check_wmi_plus.pl -m checkeventlog shows error if there are no events

Home Forums Help check_wmi_plus.pl -m checkeventlog shows error if there are no events

Tagged: 

Viewing 1 post (of 1 total)
  • Author
    Posts
  • 2020-05-02 at 12:35 AM #399
    ShakeZpear
    Participant

    Hi,

    I am using check_wmi_plus.pl 1.65 with WMIC
    Version 4.0.0tp4-SVN-build-UNKNOWN.

    check_wmi_plus.pl shows following error when there is no single entry in the event log:

    /usr/lib/nagios/plugins/check_wmi_plus/check_wmi_plus.pl -A /etc/icinga2/wmi.auth -H A.B.C.D -m checkeventlog -a System -3 8
    UNKNOWN – The WMI query had problems. This error can appear when the Windows firewall on the target machine is blocking the connection. There may be other causes. Wmic error text on the next line.
    [librpc/rpc/dcerpc_connect.c:337:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
    [librpc/rpc/dcerpc_connect.c:828:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv

    Same call but with extended timeline (one that includes at least on event to be returned) it works:

    /usr/lib/nagios/plugins/check_wmi_plus/check_wmi_plus.pl -A /etc/icinga2/wmi.auth -H w2k16test1.labor.esx.oslip.local -m checkeventlog -a System -3 48
    OK – 26 event(s) of Severity Level: “Error”, were recorded in the last 48 hours from the System Event Log. (List is on next line. Fields shown are – Logfile:TimeGenerated:EventId:EventCode:SeverityLevel:Type:SourceName:Message)|’Event Count’=26;
    …. followed by the list

    I could narrow it down to a problem in WMIC by using the debug mode of check_wmi_plus – but know I am stuck:

    This one works not:
    /usr/bin/wmic ‘-A’ ‘/etc/icinga2/wmi.auth’ ‘–namespace’ ‘root/cimv2’ ‘//w2k16test1.labor.esx.oslip.local’ ‘Select EventCode,EventIdentifier,Type,LogFile,SourceName,Message,TimeGenerated from Win32_NTLogEvent where ( Logfile=”System” ) and EventType<=1 and EventType>0 and TimeGenerated > “20200501060800.00000000″‘
    [librpc/rpc/dcerpc_connect.c:337:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
    [librpc/rpc/dcerpc_connect.c:828:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv

    This one doesn’t:
    /usr/bin/wmic ‘-A’ ‘/etc/icinga2/wmi.auth’ ‘–namespace’ ‘root/cimv2’ ‘//w2k16test1.labor.esx.oslip.local’ ‘Select EventCode,EventIdentifier,Type,LogFile,SourceName,Message,TimeGenerated from Win32_NTLogEvent where ( Logfile=”System” ) and EventType<=1 and EventType>0 and TimeGenerated > “20200401060800.00000000″‘
    [librpc/rpc/dcerpc_connect.c:337:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
    [librpc/rpc/dcerpc_connect.c:828:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv

    Thanks for any help!

    greetings,
    christian

    • This topic was modified 3 years, 3 months ago by ShakeZpear.
  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.