My Tech Notes

PING : This reports connectivity between monitored windows host and nagios collector

/usr/local/groundwork/nagios/libexec/check_ping -H <host ip> -w 10,30% -c 20,70%
PING OK - Packet loss = 0%, RTA = 0.44 ms|rta=0.443000ms;10.000000;20.000000;0.000000 pl=0%;30;70;0

MEMORY_USED: This reports memory usage on monitored host, It is the sum of the size of the standby, free, and zero lists

Thresholds in %
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckMEM -a MaxWarn=50% MaxCrit=80% ShowAll type=physical
OK: physical memory: 835M|'physical memory'=40%;50;80;

Thresholds in MB
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckMEM -a MaxWarn=500M MaxCrit=800M ShowAll type=physical
CRITICAL: physical memory: Total: 1.99G - Used: 900M (44%) - Free: 1.11G (56%) > critical|'physical memory'=899.63M;500;800;

Thresholds in GB
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckMEM -a MaxWarn=1G MaxCrit=1.5G ShowAll type=physical
OK: physical memory: 908M|'physical memory'=908.04M;1024;1024;

PAGE_FAULTS_PER_SEC: This reports page faults per sec.

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Page Faults per second=\\Memory\\Page Faults/sec" ShowAll MaxWarn=10 MaxCrit=20
OK: Page Faults per second: 9.0137|'Page Faults per second'=9.013698;10;20;

CPU_LOAD: This reports CPU utilization on monitored host, the returned value is the average value of the CPU load of all the processors at 5m,10 and 15m

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCPU -a warn=50 crit=90 time=5m time=10m time=15m
OK CPU Load ok.|'5m'=3%;50;90; '10m'=2%;50;90; '15m'=1%;50;90;

CPU_QUEUE_LENGTH: This reports Processor Queue Length it is the number of threads in the processor queue common for multiple processors. This counter shows ready threads only, not threads that are running. A sustained processor queue of less than 10 threads per processor is normally acceptable, dependent of the workload.

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:CPU queue length=\\System\\Processor Queue Length" ShowAll
OK: CPU queue length: 0|'CPU queue length'=0;0;0;

DISK_USED: This reports disk utilization on monitored host

To check a specific drive
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckDriveSize -a Drive=D:\ MaxWarnUsed=80% MaxCritUsed=90% ShowAll
OK: All drives within bounds.|'D: '=42%;80;90;

To check all available drives
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckDriveSize -a CheckAll MaxWarnUsed=80% MaxCritUsed=90% ShowAll
WARNING: C:\: Total: 48.8G - Used: 40.3G (82%) - Free: 8.53G (18%) > warning, D:\: 42.3G|'C:\'=82%;80;90; 'D:\'=42%;80;90;

DISK_BUSY: This reports % Disk busy time it is the percentage of elapsed time that the selected disk drive was busy servicing read or write requests

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Percent Disk Busy=\\PhysicalDisk(_Total)\\% Disk Time" ShowAll
OK: Percent Disk Busy: 0.270388|'Percent Disk Busy'=0.27038781900000000;0;0;

SERVICE_STATE: This reports whether given services is started or stopped on monitored host

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckServiceState -a ShowAll "NSClient++ (Win32)"
OK: NSClient++ (Win32): started

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckServiceState -a ShowAll "Messenger"
CRITICAL: Messenger: stopped (critical)

PROCS_STATE: This reports whether given process is running or stopped on monitored host

When notepad is started
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c checkProcState -a ShowAll "notepad.exe"
OK: notepad.exe: 1

When notepad is closed
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c checkProcState -a ShowAll "notepad.exe"
CRITICAL: notepad.exe: stopped (critical)

TOTAL_PROCS: This reports total number of processes running currenlty on monitored host

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Total Processes=\\System\\Processes" ShowAll
OK: Total Processes: 73|'Total Processes'=73;0;0;

SWAP_USED: This reports swap usage on monitored host

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckMEM -a MaxWarn=10% MaxCrit=20% ShowAll type=virtual
OK: virtual memory: 57.9M|'virtual memory'=2%;10;20;

PAGES_PER_SEC: This reports Pages/sec it is the rate at which pages are read from or written to disk to resolve hard page faults.

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Pages per second=\\Memory\\Pages/sec" ShowAll MaxWarn=10 MaxCrit=20 OK: Pages per second: 6.0465|'Pages per second'=6.046454;10;20;

UPTIME: This reports the duration since monitored host is started

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckUpTime -a ShowAll
OK: uptime: 4w 0d 7:41|'uptime'=2446873000;0;0;

WINDOWS_EVENTS: This reports specified windows event generated on monitored host. Generate a test event by using below command on windows host before executing check_nrpe command
EVENTCREATE /T ERROR /ID 100 /L APPLICATION /SO WinWord /D "Create an event in application log"
SUCCESS: A 'ERROR' type event is created in the 'WinWord' log/source.

Note: It is needed to allow_nasty_meta_chars=1 in the NSC.ini to use time filters like "<2d" (last 48 hours).

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckEventLog -a filter=new file=Application MaxWarn=1 MaxCrit=1 filter=in filter+eventType==error filter+eventID==100 filter+eventSource="WinWord" filter+generated="<10m" truncate=1023 unique descriptions "syntax=%message%(%generated%)"
Create an event in application log(Thursday, November 29, 2012 13:05:05), eventlog: 1 > critical|'eventlog'=1;1;1;

The above command reports if an EventID 100 is generated from WinWord source with error type with in 10 minutes

PROC_NUMBER: This reports number of instances of given process

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c checkProcState -a ShowAll MaxWarnCount=4 MaxCritCount=5 "notepad.exe"
OK: notepad.exe: 3

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c checkProcState -a ShowAll MaxWarnCount=3 MaxCritCount=5 "notepad.exe"
WARNING: notepad.exe: 3 > warning

PROC_MEMORY_USAGE: This reports Memory consumed by a process in Bytes, in this case Firefox. Replace Firefox with the process name to be monitored

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Firefox_Memory_Usage_inBytes=\\Process(Firefox)\\Working Set" ShowAll
OK: Firefox_Memory_Usage_inBytes: 9.24836e+007|'Firefox_Memory_Usage_inBytes'=92483584;0;0;

PROC_CPU_USAGE: This reports CPU consumed by a process in percentage,in this case Firefox. Replace Firefox with the process name to be monitored

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Firefox_CPU_Usage_in%=\\Process(firefox)\\% Processor Time" ShowAll
OK: Firefox_CPU_Usage_in%:1.56248|'Firefox_CPU_Usage_in%'=1.5624800002559966;0;0;

TOTAL_THREADS: This reports total number of threads running currenlty on the monitored host
/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Total_Thread_Count=\Process(_Total)\Thread Count" ShowAll
OK: Total_Thread_Count: 741|'Total_Thread_Count'=741;0;0;

TOTAL_LOGON_ERROR: This reports number of failed logon attempts to the monitored host from the time it started

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckCounter -a "Counter:Number_of_Login_errors=\Server\Errors Logon" ShowAll
OK: Number_of_Login_errors: 9|'Number_of_Login_errors'=9;0;0;

FOLDER_CHANGE: This reports if there is any file write operation takes place inside the specified folder

When there is no file change inside the folder

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckFile2 -a path="c:\temp" MaxCrit=1 filter+written=lt:1m syntax="%filename% %write%" MaxCrit=1
CheckFile ok|'no files found'=0;0;1;

When there is a file change inside the folder

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckFile2 -a path="c:\temp" MaxCrit=1 filter+written=lt:1m syntax="%filename% %write%" MaxCrit=1
test.log Friday, December 14, 2012 07:00:04, test.log: 1 > critical|'test.log'=1;0;1;

VIRUS_ALERT: This reports if there is any virus detection from Symantec Antivirus on monitored host

/usr/local/groundwork/nagios/libexec/check_nrpe -H <host ip> -c CheckEventLog -a filter=new file="Application" MaxWarn=1 MaxCrit=1 filter=in filter+eventType=="error" filter+eventID==51 filter+eventSource="Symantec AntiVirus" filter+generated="<10m" truncate=1023 unique descriptions "syntax=%message%(%generated%)"
Eventlog check ok|'eventlog'=0;1;1;

My Tech Notes

Thursday, 22 August 2013

Static IP configuration for Linux host in DHCP network

Friday, 30 November 2012

Useful Nagios Windows services