Hello Nagios Support
Do you have any operational script (PS or VBS) to check for Windows registry values?
Here is one we've tried to adopt from NAGIOS Exchange but no luck so far (it is the script itself whihc can't read the registry key, unsure why)
----
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' NAGIOS and NSClient++ CONFIGURATION:
'
' ### command definition ###
'
' define command {
' command_name check_mscs
' command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c $ARG1$"
' }
'
'
' ### service definition ###
'
' define service{
' use generic-service
' host_name MyServer
' service_description Registry_Logons_Enabled
' process_perf_data 0
' check_command check_nrpe!check_reg_key -a "HKEY_LOCAL_MACHINE" "\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\RCM\\Licensing Core" "LicensingMode" "4"
' }
'
'
' ### command line ###
'
' ./check_nrpe -H $HOSTADDRESS$ -p 5666 -c check_reg_key -a "HKEY_LOCAL_MACHINE" "\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\RCM\\Licensing Core" "LicensingMode" "4"
'
'
' ### NSC.ini configuration ###
'
' CheckExternalScripts.dll
'
' [External Script]
' allow_arguments=1
' allow_nasty_meta_chars=1
'
' [External Scripts]
' check_reg_key=cscript.exe //T:30 //Nologo scripts\check_reg_key.vbs "$ARG1$" "ARG2$" "$ARG3$" "$ARG4$"
'
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option explicit
Dim strHive, strKeyPath, strValueName, strExpectedValue
Dim strComputer, strValue, oReg, strHiveKey
'RC to NAGIOS
Const intOK = 4
Const intWarning = 2
Const intCritical = 5
Const intUnknown = 0
strComputer = "."
' Check for arguments
'WScript.Echo WScript.Arguments.Count
If WScript.Arguments.Count = 0 then
Display_Usage()
If WScript.Arguments.Count < 4 Then
WScript.Echo "not enough arguments supplied."
Display_Usage()
ElseIf WScript.Arguments.Count > 4 Then
WScript.Echo "too many arguments supplied."
Display_Usage()
End if
End If
strHive = UCase(WScript.Arguments.Item(0))
' WScript.Echo "strHive = " & strHive
strKeyPath = WScript.Arguments.Item(1)
' WScript.Echo "strKeyPath = " & strKeyPath
strValueName = WScript.Arguments.Item(2)
' WScript.Echo "strValueName = " & strValueName
strExpectedValue = WScript.Arguments.Item(3)
' WScript.Echo "strExpectedValue = " & strExpectedValue
strHiveKey = strHive
Select Case strHive
Case "HKEY_LOCAL_MACHINE"
strHive = &H80000002
Case "HKEY_CURRENT_USER"
strHive = &H80000001
Case "HKEY_USERS"
strHive = &H80000003
Case Else
WScript.Echo "Unrecognised Registry Hive Key - " & strHive
WScript.Quit(intUnknown)
End Select
WScript.Echo strHiveKey,strKeyPath,strValueName,strExpectedValue
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
oReg.GetStringValue strHive,strKeyPath,strValueName,strValue
If IsNull(strValue) Then
WScript.Echo "Registry Key not found"
WScript.Quit(intWarning)
End If
Select Case LCase(strValue)
Case LCase(strExpectedValue)
WScript.Echo "Expected Value (" & strExpectedValue & ") Matches: " & strValue
WScript.Quit(intOK)
Case Else
WScript.Echo "Expected Value (" & strExpectedValue & ") does not match: " & strValue
WScript.Quit(intCritical)
End Select
Function Display_Usage
Wscript.StdOut.WriteLine "Check RDS Licensing Registry Key"
Wscript.StdOut.WriteLine "----------------------------------------------------------------"
Wscript.StdOut.WriteLine "Usage: cscript.exe check_reg_key.vbs 'REGISTRY_HIVE' 'KEY_PATH' 'VALUE_NAME' 'EXPECTED_VALUE'" & vbcrlf
Wscript.StdOut.WriteLine "Examples: "
Wscript.StdOut.WriteLine "cscript.exe check_reg_key.vbs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core" & vbcrlf
Wscript.StdOut.WriteLine " REGISTRY_HIVE = HKEY_LOCAL_MACHINE"
Wscript.StdOut.WriteLine " KEY_PATH = SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core"
Wscript.StdOut.WriteLine " VALUE_NAME = LicensingMode"
WScript.Quit(intOK)
End Function
----
Registry key value check
Re: Registry key value check
We don't have a go-to script for this, we would just hit up the Exchange and find a plugin there. Let's see if we can get this one working. The very first thing I would check is whether or not the NSClient service is running as a service account, or if it's using the local system account. If it's a service account, it might be running up against UAC when trying to check the registry.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Registry key value check
Here is a PS version: also unable to read the registry, even so, that the key value is right there, cannot even run it directly and very puzzledmbellerue wrote:We don't have a go-to script for this, we would just hit up the Exchange and find a plugin there. Let's see if we can get this one working. The very first thing I would check is whether or not the NSClient service is running as a service account, or if it's using the local system account. If it's a service account, it might be running up against UAC when trying to check the registry.
# Check Status
#
# To execute from within NSClient++
#
# [NRPE Handlers]
# validate_registry_1 = cmd /c echo scripts\validate_regitry_1.ps1 4; exit($lastexitcode) | powershell.exe -command -
#
# On the check_nrpe command include the -t 60, since it can take longer than the standard 10 seconds to run.
#
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[string]$LicenseMode,
[Parameter(Mandatory=$true)]
[int]$WarnMode,
[Parameter(Mandatory=$true)]
[int]$CritMode
)
# Initialise variables
$NagiosStatus = "0" # 0 = OK, 1 = WARNING, 2 = CRITICAL, 3 = UNKNOWN
$NagiosDescription = ""
$NagiosPerfData = "| 0;" + $WarnMode + ";" + $CritMode
$LicenseMode = "0"
# Script Functions
function Test-RegistryEntry ([string] $key, [string] $name)
{
Get-ItemProperty -Path "$key" -Name "$name" -ErrorAction SilentlyContinue | Out-Null;
return $?;
}
function Read-RegistryEntry ([string] $key, [string] $name)
{
if ( Test-RegistryEntry $key $name )
{
return (Get-ItemProperty -Path $key -Name $name).$name;
}
else
{
return '';
}
}
$key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core"
$name = "LicensingMode"
$LicensingMode = Read-RegistryEntry $key $name
if($LicensingMode -eq '5')
{
$NagiosStatus = "2"
$NagiosDescription = "RDS Licensing Mode (" + $LicensingMode + ") is + " + $LicensingMode + " at fault "
$NagiosPerfData = "| " + $LicensingMode
}
if($LicensingMode -eq '2')
{
$NagiosStatus = "1"
$NagiosDescription = "RDS Licensing Mode (" + $LicensingMode + ") is " + $LicensingMode + " per Device "
$NagiosPerfData = "| " + $LicensingMode
}
if($LicensingMode -eq '4')
{
$NagiosStatus = "0"
$NagiosDescription = $NagiosDescription + "RDS LicensingMode is per User"
$NagiosPerfData = "| " + $LicensingMode
}
else
{
$NagiosStatus = "3"
$NagiosDescription = $NagiosDescription + "RDS LicensingMode is UNKNOWN"
$NagiosPerfData = "| " + $LicensingMode
}
# Output, what level should we tell our caller?
if ($NagiosStatus -eq "3")
{
Write-Host "UNKNOWN:" $NagiosDescription" "$NagiosPerfData
}
elseif ($NagiosStatus -eq "2")
{
Write-Host "CRITICAL:" $NagiosDescription" "$NagiosPerfData
}
elseif ($NagiosStatus -eq "1")
{
Write-Host "WARNING:" $NagiosDescription" "$NagiosPerfData
}
else
{
Write-Host "OK: RDS License Mode is per User" $LicenseMode $NagiosPerfData
}
exit $NagiosStatus
Re: Registry key value check
Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Registry key value check
mbellerue wrote:Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.
No answers to our questions from Nagos Support, but we've figured the script
Please close this one and I am creating a new one about passing arguments to PS script (no luck so far)
Re: Registry key value check
Excellent, glad you were able to get it working! We'll close this thread, and look for the next one.dlukinski wrote:mbellerue wrote:Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.
No answers to our questions from Nagos Support, but we've figured the script
Please close this one and I am creating a new one about passing arguments to PS script (no luck so far)
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!