Thread Nagios - check_wmi mit spaces / blanks (16 answers)
Opened by pc-dok at 2014-10-16 08:41

GwenDragon
 2014-10-16 11:22
#177845 #177845
User since
2005-01-17
14748 Artikel
Admin1
[Homepage]
user image
kurzes Testcase, das zeigt, dass read falsch aufsplittet.
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash

DEBUG=0
EXITCODE=0
EXITSTRING=""
LASTSTR=""
MARCOLIST="ITEMCOUNT,LASTSTR"
ERROR_EVENTTYPE=""

E_SUCCESS="0"
E_WARNING="1"
E_CRITICAL="2"
E_UNKNOWN="3"



## TMP directory where wmic outputs

TMPDIR=/tmp

## WMIC binary

WMIC=/bin/wmic

## Custom exit test , can be set as an argumenten in command line as -O ,-W ,-C, -U

CUSTOM_EXIT_STR[$E_SUCCESS]=""
CUSTOM_EXIT_STR[$E_WARNING]=""
CUSTOM_EXIT_STR[$E_CRITICAL]=""
CUSTOM_EXIT_STR[$E_UNKNOWN]=""


##


E_STR[0]="OK"
E_STR[1]="WARNING"
E_STR[2]="CRITICAL"
E_STR[3]="UNKNOWN"

ETYPE[1]="Error"
ETYPE[2]="Warning"
ETYPE[3]="Information"
ETYPE[4]="Security Audit Success"
ETYPE[5]="Security Audit Failure"


while getopts "hH:u:p:l:t:e:s:Sw:c:m:W:C:O:U:dv" OPTION
do
case $OPTION in
H)
HOST=$OPTARG
;;
u)
USER=$OPTARG
;;
p)
PASSWD=$OPTARG
;;
l)
LOGFILE="$OPTARG"
;;
esac
done


function WQL_Constructor
{
local WS=$1
local WS_FIELD=$2
local WS_TYPE=$3
if [ -n "$WS" ]
then
local WS_WQL=" ( "
INDEX=0
IFS=', ' read -a WS_ARRAY <<< "$WS"

for WS_ELEMENT in ${WS_ARRAY[@]}
do
((INDEX++))
if [[ $WS_TYPE == "like" ]]
then
WS_WQL+=$WS_FIELD' like "%'$WS_ELEMENT'%"'
else
WS_WQL+=$WS_FIELD' = "'$WS_ELEMENT'"'
fi

if [ $INDEX -lt "${#WS_ARRAY[@]}" ]
then
WS_WQL+=" or "
else
WS_WQL+=" ) and "
fi


done
fi
echo $WS_WQL
}

EXTRA_WQL=" "$(WQL_Constructor "$LOGFILE" "Logfile" "" )
echo $EXTRA_WQL


WQL='Select EventCode,EventIdentifier,EventType,SourceName from Win32_NTLogEvent where '$EXTRA_WQL' TimeGenerated > "'$NOW'"'
##WQL='Select EventCode,EventIdentifier,EventType from Win32_NTLogEvent where logfile="'$LOGFILE'" and eventcode='$EVENTID' and TimeGenerated > "'$NOW'" '$EXTRA_WQL


echo "$WMIC --namespace root/cimv2 -U $USER%$PASSWD //$HOST '--delimiter=\"|\"' '"$WQL"'"


debian:~# ./x.sh -l "test OK"
( Logfile = "test" or Logfile = "OK" ) and
/bin/wmic --namespace root/cimv2 -U root% // '--delimiter="|"' 'Select EventCode,EventIdentifier,EventType,SourceName from Win32_NTLogEvent where ( Logfile = "test" or Logfile = "OK" ) and TimeGenerated > "20141016111726.000000+120"'

Last edited: 2014-10-16 11:41:09 +0200 (CEST)

View full thread Nagios - check_wmi mit spaces / blanks