Closed lucafwp closed 4 years ago
@lucafwp that log doesn't actually show the output of the checks. If you run nscp test
you should end up in a "shell" that you can test with to see what's going on: https://docs.nsclient.org/howto/checks/
Hi @mintsoft, these are some tests made with client in test mode:
NOT WORKING:
NOT WORKING:
WORKING:
Do you need the full output of command window?
Hmm! That definitely looks unusual. I can "understand" how disp+work.exe
might not work, however I have no idea why igswd.exe
would have an issue.
What do you get if you try:
check_process process=igswd.exe debug show-all scan-unreadable=yes
Does it show in the logging if you do:
check_process process=* debug show-all scan-unreadable=yes
?
Hi @mintsoft, sorry for the late answer. I think with the second command I've found the problem. The process is identified by NSClient with ".EXE" extension (uppercase).
This is the output of the first command: As you can see process "igswd.exe" is correctly running but NSClient says stopped instead.
In the following file you can find output of the second command. check_process_output.txt
This is the line I was mentioning:
D w32system Crit/warn/ok did not match: igswd.EXE=started
If I launch the first command using "igswd.EXE" the output shows the correct status"running". I've checked the executable file from the process but I can't understand why extension is uppercase:
@lucafwp Ahh interesting! I hadn't considered that it might be case sensititivity.
My gut feeling is that the thing that's responsible for running the actual process is actually using .EXE
; you can check what it was executed as by looking at the processes CommandLine property in Process Explorer (http://live.sysinternals.com/procexp.exe) or with powershell: gwmi win32_process |Select Name,CommandLine
is it .exe
or .EXE
in there?
Hi @mintsoft seems you were right:
F:\usr\sap\SPR\D00\exe\igswd.EXE -mode=profile pf=\\SRBSASPR01\sapmnt\SPR\SYS\profile\SPR_D00_SRBSASPR01 \??\C:\Windows\system32\conhost.exe 0x4
Is there a way to execute a case-insensitive search with check_process?
@lucafwp Aha that would explain it! I have a feeling the answer is no, I've not found anything specific in the documentation to indicate that you can do it case-insensitively. You might be to workaround it by using something like: check_process exe=igswd
(completely untested, just based on this : https://docs.nsclient.org/reference/windows/CheckSystem/#filter-keywords_6)
Otherwise @mickem might be able to clarify if there is a way of making it case-insensitive
Ok, I will try it. Thanks @mintsoft !
Issue and Steps to Reproduce
The command does not find some of the running processes. If we launch the command without any filter, in the provided list of processes, a lot of them are not present.
Details
Additional Details
Command output: