This site is deprecated. The new site can be found here: http://nsclient.org.
For specific sections: issues (existing issues will be handled here), forums, news, documentation.

CheckWMI

CheckWMI is part of the wiki:CheckWMI module.

New version that is *a lot* more usefull (i hope). It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.

nsclient++ CheckWMI <query>

The syntax for this is Similar to CheckEventLog but simpliefied in regards to syntax so I hope it shall be easier to use and udnerstand.

This check enumerates all rows returned from your query filtering results and check the count against a set war and crit threshold. If you want to check a value there will soon be a separet check for that. This is designed to find "anomalies" in result-sets.

OptionValuesDescription
filterany, allSpecify the way you want to filter things. (See section below) Not yet implemented (default is all)
truncatelength of the returned setThis will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarnnumber of recordsThe maximum records to allow before reporting a warning state.
MaxCritnumber of recordsThe maximum records to allow before reporting a critical state.
<mode>filter-<type>:<Column><filter value>A number of strings to use for filtering the event log
namespaceroot
cimv2
Namespace to use when querying
AliasAlias to use for returned data
columnSeparator", "Field separator in the returned string.
columnSyntax Syntax for the returned message.

Filters

Capturing result entries (or discarding them) are done with filters. There are three kinds of filters.

  • positive requirments (+) All these filters must match or the row is discarded.
  • negative requriments (-) None of these filters can match (if any do the row is discarded).
  • normal matches (.) If this matches the line is included.

The syntax of the filter is: <mode>filter-<type>:<Column>=<expression>

Filter <Mode>s

<mode>titledescription
+required filterIf you miss this filter the line is discarded
.normal filterIf a hit the line is included
-negative filterIf a line hits this it is discarded

Filter <Type>s

<type>ValueDescription
stringstring expression?Match the column againast a string expression
numericnumeric expression?Match the column againast a numeric expression

Filter <Columns>s

A Column (if specified) will make the filter woirk againast a specific column in the result set.

string expression

A string expression is a key followed by a string that specifies a string expression. Currently substr and regexp are supported. Thus you enter filter.message=regexp:(foo|bar) to enter a regular expression and filter-message=substr:foo to enter a substring patter match.

columnSyntax

The column syntax field can be used to alter the renderd output. It has the following keys (everything else will be a string):

KeyDescription
%column%The name of the current column
%value%The value
%<column>%The value of a named column

Examples

A sample query

A not very useful check which serves to illustrate how to use the command. Check to see if there is 2 CPUs present (or cores)

Sample Command:

CheckWMI MaxCrit=3 MinWarn=1 "Query=Select * from win32_Processor"
WARNING: WARNING:: 1 < warning
Nagios Configuration:
define command {
  command_name <<CheckWMI>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query=Select * from win32_Processor"
}
<<CheckWMI>> 
From Commandline (with NRPE):
check_nrpe -H IP -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query=Select * from win32_Processor"

Using Query Alias

Adding query alias to the not very useful check above (Alias is cpu)

Sample Command:

CheckWMI MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor"
WARNING: WARNING:: cpu: 1 < warning
Nagios Configuration:
define command {
  command_name <<CheckWMI>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor"
}
<<CheckWMI>> 
From Commandline (with NRPE):
check_nrpe -H IP -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor"

Overriding Query Alias

Overriding the previous query alias with foobar

Sample Command:

CheckWMI MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor" Alias=foobar
WARNING: WARNING:: foobar: 1 < warning
Nagios Configuration:
define command {
  command_name <<CheckWMI>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor" Alias=foobar
}
<<CheckWMI>> 
From Commandline (with NRPE):
check_nrpe -H IP -p 5666 -c CheckWMI -a MaxCrit=3 MinWarn=1 "Query:cpu=Select * from win32_Processor" Alias=foobar

Checking With filters

This uses the UserAccount? object to query if any enabled users have password expires set to false.

Sample Command:

CheckWMI CheckWMI MaxCrit=3 MaxWarn=1 "Query:badUsers=Select Name, PasswordExpires, Disabled from Win32_UserAccount" "columnSyntax=%Name%" "columnSeparator= & " +filter-numeric:PasswordExpires==0 +filter-numeric:Disabled==0
WARNING: WARNING:mickem & Xiqun Liao
Nagios Configuration:
define command {
  command_name <<CheckWMI>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckWMI -a CheckWMI MaxCrit=3 MaxWarn=1 "Query:badUsers=Select Name, PasswordExpires, Disabled from Win32_UserAccount" "columnSyntax=%Name%" "columnSeparator= & " +filter-numeric:PasswordExpires==0 +filter-numeric:Disabled==0
}
<<CheckWMI>> 
From Commandline (with NRPE):
check_nrpe -H IP -p 5666 -c CheckWMI -a CheckWMI MaxCrit=3 MaxWarn=1 "Query:badUsers=Select Name, PasswordExpires, Disabled from Win32_UserAccount" "columnSyntax=%Name%" "columnSeparator= & " +filter-numeric:PasswordExpires==0 +filter-numeric:Disabled==0

Debbuging queries

To try a query use the following syntax:

nsclient++ CheckWMI Select * from win32_Processor
Last modified 5 years ago Last modified on 09/20/09 18:07:02