File And Folder Checks
File and Folder checks can help identify the following:
The sections below provide examples of how to perform these checks using different methods.
File Count
These checks are for how many files exist in a folder.
Nagios Plugins
Nagios Plugins does not come bundled with a file count plugin however Nagios XI comes with the folder_watch.pl plugin (part of the Folder Watch configuration wizard).
In these examples the file pattern to check is a regular expression [^\0] which means "one or more non-null characters".
Warning: | If more that 500 files are found |
Critical: | If more that 1000 files are found |
Command:
./folder_watch.pl -f -T 'files' -D /usr/local/nagios/var/spool/perfdata/ -F '[^\0] +' -w 500 -c 1000
Output:
OK - 5 [^\0] files found | '[^\0] '=5;500;1000;;;
By default the plugin will only check files in that directory. If you wanted to recursively count the files in all sub folders you can use the -r argument.
Command:
./folder_watch.pl -r -f -T 'files' -D /usr/local/nagios/var/spool/ -F '[^\0] +' -w 500 -c 1000
Output:
OK - 51 [^\0] files found | '[^\0] '=51;500;1000;;;
NCPA
NPCA does not include file or folder module.
NSClient++ via check_nt
NSClient++ vi check_nt does not include a file or folder module.
NSClient++ via check_nrpe
NSClient++ includes a check_files module.
Warning: | If more that 500 files are found |
Critical: | If more that 1000 files are found |
Command:
./check_nrpe -H 10.25.14.2 -c check_files -a path='C:\\Temp' pattern=*.* 'warning=count>500' 'critical=count>1000' top-syntax='${status}: ${count} files found' 'empty-state=ok'
Output:
OK: All 7 files are ok|'count'=7;500;1000
By default the check_files module will recursively count the files in all sub folders. You can use the max-depth argument to define how deep it should look.
Command:
./check_nrpe -H 10.25.14.2 -c check_files -a path='C:\\Temp' pattern=*.* 'warning=count>500' 'critical=count>1000' top-syntax='${status}: ${count} files found' 'empty-state=ok' max-depth=1
Output:
OK: All 6 files are ok|'count'=6;500;1000
WMI
Check WMI Plus includes a checkfoldersize module. The module does report how many files are found however it does not allow you to define thresholds on the amount of files found. Here is the command for your reference:
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfoldersize -a C:/Temp
Output:
OK - Folder C:/Temp/ is 33.194KB. Found 5 files(s). (List is on next line)|'C:/Temp/ Size'=33991bytes; 'File Count'=5;
SNMP
You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.
File Size
These checks are for the size of files.
Nagios Plugins
Nagios Plugins comes with the check_file_age plugin which allows you to check the size of a file. However the plugin also checks the age of the file, so you need to define these thresholds as 0 if you only want to check the file size. The plugin thresholds are checking to make sure a file is at least a specific size.
Critical: | At least 100MB in size (needs to be expressed as 100000000) |
Command:
./check_file_age -w 0 -c 0 -W 100000000 -C 100000000 -f /var/log/cron
Output:
FILE_AGE CRITICAL: /var/log/cron is 187 seconds old and 14418 bytes | age=187s;0;0 size=14418B;100000000;100000000;0
If you wanted to alert when the size was larger than a specific size then you could use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).
Critical: | No larger than 100MB in size (needs to be expressed as 100000000) |
Command:
./negate -s ./check_file_age -w 0 -c 0 -W 100000000 -C 100000000 -f /var/log/cron
Output:
FILE_AGE OK: /var/log/cron is 330 seconds old and 14418 bytes | age=330s;0;0 size=14418B;100000000;100000000;0
Alternatively Nagios XI comes bundled with a folder_watch.pl plugin (part of the Folder Watch configuration wizard).
In these examples the file pattern to check is a regular expression [^\0] which means "one or more non-null characters".
Critical: | Larger than 100MB (100000000 bytes) |
Command:
./folder_watch.pl -f -T 'files' -D /var/log/ -F '[^\0] ' -s 100000000,100000000
Output:
OK - Largest size file is 14645064 bytes, 47 [^\0] files found | '[^\0] '=47 size_largest=14645064B;100000000 size_smallest=0B;;;;;
NCPA
NPCA does not include file or folder module.
NSClient++ via check_nt
NSClient++ vi check_nt does not include a file or folder module.
NSClient++ via check_nrpe
NSClient++ includes a check_files module.
Critical: | Larger than 100MB |
Command:
./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter=size gt 100M' 'warn= count > 0' 'crit= count > 0' top-syntax='${status}: ${count} files found ${problem_list}' 'empty-state=ok'
Output:
CRITICAL: 4 files found Setup.exe, IMG_3535.MOV, IMG_3540.MOV, backup.rar|'count'=4;0;0
WMI
Check WMI Plus includes a checkfilesize and checkfoldersize module.
checkfilesize
The checkfilesize lets you check the size of a specific file.
Critical: | Larger than 100MB |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfilesize -a C:/pagefile.sys -w 100m -c 100m
Output:
CRITICAL - [Triggered by FileSize>100m] - File C:/pagefile.sys is 1GB. Found 1 instance(s).|'C:/pagefile.sys Size'=1073741824bytes;104857600;104857600; 'File Count'=1;
checkfoldersize
The checkfoldersize lets you check the total size of a specific folder.
Critical: | Larger than 100MB |
Command:
/check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfoldersize -a C:/Temp -w 100m -c 100m
Output:
OK - Folder C:/Temp/ is 33.194KB. Found 5 files(s). (List is on next line)|'C:/Temp/ Size'=33991bytes;104857600;104857600; 'File Count'=5;
SNMP
You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.
File Or Folder Exists
These checks are for making sure that a specific file or folder exists.
Nagios Plugins
Nagios Plugins comes with the check_file_age plugin, this will return a critical state if the file does not exist.
Command:
./check_file_age -f /var/log/cron
Output:
FILE_AGE OK: /var/log/cron is 163 seconds old and 18974 bytes | age=163s;240;600 size=18974B;0;0;0
NCPA
NPCA does not include file or folder module.
NSClient++ via check_nt
NSClient++ vi check_nt does not include a file or folder module.
NSClient++ via check_nrpe
NSClient++ includes a check_files module.
Command:
./check_nrpe -H 10.25.11.3 -c check_files -a path='C:\\pagefile.sys' 'warn= count < 1' 'crit= count < 1' top-syntax='${status}: ${count} files found ${problem_list}' 'empty-state=critical' show-all
Output:
OK: 1 files found pagefile.sys|'count'=1;1;1
WMI
Check WMI Plus includes a checkfilesize module, this will return a critical state if the file does not exist.
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfilesize -a C:/pagefile.sys
Output:
OK - File C:/pagefile.sys is 1GB. Found 1 instance(s).|'C:/pagefile.sys Size'=1073741824bytes; 'File Count'=1;
SNMP
You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.
File Modified
These checks allow you to check when a file was last modified.
Nagios Plugins
Nagios Plugins comes with the check_file_age plugin, the thresholds are checking to make sure a file is not older than an amount of seconds.
Warning: | Not older than 300 seconds |
Critical: | Not older than 600 seconds |
Command:
./check_file_age -w 300 -c 600 -f /var/log/cron
Output:
FILE_AGE CRITICAL: /var/log/cron is 1009 seconds old and 14418 bytes | age=1009s;300;600 size=14418B;0;0;0
NCPA
NPCA does not include file or folder module.
NSClient++ via check_nt
NSClient++ vi check_nt does not include a file or folder module.
NSClient++ via check_nrpe
NSClient++ includes a check_files module. The module has many options and filters, here are some examples:
Make Sure Files Exists That Were Modified In The Last Two Hours
Check a folder to make sure files exist that were modified in the past two hours. Generate a critical alert if no files matching this criteria are found.
Command:
./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter= written > -2h' 'crit= count < 1' 'empty-state=critical' 'empty-syntax=${status}: No files found'
Output:
CRITICAL: No files found|'count'=0;0;1
Files Older Than
Check a folder to determine if any files exist that are older than two hours. Generate a critical alert if at least 1 file matches this criteria.
Command:
./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter= written < -2h' 'crit= count > 0' 'empty-state=ok' 'empty-syntax=${status}: No files found' 'top-syntax=${status}: ${count} files found'
Output:
CRITICAL: 6065 files found|'count'=6065;0;0
WMI
Check WMI Plus includes a checkfileage module, the following example checks a file to determine if it is older than the thresholds.
Warning: | Older than 5 minutes |
Critical: | Older than 10 minutes |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfileage -a C:/Logs/server.log -w 5min -c 10min
Output:
CRITICAL - [Triggered by _FileAge>10min] - Age of File C:/Logs/server.log is 346 days 19:48:46 (499428min) or 8323.81hr(s).|'C:/Logs/server.log Age'=8323.81hr;0.0833333333333333;0.166666666666667;
SNMP
You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.
Advanced
Here is an example where a check was required to make sure a folder was being created each day, the folder name was a "date based" directory like 27112017. The solution was to use the date command in backticks on the Nagios server which would generate the correct folder name. This solution demonstrates how you can tailor Nagios and the monitoring agents to your needs, all that is required is some creative thinking.
Credit goes to Nagios Forum users tmcdonald & warnox.
NSClient++ via check_nrpe
Command:
./check_nrpe -H 10.25.11.3 -c check_files -a path="C:\\Logs" "max-depth=2" "filter=filename='`date +%d%m%Y`'" "critical=count<1" "empty-state=CRITICAL" "empty-syntax=%(status): Cannot find folder `date +%d%m%Y`" "ok-syntax=%(status): Folder `date +%d%m%Y` found"
Output:
OK: Folder 27112017 found|'count'=1;0;1
NSClient++ Notes
NSClient++ via check_nrpe
NSClient++ has the path= and pattern= arguments for the check_files module.
When using path= and pattern= together, this will consume more overhead to execute as it looks at all the files in the folder. This is more noticeable when your folder has 10,000+ files.
If you only wanted to watch a specific file, ditch pattern= and put the whole filename in path=
path='D:\\Important Stuff\\Important File.txt'
HOWEVER if there is a chance that the file doesn't exist sometimes, then define the filename in the patttern=
path='D:\\Important Stuff' pattern='Important File.txt'
Final Thoughts
For any support related questions please visit the Nagios Support Forums at: