the NagiosXi server
[root@nagiosxipro libexec]# ./check_nrpe -H 10.16.70.115 -c check_ntp_time
Connection refused by host
Paso 6: On the Firewall the communications of port 5666 and 12489 is open but no funciona la comunicacion por el 5666
Code: Select all
[root@nagiosxilibexec]# telnet 10.16.70.115 12489
Trying 10.16.70.115...
Connected to 10.16.70.115.
Escape character is '^]'.
[root@nagiosxi libexec]# telnet 10.16.70.115 5666
Trying 10.16.70.115...
telnet: connect to address 10.16.70.115: Connection refused
Thanks for the support
Thanks and regards
Re: Log monitoring in Remote: check_file_content.pl
Posted: Tue Jul 16, 2019 7:51 am
by scottwilkerson
In the nsclient.ini under
add
Save
Restart nscp
Re: Log monitoring in Remote: check_file_content.pl
Posted: Wed Jul 17, 2019 6:13 am
by FrancisNagios
Hi,
It does not work, it gives the same error.
We have done some tests and the 5666 does not work from the nagiosxi server.
Port 5666 is not uploaded to the windows server nsclientç
Code: Select all
[root@nagiosxi-rh /]# nmap 10.16.70.115 -Pn -p 12489
Starting Nmap 6.47 ( http://nmap.org ) at 2019-07-17 13:06 CEST
Nmap scan report for barrido01.trabajo.dom (10.16.70.115)
Host is up (0.00082s latency).
PORT STATE SERVICE
12489/tcp open unknown
MAC Address: 00:50:56:A1:1E:35 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Code: Select all
[root@nagiosxi-rh /]# nmap 10.16.70.115 -Pn -p 5666
Starting Nmap 6.47 ( http://nmap.org ) at 2019-07-17 13:06 CEST
Nmap scan report for barrido01.trabajo.dom (10.16.70.115)
Host is up (0.0013s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 00:50:56:A1:1E:35 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Thanks and regards
Re: Log monitoring in Remote: check_file_content.pl
Posted: Wed Jul 17, 2019 6:35 am
by scottwilkerson
After adding that line to the config and restarting nsclient++ it should be listening on port 5666
Can you verify the Windows firewall is not blocking that port, as well as any other hardware firewalls you may have between the 2
Additionally you may want to look at the nsclient.log file to see if there are any other errors shown.