CheckWMI

CheckWMI is part of the wiki:CheckWMI module.

New version that is *a lot* more usefull (i hope). It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.

nsclient++ CheckWMI <query>

The syntax for this is Similar to CheckEventLog but simpliefied in regards to syntax so I hope it shall be easier to use and udnerstand.

This check enumerates all rows returned from your query filtering results and check the count against a set war and crit threshold. If you want to check a value there will soon be a separet check for that. This is designed to find "anomalies" in result-sets.

Option	Values	Description
filter	any, all	Specify the way you want to filter things. (See section below) Not yet implemented (default is all)
truncate	length of the returned set	This will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarn	number of records	The maximum records to allow before reporting a warning state.
MaxCrit	number of records	The maximum records to allow before reporting a critical state.
<mode>filter-<type>:<Column>	<filter value>	A number of strings to use for filtering the event log

Filters

Capturing result entries (or discarding them) are done with filters. There are three kinds of filters.

• positive requirments (+) All these filters must match or the row is discarded.
• negative requriments (-) None of these filters can match (if any do the row is discarded).
• normal matches (.) If this matches the line is included.

The syntax of the filter is: <mode>filter-<type>:<Column>=<expression>

Filter <Mode>s

<mode>	title	description
+	required filter	If you miss this filter the line is discarded
.	normal filter	If a hit the line is included
-	negative filter	If a line hits this it is discarded

Filter <Type>s

<type>	Value	Description
string	string expression?	Match the column againast a string expression
numeric	numeric expression?	Match the column againast a numeric expression

Filter <Columns>s

A Column (if specified) will make the filter woirk againast a specific column in the result set.

string expression

A string expression is a key followed by a string that specifies a string expression. Currently substr and regexp are supported. Thus you enter filter.message=regexp:(foo|bar) to enter a regular expression and filter-message=substr:foo to enter a substring patter match.

Examples

Check to see if there is 2 CPUs present (or cores)

CheckWMI MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"

Check to see that no CPU has less then 2.66GHz frequency

CheckWMI MinCrit=1 MinWarn=1 "Query:load=Select CurrentClockSpeed from win32_Processor" +filter-numeric:CurrentClockSpeed=<2659

To try a query use the following syntax:

nsclient++ CheckWMI Select * from win32_Processor

(I know these are not very usefull, but hopefully they will give you an idea how to do things, there a *a lot* of things to check via the WMI so you ought to be able to do most things you want.)