Ideas (#2) - check RDP connection activity [SCRIPT] (#559) - Message List
May be of help to someone, good for keeping an eye on servers that are rarely logged onto. Tried this with event log auditing first, but this seems much more uncomplicated, as well as keeping track of time logged on.
check_rdp.bat:
@echo off netstat -a -n | find "3389" | find "ESTABLISHED" IF %ERRORLEVEL% NEQ 0 goto noconnections :connections exit /b 2 :noconnections echo OK: No connections. exit /b 0
The reversed exit code results in *no* connections showing up as 'OK' (including message, nagios doesn't like empty return codes) and an established connection showing up as 'critical' including the connecting IP(s).
You'll need nsc.ini's CheckExternalScripts.dll and script_dir=yourscriptdir\ to be uncommented, of course. The nagios check_command will simply be check_nrpe!rdp_check.bat .
-
Message #1694
Guess this board doesn't come with an edit function. Swap the 0 and 2 above, d'oh! :)
MiG04/12/10 15:33:43 (3 years ago)-
Message #1702
I have swapped them.
Michael Medin
mickem04/14/10 06:49:02 (3 years ago)-
Message #1752
Mind moving the stuff below to the first one as well? I've added filtering for the main and redundant nagios host (as they may also do RDP availability checks themselves) and changed the errorlevels a bit.
@echo off :SETTINGS set RDP_PORT=3389 set NAGIOSHOST1=1.2.3.4 set NAGIOSHOST2=1.2.3.5 :port_check netstat -a -n | find "%RDP_PORT%" | find "LISTENING" IF %ERRORLEVEL% NEQ 0 goto portnotfound :connection_check netstat -a -n | find "%RDP_PORT%" | find "ESTABLISHED" | find /V "%NAGIOSHOST1%" | find /V "%NAGIOSHOST2%" IF %ERRORLEVEL% NEQ 0 goto noconnections :connections exit /b 1 :portnotfound echo RDP not listening! Is port %RDP_PORT% (still) correct? exit /b 2 :noconnections echo OK: No connections. exit /b 0
If you change the RDP port without adjusting the script you'll get errorlevel 2 (critical), and if there's a connection you get errorlevel 1 (warning).
MiG05/05/10 17:18:09 (3 years ago)
-
-
