= Windows file monitoring using Nagios =
Feature:-
Monitor changes and show the changes in Nagios.
Output is very user friendly like diff command in Linux.

Step1.
Copy this VB Script with name of “check_conf.vbs”

——————————————————————-
‘ set option explicit to force variant declaration and avoid errors
Option Explicit

‘ 0 = OK , 1 = WARN, 2 = CRITICAL, 3 = UNKNOWN

Dim component_directory
Dim base_data_directory
Dim ref_data_directory
Dim temp_data_directory
Dim ref_file_name
Dim temp_diff_log
Dim current_file
Dim command
Dim commandf
Dim oFSO
Dim arguments
Dim WshShell
Dim result
Dim objWMI, objItem, colItems, objFSO, objTextFile, strText, arrComputers
Dim strComputer, VerOS, VerBig, Ver9x, Version9x, OS, OSystem

‘ Get the computer name dot = this computer.
strComputer = “.”
‘ This is where WMI interrogates the operating system
Set objWMI = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colItems = objWMI.ExecQuery(“Select * from Win32_OperatingSystem”,,48)

‘ Here we filter Version from the dozens of properties
For Each objItem in colItems
VerBig = Left(objItem.Version,3)
Next

component_directory = “C:\isc\”
base_data_directory = component_directory & “datas\”
ref_data_directory = base_data_directory & “Ref\”
temp_data_directory = base_data_directory & “Temp\”

‘ create a FileSystemObject for manipulating files, testing directory existence
Set oFSO = CreateObject(“Scripting.FileSystemObject”)

‘ procedure for creating a directory tree
Sub CreateDir(Chemin)
If Not ofso.FolderExists(chemin) Then
CreateDir(ofso.GetParentFolderName(chemin))
ofso.CreateFolder(chemin)
End If
End Sub

‘ create directories if required
CreateDir(ref_data_directory)
CreateDir(temp_data_directory)

‘ get arguments from command line
Set arguments = WScript.Arguments

‘ first, we check arguments count and selector value
if (arguments.count < 2) then
wscript.echo “UNKNOWN : incorrect use of arguments”
wscript.echo “usage : check_conf f FILENAME”
wscript.echo “usage : check_conf r REGISTRY_KEY”
wscript.echo “there were ” & arguments.count & ” arguments given”
wscript.quit 3
else
if ((arguments(0) <> “f”) AND (arguments(0) <> “r”)) then
wscript.echo “UNKNOWN : incorrect use of arguments”
wscript.echo “usage : check_conf f FILENAME”
wscript.echo “usage : check_conf r REGISTRY_KEY”
wscript.echo “given flag was ” & arguments(0) & ” instead of f (for file check) or r (for registry check)”
wscript.quit 3
end if
end if

‘ if we are checking a file, first check that it exists
if arguments(0) = “f” then
if not oFSO.FileExists(arguments(1)) then
wscript.echo “CRITICAL – Given file does not exists”
wscript.echo arguments(1)
wscript.quit 2
end if
end if

‘ replace “:” and “/” by _ in full file path
‘ this is to get a unique reference filename
ref_file_name = join(split(join(split(arguments(1), “:”), “_”), “\”), “_”) & “.txt”

‘ create a shell object for executing external commands
Set WshShell = WScript.CreateObject(“WScript.Shell”)

‘ check that reference file exists.
if not oFSO.FileExists(ref_data_directory & ref_file_name) then
‘ reference file does not exists : create it and return UNKNOWN
if arguments(0) = “f” then
‘ copy current file as new reference file
oFSO.CopyFile arguments(1),ref_data_directory & ref_file_name,True
else
if arguments(0) = “r” then
‘export current registry as new reference file
command = “reg export ” & arguments(1) & ” ” & ref_data_directory & ref_file_name ‘ & ” > ” & temp_data_directory & “export_reg.log”
result = WshShell.Run(command , 1, true)
end if
end if
wscript.echo “WARNING – Reference file was absent”
wscript.echo “I have created it in”
wscript.echo ref_data_directory & ref_file_name
wscript.echo “I bet that for next check, I will say that files are identical ;-)”
wscript.quit 1
end if

‘ set proper current file
if arguments(0) = “r” then
‘ export current registry in a temp file, since we need to have a file for doing a diff
Select Case VerBig
Case “5.0” command = “reg export ” & arguments(1) & ” ” & temp_data_directory & ref_file_name
Case Else command = “reg export ” & arguments(1) & ” ” & temp_data_directory & ref_file_name & ” /y”
End Select
result = WshShell.Run(command , 1, true)
current_file = temp_data_directory & ref_file_name
else
‘ current file already exists
current_file = arguments(1)
end if

‘ do the diff for comparisson…
temp_diff_log = base_data_directory & ref_file_name & “.log”
dim fname
set fname=oFSO.CreateTextFile(temp_diff_log,true)
fname.WriteLine(“”)
fname.Close
set fname=nothing

‘ command = component_directory & “bin\diff.exe ” & current_file & ” ” & ref_data_directory & ref_file_name
command = component_directory & “bin\diff.exe ” & current_file & ” ” & ref_data_directory & ref_file_name & ” | ” & component_directory & “bin\tail.exe -60”
result = WshShell.Run(command , 1, true)

‘ … and do what is required
if result = 0 then
wscript.echo “OK – No difference found “
wscript.echo “Checked element is ” & arguments(1)
set fname=oFSO.GetFile(temp_diff_log)
fname.Delete
set fname=nothing
wscript.quit 0
else
‘ commandf = “%comspec% /c ” & component_directory & “bin\diff.exe ” & current_file & ” ” & ref_data_directory & ref_file_name & ” > ” & AddQuotes(temp_diff_log)
commandf = “%comspec% /c ” & component_directory & “bin\diff.exe ” & current_file & ” ” & ref_data_directory & ref_file_name & ” | ” & component_directory & “bin\tail.exe -30″ & ” > ” & AddQuotes(temp_diff_log)
result = WshShell.Run(commandf ,1, true)
Function AddQuotes(strInput)
AddQuotes = Chr(34) & strInput & Chr(34)
End Function
wscript.echo “KO – File has changed from its reference version.”
wscript.echo “Current file is ” & current_file
wscript.echo “Reference file is ” & ref_data_directory & ref_file_name
wscript.echo “Difference is “
Const ForReading = 1
Set objTextFile = oFSO.OpenTextFile(temp_diff_log, ForReading)
strText = objTextFile.ReadAll
objTextFile.Close
arrComputers = Split(strText, vbCrLf)
For Each strComputer in arrComputers
Wscript.Echo strComputer
Next
set fname=oFSO.GetFile(temp_diff_log)
fname.Delete
set fname=nothing
wscript.quit 2
end if

‘ We are not supposed to be here
wscript.echo “UNKNOWN – we are not suppose to execute this part of the script.”
wscript.echo “There is a serious problem.”
wscript.quit 1

———————————————————————————-

– This script have some dependency so need to copy on windows machine or install
dff.exe

– copy check_conf.vbs and diff.exe in bellow location.
C:\isc\ check_conf.vbs
C:\isc\bin\ diff.exe

Change bellow values “check_conf.vbs” as per your setup
component_directory = “C:\isc”
base_data_directory = component_directory & “datas\”
ref_data_directory = base_data_directory & “Ref\”
temp_data_directory = base_data_directory & “Temp\”

NRPE setup both side ( Nagios server and windows machine )
Customize windows NRPE setup:-
• Configure the file C:\Program Files\NSClient++\NSC.ini and make sure the following lines are correctly setup:
• [modules]
NRPEListener.dll
NSClientListener.dll
CheckExternalScripts.dll
[…]
• [NRPE]
port=5666
allow_arguments=1
allow_nasty_meta_chars=1
use_ssl=0
allowed_hosts=10.XXX.XX.XX
• […]
• [External Scripts]
allow_arguments=1
allow_nasty_meta_chars=1
• […]
[External Scripts]
check_es_ok=scripts\check_ok.bat
check_es_nok=scripts\nok.bat
launch_bat=c:\isc\launch_bat.bat $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$ $ARG7$ $ARG8$ $ARG9$

—————————————————————

– create a batch file with name of “launch_bat.bat” in “c:/isc” location with bellow values:-
@call %1 %2 %3 %4 %5 %6 %7 %8 %9

————————————————————-

Check bellow file location:-
C:\isc\launch_bat.bat
C:\isc\ check_conf.vbs
C:\isc\bin\ diff.exe

After that restart NSClient.
Check NRPE connectivity with windows machine.

[root@localhost ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.43.1 -n
I (0.3.7.494 2009-10-12) seem to be doing fine…

That’s means NRPE working fine.
Now setup NRPE for windows file monitoring.
In Nagios server:-
Create command:-
vi /usr/local/nagios/etc/objects/commands.cfg

————————————————————————
define command{
command_name check_conf_windows_file
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -n -t 610 -c launch_bat -a “cscript //Nologo c:\isc\check_conf.vbs f $ARG1$”
}

——————————————————————————-

Create service for windows machine
vi /usr/local/nagios/etc/objects/windows.cfg

——————————————————————————–
define service{
use generic-service
host_name winserver
service_description Check Conf file
check_command check_conf_windows_file!c:\\isc\\ref\\bn.txt
}

———————————————————————

Now restart Nagios service.
Check using command like:-

/usr/local/nagios/libexec/check_nrpe -H 192.168.43.1 -n -t 610 -c launch_bat -a “cscript //Nologo c:\isc\check_conf.vbs f c:\\isc\\ref\\bn.txt”
Output:-
KO – File has changed from its reference version.
Current file is c:\isc\ref\bn.txt
Reference file is C:\isc\datas\Ref\c__isc_ref_bn.txt.txt
Difference is
– first time it’s create all ref. file( Backup file ). And after that in next check it’s ok
– if any changes done in main file then we have such type of notification
[root@localhost ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.43.1 -n -t 610 -c launch_bat -a “cscript //Nologo c:\isc\check_conf.vbs f c:\\isc\\ref\\bn.txt”
KO – File has changed from its reference version.
Current file is c:\isc\ref\bn.txt
Reference file is C:\isc\datas\Ref\c__isc_ref_bn.txt.txt
Difference is
1,2c1
< hello
< p
\ No newline at end of file

> hello
\ No newline at end of file

Leave a Reply