Page 1 of 1
Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 1:06 pm
by jcahillcspace
We are using OKTA on our domain controllers (installed as an agent running a service) to synch with our parent company's global AD. I have repeatedly tried creating an service check to alert us in the event that that the OKTA serice goes down or is unresponsive. Not matter what I try, Nagios comes back with "Not Found". I have cloned an existing working service check and only changed the corresponding service details, and I confirmed it is setup the same as other working service checks.
I have used the following variants - none of which are working:
-Okta Active Directory Service
-OktaActiveDirectoryService
-Okta AD Agent
-OktaADAgent
-OktaAgentService.exe
Does anyone have any experience with this?
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 1:26 pm
by mbellerue
What agent (NCPA, NSClient?) do you have installed on the server where OKTA is running? Is that a Windows host, or a Linux host? Also, can you show the full commands that you are trying?
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 1:31 pm
by jcahillcspace
The agent is NSClient, and the servers are both Windows 2016 and 2012. Check command run is "check_nt" with command view "$USER1$/check_nt -H $HOSTADDRESS$ -p $USER7$ -s $USER8$ -v $ARG1$ $ARG2$"
$ARG1$ = "SERVICESTATE" and
$ARG2$ = "-d SHOWALL -l"
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:03 pm
by mbellerue
Try this in $ARG2$
Assuming that the print spooler service is running, that should return,
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:16 pm
by jcahillcspace
Thank you, that did work, but isn't that only checking the print spool service?
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:32 pm
by mbellerue
Yes, that just gives us a starting point. The next thing to do is to get a list of the services the way that Windows identifies them. To do that, log into one of your Windows machines, and run the following in a cmd.exe window.
That will list off all of the currently running services as Windows understands them. You can replace "Print Spooler" with any one of those services, or chain together multiple services.
Single service
Code: Select all
-l "SQL Full-text Filter Daemon Launcher (MSSQLSERVER)"
Multiple services
Code: Select all
-l "Print Spooler", "Task Scheduler", "Remote Desktop Services"
For multiple services, you can chain together as many services as you like.
The -d SHOWALL flag changes the output of the service check. I'll use the multiple services example.
Code: Select all
root@weylandxi:/usr/local/nagios/libexec# ./check_nt -H 192.168.145.90 -v SERVICESTATE -l "Print Spooler","Task Scheduler","Remote Desktop Services" -s SuperSecretPassword
OK: All 3 service(s) are ok.
root@weylandxi:/usr/local/nagios/libexec# ./check_nt -H 192.168.145.90 -v SERVICESTATE -l "Print Spooler","Task Scheduler","Remote Desktop Services" -d SHOWALL -s SuperSecretPassword
Print Spooler: Started, Task Scheduler: Started, Remote Desktop Services: Started
-d SHOWALL just gives a slightly more verbose output.
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:35 pm
by jcahillcspace
I see what you are saying - will try that. Thank you again.
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:48 pm
by jcahillcspace
That worked! Thank you very much.
Re: Trouble Monitoring OKTA services pm domain controllers
Posted: Mon Sep 16, 2019 2:53 pm
by mbellerue
Excellent! Glad you have it working! I will close the thread.