NSClient++ Help (#1) - pulling hair out with check event log (#836) - Message List

pulling hair out with check event log

Hi I am pretty new to linux so i am sure this is some stupid mistake i am making

when i enter the command below in the console or within nagios i get a return of "no file specified try adding: file=Application" it happens with all the servers.

any assistance would be appreciated i have peen staring at the screen for houres and i just dont know where to go from here.

Greg

[root@nagios nagios]# /usr/local/nagios/libexec/check_nrpe -H 10.0.0.10 -c CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational')" truncate=800 unique descriptions "syntax=%severity%: %source%: %message%(%count%)"

taderz80
08/05/11 04:52:32 (23 months ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #2254

    check_nrpe syntax is: 

    check_nrpe ... -c <command> -a <argument1> <argument2> <argument3>...

    So add the -a and it will probably work better... (also requires you to enable argument support in nsclient as well)

    Michael Medin

    mickem
    08/05/11 08:26:23 (23 months ago)
    • Message #2277

      I try do it but receive error Unknown arguments: Meanwhile when I run the command at client side (when I start NSClient++ /test mode), I receive good answear. I use ./check_nrpe -H 10.65.8.105 -n -c CheckEventLog -a file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide?'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" NSC.ini containe string use_ssl=0

      Please help !

      vv0rk
      08/17/11 11:40:59 (22 months ago)
      • Message #2278

        Could you provide me with the debug log from the nsclient++ server? That probably the best place to start... 

        nsclient++ /stop
nsclient++ /test
...
... Monitor the request here...
...
exit
nsclient++ /start
        mickem
        08/17/11 14:45:17 (22 months ago)
        • Message #2282

          debug log is it: 

          C:\Program Files\NSClient++>nsclient++ /test
Launching test mode - client mode
d NSClient++.cpp(1216) Enabling debug mode...
d NSClient++.cpp(557) Attempting to start NSCLient++ - 0.3.9.321 2011-07-04
NSCore not loaded...
Archiving crash dumps in: C:\Documents and Settings\SavinNV\Local Settings\Application Data\NSClient++\crash dumps
d NSClient++.cpp(1007) Loading plugin: CheckDisk...
d NSClient++.cpp(1007) Loading plugin: Event log Checker....
d NSClient++.cpp(1007) Loading plugin: Helper function...
d NSClient++.cpp(1007) Loading plugin: CheckSystem...
d NSClient++.cpp(1007) Loading plugin: CheckWMI...
d \PDHCollector.cpp(73) Autodetected w2k or later, using w2k PDH counters.
d NSClient++.cpp(1007) Loading plugin: File logger...
d \PDHCollector.cpp(110) Using index to retrive counternames
l \FileLogger.cpp(87) Log path is: C:\Program Files\NSClient++\\nsclient.log
d NSClient++.cpp(1007) Loading plugin: NRPE server (w/ SSL)...
d \NRPEListener.cpp(92) Loading all commands (from NRPE)
d \NRPEListener.cpp(122) Starting NRPE socket...
d NSClient++.cpp(709) NSCLient++ - 0.3.9.321 2011-07-04 Started!
d \Socket.h(683) Bound to: 0.0.0.0:5666
l NSClient++.cpp(461) Using settings from: INI-file
l NSClient++.cpp(462) Enter command to inject or exit to terminate...
d \PDHCollector.cpp(130) Found countername: CPU:    \Processor(_total)\% Processor Time
d \PDHCollector.cpp(131) Found countername: UPTIME: \System\System Up Time
d \PDHCollector.cpp(132) Found countername: MCL:    \Memory\Commit Limit
d \PDHCollector.cpp(133) Found countername: MCB:    \Memory\Committed Bytes
d NSClient++.cpp(1144) Injecting: CheckEventLog: file=application, file=system, MaxWarn=1, MaxCrit=1, filter=generated gt -2d AND severity NOT IN ('success', 'i
nformational') AND source , = 'SideBySide', truncate=800, unique, descriptions, syntax=%severity%: %source%: %message% (%count%)
d NSClient++.cpp(1180) Injected Result: WARNING 'Unknown argument: '
d NSClient++.cpp(1181) Injected Performance Result: ''

          when i inject request directly is all right: CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide?'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" 

          d NSClient++.cpp(1144) Injecting: CheckEventLog: file=application, file=system, MaxWarn=1, MaxCrit=1, filter=generated gt -2d AND severity NOT IN ('success', 'i
nformational') AND source != 'SideBySide', truncate=800, unique, descriptions, syntax=%severity%: %source%: %message% (%count%)
d \CheckEventLog.cpp(746) Using: where generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'
d \CheckEventLog.cpp(753) Boot time: 0
d \CheckEventLog.cpp(537) Attempting to match: Application with application
d \CheckEventLog.cpp(537) Attempting to match: File Replication Service with application
d \CheckEventLog.cpp(537) Attempting to match: Security with application
d \CheckEventLog.cpp(537) Attempting to match: System with application
d \CheckEventLog.cpp(537) Attempting to match: Application with system
d \CheckEventLog.cpp(537) Attempting to match: File Replication Service with system
d \CheckEventLog.cpp(537) Attempting to match: Security with system
d \CheckEventLog.cpp(537) Attempting to match: System with system
d \CheckEventLog.cpp(846) Evaluation time: 1720
d NSClient++.cpp(1180) Injected Result: CRITICAL 'error: MsGina: Failed to set the user's home directory (Drive Y: connected to Share \\filesvr\home$). (2), warning: Srv: The K: disk is at or near capacity.  You may need to delete some files. (1), error: EventLog: The system uptime is 208085 seconds. (2), warning: DnsA probably because the authoritative DNS ...'pecified DNS Server. This is
d NSClient++.cpp(1181) Injected Performance Result: ''eventlog'=7;1;1'
CRITICAL:error: MsGina: Failed to set the user's home directory (Drive Y: connected to Share \\filesvr\home$). (2), warning: Srv: The K: disk is at or near capacity.  You may need to delete some files. (1), error: EventLog: The system uptime is 208085 seconds. (2), warning: DnsApi: The system failed to register network probably because the authoritative DNS ...|'eventlog'=7;1;1ver. This is

          How You can see requests is a different, in second injection coma's is not present.

          vv0rk
          08/21/11 12:03:48 (22 months ago)
          • Message #2283

            The extra comma comes from "someone" (read check_nrpe/shell/nagios/*) expanding things along the way.

            Compare: 

            touch "foo bar"

            and 

            touch foo bar

            Since I do not see your command I don't know which but check for stray un-escaped " and '...

            Hence my recommendation is: 1, check in "test mode" injecting the command. 2, check with check_nrpe (whilst observing in "test mode") 3, add command to nagios (whilst observing from "test mode") 4, restart nsclient++ in "normal mode" ... 5, profit!

            Michael Medin Michael Medin

            mickem
            08/22/11 17:13:01 (22 months ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions