{"id":93,"date":"2019-05-29T04:45:25","date_gmt":"2019-05-29T04:45:25","guid":{"rendered":"http:\/\/edcint.co.nz\/checkwmiplus\/?page_id=93"},"modified":"2019-05-30T10:13:57","modified_gmt":"2019-05-30T10:13:57","slug":"creating-a-ini-check-based-on-a-wmi-perfrawdata-class","status":"publish","type":"page","link":"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/","title":{"rendered":"Creating a Ini Check based on a WMI PerfRawData Class"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69f9d7d5b271d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69f9d7d5b271d\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Collecting_the_Prerequisite_Information\" >Collecting the Prerequisite Information<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Start_the_Ini_File_Section\" >Start the Ini File Section<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Define_the_Query\" >Define the Query<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#More_Query_Related_Definitions\" >More Query Related Definitions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Calculating_the_Fields\" >Calculating the Fields<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Define_the_Fields_Displayed\" >Define the Fields Displayed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Define_the_Fields_We_Can_WarnCritical_against\" >Define the Fields We Can Warn\/Critical against<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#Define_the_Fields_Providing_Performance_Data\" >Define the Fields Providing Performance Data<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/edcint.co.nz\/checkwmiplus\/ini-file-documentation\/creating-a-ini-check-based-on-a-wmi-perfrawdata-class\/#The_Complete_Ini_Check\" >The Complete Ini Check<\/a><\/li><\/ul><\/nav><\/div>\n<p>For data in most PerfRawData classes the data you see by browsing the classes directly can be somewhat meaningless. You actually need to calculate meaningful values. If you do this correctly you can get very accurate information about various things. For example, the CPU utilisation is contained withing a PerfRawData WMI Class. If we get the raw CPU utilisation value, wait a bit and then get it again and if we know exactly how long it was between our 2 WMI calls, we can very accurately calculate the CPU utilisation between those 2 points in time. This is exactly how this plugin handles data like that. There is one WMI call made per run of the plugin. The second time you call the plugin, the information is calculated using the point-in-time information you collected the last time you ran, and, for CPU utilisation you get accurate information about the CPU utilisation between the 2 runs of the plugin.<\/p>\n<p>Not all of the values contain in the PerfRawData classes need calculation, but lots and lots of them do require it.<\/p>\n<p>So using the RawPerfData classes can be a very good way of obtaining very detailed information.<\/p>\n<p>To show you how to do this we are going to run through an example.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Collecting_the_Prerequisite_Information\"><\/span>Collecting the Prerequisite Information<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Firstly you need to find the Raw Data class you want to obtain the information from. For this example we are going to use the Class for stats on IIS Users, <code>Win32_PerfRawData_W3SVC_WebService<\/code>.<\/p>\n<p>Now we have to find the WMI Reference documentation for that class. Its here -><br \/>\n<a href=http:\/\/msdn.microsoft.com\/en-us\/library\/aa394345%28v=vs.85%29>http:\/\/msdn.microsoft.com\/en-us\/library\/aa394345%28v=vs.85%29<\/a> and you can also access the other classes using the left hand menu.<\/p>\n<p>Read through the field descriptions and note down the fields you want to collect data for.<br \/>\nIn this example, we choose:<br \/>\nAnonymousUsersPerSec with a CounterType 272696320<br \/>\nCurrentAnonymousUsers with a CounterType 65536<\/p>\n<p>Open up the Counter Type Reference <a ref=http:\/\/msdn.microsoft.com\/en-us\/library\/aa389383%28v=vs.85%29>http:\/\/msdn.microsoft.com\/en-us\/library\/aa389383%28v=vs.85%29<\/a> and note down the CookingType for each field. So far our list looks like,<br \/>\nAnonymousUsersPerSec with a CounterType 272696320 and a CookingType of PERF_COUNTER_COUNTER<br \/>\nCurrentAnonymousUsers with a CounterType 65536 and a CookingType of PERF_COUNTER_COUNTER<\/p>\n<p>The plugin needs to know how to handle this CookingType and it requires coding for each different one. So we have to make sure we have coded for this CookingType already by looking in the plugin for it (or documentation in sample.ini).<br \/>\nTo find this out you can look though the code for PERF_COUNTER_COUNTER. We are looking for a line like<br \/>\n<code>} elsif ($function eq 'PERF_COUNTER_COUNTER' <\/code> in the <code>calc_new_field<\/code> function<br \/>\nIn this case we have coded for it already. <\/p>\n<p>If we had not coded for it already, the calculation for that countertype will need to be added to the plugin. For that we&#8217;d need to refer to the calculation methods for each counter type here: <a href=http:\/\/technet.microsoft.com\/en-us\/library\/cc757032%28v=ws.10%29>http:\/\/technet.microsoft.com\/en-us\/library\/cc757032%28v=ws.10%29<\/a>. But doing that coding is beyond the scope of this particular article.<\/p>\n<p>So now we know that we can calculate this CookingType correctly over time, between WMI calls.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Start_the_Ini_File_Section\"><\/span>Start the Ini File Section<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now lets start to set up the ini file section for this. Lets give it a section name.<br \/>\n<code>[checkiis anonusers]<\/code> &#8211; this will be accessed from the command line using <code>-m checkiis -s anonusers<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Define_the_Query\"><\/span>Define the Query<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now lets define our WMI query. We want the query to return us only one row of data. We note that the data in this class has multiple rows or instances. Its actually one per web site defined. The WMI field &#8220;Name&#8221; distinguishes between the various web sites. There is also a predefined &#8220;instance&#8221; called &#8220;_Total&#8221;, this gives us stats on all the instances combined. So we need to define which instance we are interested in. We could hardcode that or pass it in via the command line. We&#8217;ll pass it via the command line using -a INSTANCENAME, this is called arg1, the first argument.<\/p>\n<p>The data we need as a minimum for the calculations we have to perform are the fields we are interested in plus the timestamp information so we can tell how far apart our 2 queries are. So that&#8217;s<br \/>\nAnonymousUsersPerSec and CurrentAnonymousUsers for the data and for the timestamp information we need<br \/>\nTimestamp_Sys100NS and Frequency_Sys100NS.<br \/>\nHow did we know we needed those 2 timestamp related fields? By reading the documentation for the specific CookingType. The CookingType of PERF_COUNTER_COUNTER uses<br \/>\nFormula = (Nx &#8211; N0) \/ ((Dx &#8211; D0) \/ F)<br \/>\nwhere D is is Timestamp_Sys100NS and F is Frequency_Sys100NS<\/p>\n<p>So if we need these 4 fields we could just ask for them (comma delimited list) or just ask for everything in the class (use *).<br \/>\nWe&#8217;ll just ask for everything.<\/p>\n<p>Our query then becomes:<br \/>\n<code>query=SELECT * FROM Win32_PerfRawData_W3SVC_WebService where Name = \"{_arg1}\"<\/code><\/p>\n<p>We use the {_arg1} so that the value we pass in from -a INSTANCENAME gets substituted into the query when it is performed.<br \/>\nSo if we run the plugin with -a MYSITE the actual WMI query performed would be<br \/>\n<code>SELECT * FROM Win32_PerfRawData_W3SVC_WebService where Name = \"MYSITE\"<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"More_Query_Related_Definitions\"><\/span>More Query Related Definitions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We need to define how many WMI samples we need. In this case, its 2 since the CookingType PERF_COUNTER_COUNTER (for AnonymousUsersPerSec) needs 2 data samples (from the CookingType documentation). The field CurrentAnonymousUsers only needs one sample. So overall since there is a field that needs 2 samples we have to go with 2 samples.<br \/>\nSo that&#8217;s<br \/>\n<code>samples=2<\/code><\/p>\n<p>We could define how far apart the queries are, but that&#8217;s old school. That comes from when the plugin ran one WMI query, waited a bit and then ran the other WMI query. That way, meant more WMI calls per plugin run and only short samples of values. Yuk, we don&#8217;t like that anymore. Now we just run the plugin whenever Nagios schedules it, do only one WMI call per run and calculate between runs. Its way better. You might see some old definitions of<br \/>\n<code>delay=5<\/code> in some ini files. Its not needed anymore.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Calculating_the_Fields\"><\/span>Calculating the Fields<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now we want to define how to perform the custom calculations to obtain our data. Our naming convention for calculated fields is to start them with an _ and then use the same name as the original field.<\/p>\n<p>In our example, the CookingType PERF_COUNTER_RAWCOUNT does not need any calculation. We only have to calculate for PERF_COUNTER_COUNTER<\/p>\n<p>So here the custom calc simply specifies &#8211; <\/p>\n<ul>\n<li>The new field name\n<li>The CounterType\n<li>The original field name\n<li>The format for display of the result\n<\/ul>\n<p>and the ini file declaration is<br \/>\n<code>customfield=_AnonymousUsersPersec,PERF_COUNTER_COUNTER,AnonymousUsersPersec,%.0f<\/code><br \/>\nThis creates a new field called _AnonymousUsersPersec which contains our correctly calculated value.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Define_the_Fields_Displayed\"><\/span>Define the Fields Displayed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The example we are using only returns one row of WMI data. So we don&#8217;t need the <code>predisplay<\/code> defintion.<br \/>\nWe just simply define one line of output showing all our data.<\/p>\n<p>We like starting all our checks with<br \/>\n<code>display=_DisplayMsg||~|~| - ||<\/code><br \/>\nsince this displays a nice consistent format that tells us the status (Warn\/Critical) and which field and warn\/critical criteria triggered it.<\/p>\n<p>For this example, we&#8217;d also like to show the name of the web site. This is the Name field.<br \/>\nThere is some documetation in sample.ini on how this display field format works.<br \/>\n<code>display=Name||Site Name=\"|~|||\"<\/code><\/p>\n<p>Next we want to show our 2 fields of interest. We use a simpler format method for these.<br \/>\nNote how we use the calculated field, not the raw field.<br \/>\n<code>display=_AnonymousUsersPersec|#\/sec<\/code><br \/>\nand<br \/>\nand then the raw field (since it did not need calculation)<br \/>\n<code>display=CurrentAnonymousUsers|#<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Define_the_Fields_We_Can_WarnCritical_against\"><\/span>Define the Fields We Can Warn\/Critical against<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We want to be able to define warn\/critical criteria against both the example fields so we simply list both of them<br \/>\nNote how we use the calculated field, not the raw field.<br \/>\n<code>test=_AnonymousUsersPersec<\/code><br \/>\nand then the raw field (since it did not need calculation)<br \/>\n<code>test=CurrentAnonymousUsers<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Define_the_Fields_Providing_Performance_Data\"><\/span>Define the Fields Providing Performance Data<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now define both of our example fields to also return performance data so we can draw nice graphs.<br \/>\nSample.ini contains more info about using this ini file setting, but in this example we just use the simple format.<br \/>\nNote how we use the calculated field, not the raw field.<br \/>\n<code>perf=_AnonymousUsersPersec<\/code><br \/>\nand then the raw field (since it did not need calculation)<br \/>\n<code>perf=CurrentAnonymousUsers<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_Complete_Ini_Check\"><\/span>The Complete Ini Check<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now taking all the definitions we have, out ini file check should look like (the order of line is not important except to look consistent):<\/p>\n<p><code>[checkiis anonusers]<\/code><br \/>\n<code>query=SELECT * FROM Win32_PerfRawData_W3SVC_WebService where Name = \"{_arg1}\"<\/code><br \/>\n<code>samples=2<\/code><br \/>\n<code>customfield=_AnonymousUsersPersec,PERF_COUNTER_COUNTER,AnonymousUsersPersec,%.0f<\/code><br \/>\n<code>test=_AnonymousUsersPersec<\/code><br \/>\n<code>test=CurrentAnonymousUsers<\/code><br \/>\n<code>display=_AnonymousUsersPersec|#\/sec<\/code><br \/>\n<code>display=CurrentAnonymousUsers|#<\/code><br \/>\n<code>perf=_AnonymousUsersPersec<\/code><br \/>\n<code>perf=CurrentAnonymousUsers<\/code><\/p>\n<p>Now, give me a second while I put that in an ini file and try it out.<br \/>\nOh, hang on, I can&#8217;t test this at the moment since I need some more RAM for my ESX box so I can run my test IIS server.<br \/>\nOh well, I think its right.<br \/>\nSo you&#8217;d execute it like:<br \/>\n<code>check_wmi_plus.pl -H xp0 -m checkiis -s anonusers -u USER -p PASS -a MYSITE<code><br \/>\nto get the info from the web site called MYSITE.<\/p>\n<p>If I wanted to get the info for all the websites I'd use:<br \/>\n<code>check_wmi_plus.pl -H xp0 -m checkiis -s anonusers -u USER -p PASS -a _total<code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For data in most PerfRawData classes the data you see by browsing the classes directly can be somewhat meaningless. You actually need to calculate meaningful&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":79,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[15,6],"tags":[],"class_list":["post-93","page","type-page","status-publish","hentry","category-documentation","category-ini-files"],"_links":{"self":[{"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/pages\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":4,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/pages\/93\/revisions"}],"predecessor-version":[{"id":243,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/pages\/93\/revisions\/243"}],"up":[{"embeddable":true,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/pages\/79"}],"wp:attachment":[{"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/edcint.co.nz\/checkwmiplus\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}