Problem with comand in nagios core

[jlozano666]

Hello,
I use nagios core 4.5.0
I am trying to monitor windows event viewer with the command "check_wmi_eventid.sh" and I am having problems.
If I run the command from terminal it works fine but if I configure it in commands.cfg file in nagios appears the message "Credentials file does not exist".
Any idea ?...
Attached files.
Regards.

[danderson]

Thanks for reaching out @jlozano666,

It's possible the file permissions on the file you are referencing do not allow the Nagios user to access them. It's also possible you are using relative paths instead of absolute paths.

Can you attach the file permissions of the credentials file, the config entry of the check command, and the command you are running from the terminal?

Thanks

[jlozano666]

Hello,
In Nagios i have the same problem using credentials file or adding credentials in nagios command.

****************************************
Permissions of credentials file:
****************************************
root@PAISAJE:/usr/local/nagios/etc/objects# ls -ls cre*
4 -rwxrwxrwx 1 root nagios 31 dic 11 19:53 credenciales

*****************************************************
Command in terminal using credentials file:
******************************************************
root@PAISAJE:/usr/local/nagios/libexec# ./check_wmi_eventid.sh -H xx.xxx.x.xx -f /usr/local/nagios/etc/objects/credenciales -l application -e 9003 -w 1 -c 3 -t1,2,3 -m60 -O "Every thing is OK" -W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"

Select EventCode,EventIdentifier,EventType,SourceName from Win32_NTLogEvent where ( Logfile = "application" ) and ( eventcode = "9003" ) and ( EventType = "1" or EventType = "2" or EventType = "3" ) and TimeGenerated > "20231212072257.000000-000"
Every thing is OK|eventid9003=0;1;3;;

*******************************
File Nagios Commands.cfg
********************************
command_line $USER1$/check_wmi_eventid.sh -H xx.xxx.x.xx -f /usr/local/nagios/etc/objects/credenciales -l application -e 9003 -w 1 -c 3 -t1,2,3 -m60 -O "Every thing is OK" -W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"


****************************************************************
This is the error in Nagios using the same command:
*****************************************************************
Current Status: CRITICAL (for 0d 13h 33m 15s)
Status Information: Credentials file does not exist

*************************************************************************************
This is the nagios command adding credentials (no file) with the same error (in terminal works fine too):
**************************************************************************************
check_wmi_eventid.sh -H 10.132.0.85 -u USER -p PASSWORD -l application -e 9003 -w 1 -c 3 -t1,2,3 -m60 -O "Every thing is OK" -W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"

************************************
And this is command help.
*************************************

check_wmi_eventid is a script to check windows event log , for a certian eventid..

Simple example : check application log , for eventtype error(-t) and eventid 9003(-e) with in the last 60 mins(-m60),
set warning (-w) if greater than 1 ,and set error(-c) if greater than 3

check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60


Adv. example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical
Marco ITEMCOUNT,LASTSTR , can be used!!


check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK"
-W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"

With Eventtype error, warning and Information

check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1,2,3 -m60 -O "Every thing is OK"
-W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"


Try it out

If you find any error , please let me know

OPTIONS:
-h Show this message
-H Host/Ip
-u Domain/user
-p password
-f path to credentials file instead. user and password ignored if set. First line Domain\user, second line password
-l Name of the log eg "System" or "Application" or any other Event log as shown in the Windows "Event Viewer".
-t Eventtype: # 1=error , 2=warning , 3=Information,4=Security Audit Success,5=Security Audit Failure. Multiple Eventypes possible with , separation
-e Eventid, Multiple Eventids possible with , separation
-s Sting search for string in message,Multiple strings possible with , separation
-S SourceName ,Multiple SourceNames possible with , separation
-m Number of past min to check for events.
-w Warning
-W Custom waring string - ITEMCOUNT,LASTSTR marco can be used ex. -W "ITEMCOUNT Wanings with in the LASTSTR"
-c Critical
-C Custom critical string - ITEMCOUNT,LASTSTR marco can be used ex. -W "ITEMCOUNT Critical with in the LASTSTR"
-O Custom ok sting - ITEMCOUNT,LASTSTR marco can be used ex. -W "Everything ok with in the LASTSTR"
-U CUstom unknown string - ITEMCOUNT,LASTSTR marco can be used ex. -W "ITEMCOUNT Unknowns with in the LASTSTR"
-d Debug
-v Version

[danderson]

What are the user and group permissions on /usr/local/nagios/etc/objects/credenciales?

Correct me if I'm wrong, but it appears that when running as the root user, the command works, but when running as the nagios user, which nagios will do when it executes the command, then it fails. Perhaps the nagios user/group does not have permission to /usr/local/nagios/etc/objects/credenciales?