Hi:
I am trying to use the wizard to obtain data from a NCPA agent.
The problem that I have is that I can´t find any documentation about the way it wizard works, and the way to give paramenters or which are the paramenters that can be used.
I tried to read windowscounters, and I can do that throught the chec_ncpa.py but the problem with it are the timeouts that I can´t control them.
Thks a lot!.
Regards
JSON Wizard documentation
Re: JSON Wizard documentation
Anybody can help me with it? Please.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: JSON Wizard documentation
Hi,
So regarding the timeouts, are they happening intermittently or is it always timing out? Can you post the full check command to the ticket, I will try to replicate on my test server.
For directions on how to retrieve the check command, please follow the article below.
Nagios XI - How To Test Check Commands From The Command-line
The wizard will match either string or integers, so as long it's able to parse the output correctly it should work.
Also, if you getting any error messages, please post them to the thread. Thanks, Benjamin
So regarding the timeouts, are they happening intermittently or is it always timing out? Can you post the full check command to the ticket, I will try to replicate on my test server.
For directions on how to retrieve the check command, please follow the article below.
Nagios XI - How To Test Check Commands From The Command-line
The wizard will match either string or integers, so as long it's able to parse the output correctly it should work.
Also, if you getting any error messages, please post them to the thread. Thanks, Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: JSON Wizard documentation
Hi:
Thanks @benjaminsmith for your help.
I checked all as explained in the doc about check using command line.
My command line results in : /usr/local/nagios/libexec/check_ncpa.py -H XXX.XXX.XXX.XXX -t 'XXXXXXXX' -P 5693 -M 'windowscounters///Process(Chrome)//Private Bytes' -q sleep=500 -T 400
and the result was : UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect').
in tehe Nagios XI interface, pointing to a different all is green but the last value information is (No output on stdout) stderr:
Another thing to test?
Thanks @benjaminsmith for your help.
I checked all as explained in the doc about check using command line.
My command line results in : /usr/local/nagios/libexec/check_ncpa.py -H XXX.XXX.XXX.XXX -t 'XXXXXXXX' -P 5693 -M 'windowscounters///Process(Chrome)//Private Bytes' -q sleep=500 -T 400
and the result was : UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect').
in tehe Nagios XI interface, pointing to a different all is green but the last value information is (No output on stdout) stderr:
Another thing to test?
Re: JSON Wizard documentation
Hi:
Another thing to add. Teh check corresponding to CPU works.
I tried it in the cmd line and the result was:
>/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M cpu/percent -w '20' -c '40' -q 'aggregate=avg'
UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect')
And in nagios xi i can see information about cpu with the same command.
Anyhow, for other servers I have the stdout error...
Is quite embarasing, because we will move from nsclient to ncpa and this things that worked weel with nsclient, now doesn´t work wit NCPA.
I´d like to have the detailed information about how to use the NCPA API in Nagios, but it looks that doesn´t exist.
Thanks
Another thing to add. Teh check corresponding to CPU works.
I tried it in the cmd line and the result was:
>/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M cpu/percent -w '20' -c '40' -q 'aggregate=avg'
UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect')
And in nagios xi i can see information about cpu with the same command.
Anyhow, for other servers I have the stdout error...
Is quite embarasing, because we will move from nsclient to ncpa and this things that worked weel with nsclient, now doesn´t work wit NCPA.
I´d like to have the detailed information about how to use the NCPA API in Nagios, but it looks that doesn´t exist.
Thanks
Re: JSON Wizard documentation
What do these output?
Code: Select all
time /usr/local/nagios/libexec/check_ncpa.py -H XXX.XXX.XXX.XXX -t 'XXXXXXXX' -P 5693 -M 'windowscounters///Process(Chrome)//Private Bytes'Code: Select all
/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M cpu/percent -w '20' -c '40' -q 'aggregate=avg' -v -DRe: JSON Wizard documentation
HI ssax:
The results are:
First one:
>time /usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M 'windowscounters///Process(chrome)//Private Bytes'
UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect')
real 0m35.493s
user 0m0.048s
sys 0m0.016s
Second one:
>/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M cpu/percent -w '20' -c '40' -q 'aggregate=avg' -v -D
Connecting to: https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg
The stack trace:
Traceback (most recent call last):
File "/usr/local/nagios/libexec/check_ncpa.py", line 325, in main
info_json = get_json(options)
File "/usr/local/nagios/libexec/check_ncpa.py", line 253, in get_json
raise HTTPError('{0} {1}'.format(e.code, e.reason))
HTTPError
Is something wrong in the check_ncpa.py script?.
Thanks for your help.
The results are:
First one:
>time /usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M 'windowscounters///Process(chrome)//Private Bytes'
UNKNOWN: An error occured connecting to API. (HTTP error: '502 cannotconnect')
real 0m35.493s
user 0m0.048s
sys 0m0.016s
Second one:
>/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M cpu/percent -w '20' -c '40' -q 'aggregate=avg' -v -D
Connecting to: https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg
The stack trace:
Traceback (most recent call last):
File "/usr/local/nagios/libexec/check_ncpa.py", line 325, in main
info_json = get_json(options)
File "/usr/local/nagios/libexec/check_ncpa.py", line 253, in get_json
raise HTTPError('{0} {1}'.format(e.code, e.reason))
HTTPError
Is something wrong in the check_ncpa.py script?.
Thanks for your help.
Re: JSON Wizard documentation
What is the full output of these commands?
- Change xxx.xxx.xxx.xxx and the token
I'm thinking a proxy or security device/security software may be impacting it.
Are you seeing any errors in your ncpa_listener.log on the remote system?
- Change xxx.xxx.xxx.xxx and the token
Code: Select all
nmap -Pn -p 5693 xxx.xxx.xxx.xxx
curl -k -L -vvv 'https://xxx.xxx.xxx.xxx:5693/api/cpu/percent/?token=xxxxxxxx&warning=20&critical=40&check=1&aggregate=avg'Are you seeing any errors in your ncpa_listener.log on the remote system?
Re: JSON Wizard documentation
Hi ssax:
Thanks for your reply:
The machines are in the same LAN without any sec device or security implemented on it LAN. It's our testing environment.
Anyway, the result of the nmap is filtered... I am a quite confused with it and I will make some verifications to detect if there is some filter.
Regardin the curl line command:
~>curl -k -L -vvv 'https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg'
* About to connect() to proxy xxx.xxx.xxx.xx2 port 9090 (#0)
* Trying xxx.xxx.xxx.xx2...
* Connected to xxx.xxx.xxx.xx2 (xxx.xxx.xxx.xx2) port 9090 (#0)
* Establish HTTP proxy tunnel to xxx.xxx.xxx.xx2:5693
> CONNECT xxx.xxx.xxx.xxx:5693 HTTP/1.1
> Host: xxx.xxx.xxx.xxx:5693
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=xxx.xxx.xxx.xxx
* start date: Jul 28 12:59:46 2021 GMT
* expire date: Jul 28 12:59:46 2022 GMT
* common name: xxx.xxx.xxx.xxx
* issuer: CN=xxx,C=xx,ST=xx,L=xxx,OU=xxx,O=xxx
> GET /api/cpu/percent/?token=xxxxxxx&warning=20&critical=40&check=1&aggregate=avg HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xxx.xxx.xxx.xxx:5693
> Accept: */*
>
< HTTP/1.1 502 cannotconnect
< Via: 1.1 xxx.xxx.xxx.xxx (McAfee Web Gateway 9.2.10.36452)
< Connection: Keep-Alive
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 3078
< X-Frame-Options: deny
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!-- FileName: index.html
Language: [en]
-->
<!--Head-->
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>McAfee Web Gateway - Notification</title>
<script src="/mwg-internal/de5fs23hu73ds/files/javascript/sw.js" type="text/javascript" ></script>
<link rel="stylesheet" href="/mwg-internal/de5fs23hu73ds/files/New_Default/stylesheet.css" />
</head>
<!--/Head-->
<!--Body-->
<body onload="swOnLoad();">
<table class='bodyTable'>
<tr>
<td class='bodyData' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_body.gif'>
<!--Logo-->
<table class='logoTable'>
<tr>
<td class='logoData'>
<a href='http://www.xxx.xxx/en-us/home.html'>
<img src='/mwg-internal/de5fs23hu73ds/files/New_Default/img/tnt_wbc_feex_252_75.png'></a>
</td>
</tr>
</table>
<!--/Logo-->
<!--Contents-->
<!-- FileName: cannotconnect.html
Language: [en]
-->
<!--Title-->
<table class='titleTable' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_navbar.jpg'>
<tr>
<td class='titleData'>
Cannot Connect
</td>
</tr>
</table>
<!--/Title-->
<!--Content-->
<table class="contentTable">
<tr>
<td class="contentData">
The proxy could not connect to the destination in time.
</td>
</tr>
</table>
<!--/Content-->
<!--Info-->
<table class="infoTable">
<tr>
<td class="infoData">
<b>URL: </b><script type="text/javascript">break_line("https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg");</script><br />
<p class="proxyErrorData">Failure Description: :state 26:Application response 502 cannotconnect</p>
</td>
</tr>
</table>
<!--/Info-->
<!--/Contents-->
<!--Policy-->
<table class='policyTable'>
<tr>
<td class='policyHeading'>
<hr>
Raising an Incident
</td>
</tr>
<tr>
<td class='policyData'>
To raise an issue for a site that was previously working before you were migrated and is not working now, please visit <a href="https://xxx.xxx.com/assistme?id=>here </a><br />
For new issues please visit <a href="">here</a>
</td>
</tr>
</table>
<!--/Policy-->
<!--Foot-->
<table class='footTable'>
<tr>
<td class='helpDeskData' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_navbar.jpg'>
Don't Panic!
</td>
</tr>
<tr>
<td class='footData'>
generated at 2021-07-28 13:09:46 by TNT-MWG-AHE3 (10.200.0.72)<br />
Client IP Address: xxx.xxx.xxx.xxx<br />
Rule Name: Tunneled Hosts (Handle CONNECT Call)<br />
curl/7.29.0
</td>
</tr>
</table>
<!--/Foot-->
</td>
</tr>
</table>
</body>
<!--/Body-->
</html>
* Connection #0 to host xxx.xxx.xxx.xxx left intact
And that`s all.
Now I can´t understand what happend, because simple checks as cpu and memory or disks with ncpa are working well, and other windows counters for example processor works well too.
I am waiting for your thougths.
Thanks again ssax
Thanks for your reply:
The machines are in the same LAN without any sec device or security implemented on it LAN. It's our testing environment.
Anyway, the result of the nmap is filtered... I am a quite confused with it and I will make some verifications to detect if there is some filter.
Regardin the curl line command:
~>curl -k -L -vvv 'https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg'
* About to connect() to proxy xxx.xxx.xxx.xx2 port 9090 (#0)
* Trying xxx.xxx.xxx.xx2...
* Connected to xxx.xxx.xxx.xx2 (xxx.xxx.xxx.xx2) port 9090 (#0)
* Establish HTTP proxy tunnel to xxx.xxx.xxx.xx2:5693
> CONNECT xxx.xxx.xxx.xxx:5693 HTTP/1.1
> Host: xxx.xxx.xxx.xxx:5693
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=xxx.xxx.xxx.xxx
* start date: Jul 28 12:59:46 2021 GMT
* expire date: Jul 28 12:59:46 2022 GMT
* common name: xxx.xxx.xxx.xxx
* issuer: CN=xxx,C=xx,ST=xx,L=xxx,OU=xxx,O=xxx
> GET /api/cpu/percent/?token=xxxxxxx&warning=20&critical=40&check=1&aggregate=avg HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xxx.xxx.xxx.xxx:5693
> Accept: */*
>
< HTTP/1.1 502 cannotconnect
< Via: 1.1 xxx.xxx.xxx.xxx (McAfee Web Gateway 9.2.10.36452)
< Connection: Keep-Alive
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 3078
< X-Frame-Options: deny
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!-- FileName: index.html
Language: [en]
-->
<!--Head-->
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>McAfee Web Gateway - Notification</title>
<script src="/mwg-internal/de5fs23hu73ds/files/javascript/sw.js" type="text/javascript" ></script>
<link rel="stylesheet" href="/mwg-internal/de5fs23hu73ds/files/New_Default/stylesheet.css" />
</head>
<!--/Head-->
<!--Body-->
<body onload="swOnLoad();">
<table class='bodyTable'>
<tr>
<td class='bodyData' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_body.gif'>
<!--Logo-->
<table class='logoTable'>
<tr>
<td class='logoData'>
<a href='http://www.xxx.xxx/en-us/home.html'>
<img src='/mwg-internal/de5fs23hu73ds/files/New_Default/img/tnt_wbc_feex_252_75.png'></a>
</td>
</tr>
</table>
<!--/Logo-->
<!--Contents-->
<!-- FileName: cannotconnect.html
Language: [en]
-->
<!--Title-->
<table class='titleTable' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_navbar.jpg'>
<tr>
<td class='titleData'>
Cannot Connect
</td>
</tr>
</table>
<!--/Title-->
<!--Content-->
<table class="contentTable">
<tr>
<td class="contentData">
The proxy could not connect to the destination in time.
</td>
</tr>
</table>
<!--/Content-->
<!--Info-->
<table class="infoTable">
<tr>
<td class="infoData">
<b>URL: </b><script type="text/javascript">break_line("https://xxx.xxx.xxx.xxx:5693/api/cpu/pe ... regate=avg");</script><br />
<p class="proxyErrorData">Failure Description: :state 26:Application response 502 cannotconnect</p>
</td>
</tr>
</table>
<!--/Info-->
<!--/Contents-->
<!--Policy-->
<table class='policyTable'>
<tr>
<td class='policyHeading'>
<hr>
Raising an Incident
</td>
</tr>
<tr>
<td class='policyData'>
To raise an issue for a site that was previously working before you were migrated and is not working now, please visit <a href="https://xxx.xxx.com/assistme?id=>here </a><br />
For new issues please visit <a href="">here</a>
</td>
</tr>
</table>
<!--/Policy-->
<!--Foot-->
<table class='footTable'>
<tr>
<td class='helpDeskData' background='/mwg-internal/de5fs23hu73ds/files/New_Default/img/bg_navbar.jpg'>
Don't Panic!
</td>
</tr>
<tr>
<td class='footData'>
generated at 2021-07-28 13:09:46 by TNT-MWG-AHE3 (10.200.0.72)<br />
Client IP Address: xxx.xxx.xxx.xxx<br />
Rule Name: Tunneled Hosts (Handle CONNECT Call)<br />
curl/7.29.0
</td>
</tr>
</table>
<!--/Foot-->
</td>
</tr>
</table>
</body>
<!--/Body-->
</html>
* Connection #0 to host xxx.xxx.xxx.xxx left intact
And that`s all.
Now I can´t understand what happend, because simple checks as cpu and memory or disks with ncpa are working well, and other windows counters for example processor works well too.
I am waiting for your thougths.
Thanks again ssax
Re: JSON Wizard documentation
Looks like your proxy may be impacting it.
Do these work in an SSH session?
Do these work in an SSH session?
Code: Select all
unset http_proxy
unset https_proxy
/usr/local/nagios/libexec/check_ncpa.py -H xxx.xxx.xxx.xxx -t 'xxxxxxxx' -P 5693 -M 'windowscounters///Process(chrome)//Private Bytes'
curl --noproxy '*' -k -L -vvv 'https://xxx.xxx.xxx.xxx:5693/api/cpu/percent/?token=xxxxxxxx&warning=20&critical=40&check=1&aggregate=avg'