Nagios Support Forum

Hi very new to Nagios XI and have been tasked with migrating checks from an old groundworks / nrpe environment.

In the old world we used check_nrpe to check windows services
$USER1$/check_nrpe -H $HOSTADDRESS$ -t 240 -c get_service -a "$HOSTADDRESS$" "$ARG1$"
Command Line example: check_nrpe_service!PfAdsSvc
This brought back OK - PfAdsSvc: Stopped and Manual

However trying to get same result with check_nt
$USER1$/check_nt -H $HOSTADDRESS$ -s "$ARG1$" -p 12489 -v $ARG2$ $ARG3$ $ARG4$
SERVICESTATE -l PfAdsSvc
We get CRITICAL: PfAdsSvc: Stopped, delayed ()

Most other services we have brought across okay.

So how can we bring back a warning or not alert for stopped, delayed as this is failover service or how can I replicate using check_nrpe
If I try that way I get
/usr/local/nagios/libexec/check_nrpe -H dc1dartest -t 240 -c get_service -a "dc1dartest" "WinDefend"
Unknown command(s): get_service|

Hope that makes sense and appreciate any assistance

Are you using NSClient for the NRPE service in Windows? Can you post, or PM me your nsclient.ini file? I'll take a look and see if we can work out why our check_nrpe plugin isn't liking the get_service command. Also, what version of NSClient are you running?

Just to add to what @mbellerue said. Most probably "get_service" is not defined in nsclient.ini file. You would need to define it, and restart the NSClient++ service, so that changes can take effect. Having said that, you don't actually need to define it as you could use something like this (with NSClient++ and check_nrpe):
Example: The question is - do you want to have the same behavior as in the old system (to have a OK state when the service is NOT running). If you do, you could still use check_nrpe with NSClient++ but reverse the state via the negate plugin:

https://assets.nagios.com/downloads/nag ... ios-XI.pdf

There are alternatives to NSClient++. You could use NCPA and specify if the service you are monitoring has to be running or not.

Examples: You could use other agents as well to monitor services. See more on the topic here:

https://support.nagios.com/kb/article/s ... s-775.html

Thanks guys will probably need to use the negate plugin however i'm struggling to even use check_nrpe
/usr/local/nagios/libexec/check_nrpe -H dc1dartest -c check_service -a service=lanmanserver CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.

nsclient.ini below
# If you want to fill this file with all available options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; TODO
[/settings/default]

; Undocumented key
password = REMOVED

; Undocumented key
allowed hosts = dc1nagxi01.domain.com,dc1nagxi02.domain.com,127.0.0.1

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = 1

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30


; TODO
[/modules]

; Undocumented key
CheckHelpers = 1

; Undocumented key
CheckEventLog = 1

; Undocumented key
CheckNSCP = 1

; Undocumented key
NSClientServer = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; NSCAClient - NSCA client can be used both from command line and from queries to submit passive checks via NSCA
NSCAClient = enabled

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = enabled


; A set of options to configure the real time checks
[/settings/system/windows/real-time]


; Configure which services has to be in which state
[/settings/system/windows/service mapping]


; TODO
[/settings/system/windows/counters/default]


; TODO
[/settings/system/windows/counters]


; TODO
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0


; TODO
[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = debug

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log


; TODO
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h


; TODO
[/settings/external scripts/scripts/default]

; IGNORE PERF DATA - Do not parse performance data from the output
ignore perfdata = 1


; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
check_windows_time = check_windows_time.bat.pool.ntp.org $ARG1$ $ARG2$


; TODO
[/settings/external scripts/alias]

; alias_sched_all - Alias for alias_sched_all. To configure this item add a section called: /settings/external scripts/alias/alias_sched_all
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"

; alias_file_size - Alias for alias_file_size. To configure this item add a section called: /settings/external scripts/alias/alias_file_size
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10

; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = check_eventlog

; alias_service_ex - Alias for alias_service_ex. To configure this item add a section called: /settings/external scripts/alias/alias_service_ex
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc

; alias_volumes_loose - Alias for alias_volumes_loose. To configure this item add a section called: /settings/external scripts/alias/alias_volumes_loose
alias_volumes_loose = check_drivesize

; alias_volumes - Alias for alias_volumes. To configure this item add a section called: /settings/external scripts/alias/alias_volumes
alias_volumes = check_drivesize

; alias_cpu - Alias for alias_cpu. To configure this item add a section called: /settings/external scripts/alias/alias_cpu
alias_cpu = check_cpu

; alias_mem - Alias for alias_mem. To configure this item add a section called: /settings/external scripts/alias/alias_mem
alias_mem = check_memory

; alias_disk - Alias for alias_disk. To configure this item add a section called: /settings/external scripts/alias/alias_disk
alias_disk = check_drivesize

; alias_up - Alias for alias_up. To configure this item add a section called: /settings/external scripts/alias/alias_up
alias_up = check_uptime

; alias_process_count - Alias for alias_process_count. To configure this item add a section called: /settings/external scripts/alias/alias_process_count
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"

; alias_process_stopped - Alias for alias_process_stopped. To configure this item add a section called: /settings/external scripts/alias/alias_process_stopped
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"

; alias_service - Alias for alias_service. To configure this item add a section called: /settings/external scripts/alias/alias_service
alias_service = check_service

; alias_sched_task - Alias for alias_sched_task. To configure this item add a section called: /settings/external scripts/alias/alias_sched_task
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"

; alias_disk_loose - Alias for alias_disk_loose. To configure this item add a section called: /settings/external scripts/alias/alias_disk_loose
alias_disk_loose = check_drivesize

; alias_sched_long - Alias for alias_sched_long. To configure this item add a section called: /settings/external scripts/alias/alias_sched_long
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"

; alias_process_hung - Alias for alias_process_hung. To configure this item add a section called: /settings/external scripts/alias/alias_process_hung
alias_process_hung = check_process "filter=is_hung" "crit=count>0"

; alias_process - Alias for alias_process. To configure this item add a section called: /settings/external scripts/alias/alias_process
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"

; alias_cpu_ex - Alias for alias_cpu_ex. To configure this item add a section called: /settings/external scripts/alias/alias_cpu_ex
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s

; alias_file_age - Alias for alias_file_age. To configure this item add a section called: /settings/external scripts/alias/alias_file_age
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10


; TODO
[/settings/eventlog/real-time/filters/default]

; EMPTY MESSAGE - The message to display if nothing matches the filter (generally considered the ok state).
empty message = eventlog found no records

; MAGIMUM AGE - How long before reporting "ok". If this is set to "false" no periodic ok messages will be reported only errors.
maximum age = 5m


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]


; TODO
[/settings/eventlog/real-time]

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = 0

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0


; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
restart_service = scripts\restart_service.bat "$ARG1$"
check_windows_time = scripts\check_windows_time.bat $ARG1$


; TODO
[/settings/external scripts/alias/default]


; TODO
[/settings/shared session]

; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false


; TODO
[/settings/crash]

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${crash-folder}

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false


; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]


; TODO
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; PORT NUMBER - Port to use for check_nt.
port = 12489

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = 1


; TODO
[/settings/external scripts]

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true


; TODO
[/paths]

; Path for shared-path -
shared-path = C:\Program Files\NSClient++

; Path for module-path -
module-path = ${shared-path}/modules

; Path for crash-folder -
crash-folder = ${shared-path}/crash-dumps

; Path for exe-path -
exe-path = C:\Program Files\NSClient++

; Path for certificate-path -
certificate-path = ${shared-path}/security

; Path for base-path -
base-path = C:\Program Files\NSClient++


; Files to be included in the configuration
[/includes]


; TODO
[/settings/eventlog]

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = 1

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072


; TODO
[/settings/external scripts/wrappings]

; BATCH FILE WRAPPING -
bat = scripts\\%SCRIPT% %ARGS%

; VISUAL BASIC WRAPPING -
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; POWERSHELL WRAPPING -
ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -


; TODO
[/settings/NRPE/server]

; PORT NUMBER - Port to use for NRPE.
port = 5666

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = 1

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; Undocumented key
veryify mode = none

; Undocumented key
ssl options =

; Undocumented key
verify mode =


; Target definition for: default
[/settings/NSCA/client/targets/default]

; VERIFY MODE -
verify mode = none

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = aes

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = ADH

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30


; Section for NSCA passive check module.
[/settings/NSCA/client]

; HOSTNAME - The host name of the monitored computer. Set this to auto (default) to use the windows name of the computer. auto Hostname ${host} Hostname ${host_lc} Hostname in lowercase ${host_uc} Hostname in uppercase ${domain} Domainname ${domain_lc} Domainname in lowercase ${domain_uc} Domainname in uppercase
hostname = auto

; CHANNEL - The channel to listen to.
channel = NSCA

Modify the [/settings/NRPE/server] section in the nsclient.ini by making sure you have these entries:


Note: the last line is commented out. Leave the rest of the directives under the [/settings/NRPE/server] section unchanged. Save, exit, and restart the NSClient++ service, so that changes can take effect.

Try your NRPE check again. Did it work now?

That worked many thanks