Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Registry key value check

https://support.nagios.com/forum/viewtopic.php?t=56847

Page 1 of 1

Registry key value check

Posted: Wed Dec 18, 2019 10:44 am
by dlukinski
Hello Nagios Support

Do you have any operational script (PS or VBS) to check for Windows registry values?

Here is one we've tried to adopt from NAGIOS Exchange but no luck so far (it is the script itself whihc can't read the registry key, unsure why)

----

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' NAGIOS and NSClient++ CONFIGURATION:
'
' ### command definition ###
'
' define command {
' command_name check_mscs
' command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c $ARG1$"
' }
'
'
' ### service definition ###
'
' define service{
' use generic-service
' host_name MyServer
' service_description Registry_Logons_Enabled
' process_perf_data 0
' check_command check_nrpe!check_reg_key -a "HKEY_LOCAL_MACHINE" "\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\RCM\\Licensing Core" "LicensingMode" "4"
' }
'
'
' ### command line ###
'
' ./check_nrpe -H $HOSTADDRESS$ -p 5666 -c check_reg_key -a "HKEY_LOCAL_MACHINE" "\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\RCM\\Licensing Core" "LicensingMode" "4"
'
'
' ### NSC.ini configuration ###
'
' CheckExternalScripts.dll
'
' [External Script]
' allow_arguments=1
' allow_nasty_meta_chars=1
'
' [External Scripts]
' check_reg_key=cscript.exe //T:30 //Nologo scripts\check_reg_key.vbs "$ARG1$" "ARG2$" "$ARG3$" "$ARG4$"
'
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Option explicit

Dim strHive, strKeyPath, strValueName, strExpectedValue
Dim strComputer, strValue, oReg, strHiveKey

'RC to NAGIOS
Const intOK = 4
Const intWarning = 2
Const intCritical = 5
Const intUnknown = 0

strComputer = "."

' Check for arguments
'WScript.Echo WScript.Arguments.Count

If WScript.Arguments.Count = 0 then
Display_Usage()
If WScript.Arguments.Count < 4 Then
WScript.Echo "not enough arguments supplied."
Display_Usage()
ElseIf WScript.Arguments.Count > 4 Then
WScript.Echo "too many arguments supplied."
Display_Usage()
End if
End If

strHive = UCase(WScript.Arguments.Item(0))
' WScript.Echo "strHive = " & strHive
strKeyPath = WScript.Arguments.Item(1)
' WScript.Echo "strKeyPath = " & strKeyPath
strValueName = WScript.Arguments.Item(2)
' WScript.Echo "strValueName = " & strValueName
strExpectedValue = WScript.Arguments.Item(3)
' WScript.Echo "strExpectedValue = " & strExpectedValue

strHiveKey = strHive
Select Case strHive
Case "HKEY_LOCAL_MACHINE"
strHive = &H80000002
Case "HKEY_CURRENT_USER"
strHive = &H80000001
Case "HKEY_USERS"
strHive = &H80000003
Case Else
WScript.Echo "Unrecognised Registry Hive Key - " & strHive
WScript.Quit(intUnknown)
End Select

WScript.Echo strHiveKey,strKeyPath,strValueName,strExpectedValue

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

oReg.GetStringValue strHive,strKeyPath,strValueName,strValue

If IsNull(strValue) Then
WScript.Echo "Registry Key not found"
WScript.Quit(intWarning)
End If

Select Case LCase(strValue)
Case LCase(strExpectedValue)
WScript.Echo "Expected Value (" & strExpectedValue & ") Matches: " & strValue
WScript.Quit(intOK)
Case Else
WScript.Echo "Expected Value (" & strExpectedValue & ") does not match: " & strValue
WScript.Quit(intCritical)
End Select

Function Display_Usage

Wscript.StdOut.WriteLine "Check RDS Licensing Registry Key"
Wscript.StdOut.WriteLine "----------------------------------------------------------------"
Wscript.StdOut.WriteLine "Usage: cscript.exe check_reg_key.vbs 'REGISTRY_HIVE' 'KEY_PATH' 'VALUE_NAME' 'EXPECTED_VALUE'" & vbcrlf
Wscript.StdOut.WriteLine "Examples: "
Wscript.StdOut.WriteLine "cscript.exe check_reg_key.vbs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core" & vbcrlf
Wscript.StdOut.WriteLine " REGISTRY_HIVE = HKEY_LOCAL_MACHINE"
Wscript.StdOut.WriteLine " KEY_PATH = SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core"
Wscript.StdOut.WriteLine " VALUE_NAME = LicensingMode"
WScript.Quit(intOK)

End Function


----

Re: Registry key value check

Posted: Wed Dec 18, 2019 11:16 am
by mbellerue
We don't have a go-to script for this, we would just hit up the Exchange and find a plugin there. Let's see if we can get this one working. The very first thing I would check is whether or not the NSClient service is running as a service account, or if it's using the local system account. If it's a service account, it might be running up against UAC when trying to check the registry.

Re: Registry key value check

Posted: Wed Dec 18, 2019 11:57 am
by dlukinski
mbellerue wrote:We don't have a go-to script for this, we would just hit up the Exchange and find a plugin there. Let's see if we can get this one working. The very first thing I would check is whether or not the NSClient service is running as a service account, or if it's using the local system account. If it's a service account, it might be running up against UAC when trying to check the registry.
Here is a PS version: also unable to read the registry, even so, that the key value is right there, cannot even run it directly and very puzzled

# Check Status
#
# To execute from within NSClient++
#
# [NRPE Handlers]
# validate_registry_1 = cmd /c echo scripts\validate_regitry_1.ps1 4; exit($lastexitcode) | powershell.exe -command -
#
# On the check_nrpe command include the -t 60, since it can take longer than the standard 10 seconds to run.
#

[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[string]$LicenseMode,

[Parameter(Mandatory=$true)]
[int]$WarnMode,

[Parameter(Mandatory=$true)]
[int]$CritMode
)

# Initialise variables
$NagiosStatus = "0" # 0 = OK, 1 = WARNING, 2 = CRITICAL, 3 = UNKNOWN
$NagiosDescription = ""
$NagiosPerfData = "| 0;" + $WarnMode + ";" + $CritMode
$LicenseMode = "0"

# Script Functions
function Test-RegistryEntry ([string] $key, [string] $name)
{
Get-ItemProperty -Path "$key" -Name "$name" -ErrorAction SilentlyContinue | Out-Null;
return $?;
}

function Read-RegistryEntry ([string] $key, [string] $name)
{
if ( Test-RegistryEntry $key $name )
{
return (Get-ItemProperty -Path $key -Name $name).$name;
}
else
{
return '';
}
}

$key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core"
$name = "LicensingMode"
$LicensingMode = Read-RegistryEntry $key $name
if($LicensingMode -eq '5')
{
$NagiosStatus = "2"
$NagiosDescription = "RDS Licensing Mode (" + $LicensingMode + ") is + " + $LicensingMode + " at fault "
$NagiosPerfData = "| " + $LicensingMode
}

if($LicensingMode -eq '2')
{
$NagiosStatus = "1"
$NagiosDescription = "RDS Licensing Mode (" + $LicensingMode + ") is " + $LicensingMode + " per Device "
$NagiosPerfData = "| " + $LicensingMode
}


if($LicensingMode -eq '4')
{
$NagiosStatus = "0"
$NagiosDescription = $NagiosDescription + "RDS LicensingMode is per User"
$NagiosPerfData = "| " + $LicensingMode
}

else
{
$NagiosStatus = "3"
$NagiosDescription = $NagiosDescription + "RDS LicensingMode is UNKNOWN"
$NagiosPerfData = "| " + $LicensingMode
}


# Output, what level should we tell our caller?
if ($NagiosStatus -eq "3")
{
Write-Host "UNKNOWN:" $NagiosDescription" "$NagiosPerfData
}
elseif ($NagiosStatus -eq "2")
{
Write-Host "CRITICAL:" $NagiosDescription" "$NagiosPerfData
}
elseif ($NagiosStatus -eq "1")
{
Write-Host "WARNING:" $NagiosDescription" "$NagiosPerfData
}
else
{
Write-Host "OK: RDS License Mode is per User" $LicenseMode $NagiosPerfData
}

exit $NagiosStatus

Re: Registry key value check

Posted: Wed Dec 18, 2019 2:03 pm
by mbellerue
Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.

Re: Registry key value check

Posted: Thu Dec 19, 2019 4:44 pm
by dlukinski
mbellerue wrote:Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.

No answers to our questions from Nagos Support, but we've figured the script
Please close this one and I am creating a new one about passing arguments to PS script (no luck so far)

Re: Registry key value check

Posted: Thu Dec 19, 2019 4:50 pm
by mbellerue
dlukinski wrote:
mbellerue wrote:Powershell can be a bit trickier since they added the whole execution policy thing. You can try set-executionpolicy unrestricted but definitely do not leave it like that. That would just take that piece out of the puzzle. Then see if you can run it locally.

No answers to our questions from Nagos Support, but we've figured the script
Please close this one and I am creating a new one about passing arguments to PS script (no luck so far)
Excellent, glad you were able to get it working! We'll close this thread, and look for the next one.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited