Opened 5 years ago
Closed 3 years ago
#129 closed defect (fixed)
problem with write-file time
| Reported by: | af@… | Owned by: | mickem |
|---|---|---|---|
| Priority: | 1 | Milestone: | 0.3.8 |
| Component: | Core | Version: | |
| Severity: | Bugs | Keywords: | |
| Cc: |
Description
Hi ,
I have unnormal situation whith my Virus-Signation.
The modification-time of the Signatur-File is in future. The File downloaded at morning from CA (Computer Assotiation).
My Check syntax:
/usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFile
-a "file=c:
Program Files
CA
SharedComponents?
ScanEngine?
Vet.da1" filter-written=">1d" filter=in MaxCrit=1 syntax="Signatur %filename% vom %write%"
The Result of this check is 1 and critical.
Now= 18.02.2008 12:00:00
File-Modification-Time = 18.02.2008 14:50:32
Is this a bug OR my mistake??
Change History (4)
comment:1 Changed 5 years ago by mickem
- Owner changed from MickeM to mickem
- Status changed from new to assigned
comment:2 Changed 5 years ago by anonymous
- Owner changed from mickem to anonymous
- Status changed from assigned to new
Hi,
hmmmm....
Your Idea is correct, but don't work.
Now = 18.02.08 15:40
File1 = 18.02.08 14:50
File2 = 11.02.08 08:00
Check : filter-written="<-1d" filter=in MaxCrit=1
Both are critical
You check
File1 = Now - filetime = 50 min # _is NOT_ <-1d
A combination of 2 filters returned also wrong Results!
comment:3 Changed 5 years ago by mickem
- Owner changed from anonymous to mickem
- Status changed from new to assigned
humm,it was suggestions for "fixing" the issue, as of now you cant check future dates... at all... (I think)...
i.e. nsclient++ is broken... so I was wondering how best to accommodate you...
MickeM
comment:4 Changed 3 years ago by mickem
- Milestone set to 0.3.8
- Resolution set to fixed
- Status changed from assigned to closed
- Version 0.3.0 deleted
Fixed so date handling in all check file commands are "signed" which means it handled negative dates (future dates) correctly.
Notice since future dates are negative (-30m) you have to reverse the signs.
CheckFile2 debug path=D:\tmp\dates filter+creation=>30m MaxWarn=1 MaxCrit=1 "syntax=%filename%: %creation%" CRITICAL:past.txt: Thursday, December 31, 2009 08:47:30, found files: 1 > critical|'found files'=1;1;1; CheckFile2 debug path=D:\tmp\dates filter+creation=<-30m MaxWarn=1 MaxCrit=1 "syntax=%filename%: %creation%" CRITICAL:future.txt: C: Thursday, December 31, 2009 12:47:11, found files: 1 > critical|'found files'=1;1;1;
Michael Medin
HUmm, interesting... "larger then" > means just that "larger then" in this case (filter-written=">1d") the difference shall be more then 1 day. Now I am pretty sure the "problem" is that I don't "normalize" the value, in other words you have a "negative" value, which I guess breaks things.
Question is, shall I normalize the value or shall I add a negative check?
i.e. would you want: "filter-written=>1d" to work or would you like to have: filter-written="<-1d" to verify that the file is *in the future* ?
MickeM