NSClient++ Help (#1) - CheckWMI (#216) - Message List
Hi,
I'm trying to replace a check_ping.exe script with a Check via WMI / Win32_PingStatus. http://msdn.microsoft.com/en-us/library/aa394350(VS.85).aspx
But I can't figure out the proper syntax. Here is what I do:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.10 -u -t 60 -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query:load=Select Address=127.0.0.1 from Win32_PingStatus"
Result:
WMIQuery failed: ExecQuery of 'Select Address=127.0.0.1 from Win32_PingStatus' failed: WinMgmt - ):failed to lookup error code: 2147749911( reson: 317)
There are several options in addition to "Address" as you can see on msdn link above. Any idea how to get this working including ResponseTime? and/or StatusCode? for instance ?
Any help would be much appreciated!
OSJF
-
Message #615
Have you tried to add "" around the address?
My guess would be that 127.0.0.1 is a string (in the query) and thus need to be escaped as such.
try:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.10 -u -t 60 -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 'Query:load=Select Address="127.0.0.1" from Win32_PingStatus'
(or some such)
the query should I think be:
Select Address="127.0.0.1" from Win32_PingStatus
MickeM
mickem08/07/08 09:23:29 (5 years ago)-
Message #616
wait... wrong...
the query should be:
SELECT * FROM Win32_PingStatus WHERE Address="127.0.0.1"
not at all as above...
try:
/usr/local/nagios/libexec/check_nrpe -H 192.168.1.10 -u -t 60 -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 'Query:load=SELECT * FROM Win32_PingStatus WHERE Address="127.0.0.1"'
mickem08/07/08 09:24:46 (5 years ago)-
Message #617
(one might also add) that for this to make sense you need to add some thing to query (like the time or some such) dont know that object myself but I would guess there is a "time" you can check...
mickem08/07/08 09:26:07 (5 years ago)-
Message #637
Thanks for your effort.
Your syntax seems to be correct. At least there is no ERROR responce anymore. I tried to query "ResponceTime?" and other things mentioned on msdn. But no matter what I tried the result was always "0".
Since I'm lacking of scripting knowledge I gave up on this :)
OSJF08/14/08 12:20:19 (5 years ago)-
Message #638
Well, on my box here at work did not seem to have pingstatus but to make a quick workthrough of how to get it up and running:
First do a list for your object (in my case Win32_Processor).
nsclient++ CheckWMI SELECT * FROM Win32_Processor
Then look at the output and find which columns you want, in this case I will go with: CurrentVoltage? and DeviceID.
Then you modify your query to include only those (like so):
C:\nsc>nsclient++ CheckWMI SELECT DeviceID, CurrentVoltage FROM Win32_Processor l \CheckWMI.cpp(301) |----------------+----------+ l \CheckWMI.cpp(302) | CurrentVoltage | DeviceID | l \CheckWMI.cpp(303) |----------------+----------+ l \CheckWMI.cpp(312) | 12 | CPU0 | l \CheckWMI.cpp(312) | 14 | CPU1 | l \CheckWMI.cpp(312) | 02 | CPU2 | l \CheckWMI.cpp(312) | 36 | CPU3 | l \CheckWMI.cpp(314) |----------------+----------+
(this is fabricated data since I only have 1 CPU here :)
Now I decide what is good and/or bad... Let say more then 11 volt is bad and we don't allow any CPU to go below that value.
Then we start nsclient++ in test mode to start working on the query (like so):
nsclinet++ /test
and start making a (NRPE) command from the query above.
CheckWMI MaxCrit=1 MaxWarn=1 "Query:test=SELECT DeviceID, CurrentVoltage FROM Win32_Processor"
The above will always be critical since we dont filter anything yet. The MaxCrit and MaxCrit is since we warn if we find any matches (we will filter soon). The test is the alias.
The result should look like so:
CRITICAL:: 0 < critical|''=0;1;1;
Then you start adding your filters (like so): First off you add a filter you know is "ok" (I know all values are above 1):
CheckWMI MaxCrit=1 MaxWarn=1 "Query:test=Select DeviceID, CurrentVoltage from Win32_Processor" +filter-numeric:CurrentVoltage=<1 OK:OK: WMI Query returned no results.|''=0;1;1;
then you add one you know will fail (I know all values are below 100):
CheckWMI MaxCrit=1 MaxWarn=1 "Query:test=Select DeviceID, CurrentVoltage from Win32_Processor" +filter-numeric:CurrentVoltage=<100 CRITICAL:CurrentVoltage=12, DeviceID=CPU0, : 1 > critical|''=1;1;1;
And finally you add your correct filter:
CheckWMI MaxCrit=1 MaxWarn=1 "Query:test=Select DeviceID, CurrentVoltage from Win32_Processor" +filter-numeric:CurrentVoltage=>11
(hope this might help you)
Mickem
mickem08/14/08 12:55:55 (5 years ago)-
Message #649
Ok, first of all thank you very much for teaching me a little bit. I played a couple hours on this again. Nsaot sure if I finally got it.
Look at this:
Win CMD
"NSClient++.exe" CheckWMI SELECT ResponseTime FROM Win32_Pingstatus WHERE address='193.0.0.193' l \CheckWMI.cpp(301) |--------------+ l \CheckWMI.cpp(302) | ResponseTime | l \CheckWMI.cpp(303) |--------------+ l \CheckWMI.cpp(312) | 54 | l \CheckWMI.cpp(314) |--------------+
So I know the response time will always be between 0 (internal network) and probable an avarage maximum of 300 (internet). So I set the filter to catch everything that is smaller then 300, right ?
NSClient Test Mode
CheckWMI MaxCrit=100 MaxWarn=50 "Query:test=SELECT ResponseTime FROM Win32_PingStatus WHERE address='193.0.0.193'" +filter-numeric:ResponseTime=<300 d \NSClient++.cpp(544) Injecting: CheckWMI: MaxCrit=100, MaxWarn=50, Query:test=SELECT ResponseTime FROM Win32_PingStatus WHERE address='193.0.0.193', +filter-n umeric:ResponseTime=<300 d \NSClient++.cpp(564) Injected Result: OK 'ResponseTime=54' d \NSClient++.cpp(565) Injected Performance Result: '''=1;50;100; ' OK:ResponseTime=54|''=1;50;100;
Considering a MaxWarn of 50 the above should already result in warning level, right?
Have a look on the last line, there is a "1", I actually expected a "54" instead. Or did I screwed up the filter thing ?
anonymous08/20/08 00:24:59 (5 years ago)
-
-
-
-
-
-
Message #650
Here is another one
CheckWMI MaxCrit=1 MaxWarn=1 "Query:test=SELECT StatusCode FROM Win32_PingStatus WHERE address='192.168.3.10'" +filter-numeric=>0 d \NSClient++.cpp(544) Injecting: CheckWMI: MaxCrit=1, MaxWarn=1, Query:test=SELECT StatusCode FROM Win32_PingStatus WHERE address='192.168.3.10', +filter-numer ic=>0 d \NSClient++.cpp(564) Injected Result: CRITICAL 'StatusCode=0, : 1 > critical' d \NSClient++.cpp(565) Injected Performance Result: '''=1;1;1; ' CRITICAL:StatusCode=0, : 1 > critical|''=1;1;1;
While "0" is success (host reachable) everything above indicates a problem. See http://msdn.microsoft.com/en-us/library/aa394350(VS.85).aspx for more information on the statuscode results.
So I want the result to be critical IF NOT "0". However, as you can see the StatusCode? IS "0" but reported critical even though my MaxCrit value is "1".
OSJF08/20/08 10:39:51 (5 years ago)-
Message #683
Hi Mickem,
I figured out something that fits my needs. Since all the above stuff didn't worked out I now use "CheckWMIValue"
Here is what I do:
CheckWMIValue "Query=Select StatusCode from win32_PingStatus WHERE address='192.168.1.10'" MaxCrit=1 Check:Status=StatusCode Injecting: CheckWMIValue: Query=Select StatusCode from win32_PingStatus WHERE address='192.168.1.10', MaxCrit=1, Check:Status=StatusCode Injected Result: OK 'OK: WMI Query returned no results.' Injected Performance Result: ''Status'=0;0;1; ' OK:OK: WMI Query returned no results.|'Status'=0;0;1; CheckWMIValue "Query=Select StatusCode from win32_PingStatus WHERE address='0.0.0.0'" MaxCrit=1 Check:Status=StatusCode
Injecting: CheckWMIValue: Query=Select StatusCode from win32_PingStatus WHERE address='0.0.0.0', MaxCrit=1, Check:Status=StatusCode Injected Result: CRITICAL 'Status: 11018 > critical' Injected Performance Result: ''Status'=11018;0;1; ' CRITICAL:Status: 11018 > critical|'Status'=11018;0;1;
I added an example on this to the wiki:CheckWMIValue
define command{ command_name check_vpn command_line $USER1$/check_nrpe -H $ARG1$ -u -t 60 -p 5666 -c CheckWMIValue -a 'Query=SELECT StatusCode FROM Win32_PingStatus WHERE Address="$ARG2$"' MaxCrit=1 Check:Status:=StatusCode } check_command check_vpn!192.168.100.10!192.168.102.10OSJF09/01/08 00:28:43 (5 years ago)
-
-
Message #3106
<a href=http://www.kuroesusume1a.com/#416527><b>chloe 財布</b></a> <a href=http://www.puradajap1baggu.com/#104759><b>プラダ 店舗</b></a> <a href=http://www.puradajap1senmon.com/#565077><b>プラダ財布</b></a> SPOOKTACULAR 50 percent Term Enjoyable AT SQUIRE?S Garden CENTRESHeya i am for the first time here. I found this board and I find It really useful & it helped me out a lot.Popovich will be the longest tenured present coach with all the identical team inside the four major US pro sports activities leagues and his sixty eight for each cent acquire ratio would be the best of any on the longest-tenured coaches from any of these sports.Stanton Dowd <a href=http://www.kuroekaidoku1a.com/#819045><b>クロエ 店舗</b></a> <a href=http://www.senmonjpokuri.com/#216163><b>オークリー レンズ</b></a> <a href=http://www.kuroesinki1a.com/#356901><b>chloe バッグ</b></a> From 1000's to countless models, we aid you leap begin or take your current enterprise for the next level. We focus on production operates of all sizes all through the yr. A few of our smallest consumers have grown to be our biggest.The site loading pace is incredible.It reveals how nicely you understand this subject. Bookmarked this web page, will come back for more articles.I gotta favorite this website it seems invaluable very beneficial <a href=http://www.vitoninbaggu.com/#441689b>ルイヴィトン 店舗</b></a> <a href=http://www.senmonjpokuri.com/#196748><b>オークリー サングラス</b></a> <a href=http://www.baggujpokuri.com/#1853><b>Oakley サングラス</b></a> They are really convincing and will certainly work. Still, the posts are too quick for novices.I am glad that you shared this useful information with us.Past few posts are just a little out of track! come on!I have read this post and if I could I wish to suggest you few interesting things or suggestions.
Fitistereebal04/18/13 06:04:24 (5 weeks ago)
