check_exchange_rbl
Posted: Thu Feb 07, 2013 12:34 pm
I have been using Nagios Core for years. However, there has been a push to use the Wizard Driven Nagios XI so the rest of our IT staff can get on board. I tried using the Monitoring Wizard Setup for Exchange Server. The problem is that two of the "services" are showing up as critical. One seems to be a bucket list of all the "Exchange Core Services". I cannot tell which service is failed, it just gives me a huge truncated list of services with "critical". The other one is called "blacklist", with an "unknown" status, described as "ERROR: No response from BL server (alarm)".
I was curious why the command did not seem to be working, so decided to SSH into the VM running nagios and see if I could find the command, "check_exchange_rbl" it was referencing for the blacklist check. I could not even find the file logged in as root (find -name check_exchange_rbl*).
The apparent command for the blacklist checker was:
check_exchange_rbl!-B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
Here is the list of services that apparently are being checked for "Exchange Core Services":
MSExchangeADTopology: Started - MSExchangeAntispamUpdate: Started - MSExchangeEdgeSync: Started - MSExchangeFDS: Started - MSExchangeImap4: Started - MSExchangeIS: Started - MSExchangeMailboxAssistants: Started - MSExchangeMailSubmission: Started - MSExch
The apparent command for it is:
check_xi_service_nsclient!nagios!SERVICESTATE!-l MSExchangeADTopology,MSExchangeAntispamUpdate,MSExchangeEdgeSync,MSExchangeFDS,MSExchangeImap4,MSExchangeIS,MSExchangeMailboxAssistants,MSExchangeMailSubmission,MSExchangeMonangePop3,MSExchangeRepl,MSExchangeSA,MSExchangeSearch,MSExchangeServiceHost,MSExchangeTransport,MSExchangeTransportLogSearch,msftesql-Exchange -d SHOWALL
I wasn't able to find this "check" command either (find -name check_xi_service_nsclient*).
Other than deleting both checks entirely and adding back services one at a time, I wasn't sure how to diagnose these two issues.
I was curious why the command did not seem to be working, so decided to SSH into the VM running nagios and see if I could find the command, "check_exchange_rbl" it was referencing for the blacklist check. I could not even find the file logged in as root (find -name check_exchange_rbl*).
The apparent command for the blacklist checker was:
check_exchange_rbl!-B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
Here is the list of services that apparently are being checked for "Exchange Core Services":
MSExchangeADTopology: Started - MSExchangeAntispamUpdate: Started - MSExchangeEdgeSync: Started - MSExchangeFDS: Started - MSExchangeImap4: Started - MSExchangeIS: Started - MSExchangeMailboxAssistants: Started - MSExchangeMailSubmission: Started - MSExch
The apparent command for it is:
check_xi_service_nsclient!nagios!SERVICESTATE!-l MSExchangeADTopology,MSExchangeAntispamUpdate,MSExchangeEdgeSync,MSExchangeFDS,MSExchangeImap4,MSExchangeIS,MSExchangeMailboxAssistants,MSExchangeMailSubmission,MSExchangeMonangePop3,MSExchangeRepl,MSExchangeSA,MSExchangeSearch,MSExchangeServiceHost,MSExchangeTransport,MSExchangeTransportLogSearch,msftesql-Exchange -d SHOWALL
I wasn't able to find this "check" command either (find -name check_xi_service_nsclient*).
Other than deleting both checks entirely and adding back services one at a time, I wasn't sure how to diagnose these two issues.