Re: [brlug-general] Nagios issues
Oh snap, my bad - I just replied to Keith earlier. D'oh :P See below: Keith, thanks again for the help. I compared the two and aside from some minor stuff we have similar files. In other good news, it is now working correctly. I modified the check to look like this: define service{ use generic-service host_name REDOAK service_description D:\ Drive Space check_command check_nt!USEDDISKSPACE!-l!d! } And that worked. I want to say that that's similar to how it was originally but who knows... Thanks for the feedback! On Thu, Mar 24, 2011 at 4:47 PM, Mark A. Lappin ma...@lmfj.com wrote: Wait, what did you en up with? There was nothing above. Top posting is bad Mark A. Lappin, CCNA, MCSE:Security | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.291.9094 ext 245 | Fax: 225-291-5778 | Mobile: 225-362-2770 www.lmfj.com On Mar 24, 2011, at 16:39, Jarred White jarredwh...@gmail.com wrote: Actually Mark I think you were on to something. I did have to add the third argument variable onto that because some of the other checks DO have a third argument, however after modifying my check to the one above, it worked fine. Thanks for the help though dude. On Thu, Mar 24, 2011 at 4:16 PM, Mark A. Lappin ma...@lmfj.com ma...@lmfj.com wrote: Jarred, I don’t know that I would consider myself as an expert in Nagios, but more of somebody who can definitely get myself into trouble with it. I think you need to remove ‘$ARG3$’ from the end of your command line directive. Your service’s check_command is not passing a 3rd parameter, and based on my understanding, you are then passing an argument string of ‘’ which even though its blank, it sees a literal that it doesn’t know how to handle. I don’t have quotes in my Nagios config so maybe it does not like a blank string, its essentially seeing: …/check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d ‘’ command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' *'$ARG3$'* …and I don’t think it likes what is on the end is my suspicion. Try changing your debug mode in Nagios to have more verbose logging so you can see what exactly Nagios is executing and then you can diagnose your problem better to; you don’t want to leave this on for long because it generates a lot of information very very quickly. I usually use an alternative configuration if I need to do this that does not have a lot of my normal checks enabled. If you’re excluding warning and critical levels, make sure you know how the check is going to come back in all cases or force it OK using service tricks; it does have default levels. All of my disk space service checks are simply: check_command check_nt!USEDDISKSPACE!-l e -w 80 -c 90 With the command setup as: define command{ command_namecheck_nt command_line$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s mySuperSecretPasswordHere -v $ARG1$ $ARG2$ } I use NSClient++ as well although the end-user client I don’t think it will make to much a difference until the check command will execute; how the client responds to the argument string is entirely different. I have a similar config to Keith on my machines which you can deploy and centrally manage through a GPO. I use allowed hosts and also passwords on the client. ML ** *Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry * Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 | Mobile: 225-362-2770 ma...@lmfj.comma...@lmfj.com * | *www.lmfj.com -- This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . ___ General mailing list General@brlug.netGeneral@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net http://brlug.net/mailman/listinfo/general_brlug.net -- The world's my oyster, a hotel room's my prison cell... ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net ** *Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry * Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 | Mobile: 225-362-2770 ma...@lmfj.com * | *www.lmfj.com -- This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication .
[brlug-general] Nagios issues
Hi all, looking for my Nagios gurus out there. I'm trying to monitor some Windows systems using Nagios through OSSIM. OSSIM is just an SIEM platform that rolls a bunch of open source security stuff like snort, nagios, ntop, openvas, etc. into one nice package with a great web interface. It ships with Nagios3, and it sort of has its own idea of where/how nagios configs should be placed. Regardless, I am trying to use the check_nt command to poll various information on my Windows servers. So far, a lot of the checks are working properly, but some are not and I can't figure out why. The cfg file for the server has the following service check for disk usage: # Create a service for monitoring D:\ disk usage # Change the host_name to match the name of the host you defined above define service{ use generic-service host_name SERVERNAME service_description D:\ Drive Space check_command check_nt!USEDDISKSPACE!-l d } Within the actual OSSIM web site where you can see statistics/info on your monitored systems, it shows an OKAY for many of the checks, but for this USEDDISKSPACE check, it says: missing -l parameters That references check_nt, I am fairly certain means nt.cfg which is located at /etc/nagios-plugins/config and has the following content: # 'check_nt' command definition define command { command_namecheck_nt command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' '$ARG3$' } I hardcoded the port into that command as none of the checks were working at all without it. Now the checks for memory, CPU, etc. work - but this one still doesn't. Moving on. The file located at /usr/lib/nagios/plugins/check_nt seems to be a binary file of some sort. I am assuming that because catting it just spits out a bunch of garbage. The -l d argument above tells it to check the disk space on drive letter D. I know that check_nt is working properly because if I manually run it from the command line, it's successful: hostname:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d d:\ - total: 2.00 Gb - used: 0.01 Gb (1%) - free 1.99 Gb (99%) | 'd:\ Used Space'=0.01Gb;0.00;0.00;0.00;2.00 So, that works. Where is the disconnect between what I'm doing on the command line and what's in the config script? I'm at a loss. Any feedback or assistance is greatly appreciated. Thanks all! -- The world's my oyster, a hotel room's my prison cell... ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Nagios issues
I've been using Nagios for 5+ years and as such, have a massive config from the old 1.x version. I use NSClient+ on the Windows side. All of my commands for disk space require defining Critical and Warning levels. i.e. define command{ command_namecheck_nt_disk_d command_line/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v USEDDISKSPACE -l d -w 95% -c 98% } On Mar 24, 2011, at 2:39 PM, Jarred White wrote: Hi all, looking for my Nagios gurus out there. I'm trying to monitor some Windows systems using Nagios through OSSIM. OSSIM is just an SIEM platform that rolls a bunch of open source security stuff like snort, nagios, ntop, openvas, etc. into one nice package with a great web interface. It ships with Nagios3, and it sort of has its own idea of where/how nagios configs should be placed. Regardless, I am trying to use the check_nt command to poll various information on my Windows servers. So far, a lot of the checks are working properly, but some are not and I can't figure out why. The cfg file for the server has the following service check for disk usage: # Create a service for monitoring D:\ disk usage # Change the host_name to match the name of the host you defined above define service{ use generic-service host_name SERVERNAME service_description D:\ Drive Space check_command check_nt!USEDDISKSPACE!-l d } Within the actual OSSIM web site where you can see statistics/info on your monitored systems, it shows an OKAY for many of the checks, but for this USEDDISKSPACE check, it says: missing -l parameters That references check_nt, I am fairly certain means nt.cfg which is located at /etc/nagios-plugins/config and has the following content: # 'check_nt' command definition define command { command_namecheck_nt command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' '$ARG3$' } I hardcoded the port into that command as none of the checks were working at all without it. Now the checks for memory, CPU, etc. work - but this one still doesn't. Moving on. The file located at /usr/lib/nagios/plugins/check_nt seems to be a binary file of some sort. I am assuming that because catting it just spits out a bunch of garbage. The -l d argument above tells it to check the disk space on drive letter D. I know that check_nt is working properly because if I manually run it from the command line, it's successful: hostname:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/ check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d d:\ - total: 2.00 Gb - used: 0.01 Gb (1%) - free 1.99 Gb (99%) | 'd: \ Used Space'=0.01Gb;0.00;0.00;0.00;2.00 So, that works. Where is the disconnect between what I'm doing on the command line and what's in the config script? I'm at a loss. Any feedback or assistance is greatly appreciated. Thanks all! -- The world's my oyster, a hotel room's my prison cell... ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net -- Keith Stokes ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Nagios issues
By default NSClient+ works on a different port than the old client I used. For compatibility until I manage to modify all of my Nagios configs, I changed the listener on NSClient+ to the old port. Here's my nsc.ini config. Notice I masked my source addresses in blue. [modules] NRPEListener.dll NSClientListener.dll FileLogger.dll CheckSystem.dll CheckDisk.dll CheckEventLog.dll CheckHelpers.dll ;# NSCLIENT++ MODULES ;# A list with DLLs to load at startup. ; You will need to enable some of these for NSClient++ to work. ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ; * * ; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S * ; * * ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ;FileLogger.dll ;CheckSystem.dll ;CheckDisk.dll ;NSClientListener.dll ;NRPEListener.dll ;SysTray.dll ;CheckEventLog.dll ;CheckHelpers.dll ;CheckWMI.dll ; ; Script to check external scripts and/or internal aliases. CheckExternalScripts.dll ; ; NSCA Agent if you enable this NSClient++ will talk to NSCA hosts repeatedly (so dont enable unless you want to use NSCA) ;NSCAAgent.dll ; ; LUA script module used to write your own check deamon. ;LUAScript.dll ; ; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS! ;RemoteConfiguration.dll ; Check other hosts through NRPE extreme beta and probably a bit dangerous! :) ;NRPEClient.dll ; Extreamly early beta of a task-schedule checker ;CheckTaskSched.dll [Settings] ;# OBFUSCATED PASSWORD ; This is the same as the password option but here you can store the password in an obfuscated manner. ; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the ; password. Its just a bit harder to do it at first glance. ;obfuscated_password=Jw0KAUUdXlAAUwASDAAB ; ;# PASSWORD ; This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly. ;password=secret-password ; ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons. ; If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password). ; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access ;allowed_hosts=127.0.0.1/32 ; ;# USE THIS FILE ; Use the INI file as opposed to the registry if this is 0 and the use_reg in the registry is set to 1 ; the registry will be used instead. use_file=1 allowed_hosts=x.x.x.x,y.y.y.y ; ; # USE SHARED MEMORY CHANNELS ; This is the new way for using the system tray based on an IPC framework on top shared memmory channels and events. ; It is brand new and (probably has bugs) so dont enable this unless for testing! ; If set to 1 shared channels will be created and system tray icons created and such and such... ;shared_session=0 [log] ;# LOG DEBUG ; Set to 1 if you want debug message printed in the log file (debug messages are always printed to stdout when run with -test) ;debug=1 ; ;# LOG FILE ; The file to print log statements to ;file=nsclient.log ; ;# LOG DATE MASK ; The format to for the date/time part of the log entry written to file. ;date_mask=%Y-%m-%d %H:%M:%S ; ;# LOG ROOT FOLDER ; The root folder to use for logging. ; exe = the folder where the executable is located ; local-app-data = local application data (probably a better choice then the old default) ;root_folder=exe [NSClient] ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to NSClient deamon. ; If you leave this blank the global version will be used instead. ;allowed_hosts= ; ;# NSCLIENT PORT NUMBER ; This is the port the NSClientListener.dll will listen to. port=1248 ; ;# BIND TO ADDRESS ; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname. ; Leaving this blank will bind to all avalible IP adresses. ;bind_to_address= ; ;# SOCKET TIMEOUT ; Timeout when reading packets on incoming sockets. If the data has not arrived withint this time we will bail out. ;socket_timeout=30 [NRPE] ;# NRPE PORT NUMBER ; This is the port the NRPEListener.dll will listen to. ;port=5666 ; ;# COMMAND TIMEOUT ; This specifies the maximum number of seconds that the NRPE daemon will allow plug-ins to finish executing before killing them off. ;command_timeout=60 ; ;# COMMAND ARGUMENT PROCESSING ; This option determines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed. ;allow_arguments=0 ; ;# COMMAND ALLOW NASTY META CHARS ; This option determines whether or not the NRPE daemon will allow clients to specify nasty (as in |`'\[]{}) characters in
Re: [brlug-general] Nagios issues
Jarred, I don't know that I would consider myself as an expert in Nagios, but more of somebody who can definitely get myself into trouble with it. I think you need to remove '$ARG3$' from the end of your command line directive. Your service's check_command is not passing a 3rd parameter, and based on my understanding, you are then passing an argument string of '' which even though its blank, it sees a literal that it doesn't know how to handle. I don't have quotes in my Nagios config so maybe it does not like a blank string, its essentially seeing: .../check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d '' command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' '$ARG3$' ...and I don't think it likes what is on the end is my suspicion. Try changing your debug mode in Nagios to have more verbose logging so you can see what exactly Nagios is executing and then you can diagnose your problem better to; you don't want to leave this on for long because it generates a lot of information very very quickly. I usually use an alternative configuration if I need to do this that does not have a lot of my normal checks enabled. If you're excluding warning and critical levels, make sure you know how the check is going to come back in all cases or force it OK using service tricks; it does have default levels. All of my disk space service checks are simply: check_command check_nt!USEDDISKSPACE!-l e -w 80 -c 90 With the command setup as: define command{ command_namecheck_nt command_line$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s mySuperSecretPasswordHere -v $ARG1$ $ARG2$ } I use NSClient++ as well although the end-user client I don't think it will make to much a difference until the check command will execute; how the client responds to the argument string is entirely different. I have a similar config to Keith on my machines which you can deploy and centrally manage through a GPO. I use allowed hosts and also passwords on the client. ML Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 | Mobile: 225-362-2770 ma...@lmfj.com | www.lmfj.com http://www.lmfj.com/ [http://www.lmfj.com/images/lmfjsig.gif] This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Nagios issues
Actually Mark I think you were on to something. I did have to add the third argument variable onto that because some of the other checks DO have a third argument, however after modifying my check to the one above, it worked fine. Thanks for the help though dude. On Thu, Mar 24, 2011 at 4:16 PM, Mark A. Lappin ma...@lmfj.com wrote: Jarred, I don’t know that I would consider myself as an expert in Nagios, but more of somebody who can definitely get myself into trouble with it. I think you need to remove ‘$ARG3$’ from the end of your command line directive. Your service’s check_command is not passing a 3rd parameter, and based on my understanding, you are then passing an argument string of ‘’ which even though its blank, it sees a literal that it doesn’t know how to handle. I don’t have quotes in my Nagios config so maybe it does not like a blank string, its essentially seeing: …/check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d ‘’ command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' *'$ARG3$'* …and I don’t think it likes what is on the end is my suspicion. Try changing your debug mode in Nagios to have more verbose logging so you can see what exactly Nagios is executing and then you can diagnose your problem better to; you don’t want to leave this on for long because it generates a lot of information very very quickly. I usually use an alternative configuration if I need to do this that does not have a lot of my normal checks enabled. If you’re excluding warning and critical levels, make sure you know how the check is going to come back in all cases or force it OK using service tricks; it does have default levels. All of my disk space service checks are simply: check_command check_nt!USEDDISKSPACE!-l e -w 80 -c 90 With the command setup as: define command{ command_namecheck_nt command_line$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s mySuperSecretPasswordHere -v $ARG1$ $ARG2$ } I use NSClient++ as well although the end-user client I don’t think it will make to much a difference until the check command will execute; how the client responds to the argument string is entirely different. I have a similar config to Keith on my machines which you can deploy and centrally manage through a GPO. I use allowed hosts and also passwords on the client. ML ** *Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry * Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 | Mobile: 225-362-2770 ma...@lmfj.com * | *www.lmfj.com -- This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net -- The world's my oyster, a hotel room's my prison cell... ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Nagios issues
Wait, what did you en up with? There was nothing above. Top posting is bad Mark A. Lappin, CCNA, MCSE:Security | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.291.9094 ext 245 | Fax: 225-291-5778 | Mobile: 225-362-2770 www.lmfj.comhttp://www.lmfj.com On Mar 24, 2011, at 16:39, Jarred White jarredwh...@gmail.commailto:jarredwh...@gmail.com wrote: Actually Mark I think you were on to something. I did have to add the third argument variable onto that because some of the other checks DO have a third argument, however after modifying my check to the one above, it worked fine. Thanks for the help though dude. On Thu, Mar 24, 2011 at 4:16 PM, Mark A. Lappin mailto:ma...@lmfj.comma...@lmfj.commailto:ma...@lmfj.com wrote: Jarred, I don’t know that I would consider myself as an expert in Nagios, but more of somebody who can definitely get myself into trouble with it. I think you need to remove ‘$ARG3$’ from the end of your command line directive. Your service’s check_command is not passing a 3rd parameter, and based on my understanding, you are then passing an argument string of ‘’ which even though its blank, it sees a literal that it doesn’t know how to handle. I don’t have quotes in my Nagios config so maybe it does not like a blank string, its essentially seeing: …/check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d ‘’ command_line/usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' '$ARG3$' …and I don’t think it likes what is on the end is my suspicion. Try changing your debug mode in Nagios to have more verbose logging so you can see what exactly Nagios is executing and then you can diagnose your problem better to; you don’t want to leave this on for long because it generates a lot of information very very quickly. I usually use an alternative configuration if I need to do this that does not have a lot of my normal checks enabled. If you’re excluding warning and critical levels, make sure you know how the check is going to come back in all cases or force it OK using service tricks; it does have default levels. All of my disk space service checks are simply: check_command check_nt!USEDDISKSPACE!-l e -w 80 -c 90 With the command setup as: define command{ command_namecheck_nt command_line$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s mySuperSecretPasswordHere -v $ARG1$ $ARG2$ } I use NSClient++ as well although the end-user client I don’t think it will make to much a difference until the check command will execute; how the client responds to the argument string is entirely different. I have a similar config to Keith on my machines which you can deploy and centrally manage through a GPO. I use allowed hosts and also passwords on the client. ML Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645tel:225.368.3645 | Fax: 225.368.3675tel:225.368.3675 | Mobile: 225-362-2770tel:225-362-2770 mailto:ma...@lmfj.comma...@lmfj.commailto:ma...@lmfj.com | www.lmfj.com http://www.lmfj.com/ This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . ___ General mailing list mailto:General@brlug.netGeneral@brlug.netmailto:General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.nethttp://brlug.net/mailman/listinfo/general_brlug.net -- The world's my oyster, a hotel room's my prison cell... ___ General mailing list General@brlug.netmailto:General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 | Mobile: 225-362-2770 ma...@lmfj.com | www.lmfj.com http://www.lmfj.com/ [http://www.lmfj.com/images/lmfjsig.gif] This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net