Home » Categories » Check Library

File And Folder Checks

File And Folder Checks

File and Folder checks can help identify the following:

The sections below provide examples of how to perform these checks using different methods.

 

File Count

These checks are for how many files exist in a folder.

 

Nagios Plugins

Nagios Plugins does not come bundled with a file count plugin however Nagios XI comes with the folder_watch.pl plugin (part of the Folder Watch configuration wizard).

In these examples the file pattern to check is a regular expression [^\0] which means "one or more non-null characters".

Warning: If more that 500 files are found
Critical: If more that 1000 files are found

Command:

./folder_watch.pl -f -T 'files' -D /usr/local/nagios/var/spool/perfdata/ -F '[^\0] +' -w 500 -c 1000

Output:

OK - 5 [^\0]  files found | '[^\0] '=5;500;1000;;;

 

By default the plugin will only check files in that directory. If you wanted to recursively count the files in all sub folders you can use the -r argument.

Command:

./folder_watch.pl -r -f -T 'files' -D /usr/local/nagios/var/spool/ -F '[^\0] +' -w 500 -c 1000

Output:

OK - 51 [^\0]  files found | '[^\0] '=51;500;1000;;;

NCPA

NPCA does not include file or folder module.

NSClient++ via check_nt

NSClient++ vi check_nt does not include a file or folder module.

NSClient++ via check_nrpe

NSClient++ includes a check_files module.

Warning: If more that 500 files are found
Critical: If more that 1000 files are found

Command:

./check_nrpe -H 10.25.14.2 -c check_files -a path='C:\\Temp' pattern=*.* 'warning=count>500' 'critical=count>1000' top-syntax='${status}: ${count} files found' 'empty-state=ok'

Output:

OK: All 7 files are ok|'count'=7;500;1000

 

By default the check_files module will recursively count the files in all sub folders. You can use the max-depth argument to define how deep it should look.

Command:

./check_nrpe -H 10.25.14.2 -c check_files -a path='C:\\Temp' pattern=*.* 'warning=count>500' 'critical=count>1000' top-syntax='${status}: ${count} files found' 'empty-state=ok' max-depth=1

Output:

OK: All 6 files are ok|'count'=6;500;1000

WMI

Check WMI Plus includes a checkfoldersize module. The module does report how many files are found however it does not allow you to define thresholds on the amount of files found. Here is the command for your reference:

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfoldersize -a C:/Temp

Output:

OK - Folder C:/Temp/ is 33.194KB. Found 5 files(s). (List is on next line)|'C:/Temp/ Size'=33991bytes; 'File Count'=5;

SNMP

You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.

 

 

File Size

These checks are for the size of files.

 

Nagios Plugins

Nagios Plugins comes with the check_file_age plugin which allows you to check the size of a file. However the plugin also checks the age of the file, so you need to define these thresholds as 0 if you only want to check the file size. The plugin thresholds are checking to make sure a file is at least a specific size.

Critical: At least 100MB in size (needs to be expressed as 100000000)

Command:

./check_file_age -w 0 -c 0 -W 100000000 -C 100000000 -f /var/log/cron

Output:

FILE_AGE CRITICAL: /var/log/cron is 187 seconds old and 14418 bytes  | age=187s;0;0 size=14418B;100000000;100000000;0

 

If you wanted to alert when the size was larger than a specific size then you could use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).

Critical: No larger than 100MB in size (needs to be expressed as 100000000)

Command:

./negate -s ./check_file_age -w 0 -c 0 -W 100000000 -C 100000000 -f /var/log/cron

Output:

FILE_AGE OK: /var/log/cron is 330 seconds old and 14418 bytes  | age=330s;0;0 size=14418B;100000000;100000000;0

 

Alternatively Nagios XI comes bundled with a folder_watch.pl plugin (part of the Folder Watch configuration wizard).

In these examples the file pattern to check is a regular expression [^\0] which means "one or more non-null characters".

Critical: Larger than 100MB (100000000 bytes)

Command:

./folder_watch.pl -f -T 'files' -D /var/log/ -F '[^\0] ' -s 100000000,100000000

Output:

OK - Largest size file is 14645064 bytes, 47 [^\0]  files found | '[^\0] '=47 size_largest=14645064B;100000000 size_smallest=0B;;;;;

NCPA

NPCA does not include file or folder module.

NSClient++ via check_nt

NSClient++ vi check_nt does not include a file or folder module.

NSClient++ via check_nrpe

NSClient++ includes a check_files module.

Critical: Larger than 100MB

Command:

./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter=size gt 100M' 'warn= count > 0' 'crit= count > 0' top-syntax='${status}: ${count} files found ${problem_list}' 'empty-state=ok'

Output:

CRITICAL: 4 files found Setup.exe, IMG_3535.MOV, IMG_3540.MOV, backup.rar|'count'=4;0;0

WMI

Check WMI Plus includes a checkfilesize and checkfoldersize module.

checkfilesize

The checkfilesize lets you check the size of a specific file.

Critical: Larger than 100MB

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfilesize -a C:/pagefile.sys -w 100m -c 100m

Output:

CRITICAL - [Triggered by FileSize>100m] - File C:/pagefile.sys is 1GB. Found 1 instance(s).|'C:/pagefile.sys Size'=1073741824bytes;104857600;104857600; 'File Count'=1;

 

checkfoldersize

The checkfoldersize lets you check the total size of a specific folder.

Critical: Larger than 100MB

Command:

/check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfoldersize -a C:/Temp -w 100m -c 100m

Output:

OK - Folder C:/Temp/ is 33.194KB. Found 5 files(s). (List is on next line)|'C:/Temp/ Size'=33991bytes;104857600;104857600; 'File Count'=5;

SNMP

You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.

 

 

File Or Folder Exists

These checks are for making sure that a specific file or folder exists.

 

Nagios Plugins

Nagios Plugins comes with the check_file_age plugin, this will return a critical state if the file does not exist.

Command:

./check_file_age -f /var/log/cron

Output:

FILE_AGE OK: /var/log/cron is 163 seconds old and 18974 bytes  | age=163s;240;600 size=18974B;0;0;0

NCPA

NPCA does not include file or folder module.

NSClient++ via check_nt

NSClient++ vi check_nt does not include a file or folder module.

NSClient++ via check_nrpe

NSClient++ includes a check_files module.

Command:

./check_nrpe -H 10.25.11.3 -c check_files -a path='C:\\pagefile.sys' 'warn= count < 1' 'crit= count < 1' top-syntax='${status}: ${count} files found ${problem_list}' 'empty-state=critical' show-all

Output:

OK: 1 files found pagefile.sys|'count'=1;1;1

WMI

Check WMI Plus includes a checkfilesize module, this will return a critical state if the file does not exist.

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfilesize -a C:/pagefile.sys

Output:

OK - File C:/pagefile.sys is 1GB. Found 1 instance(s).|'C:/pagefile.sys Size'=1073741824bytes; 'File Count'=1; 

SNMP

You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.

 

 

File Modified

These checks allow you to check when a file was last modified.

 

Nagios Plugins

Nagios Plugins comes with the check_file_age plugin, the thresholds are checking to make sure a file is not older than an amount of seconds.

Warning: Not older than 300 seconds
Critical: Not older than 600 seconds

Command:

./check_file_age -w 300 -c 600 -f /var/log/cron

Output:

FILE_AGE CRITICAL: /var/log/cron is 1009 seconds old and 14418 bytes  | age=1009s;300;600 size=14418B;0;0;0

NCPA

NPCA does not include file or folder module.

NSClient++ via check_nt

NSClient++ vi check_nt does not include a file or folder module.

NSClient++ via check_nrpe

NSClient++ includes a check_files module. The module has many options and filters, here are some examples:

Make Sure Files Exists That Were Modified In The Last Two Hours

Check a folder to make sure files exist that were modified in the past two hours. Generate a critical alert if no files matching this criteria are found.

Command:

./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter= written > -2h' 'crit= count < 1' 'empty-state=critical' 'empty-syntax=${status}: No files found'

Output:

CRITICAL: No files found|'count'=0;0;1

 

Files Older Than

Check a folder to determine if any files exist that are older than two hours. Generate a critical alert if at least 1 file matches this criteria.

Command:

./check_nrpe -H 10.25.11.3 -c check_files -a path='E:\\ServerFolders\\NoBackup\\Junk' pattern=*.* 'filter= written < -2h' 'crit= count > 0' 'empty-state=ok' 'empty-syntax=${status}: No files found' 'top-syntax=${status}: ${count} files found'

Output:

CRITICAL: 6065 files found|'count'=6065;0;0

WMI

Check WMI Plus includes a checkfileage module, the following example checks a file to determine if it is older than the thresholds.

Warning: Older than 5 minutes
Critical: Older than 10 minutes

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkfileage -a C:/Logs/server.log -w 5min -c 10min

Output:

CRITICAL - [Triggered by _FileAge>10min] - Age of File C:/Logs/server.log is 346 days 19:48:46 (499428min) or 8323.81hr(s).|'C:/Logs/server.log Age'=8323.81hr;0.0833333333333333;0.166666666666667;

SNMP

You will need to download a third party plugin that provides this functionality, please check out the Nagios Exchange.

 

 

Advanced

Here is an example where a check was required to make sure a folder was being created each day, the folder name was a "date based" directory like 27112017. The solution was to use the date command in backticks on the Nagios server which would generate the correct folder name. This solution demonstrates how you can tailor Nagios and the monitoring agents to your needs, all that is required is some creative thinking.

Credit goes to Nagios Forum users tmcdonald & warnox.

NSClient++ via check_nrpe

Command:

./check_nrpe -H 10.25.11.3 -c check_files -a path="C:\\Logs" "max-depth=2" "filter=filename='`date +%d%m%Y`'" "critical=count<1" "empty-state=CRITICAL" "empty-syntax=%(status): Cannot find folder `date +%d%m%Y`" "ok-syntax=%(status): Folder `date +%d%m%Y` found"

Output:

OK: Folder 27112017 found|'count'=1;0;1 

 

 

NSClient++ Notes

NSClient++ via check_nrpe

NSClient++ has the path= and pattern= arguments for the check_files module.

When using path= and pattern= together, this will consume more overhead to execute as it looks at all the files in the folder. This is more noticeable when your folder has 10,000+ files.

If you only wanted to watch a specific file, ditch pattern= and put the whole filename in path=

path='D:\\Important Stuff\\Important File.txt'

 

HOWEVER if there is a chance that the file doesn't exist sometimes, then define the filename in the patttern=

path='D:\\Important Stuff' pattern='Important File.txt'

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

3.67 (3)
Article Rating (3 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Log Checks
Viewed 23265 times since Tue, Nov 28, 2017
Agent Checks
Viewed 12263 times since Tue, Nov 14, 2017
Scheduled Task Checks
Viewed 19032 times since Tue, Nov 28, 2017
Uptime Checks
Viewed 27983 times since Sun, Nov 26, 2017
Service Checks
Viewed 36833 times since Tue, Nov 14, 2017
Load Checks
Viewed 56939 times since Thu, Nov 9, 2017
Disk Performance Checks
Viewed 17993 times since Sun, Nov 26, 2017
Memory Checks
Viewed 50861 times since Mon, Nov 13, 2017
Health Checks
Viewed 15488 times since Wed, Nov 29, 2017
Process Checks
Viewed 64742 times since Thu, Nov 23, 2017